We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

OASIS Web Services Security Standard Ratified


The OASIS international standards consortium says its members have approved the Web Services Security (WSS) version 1.0 (WS-Security 2004) as an OASIS Standard, a status that signifies the highest level of ratification. WSS offers a trusted means for applying security to Web services by providing the necessary technical foundation for higher-level services, OASIS says.

It offered these details:

Gartner analyst, Ray Wagner, advised, "Enterprises should adopt WSS formatting for all across-the-firewall Web service deployments, even in cases where no security needs have been identified. Gartner believes that WSS will be the standard for the majority of Web services, and committing to it now will allow enterprises to easily modify the security profile of deployed Web services in the future."

WSS builds upon existing security technologies such as XML Digital Signature, XML Encryption and X.509 Certificates to deliver an industry standard way of securing Web services message exchanges. Providing a framework within which authentication and authorization take place, WSS lets user apply existing security technology and infrastructure in a Web services environment.

"By enabling applications to share information regarding network access regardless of the underlying platform, Web Services Security paves the way for broader adoption of Web services," said Chris Kaler of Microsoft, co-chair of the OASIS WSS Technical Committee. "The OASIS WSS TC is pleased by the support and commitment of the Web services community leading to the ratification of Web Services Security as an industry standard."

WSS handles complex confidentiality and integrity for SOAP (Simple Object Access Protocol) messages, providing a general-purpose mechanism for associating security tokens with message content. Designed to be extensible, WSS supports multiple security token formats.

"A client might provide one format for proof of identity and another format to verify their business certification," explained Kelvin Lawrence of IBM, co-chair of the OASIS WSS Technical Committee. "Using WSS, a system can authenticate the identity of a person connecting to several networks at once or pass data between two applications securely."

"The Web Services Security OASIS Standard represents a truly impressive collaboration from across the industry," noted Patrick Gannon, president and CEO of OASIS. "It is testament to the value of the open standards process where users and vendors, large and small, come together to advance a common good. WSS delivers a much-needed foundational technology that will enable Web services to be deployed with confidence."

Industry Support for WSS:

Booz Allen Hamilton "The approval of Web Services Security is a large step forward in enabling increasingly secure interoperability between Web Services-based systems both inside and outside enterprise boundaries," said Steven Lewis, Senior Consultant at Booz Allen Hamilton. "This will enable our clients to achieve even greater benefits from using Web Services, and we look forward to applying OASIS Web Services Security in our client solutions."

SeeBeyond "Approval of Web Services Security as an OASIS Standard is an important step toward maturing the set of basic technologies necessary to support the deployment of secure Web Services. As an OASIS sponsor represented on the OASIS WSS Technical Committee, SeeBeyond supports this advancement in providing enhanced message-based integrity, confidentiality, and authentication. This security standard coupled with our open platform for composite application development and integration, further supports our role in enabling standards-based interoperability built on a Service Oriented Architecture (SOA) for our global customer base," said Alex Andrianopoulos, vice president of Product Management & Standards for SeeBeyond.

Commerce One "Securing messages sent using Web services is critical to the widespread deployment of Web services for integrating systems at the 'edge-of-the-enterprise.' We have been very active in the development of this important standard and have implemented it as part of a comprehensive security solution in our Conductor Platform," said David Burdett, Director of Standards Strategy at Commerce One.

Computer Associates "OASIS Web Services Security will help ensure and streamline the implementation of security policies across complex environments and multiple business relationships. CA will continue to work closely with other industry leaders and with OASIS to develop practical standards that enable our customers to create trusted relationships, resulting in improved business performance and new revenue opportunities." said Dmitri Tcherevik, director of Web services at Computer Associates.

Cordance "WSS 1.0 is a key building block of the trust infrastructure required by many other Web Services. The OASIS XDI (XRI Data Interchange) Technical Committee intends to use WSS 1.0 as a primary means of ensuring the security of trusted data sharing relationships using XDI. This is another example of how modular Web Services specifications developed by OASIS and other standards bodies can work together to build the next layer of the Web," said Drummond Reed, CTO, Cordance Corporation, Co-Chair of the OASIS XRI and XDI Technical Committees.

Fujitsu "Fujitsu is very pleased to learn that Web Services Security (WS-Security 2004) has been ratified as an OASIS Standard with wide industry support. Fujitsu believes that this open and interoperable security standard will accelerate the adoption and deployment of Web services suitable for real business applications," said Seigo Hirosue, General Manager of Strategy and Technology Division, Software Group of Fujitsu Limited.

HP "Standards-based, secure Web services technologies are the foundation of open, flexible, business-centered computing systems. Approval of the OASIS Web Services Security specifications is an important step in building a complete suite of open Web services standards. Implementations of these specifications will help HP and our customers to adapt IT resources to enterprise needs rapidly and securely," said David Shoaf, director, Software Standards Marketing, HP.

IBM "IBM is pleased to see Web Services Security become an OASIS Standard. Customers have been asking for an industry standard way of signing and securing Web services message exchanges, and the industry has clearly been looking to the OASIS Web Services Security Technical Committee to deliver a quality specification. IBM already offers support for earlier drafts of WS-Security in many of our WebSphere and Tivoli products and this new OASIS Standard will be fully supported across the IBM software portfolio," said Arvind Krishna, vice president of provisioning and security development, Tivoli Software, IBM.

