News Stay informed about the latest enterprise technology news and product updates.

WS-I releases Basic Security Profile draft

The WS-I standards organization today released a working group draft of its Basic Security Profile at the Gartner Application Integration and Web Services Summit.

LOS ANGELES -- With work on the WS-I Basic Profile having wrapped up in March, the organization got a little granular Tuesday at Gartner's Application Integration and Web Services Summit by turning its attention toward security.

The Web Services Interoperability (WS-I) Organization released the Basic Security Profile Working Group Draft for public comment, and now will collect feedback that will be incorporated into the final profile.

The Basic Security Profile will

The end goal is interoperable Web services.

Andy Astor, WS-I

be a guide for using Web services security standards and technology in developing interoperable Web services, said Andy Astor, chairman of the WS-I marketing and communications committee, and vice president of strategic solutions at webMethods.

"The end goal is interoperable Web services," Astor said. "We started with Web services, then added security. Next, we'll add something else until we fill all the blanks and enterprises can securely create and use Web services."

The Basic Security Profile lays out a set of interoperability guidelines for transport security, primarily HTTP over TLS and SOAP Message Security.

For more information:

Read about the WS-I's release of Basic Profile testing tools


Learn more about the WS-I's Web services security best practices

The security profile will eventually be part of the Basic Profile 1.0 and 1.1, the Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0. All of those are available for public review as Working Group Drafts.

WS-I added that Basic Security Profile will also take into account work done by OASIS in the Web Services Security 1.0 specification, specifically the Username Token Profile and X.509 Certificate Token Profile. Plans are in the works to incorporate the Kerberos Token Profile once OASIS has wrapped up its efforts there.

Support for the SAML Token Profile and XRML Token Profile is also included.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.