OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

announce message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: OASIS Forms Committee to Advance Standards for Web Services Secure Exchange (WS-SX)


OASIS Members Form Committee to Advance Standards for Web Services Secure Exchange (WS-SX) 

Actional, Adobe, Amberpoint, BMC Software, BEA Systems, Computer Associates, DataPower, Forum Systems, HP, IBM, Infravio, IONA,
Microsoft, Nokia, Novell, Oracle, Reactivity, Ricoh, Sarvega, SAP, SOA Software, Sonic Software, Systinet, TIBCO, VeriSign,
webMethods, and Others Refine WS-Conversation, WS-SecurityPolicy, and WS-Trust

BOSTON, MA, USA; 26 OCTOBER 2005 - Members of the OASIS international standards consortium announced plans to define extensions to
the WS-Security OASIS Standard that will enable the trusted exchange of multiple SOAP messages and will define security policies
that govern the formats and tokens of those messages.  The new OASIS Web Services Secure Exchange (WS-SX) Technical Committee brings
together users and vendors in an open process to refine and finalize a set of specifications based on three initial contributions,
WS-SecureConversation, WS-SecurityPolicy and WS-Trust.  Other contributions and changes to these input documents will be accepted
for consideration without prejudice or restriction and evaluated based on technical merit.

"In order to meet the growing demands of secure Web service messaging, we need facilities beyond what is provided in the WS-Security
OASIS Standard," explained Kelvin Lawrence of IBM, proposed co-chair of the OASIS WS-SX Technical Committee. "WS-Security describes
a base mechanism for securing SOAP messages. With WS-SX, we'll concentrate on trust brokering, multi-message exchanges, and policies
that describe how to secure message exchanges with a Web service."

With input from the entire community, the OASIS WS-SX Technical Committee will advance a set of modular specifications that
standardize the concepts, WSDL documents, and XML Schema renderings for trusted brokering of SOAP message exchanges, shared security
contexts, and security policies. WS-SecurityPolicy defines a general set of security policies that can be associated with a Web
service. WS-Trust provides a description for managing, establishing and assessing trust relationships between parties exchanging
information. WS-SecureConversation serves as a building block to create a secure context for organizations to exchange multiple
messages without constantly reauthenticating.

"The WS-Security OASIS Standard describes how to use security tokens to obtain message integrity, confidentiality, and
authentication of the message sender, but in order to use these mechanisms, tokens must be obtained and trust brokered.
Furthermore, a mechanism is needed to describe security exchange patterns," noted Chris Kaler of Microsoft, proposed co-chair of the
OASIS WS-SX Technical Committee. "WS-Trust and WS-SecurityPolicy include additional primitives to enable the obtaining of tokens and
brokering of trust relationships as well as expressing supported security exchange patterns as policy expressions associated with
SOAP endpoints."

By advancing the specifications within OASIS, WS-SX developers are able to work in close proximity to related projects also underway
at the consortium, including the OASIS Web Services Reliable Exchange (WS-RX), Web Services Transaction 
(WS-TX), and Web Services Security Committees. Participants in the OASIS WS-SX Committee intend for their work to be readily
composable with these other specifications. 

"The WS-Security OASIS Standard was designed to be a highly extensible method," observed James Bryce Clark, director of standards
development at OASIS.  "WS-SX will provide further extensions to enable functions such as policy expressions and long-running
conversations.  These will augment the X.509, username, SAML, and other token profiles already available for WS-Security. " 

The OASIS WS-SX Technical Committee will operate under Royalty Free on RAND Terms, as defined by the OASIS Intellectual Property
Rights Policy. The Committee's first meeting will be held 7-8 December 2005, and participation remains open to all companies,
non-profit groups, and individuals. As with all OASIS projects, archives of the Committee's work will be accessible to both members
and non-members, and OASIS will host an open mail list for public comment.

Support for WS-SX:

Actional
"Ensuring that Web services can be used for mission critical solutions in the enterprise is vital," said Dan Foody, CTO of Actional.
"Many mission critical applications require transactional integrity, and with the advent of WS-TX, these applications can be
designed and built to use Web services -- all while being interoperable across vendors." 
 
Computer Associates 
"CA is pleased to participate in the OASIS WS-SX Technical Committee. As one of the early contributors to the specifications that
lead to the creation of this committee, CA recognizes the need for the standardization of trust between federated business partners
and plans to implement those standards in CA's IAM products as they become available," said Bill Bartow, senior vice president of
eTrust Identity and Access Management at CA.

