Update: Web services security document published

The Web Services Interoperability Organization (WS-I) announced on Tuesday publication of its WS-I Basic Security Profile 1.0, serving as a guide to enable secure, interoperable Web services.

The profile builds on the WS-I Basic Profile 1.1 for Web services implementation.

"Publishing the WS-I Basic Security Profile 1.0 is a major step toward achieving WS-I’s objective of advancing interoperability for secure Web services," said Michael Bechauf, chairman and president of WS-I, in a statement released by WS-I. "I congratulate the many WS-I members who have worked to make BSP 1.0 a reality."

"WS-I is an organization with a single goal: achieve Web services interoperability across development platforms, operating systems and programming languages," Bechauf said during a teleconference on Tuesday morning.

An interoperability profile features guidance to product implementers and application developers regarding the interpretation of a specification said analyst Anne Thomas Manes, research director and vice president of Burton Group, in a statement from WS-I.

"A specification typically supports a broad set of requirements and offers a variety of options and approaches, but these options can lead to misinterpretation and result in interoperability challenges. An interoperability profile constrains the options and makes communication easier," Manes said.

The profiles are intended to address interoperability challenges, she said. The Basic Profile itself has been a help, she said during the teleconference. "It was an enormous godsend to the industry," Manes said.

Five WS-I board members demonstrated interoperated interoperability with the security profile, including IBM, Microsoft, Novell, Oracle and SAP.

The profile addresses transport security, SOAP messaging security and other security considerations for WS-I Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0. Featured is a focus on interoperability characteristics of HTTP over TLS (Transport Layer Security) and Web Services Security, and SOAP Message Security.

HTTP over TLS is a point-to-point technology to protect confidentiality of information flowing over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP messages.

The security profile describes a way to apply SOAP Message Security to attachments. A multitude of technologies is incorporated into the profile, including X.509 Certificate Token Profile and Kerberos Token Profile.

WS-I now is working on Reliable Secure Profile 1.0, which is intended to provide for guaranteed message delivery in the appropriate order.  It is targeted for completion in the second half of this year. Also on the agenda is Basic Security Profile 1.1, which is based on the Web Services Security 1.1 specification. Basic Security Profile 1.1 is based on version 1.0 of that specification.