Companies Demonstrate Interoperability of WS-Security OASIS Standard

["Carol Geyer" <carol.geyer@oasis-open.org>]

BEA Systems, DataPower, IBM, Microsoft, Oracle, Reactivity, Panacea Software, RSA Security, Sarvega, Sun Microsystems, Systinet,
TIBCO, and VeriSign Collaborate on WS-Security OASIS InterOp at Gartner Summit

LOS ANGELES, CA, USA; 20 APRIL 2005 -- Fourteen organizations joined together for the first time to demonstrate interoperability of
the WS-Security OASIS Standard at the Gartner Application Integration and Web Services Summit in Los Angeles today. WS-Security,
developed by the OASIS Web Services Security (WSS) TC, delivers a technical foundation for implementing security functions such as
integrity and confidentiality in messages implementing higher-level Web services applications. 

Gartner analyst, Ray Wagner, describes WS-Security as "the standard for the majority of Web services...committing to it now will
allow enterprises to easily modify the security profile of deployed Web services in the future."* 

WS-Security allows a wide range of key security methods such as authentication and access control to be reliably, readily associated
with SOAP messages. The OASIS InterOp at the Gartner Summit demonstrated the exchange of messages protected by WS-Security using the
X.509 Token Profile. 

"It is gratifying to see so many vendors supporting the WS-Security OASIS Standard with their interoperable implementations,"
observed Hal Lockhart of BEA Systems, lead of the OASIS InterOp team. "We came together with a common goal: to make it clear to all
implementers-not just the larger enterprises that have already embraced the standard-that the time is right to adopt WS-Security."

Patrick Gannon, president and CEO of OASIS, agreed. "WS-Security provides a key component for the broader security frameworks that
users need. Many of the participants in today's InterOp are also deeply involved in advancing other OASIS Standards for security,
such as the Security Assertion Markup Language (SAML) and the eXtensible Access Control Markup Language (XACML). The synergy between
these efforts goes a long way towards meeting the marketplace's need for a cohesive fit between standards," said Gannon, who also
participated in Gartner's "Power Panel: A Conversation on Standards" at the event.


Vendors Collaborate on WS-Security Interoperability

DataPower
"DataPower has a unique first-hand perspective on the importance of interoperability of WS-Security to end-users having supported
early versions in customer deployments since late 2002," said Eugene Kuznetsov, CTO at DataPower. "It's easy for a vendor to claim
support for WS-Security, but only independent interop testing ensures that it will work for customers. Now that WS-Security is an
official OASIS Standard, this interoperability event is the final step in demonstrating the maturity of Web services security."

IBM
"When we originally worked on this standard with Microsoft and other partners, we saw WS-Security as the foundation of secure Web
services," said Anthony Nadalin, Chief Security Architect of IBM Software Group and IBM Distinguished Engineer. "We are pleased to
see the work we took to OASIS, and saw become a standard, get such broad industry adoption."

Microsoft
"The WS-Security standard is the cornerstone to building secure Web Services and is composable with the broader WS-* architecture
where secure, reliable and transacted Web services are achieved," said Ari Bixhorn, Director, Web Services Strategies for Microsoft.
"This demo provides an example of trusted interoperability and showcases the companies' commitment to evolving standards that meet
customer demands for interoperability and security across heterogeneous systems. Microsoft has played a key role in the development
of Web services standards, and WS-Security delivers on this roadmap."

Oracle
"It is evident that Web services are rapidly becoming the cornerstone for integration and B2B transactions," said Hasan Rizvi, vice
president, Development at Oracle. "Our participation in the WS-Security OASIS demonstration illustrates Oracle's support for the
standard and its ability to help enable the secure exchange of information among partners."
 
Panacea Software
"Panacea Software is delighted to demonstrate our 100% BPEL-based implementation of WS-Security at the OASIS Interop. We provide
complete end-to-end Web services-enabled solutions to build, deploy, run, manage, monitor and optimize business processes in
alignment with both corporate IT and web strategies across the extended enterprise," said Ajay Sarkar, CEO, Panacea Software.
"WS-Security is the key to providing the security required in our end-to-end business process solution set."

Reactivity
"WS-Security has matured significantly and gained more widespread adoption since Reactivity delivered our first XML security product
in June 2002," said Andrew Nash, CTO at Reactivity. "As a member of the OASIS WSS Technical Committee, Reactivity is proud to have
contributed to the development of WS-Security, and we are pleased to participate in this OASIS InterOp event at the Gartner Summit
in LA."

Sun Microsystems
"As an OASIS Foundational Sponsor, we were very keen to participate with other leading innovators to demonstrate the value of the
WS-Security OASIS Standard as it enforces Sun's commitment to security, interoperability and open standards - central themes of the
Sun Java Enterprise System," said Rich Sharples, Group Product Marketing Manager, Application Platform Products, Sun Microsystems.

Systinet
"Systinet has a longstanding commitment to supporting interoperability initiatives for Web services and SOA," said Luc Clement,
Senior Product Manager, Systinet, and co-chair of the OASIS UDDI Technical Committee. "Interoperability between different vendor
products is essential. We're pleased to support the WS-Security OASIS InterOp."

TIBCO
"As an active participant in the OASIS WS-Security Technical Committee, which contributes to the evolution of this security
standard, TIBCO is committed to the development of such open industry standards and the widespread adoption of Web services," said
Aiaz Kazi, General Manager, Business Integration, TIBCO Software Inc. "The WS- Security OASIS InterOp is a key step that showcases
the power of a standards-based and secure exchange of information between Web service producers and consumers. Enterprises will
greatly benefit from the collaborative efforts of the software industry's top leaders participating in this InterOp."

VeriSign
"WS-Security has increasingly become the basis of all SOAP security standards, providing a sound foundation for implementing
reliable security parameters in Web services security. As an original author of the specification, VeriSign is pleased to see such
broad adoption," said Hemma Prafullchandra, director, Advanced Products and Research Group, VeriSign.  "The significant number of
companies participating in this collaboration shows that we have proven that future SOAP security standards in development are
building on strong, trusted technology."


* From Gartner Research 'Web Services Security Advances With Approval of Key Standard' April 2004.
 

About OASIS
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that
drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using
a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces
open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific
markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100
countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP,
WS-Security, XACML, and XCBF. http://www.oasis-open.org


Additional information:

OASIS Web Services Security Technical Committee 
http://www.oasis-open.org/committees/wss


Press contact:
Carol Geyer
Director of Communications
OASIS
carol.geyer@oasis-open.org
+1.978.667.5115 x209