The Insider's Guide to Business and IT Agility
10/26/2005
Members of the OASIS international standards consortium announced plans to define extensions to the WS-Security OASIS Standard that will enable the trusted exchange of multiple SOAP messages and will define security policies that govern the formats and tokens of those messages.
The companies released the following details:
The new OASIS Web Services Secure Exchange (WS-SX) Technical Committee brings together users and vendors in an open process to refine and finalize a set of specifications based on three initial contributions, WS-SecureConversation, WS-SecurityPolicy and WS-Trust. Other contributions and changes to these input documents will be accepted for consideration without prejudice or restriction and evaluated based on technical merit.
"In order to meet the growing demands of secure Web service messaging, we need facilities beyond what is provided in the WS-Security OASIS Standard," explained Kelvin Lawrence of IBM, proposed co-chair of the OASIS WS-SX Technical Committee. "WS-Security describes a base mechanism for securing SOAP messages. With WS-SX, we'll concentrate on trust brokering, multi-message exchanges, and policies that describe how to secure message exchanges with a Web service."
With input from the entire community, the OASIS WS-SX Technical Committee will advance a set of modular specifications that standardize the concepts, WSDL documents, and XML Schema renderings for trusted brokering of SOAP message exchanges, shared security contexts, and security policies. WS-SecurityPolicy defines a general set of security policies that can be associated with a Web service. WS-Trust provides a description for managing, establishing and assessing trust relationships between parties exchanging information.
WS-SecureConversation serves as a building block to create a secure context for organizations to exchange multiple messages without constantly reauthenticating.
"The WS-Security OASIS Standard describes how to use security tokens to obtain message integrity, confidentiality, and authentication of the message sender, but in order to use these mechanisms, tokens must be obtained and trust brokered. Furthermore, a mechanism is needed to describe security exchange patterns," noted Chris Kaler of Microsoft, proposed co-chair of the OASIS WS-SX Technical Committee. "WS-Trust and WS-SecurityPolicy include additional primitives to enable the obtaining of tokens and brokering of trust relationships as well as expressing supported security exchange patterns as policy expressions associated with SOAP endpoints."
By advancing the specifications within OASIS, WS-SX developers are able to work in close proximity to related projects also underway at the consortium, including the OASIS Web Services Reliable Exchange (WS-RX), Web Services Transaction (WS-TX), and Web Services Security Committees. Participants in the OASIS WS-SX Committee intend for their work to be readily composable with these other specifications.
"The WS-Security OASIS Standard was designed to be a highly extensible method," observed James Bryce Clark, director of standards development at OASIS. "WS-SX will provide further extensions to enable functions such as policy expressions and long-running conversations. These will augment the X.509, username, SAML, and other token profiles already available for WS-Security. "
The OASIS WS-SX Technical Committee will operate under Royalty Free on RAND Terms, as defined by the OASIS Intellectual Property Rights Policy. The Committee's first meeting will be held 7-8 December 2005, and participation remains open to all companies,non-profit groups, and individuals. As with all OASIS projects, archives of the Committee's work will be accessible to both members and non-members, and OASIS will host an open mail list for public comment.
Member companies issued the following statements in support for WS-SX:
Actional "Ensuring that Web services can be used for mission critical solutions in the enterprise is vital," said Dan Foody, CTO of Actional. "Many mission critical applications require transactional integrity, and with the advent of WS-TX, these applications can be designed and built to use Web services -- all while being interoperable across vendors."
Computer Associates "CA is pleased to participate in the OASIS WS-SX Technical Committee. As one of the early contributors to the specifications that lead to the creation of this committee, CA recognizes the need for the standardization of trust between federated business partners and plans to implement those standards in CA's IAM products as they become available," said Bill Bartow, senior vice president of eTrust Identity and Access Management at CA.
Forum Systems "The OASIS WS-SX Technical Committee represents a significant step forward in creating a composable Web services architecture," said Mamoon Yunus, CTO of Forum Systems. "WS-SecureConversation, WS-SecurityPolicy, and WS-Trust help establish the necessary security context for exchanging multiple messages, resolving security token incompatibility, and defining interoperable security policy expression. With WS-SX, security underpinnings necessary for enterprise-class SOAs are closer to realization."
IBM "We continue to see increasing demand for secure Web services from our clients deploying advanced SOA solutions," said Karla Norsworthy, vice president, IBM Software Standards. "The specifications contributed to the OASIS WS-SX Committee provide customers the ability to establish trust relationships that span long running exchange and provide interoperability for real world scenarios."
Microsoft "Today's announcement represents another significant step toward simplifying the development of secure, interoperable systems based on Web services," said Ari Bixhorn, Director of Web Services Strategy for Microsoft. "The broad industry support for this charter shows our continued commitment to providing a Web services architecture that enables customers to address their ever-changing business needs."
Nokia "Nokia is pleased to see these specifications submitted to an open standards organization," said Frederick Hirsch, Senior Architect at Nokia. "We would like to see convergence of standardization in this area to enable the adoption of services that require these standards."
Novell "Identity technology is a critical aspect of the Internet, and Novell is committed to providing secure interoperability within Web services infrastructure," said Kent Erickson, Novell vice president, Identity and Resource Management. "We recognize the security of Web services is important as we identity-enable the Internet. We look forward to collaborating with other leading software vendors so our customers can increase the security of their systems and improve their agility to meet their ever-changing needs."
Oracle "Oracle is deeply committed to developing and supporting the development of open standards, and Web services security is a particularly keen interest to us," said Oracle Vice President, Identity Management, Roger Sullivan. "By participating in the OASIS WS-SX Committee we will play a key role in providing the standardized mechanisms organizations need to interoperate in a secure and trusted Web services environment."
SAP "The WS-SX specifications will enhance Web services security through advanced support for collaborative business solutions," said Michael Bechauf, Vice President of SAP NetWeaver Industry Standards. "As one of the world's leading provider of business software solutions, we believe that interoperability of policy-driven security runtime configurations and improved messaging security are important building blocks of the Enterprise Services Architecture (ESA)."
SOA Software "The work performed by the OASIS WS-SX Committee will essentially complete the triumvirate of secure, reliable and transactional Web services required for real-world, business-to-business communication using SOA," said Alistair Farquharson, SOA Software CTO. "We are pleased to participate in this work as it will help to standardize much of the work we have already done through the creation of the XML VPN concept and products."
Systinet "Security remains one of the top issues among enterprise IT executives adopting SOA," said Roman Stanek, Founder, Systinet. "This new standard will go a long way toward alleviating their concerns, and Systinet is pleased to support OASIS on this initiative."
TIBCO "Missing from today's Web services messaging is an accepted standard for brokering trust between parties in a SOAP message exchange," said Matt Quinn, vice president, Product Strategy, TIBCO Software, Inc. "In order to advance Web services adoption and enable the establishment of trusted relationships between senders and receivers, protocols around message integrity, confidentiality and authentication must be established. The OASIS WS-SX Technical Committee, comprised of the industry's leading authorities on both IT security and open standards-based computing, will work to unite disparate efforts and achieve industry consensus to overcome this challenge." Quinn added, "As an active participant in OASIS, TIBCO is committed to furthering the development and adoption of standards that drive technology innovation."
webMethods "While the WS-Security OASIS Standard provides an important protocol for securing SOAP messages, it fails to cover all of the important usages of SOAP today," said Marc Breissinger, vice president and Chief Architect, webMethods Inc. "The OASIS WS-SX Technical Committee is charged with addressing many of these issues, including trust brokering, multi-message exchanges, and the need for policies describing how to secure message exchanges with a Web service. Based on our continuing support for key industry standards and our long-term recognition of the need to derive business value from Web services, webMethods is proud to support this initiative."
ROUNDTABLE: Stretch Your Budget with smart SOA Governance-A Look at Successful Case Studies
ROUNDTABLE: Open Source Market Update
Insurance: Explore how SOA & BPM are driving down expenses and improving ROI
BPM VIEWPOINT: Does Oracle/Sun Mean It's a Horse Race for BPM? 
BPM VIEWPOINT: Is SharePoint Floor Wax or Dessert Topping?
Who Will Get a Complex About Event Processing?
Application Servers in Emerging Service Oriented Architectures
Demand for BPM Skills Heating Up
ebizQ is very interested in what you have to say. To contribute an article, an opinion, or to become a blogger, please contact Peter Schooff.
June 3, 2009
One of the most compelling trends in the enterprise business technology space over the past year has been the emergence of cloud computing. In ebizQ’s upcoming Qcamp virtual un-conference, leading industry experts and practitioners will explore the role of service-oriented architecture (SOA) and business process management (BPM) in supporting cloud-computing initiatives. Additionally, the new skills that developers and IT managers need for successful cloud development will be discussed.Register
Date: Aug 26, 2009
Time: 12:00 PM
ET- (16:00 GMT)
Date: Sep 30, 2009
Time: 12:00 PM
ET- (16:00 GMT)
Date:Aug 26, 2009
Time:12:00 PM
ET- (16:00 GMT)
Date:Sep 30, 2009
Time:12:00 PM
ET- (16:00 GMT)
Enterprise Rent-A-Car (ERAC) uses Appian to power Request Online, a single web-based solution for managing all IT-related service requests for ERAC's...
Download Now
In part two of Joe McKendrick's recent podcast with Miko Matsumura, chief strategist for Software AG, they talk about how SOA and IT systems need to change and grow and adapt with the organization around it.
Listen Now
Phil Wainewright interviews David Vap, VP of products at RightNow Technologies, and finds out how sharing best practices can help businesses understand how best to engage with online communities.
Listen Now
Scott Hebner, Vice President of Marketing and Strategy for IBM Rational, discusses a topic on the top of every company's mind today: getting the most from IT investments.
Listen Now
In BI, this tough economy and the increasing role of Web 2.0 and MDM are certainly topics on people's minds today. WiseAnalytics' Lyndsay Wise addresses each of them in this informative podcast.
Listen Now
Deepak Singh, President and CTO of Adeptia, joins ebizQ's Dennis Byron in a podcast that gets its hand around the trend of industry-specific BPM.
Listen NowFrom Dennis Byron: For BPM to fit at the top of the stack, it can't merely support workflow or integration. It needs to integrate the BI aspects of the stack, too. Learn More
In the insurance industry, companies have accepted that systems, strategies and data all developed in silos are making it difficult for them to grow and adjust to today’s market demands. The obstacles imposed by siloed approaches are painfully obvious to companies as they try to gain a better understanding of their customers and meet the growing constraints imposed by compliance and regulatory requirements. Leveraging industry standards with full data integration is one was to tackle this challenge. Learn More
From Dennis Byron: Is it better to choose one strain of BPM over another? The answer is unique to your organization. Learn More
Can decision management really deliver costs savings, agility and happy customers on a consistent basis? Learn More
From Dennis Byron: BPM products optimized for case management might be the products that bridge the extremes in my view of the BPM spectrum. Learn More
Integrating BPM and CEP gives you intelligent business processes that can react to rapidly changing business conditions with continuous visibility. Learn More
Insurers need to think about creating "true linkage," which means linking business strategy to process to IT investments and thereby setting the foundation for true change. Learn More
To be effective, business intelligence technology must work behind the scenes to deliver relevant information when, where, and how it's needed. Learn More
A lot of people are talking about Enterprise 2.0 as being the business application of Web 2.0 technology. However, there's still some debate on exactly what this technology entails, how it applies to today's business models, and which components bring true value. Some use the term Enterprise 2.0 exclusively to describe the use of social networking technologies in the enterprise, while others use it to describe a web economy platform, or the technological framework behind such a platform. Still others say that Enterprise 2.0 is all of these things. Learn More
Smart event processing can help your company run smarter and faster. This comprehensive guide helps you research the basics of complex event processing (CEP) and learn how to get started on the right foot with your CEP project using EDA, RFID, SOA, SCADA and other relevant technologies. Learn More
To Michael: To select what has to be improved (e.g. automated), a...
Hi Johan,
thank you for such prompt response.
I...
Phil,
It appears that Google is looking at the world...
I believe work has been done in this area privately for some time....
I wonder if BPM has become more popular because many solutions...
We are looking for a FileNET admin/developer in Houston, TX. The...
As we see more companies consider the cloud we should be...
Scott,
I agree that process management is good way for...
|
|
|
|
Print this article
Email this article
Talk Back!
Write to Editor
