xcbf message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xcbf] [Fwd: [wss] Fwd: WS-Security specs make their debut]
- From: "Phillip H. Griffin" <phil.griffin@asn-1.com>
- To: "[OASIS XCBF]" <xcbf@lists.oasis-open.org>
- Date: Fri, 20 Dec 2002 08:52:13 -0500
This should be followed, particularly by folks with a hook into
SG17, as the WS-SecureConversation would 'speak' to the
potential use of voice recognition biometrics to authenticate the
hand held device or mobile user.
Did someone say multimodality?
Phil
-------- Original Message --------
Hi, Chris and Kelvin -
Can you shed any light on the confusion this article produced, at least
among our PR folks, over just what constitutes "WS-Security"? Do I misunderstand
the role of the WSS TC in OASIS, or have we published a new collection of
specifications for which I missed the discussion?
Is there some reason the rest of us, not evidently one of "a few partners",
should not be thoroughly pissed?
Thanks for your prompt response, and best wishes for the holidays...
Ed
=============================================
WS-Security specs make their debut
By Brian Fonseca and Ed Scannell
December 18, 2002 5:29 am PT
HOLDING TRUE TO its self-anointed mission to enable secure Web services
between applications, organizations, and end-users, IBM and Microsoft joined
a few partners on Tuesday to announce the publishing of the first in a set
of planned WS-Security specifications.
With assistance from VeriSign, BEA Systems, and RSA Security, the new specifications
focus specifically on business policy and security as the first salvo in
implementing WS-Security.
Announced in April, WS-Security serves as a documented model of Web services
capabilities for tackling potential roadblocks of the technology, including
reliable messaging, security transactions, discovery, and orchestration,
noted Scott Collison, director of Web services marketing, for Redmond, Wash.-based
Microsoft.
The specifications unveiled on Tuesday include WS-Policy, WS-Trust, and
WS-SecureConversation, also joined by WS-SecurityPolicy, WS-PolicyAttachments,
and WS-PolicyAssertions.
"We are getting broad consensus on these specifications, and it is our full
intention to implement these specifications so that our customers get what
they want in the areas of Web services," said Collison. "The other part
is doing some things around policies so that businesses implementing Web
services have more control over how they express policies to their partners
and customers who want to interact with them."
For policy concerns, WS-Security designers wanted to create a generic policy
framework in addition to the ability to express security policy. These components
comprise WS-Policy. The specification WS-Policy Attachments describes how
a policy is attached either to an instance of a Web service or to the Web
services as a whole. For example, a policy might only be available to end-users
with a certain credit rating or people who would use a particular security
token.
WS-Trust allows a Web service to communicate within an environment regardless
of the type of security server that exists in a common way, for instance
establishing communications between a Kerberos server and a PKI server.
Lastly, WS-SecureConversation enables users to set up a "secure context"
and eliminate re-authentication for each request or message made after gaining
initial access to a Web service.
Although he expressed surprise that WS-Security designers decided to delay
addressing any sort of privacy as part of the first specification roll-out,
Jason Bloomberg, senior analyst for Waltham, Mass.-based ZapThink, said
Tuesday's announcement is nonetheless important due to the continued cooperation
of major IT vendors to follow up promises of standardizing WS-Security.
"Now customers get to review the specifications and give feedback and vendors
have to build tools, so IBM and Microsoft will be rolling out [WS-Security]
tools," said Bloomberg. "Once the standard moves along and [the] specification
becomes a standard, then you'll find multiple vendors using WS-Security-compliant
products. By no means do IBM and Microsoft have a lock on this."
===============
Edwards E Reed, Security Tzar
Novell, Inc.
+1 585 624 2402 - Rochester
+1 617 914 8011 - Cambridge
+1 585 750 2960 - Cell
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC