Confidential Draft OASIS Press Release: WS-Security v1.1

["Carol Geyer" <carol.geyer@oasis-open.org>]

OASIS WSS TC Members:

Here is the latest version of our press release, which is scheduled to be distributed on Wednesday, 15 Feb.

I have listed all the sponsor members that have submitted quotes, but out of respect for company confidentiality, I don't share the
actual quotes with others until the press release is issued. 

If you believe you submitted a quote and your company name does not appear below, please resend it. If you plan to submit a quote
but have not yet done so, let me know ASAP. The deadline was noon today, but I will try to accommodate you for as long as I can. 

Thanks for your support,
Carol


--CONFIDENTIAL DRAFT--


Members Approve WS-Security v1.1 as OASIS Standard

Actional, Adobe, AmberPoint, BEA Systems, BMC Software, Computer Associates, EMC, Forum Systems, Fujitsu, Hewlett-Packard, Hitachi,
IBM, Intel, Microsoft, Neustar, Nokia, Oracle, Reactivity, RSA Security, SAP AG, Sun Microsystems, Tibco, VeriSign, and Others
Collaborate to Advance Foundational Standard for Web Services Security 


Boston, MA, USA; 15 February 2006 -- OASIS, the international e-business standards consortium, today announced that its members have
approved WS-Security version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. Developed through
an open process by the OASIS Web Services Security (WSS) Technical Committee, WS-Security delivers a technical foundation for
implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services
applications.

Gartner analyst, Ray Wagner, advised, "Enterprises should adopt WS-Security formatting for all across-the-firewall Web service
deployments, even in cases where no security needs have been identified. Gartner believes that WS-Security will be the standard for
the majority of Web services, and committing to it now will allow enterprises to easily modify the security profile of deployed Web
services in the future."

WS-Security builds on existing security technologies to deliver an industry standard way of securing Web services message exchanges.
Providing a framework within which authentication and authorization take place, WS-Security lets users apply existing security
technology and infrastructure in a Web services environment.

"We have made significant, but complimentary, additions to WS-Security-many of which are the direct result of user feedback," said
Kelvin Lawrence of IBM, co-chair of the OASIS WSS Technical Committee. "WS-Security v1.1 enhancements include extra profiles for
Kerberos, the Security Assertion Markup Language (SAML) OASIS Standard, SOAP with Attachments and Rights Expression Language (REL). 

"The new release also enables secure, message-based Web Services scenarios incorporating existing security technologies," added
Chris Kaler of Microsoft, co-chair of the OASIS WSS Technical Committee. "Applications can share information on network access
regardless of the underlying platform."  

Patrick Gannon, president and CEO of OASIS, stated, "The OASIS WSS Technical Committee is a fine example of the open standards
process, where the needs and interests of a broad base of constituents-large and small companies, vendors and users, private
enterprises, multi-national corporations, and government agencies-are addressed to the benefit of all. We look forward to seeing
adoption of this new level of WS-Security in the same way that the 1.0 standard was embraced." 

The OASIS WSS Technical Committee remains open to new participation and particularly seeks input from those in the international
community to advance WS-Security.  All interested parties are encouraged to exchange information on implementing WS-Security via the
wss-dev mailing list (http://www.oasis-open.org/mlmanage/). As with all Consortium projects, archives of the OASIS WSS Technical
Committee's work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment on the
standard.

Support for WS-Security

<SPONSOR QUOTES GO HERE. SO FAR, I RECEIVED QUOTES FROM: Fujitsu, Hitachi, Microsoft, Nokia, Oracle, Sun, and VeriSign>


About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that
drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using
a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces
open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific
markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100
countries. Approved OASIS Standards include AVDL, CAP, DITA, DocBook, DSML, ebXML CPPA, ebXML Messaging, ebXML Registry, EML,
OpenDocument, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WS-Security, XACML, XCBF, and XML Catalogs. 
http://www.oasis-open.org


Additional information:

OASIS WSS Technical Committee
http://www.oasis-open.org/committees/wss

Cover Pages Technology Report
http://xml.coverpages.org/ws-security.html


Press contact:

Carol Geyer
Director of Communications
OASIS
carol.geyer@oasis-open.org
+1.978.667.5115 x209