Forum Systems 
"The OASIS WS-SX Technical Committee represents a significant step forward in creating a composable Web services architecture," said
Mamoon Yunus, CTO of Forum Systems.  "WS-SecureConversation, WS-SecurityPolicy, and WS-Trust help establish the necessary security
context for exchanging multiple messages, resolving security token incompatibility, and defining interoperable security policy
expression. With WS-SX, security underpinnings necessary for enterprise-class SOAs are closer to realization."

IBM
"We continue to see increasing demand for secure Web services from our clients deploying advanced SOA solutions," said Karla
Norsworthy, vice president, IBM Software Standards.  "The specifications contributed to the OASIS WS-SX Committee provide customers
the ability to establish trust relationships that span long running exchange and provide interoperability for real world scenarios."

 
Microsoft
"Today's announcement represents another significant step toward simplifying the development of secure, interoperable systems based
on Web services," said Ari Bixhorn, Director of Web Services Strategy for Microsoft.  "The broad industry support for this charter
shows our continued commitment to providing a Web services architecture that enables customers to address their ever-changing
business needs."

Nokia 
"Nokia is pleased to see these specifications submitted to an open standards organization," said Frederick Hirsch, Senior Architect
at Nokia. "We would like to see convergence of standardization in this area to enable the adoption of services that require these
standards."
 
Novell
"Identity technology is a critical aspect of the Internet, and Novell is committed to providing secure interoperability within Web
services infrastructure," said Kent Erickson, Novell vice president, Identity and Resource Management. "We recognize the security of
Web services is important as we identity-enable the Internet. We look forward to collaborating with other leading software vendors
so our customers can increase the security of their systems and improve their agility to meet their ever-changing needs."

Oracle
"Oracle is deeply committed to developing and supporting the development of open standards, and Web services security is a
particularly keen interest to us," said Oracle Vice President, Identity Management, Roger Sullivan. "By participating in the OASIS
WS-SX Committee we will play a key role in providing the standardized mechanisms organizations need to interoperate in a secure and
trusted Web services environment."

SAP
"The WS-SX specifications will enhance Web services security through advanced support for collaborative business solutions," said
Michael Bechauf, Vice President of SAP NetWeaver Industry Standards. "As one of the world's leading provider of business software
solutions, we believe that interoperability of policy-driven security runtime configurations and improved messaging security are
important building blocks of the Enterprise Services Architecture (ESA)."

SOA Software
"The work performed by the OASIS WS-SX Committee will essentially complete the triumvirate of secure, reliable and transactional Web
services required for real-world, business-to-business communication using SOA," said Alistair Farquharson, SOA Software CTO. "We
are pleased to participate in this work as it will help to standardize much of the work we have already done through the creation of
the XML VPN concept and products."

Systinet
"Security remains one of the top issues among enterprise IT executives adopting SOA," said Roman Stanek, Founder, Systinet. "This
new standard will go a long way toward alleviating their concerns, and Systinet is pleased to support OASIS on this initiative."

TIBCO
"Missing from today's Web services messaging is an accepted standard for brokering trust between parties in a SOAP message
exchange," said Matt Quinn, vice president, Product Strategy, TIBCO Software, Inc. "In order to advance Web services adoption and
enable the establishment of trusted relationships between senders and receivers, protocols around message integrity, confidentiality
and authentication must be established. The OASIS WS-SX Technical Committee, comprised of the industry's leading authorities on both
IT security and open standards-based computing, will work to unite disparate efforts and achieve industry consensus to overcome this
challenge." Quinn added, "As an active participant in OASIS, TIBCO is committed to furthering the development and adoption of
standards that drive technology innovation."

webMethods
"While the WS-Security OASIS Standard provides an important protocol for securing SOAP messages, it fails to cover all of the
important usages of SOAP today," said Marc Breissinger, vice president and Chief Architect, webMethods Inc.  "The OASIS WS-SX
Technical Committee is charged with addressing many of these issues, including trust brokering, multi-message exchanges, and the
need for policies describing how to secure message exchanges with a Web service.  Based on our continuing support for key industry
standards and our long-term recognition of the need to derive business value from Web services, webMethods is proud to support this
initiative."


About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that
drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using
a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces
open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific
markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100
countries. Approved OASIS Standards include AVDL, CAP, DITA, DocBook, DSML, ebXML CPPA, ebXML Messaging, ebXML Registry,
OpenDocument, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WS-Security, XACML, and XCBF. http://www.oasis-open.org


Additional information:

OASIS WS-SX Technical Committee
http://www.oasis-open.org/committees/ws-sx

Cover Pages Technology Report on
XML and Security: 
http://xml.coverpages.org/security.html


Press contact:

Carol Geyer
Director of Communications
OASIS
carol.geyer@oasis-open.org
+1.978.667.5115 x209




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]