OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xcbf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xcbf] [Fwd: [wss] Fwd: WS-Security specs make their debut]

This should be followed, particularly by folks with a hook into
SG17, as the WS-SecureConversation would 'speak' to the
potential use of voice recognition biometrics to authenticate the
hand held device or mobile user.

Did someone say multimodality?


-------- Original Message --------

Hi, Chris and Kelvin -
Can you shed any light on the confusion this article produced, at least among our PR folks, over just what constitutes "WS-Security"?  Do I misunderstand the role of the WSS TC in OASIS, or have we published a new collection of specifications for which I missed the discussion?
Is there some reason the rest of us, not evidently one of "a few partners", should not be thoroughly pissed?
Thanks for your prompt response, and best wishes for the holidays...
WS-Security specs make their debut

By Brian Fonseca and Ed Scannell
December 18, 2002 5:29 am PT

HOLDING TRUE TO its self-anointed mission to enable secure Web services between applications, organizations, and end-users, IBM and Microsoft joined a few partners on Tuesday to announce the publishing of the first in a set of planned WS-Security specifications.

With assistance from VeriSign, BEA Systems, and RSA Security, the new specifications focus specifically on business policy and security as the first salvo in implementing WS-Security.

Announced in April, WS-Security serves as a documented model of Web services capabilities for tackling potential roadblocks of the technology, including reliable messaging, security transactions, discovery, and orchestration, noted Scott Collison, director of Web services marketing, for Redmond, Wash.-based Microsoft.

The specifications unveiled on Tuesday include WS-Policy, WS-Trust, and WS-SecureConversation, also joined by WS-SecurityPolicy, WS-PolicyAttachments, and WS-PolicyAssertions.

"We are getting broad consensus on these specifications, and it is our full intention to implement these specifications so that our customers get what they want in the areas of Web services," said Collison. "The other part is doing some things around policies so that businesses implementing Web services have more control over how they express policies to their partners and customers who want to interact with them."

For policy concerns, WS-Security designers wanted to create a generic policy framework in addition to the ability to express security policy. These components comprise WS-Policy. The specification WS-Policy Attachments describes how a policy is attached either to an instance of a Web service or to the Web services as a whole. For example, a policy might only be available to end-users with a certain credit rating or people who would use a particular security token.

WS-Trust allows a Web service to communicate within an environment regardless of the type of security server that exists in a common way, for instance establishing communications between a Kerberos server and a PKI server.

Lastly, WS-SecureConversation enables users to set up a "secure context" and eliminate re-authentication for each request or message made after gaining initial access to a Web service.

Although he expressed surprise that WS-Security designers decided to delay addressing any sort of privacy as part of the first specification roll-out, Jason Bloomberg, senior analyst for Waltham, Mass.-based ZapThink, said Tuesday's announcement is nonetheless important due to the continued cooperation of major IT vendors to follow up promises of standardizing WS-Security.

"Now customers get to review the specifications and give feedback and vendors have to build tools, so IBM and Microsoft will be rolling out [WS-Security] tools," said Bloomberg. "Once the standard moves along and [the] specification becomes a standard, then you'll find multiple vendors using WS-Security-compliant products. By no means do IBM and Microsoft have a lock on this."

Edwards E Reed, Security Tzar
Novell, Inc.
+1 585 624 2402 - Rochester
+1 617 914 8011 - Cambridge
+1 585 750 2960 - Cell

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC