OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

announce message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Web Services Security (WSS) Ratified as OASIS Standard

Web Services Security (WSS) Ratified as OASIS Standard

AmberPoint, BEA Systems, Betrusted, Commerce One, Computer Associates,
Documentum, Entrust, Fujitsu, HP, Hitachi, IBM, Microsoft, Netegrity, Nokia,
Novell, Oblix, OpenNetwork, Oracle, Reactivity, RSA Security, SAP, Sarvega,
SeeBeyond Technology, Sun Microsystems, Verisign, and Others Develop
Foundational Standard for Security

Boston, MA, USA; 19 April 2004 -- The OASIS international standards
consortium today announced that its members have approved the Web Services
Security (WSS) version 1.0 (WS-Security 2004) as an OASIS Standard, a status
that signifies the highest level of ratification. WSS offers a trusted means
for applying security to Web services by providing the necessary technical
foundation for higher-level services.

Gartner analyst, Ray Wagner, advised, "Enterprises should adopt WSS
formatting for all across-the-firewall Web service deployments, even in
cases where no security needs have been identified. Gartner believes that
WSS will be the standard for the majority of Web services, and committing to
it now will allow enterprises to easily modify the security profile of
deployed Web services in the future."

WSS builds upon existing security technologies such as XML Digital
Signature, XML Encryption and X.509 Certificates to deliver an industry
standard way of securing Web services message exchanges. Providing a
framework within which authentication and authorization take place, WSS lets
user apply existing security technology and infrastructure in a Web services

"By enabling applications to share information regarding network access
regardless of the underlying platform, Web Services Security paves the way
for broader adoption of Web services," said Chris Kaler of Microsoft,
co-chair of the OASIS WSS Technical Committee. "The OASIS WSS TC is pleased
by the support and commitment of the Web services community leading to the
ratification of Web Services Security as an industry standard." 

WSS handles complex confidentiality and integrity for SOAP (Simple Object
Access Protocol) messages, providing a general-purpose mechanism for
associating security tokens with message content. Designed to be extensible,
WSS supports multiple security token formats. 

"A client might provide one format for proof of identity and another format
to verify their business certification," explained Kelvin Lawrence of IBM,
co-chair of the OASIS WSS Technical Committee. "Using WSS, a system can
authenticate the identity of a person connecting to several networks at once
or pass data between two applications securely."

"The Web Services Security OASIS Standard represents a truly impressive
collaboration from across the industry," noted Patrick Gannon, president and
CEO of OASIS. "It is testament to the value of the open standards process
where users and vendors, large and small, come together to advance a common
good. WSS delivers a much-needed foundational technology that will enable
Web services to be deployed with confidence."

Industry Support for WSS

Booz Allen Hamilton
"The approval of Web Services Security is a large step forward in enabling
increasingly secure interoperability between Web Services-based systems both
inside and outside enterprise boundaries," said Steven Lewis, Senior
Consultant at Booz Allen Hamilton. "This will enable our clients to achieve
even greater benefits from using Web Services, and we look forward to
applying OASIS Web Services Security in our client solutions."

Commerce One
"Securing messages sent using Web services is critical to the widespread
deployment of Web services for integrating systems at the
'edge-of-the-enterprise.' We have been very active in the development of
this important standard and have implemented it as part of a comprehensive
security solution in our Conductor Platform," said David Burdett, Director
of Standards Strategy at Commerce One. 

Computer Associates
"OASIS Web Services Security will help ensure and streamline the
implementation of security policies across complex environments and multiple
business relationships. CA will continue to work closely with other industry
leaders and with OASIS to develop practical standards that enable our
customers to create trusted relationships, resulting in improved business
performance and new revenue opportunities." said Dmitri Tcherevik, director
of Web services at Computer Associates.

"WSS 1.0 is a key building block of the trust infrastructure required by
many other Web Services. The OASIS XDI (XRI Data Interchange) Technical
Committee intends to use WSS 1.0 as a primary means of ensuring the security
of trusted data sharing relationships using XDI. This is another example of
how modular Web Services specifications developed by OASIS and other
standards bodies can work together to build the next layer of the Web," said
Drummond Reed, CTO, Cordance Corporation, Co-Chair of the OASIS XRI and XDI
Technical Committees.

"Fujitsu is very pleased to learn that Web Services Security (WS-Security
2004) has been ratified as an OASIS Standard with wide industry support.
Fujitsu believes that this open and interoperable security standard will
accelerate the adoption and deployment of Web services suitable for real
business applications," said Seigo Hirosue, General Manager of Strategy and
Technology Division, Software Group of Fujitsu Limited.

