[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WSS specification submitted for OASIS Standard
OASIS members: The OASIS Web Services Security TC (WSS TC) has submitted the Web Services Security v1.0 specification, which is an approved Committee Draft, for review and consideration for approval by OASIS members to become an OASIS Standard. The TC's submission is attached below. In accordance with the OASIS Technical Process, the specification has already gone through a 30 day public review period. OASIS members now have 15 days to familiarize themselves with the submission. By the 16th of the month I will send out a Call For Vote to the voting representative of each OASIS member organization, who will have until the end of the month to cast their ballots on whether this Committee Draft should be approved as an OASIS Standard. OASIS members should give their input on this question to the voting reps of their respective organizations. The normative TC Process for approval of Committee Drafts as OASIS Standards is found at http://www.oasis-open.org/committees/process.php#standard Please note that statements related to the IPR of this specification are posted at http://www.oasis-open.org/committees/wss/ipr.php -Karl ================================================================= Karl F. Best Vice President, OASIS office +1 978.667.5115 x206 mobile +1 978.761.1648 karl.best@oasis-open.org http://www.oasis-open.org 1. A formal specification that is a valid member of its type, together with appropriate documentation for the specification, both of which must be written using approved OASIS templates. http://www.oasis-open.org/committees/download.php/5531/oasis-200401-wss-soap-message-security-1.0.pdf http://www.oasis-open.org/committees/download.php/5532/oasis-200401-wss-username-token-profile-1.0.pdf http://www.oasis-open.org/committees/download.php/5533/oasis-200401-wss-x509-token-profile-1.0.pdf http://www.oasis-open.org/committees/download.php/5076/oasis-200401-wss-wssecurity-secext-1.0.xsd.xsd http://www.oasis-open.org/committees/download.php/5075/oasis-200401-wss-wssecurity-utility-1.0.xsd.xsd 2. A clear English-language summary of the specification. The documents comprising the Web Services Security v1.0 specification are as follows: Web Services Security: SOAP Message Security (WS-Security) http://www.oasis-open.org/committees/download.php/5531/oasis-200401-wss-soap-message-security-1.0.pdf Web Services Security: Username Token Profile http://www.oasis-open.org/committees/download.php/5532/oasis-200401-wss-username-token-profile-1.0.pdf Web Services Security: X.509 Certificate Token Profile http://www.oasis-open.org/committees/download.php/5533/oasis-200401-wss-x509-token-profile-1.0.pdf Two XML schema documents, secext.xsd and utility.xsd http://www.oasis-open.org/committees/download.php/5076/oasis-200401-wss-wssecurity-secext-1.0.xsd.xsd http://www.oasis-open.org/committees/download.php/5075/oasis-200401-wss-wssecurity-utility-1.0.xsd.xsd The Web Services Security specification describes a set of extensions to SOAP that allow message level security to be added to Web Services message exchanges. The two profile documents describe mechanisms for using WS-Security to carry Username/Password and X.509 certificate level detail within these messages. The two schema documents provide the formal XML definition of the extensions to the SOAP schema that WS-Security introduces. 3. A statement regarding the relationship of this specification to similar work of other OASIS TCs or other standards developing organizations. This work builds upon work done in W3C in the areas of XML Digital Signature (DSIG) and XML Digital Encryption. The specification describes how to include security content (signatures and cipher text etc.) within a SOAP message header and body. As such, this spec, both utilizes and complements the SOAP work done by the XMLP WG at W3C. Further, the WSS specification and its profiles describe how to utilize X.509 certificates within SOAP messages. X.509 (and X.500) are of course well known public specifications. Further profiles (yet to be finished) will describe how WS-Security can be used in conjunction with Kerberos, SAML, XrML and other security technologies that have been or are being developed at OASIS and elsewhere. Links to these related technologies are included in the specifications that we are delivering for easy cross reference by the reader. 4. Certification by at least three OASIS member organizations that they are successfully using the specification consistently with the OASIS IPR Policy. The chairs have received statements from the following TC member organizations. We include below the submitted text (for ease of reading) and also pointers to the e-mail archive record of the statements made. Argonne National Laboratory http://lists.oasis-open.org/archives/wss/200402/msg00028.html BEA Systems http://lists.oasis-open.org/archives/wss/200402/msg00022.html CommerceOne http://lists.oasis-open.org/archives/wss/200402/msg00027.html IBM http://lists.oasis-open.org/archives/wss/200402/msg00023.html Microsoft http://lists.oasis-open.org/archives/wss/200402/msg00029.html OpenNetwork http://lists.oasis-open.org/archives/wss/200402/msg00024.html Reactivity http://lists.oasis-open.org/archives/wss/200402/msg00026.html Systinet http://lists.oasis-open.org/archives/wss/200402/msg00025.html 5. An account of each of the comments/issues raised during the public review period, along with its resolution. http://lists.oasis-open.org/archives/wss/200401/msg00157.html http://lists.oasis-open.org/archives/wss/200311/msg00044.html 6. An account of and results of the voting to approve the approve the specification as a Committee Draft. http://www.oasis-open.org/apps/org/workgroup/wss/ballot.php?id=323& http://www.oasis-open.org/apps/org/workgroup/wss/ballot.php?id=324& 7. An account of or pointer to votes and comments received in any earlier attempts to standardize substantially the same specification, together with the originating TC's response to each comment. This specification has not been previously submitted to OASIS. 8. A pointer to the publicly visible comments archive for the originating TC http://lists.oasis-open.org/archives/wss-comment/ 9. A statement from the chair of the TC certifying that all members of the TC have been provided with a copy of the OASIS IPR Policy. The TC chairs certify that all members have been reminded to read the IPR statement on numerous occasions and also in e-mail such as at http://lists.oasis-open.org/archives/wss/200401/msg00100.html and at http://lists.oasis-open.org/archives/wss/200401/msg00164.html 10. Optionally, a pointer to any minority reports submitted by one or more TC members who did not vote in favor of approving the Committee Draft, or certification by the chair that no minority reports exist. No minority reports have been submitted to the chairs as of this writing. Two comments were registered using the ballot tool during the Committee Draft vote. Several comments were recorded using the ballot tool during the ballot to advance the specification to OASIS. Please see http://www.oasis-open.org/apps/org/workgroup/wss/ballot.php?id=323& and http://www.oasis-open.org/apps/org/workgroup/wss/ballot.php?id=324& Submitted by the TC co-chairs, Kelvin Lawrence, klawrenc@us.ibm.com, and Chris Kaler, ckaler@microsoft.com.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]