Microsoft "The ratification of Web Services Security as a standard is a significant milestone for Web services and the industry overall. Web Services Security is supported broadly across the industry, with numerous implementations from vendors available today as evident by our customers leveraging Web Services Security capabilities. We will continue our support for the standard with plans to implement the technology in our Web Services Enhancements (WSE) offering. We look forward to continued progress, adoption and implementation of Web services, and continuing our commitment to work with the industry to provide a common set of industry standards for secure, reliable and transacted Web services," said Dave Mendlen, director of Web services technical marketing for Microsoft.

Nokia "Nokia is pleased to see the timely release of these open security standards. This will enable interoperable web services security, driving meaningful web services adoption. Nokia is pleased to have contributed to these standards and looks forward to their adoption by vendors, customers and other standards organizations, increasing the momentum toward practical service oriented architectures," said Frederick Hirsch, Senior Architect at Nokia, an active contributor in the OASIS WSS Technical Committee and member of the OASIS Board of Directors.

Reactivity "Over the past 18 months, Reactivity has been an active member of the OASIS WSS Technical Committee, providing thought leadership in XML security technology to help drive the convergence of interoperability standards. We appreciate the opportunity to contribute to Web Services Security Version 1.0 and are pleased to have been the first among XML security gateways to actually demonstrate broad interoperability. We will continue to actively support the final specification in our current and next-generation secure connectivity solutions for Web services," said John Lilly, CTO, Reactivity.

SAP "SAP considers message-level Web service security a key component for deploying Web services in enterprise-critical business applications. We are pleased to see Web Services Security accepted as an OASIS Open Standard and to announce its support in SAP NetWeaver, SAP's application and integration platform. Web Services Security provides our customers with message integrity and confidentiality in their Web services-based application integration projects," said Michael Bechauf, Vice President NetWeaver Standards at SAP.

Sarvega "As the deployment of Web services, especially in mission-critical applications, becomes more widespread, the ability to provide interoperable, comprehensive and reliable security becomes all the more important. The industry has recognized for some time that standardization of security is key to successful Web services deployments. OASIS and its members have made significant contributions toward crafting a common standard and assuring real life applicability through interoperability testing. We, as well as our customers, are extremely pleased about this announcement and Sarvega is proud to be part of the process," said Girish Juneja, co-founder and senior vice president of product management for Sarvega.

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,500 participants representing over 600 organizations and individual members in 100 countries.

  • Subscribe Newsletter
  • Contribute
Subscribe to ebizQ:

Enter your email address:

 Subscribe Blog Updates via RSS

 Subscribe News via RSS

ebizQ is very interested in what you have to say. To contribute an article, an opinion, or to become a blogger, please contact Peter Schooff.

  • Virtual Conferences
  • Webinars
  • Roundtables

SOA Cloud Qcamp

June 3, 2009

One of the most compelling trends in the enterprise business technology space over the past year has been the emergence of cloud computing. In ebizQ’s upcoming Qcamp virtual un-conference, leading industry experts and practitioners will explore the role of service-oriented architecture (SOA) and business process management (BPM) in supporting cloud-computing initiatives. Additionally, the new skills that developers and IT managers need for successful cloud development will be discussed.Register

View All Virtual Conferences

Smart Case Management: Why It's So Smart.

Date:Nov 05, 2009
Time:12:00 PM ET- (17:00 GMT)


Date:Oct 29, 2009
Time:15:00 PM ET- (19:00 GMT)

View All Roundtables
  • White Papers
  • Podcasts
  • Blogs

Joe McKendrick: Part II of II: Designing Evolve-ability into SOA and IT Systems

In part two of Joe McKendrick's recent podcast with Miko Matsumura, chief strategist for Software AG, they talk about how SOA and IT systems need to change and grow and adapt with the organization around it.

Listen Now

Phil Wainewright: Helping Brands Engage with Social Media

Phil Wainewright interviews David Vap, VP of products at RightNow Technologies, and finds out how sharing best practices can help businesses understand how best to engage with online communities.

Listen Now

Peter Schooff: Making Every IT Dollar Result in a Desired Business Outcome: Scott Hebner of IBM Rati

Scott Hebner, Vice President of Marketing and Strategy for IBM Rational, discusses a topic on the top of every company's mind today: getting the most from IT investments.

Listen Now

Jessica Ann Mola: Where Will BI Fit In? Lyndsay Wise Explains

In BI, this tough economy and the increasing role of Web 2.0 and MDM are certainly topics on people's minds today. WiseAnalytics' Lyndsay Wise addresses each of them in this informative podcast.

Listen Now

Dennis Byron: Talking with...Deepak Singh of BPM Provider Adeptia

Deepak Singh, President and CTO of Adeptia, joins ebizQ's Dennis Byron in a podcast that gets its hand around the trend of industry-specific BPM.

Listen Now
More Podcasts
  • Most Read
  • Quick Guide
  • Most Discussed

Quick Guide: What is BPM?

Learn More

Quick Guide: What is Event Processing?

Smart event processing can help your company run smarter and faster. This comprehensive guide helps you research the basics of complex event processing (CEP) and learn how to get started on the right foot with your CEP project using EDA, RFID, SOA, SCADA and other relevant technologies. Learn More

Quick Guide: What is Enterprise 2.0?

A lot of people are talking about Enterprise 2.0 as being the business application of Web 2.0 technology. However, there's still some debate on exactly what this technology entails, how it applies to today's business models, and which components bring true value. Some use the term Enterprise 2.0 exclusively to describe the use of social networking technologies in the enterprise, while others use it to describe a web economy platform, or the technological framework behind such a platform. Still others say that Enterprise 2.0 is all of these things. Learn More