"Standards-based, secure Web services technologies are the foundation of
open, flexible, business-centered computing systems. Approval of the OASIS
Web Services Security specifications is an important step in building a
complete suite of open Web services standards. Implementations of these
specifications will help HP and our customers to adapt IT resources to
enterprise needs rapidly and securely," said David Shoaf, director, Software
Standards Marketing, HP. 

"IBM is pleased to see Web Services Security become an OASIS Standard.
Customers have been asking for an industry standard way of signing and
securing Web services message exchanges, and the industry has clearly been
looking to the OASIS Web Services Security Technical Committee to deliver a
quality specification. IBM already offers support for earlier drafts of
WS-Security in many of our WebSphere and Tivoli products and this new OASIS
Standard will be fully supported across the IBM software portfolio," said
Arvind Krishna, vice president of provisioning and security development,
Tivoli Software, IBM. 

"The ratification of Web Services Security as a standard is a significant
milestone for Web services and the industry overall. Web Services Security
is supported broadly across the industry, with numerous implementations from
vendors available today as evident by our customers leveraging Web Services
Security capabilities. We will continue our support for the standard with
plans to implement the technology in our Web Services Enhancements (WSE)
offering. We look forward to continued progress, adoption and implementation
of Web services, and continuing our commitment to work with the industry to
provide a common set of industry standards for secure, reliable and
transacted Web services," said Dave Mendlen, director of Web services
technical marketing for Microsoft.

"Nokia is pleased to see the timely release of these open security
standards. This will enable interoperable web services security, driving
meaningful web services adoption. Nokia is pleased to have contributed to
these standards and looks forward to their adoption by vendors, customers
and other standards organizations, increasing the momentum toward practical
service oriented architectures," said Frederick Hirsch, Senior Architect at
Nokia, an active contributor in the OASIS WSS Technical Committee and member
of the OASIS Board of Directors.

"Over the past 18 months, Reactivity has been an active member of the OASIS
WSS Technical Committee, providing thought leadership in XML security
technology to help drive the convergence of interoperability standards. We
appreciate the opportunity to contribute to Web Services Security Version
1.0 and are pleased to have been the first among XML security gateways to
actually demonstrate broad interoperability. We will continue to actively
support the final specification in our current and next-generation secure
connectivity solutions for Web services," said John Lilly, CTO, Reactivity.

"SAP considers message-level Web service security a key component for
deploying Web services in enterprise-critical business applications. We are
pleased to see Web Services Security accepted as an OASIS Open Standard and
to announce its support in SAP NetWeaver, SAP's application and integration
platform. Web Services Security provides our customers with message
integrity and confidentiality in their Web services-based application
integration projects," said Michael Bechauf, Vice President NetWeaver
Standards at SAP.

"As the deployment of Web services, especially in mission-critical
applications, becomes more widespread, the ability to provide interoperable,
comprehensive and reliable security becomes all the more important. The
industry has recognized for some time that standardization of security is
key to successful Web services deployments. OASIS and its members have made
significant contributions toward crafting a common standard and assuring
real life applicability through interoperability testing. We, as well as our
customers, are extremely pleased about this announcement and Sarvega is
proud to be part of the process," said Girish Juneja, co-founder and senior
vice president of product management for Sarvega.

"Approval of Web Services Security as an OASIS Standard is an important step
toward maturing the set of basic technologies necessary to support the
deployment of secure Web Services. As an OASIS sponsor represented on the
OASIS WSS Technical Committee, SeeBeyond supports this advancement in
providing enhanced message-based integrity, confidentiality, and
authentication. This security standard coupled with our open platform for
composite application development and integration, further supports our role
in enabling standards-based interoperability built on a Service Oriented
Architecture (SOA) for our global customer base,"  said Alex Andrianopoulos,
vice president of Product Management & Standards for SeeBeyond. 

About OASIS (http://www.oasis-open.org):

OASIS (Organization for the Advancement of Structured Information Standards)
is a not-for-profit, global consortium that drives the development,
convergence, and adoption of e-business standards. Members themselves set
the OASIS technical agenda, using a lightweight, open process expressly
designed to promote industry consensus and unite disparate efforts. OASIS
produces worldwide standards for security, Web services, conformance,
business transactions, electronic publishing, topic maps and
interoperability within and between marketplaces. Founded in 1993, OASIS has
more than 2,500 participants representing over 600 organizations and
individual members in 100 countries.

More information:

OASIS WSS Technical Committee

Cover Pages Technology Report: Web Services Security

Press contact:

Carol Geyer
Director of Communications
OASIS (www.oasis-open.org)
+1.978.667.5115 x209

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]