Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

WS-I Profile Eases Web Services Security

Yet another standard may seem like the last thing the Web services world needs. However, the WS-I Basic Security Profile isn't a complete
specification: It's a set of best practices for interoperability among Web services that use the many existing security standards from OASIS, the IETF and the W3C. The WS-I is essentially trying to do for Web services what the Wi-Fi Alliance did for wireless networks, helping the industry agree on which parts of the other standards to use in a real-world implementation.
With major vendors already demonstrating the BSP, it is clearly going to be adopted. However, vendors can still extend it in proprietary ways, and some interoperability work is the responsibility of users. A security policy is necessarily outside the scope of a standard, so at several places the Profile refers to out-of-band agreements. These cover issues such as who to trust and whether to embed encrypted data within XML documents using WS-Security or just encrypt a complete session over TLS.
Andy Dornan
NWC Technology Editor

This week the Web Services Interoperability Organization (WS-I) published a set of guidelines outlining how developers can enable Web services interoperate with each other in a secure fashion.

The WS-1 Basic Security Profile (BSP) 1.0 was ratified after five vendor members--IBM, Microsoft, Novell, Oracle, and SAP--demonstrated interoperability.

  • 1