WebServices dot org

"

"In order to secure communication between two parties, both must exchange security credentials. Before that can take place though, each party needs to determine if they can 'trust' the asserted credentials of the other," explained Anne Thomas Manes, research director with the Burton Group. "Applications that communicate using the Web services framework (e.g., SOAP and WSDL) can use WS-Trust to obtain and exchange security credentials--either directly or through a trusted third party--and use WS-SecureConversation to establish and maintain an extended secure session."

"

"

"We defined the basic mechanisms for providing secure messaging in WS-Security," explained Kelvin Lawrence of IBM, co-chair of the OASIS WS-SX Technical Committee. Lawrence, along with WS-SX co-chair, Chris Kaler of Microsoft, previously led the WS-Security development effort at OASIS. "WS-Trust builds upon WS-Security by introducing an XML syntax and a protocol that enable the issuance and dissemination of credentials between different trust domains via a Security Token Service (STS)."

"

"

"WS-Security focuses on the security of a single message, which is useful in many situations," noted Kaler. "WS-SecureConversation adds a security context authentication model that is extremely beneficial for long-running exchanges. When two parties are passing multiple rounds of secured messages back and fourth, the added security and efficiency provided by WS-SecureConversation becomes essential."

"

"

"The support for this work has been tremendous," observed Patrick Gannon, president and CEO of OASIS. "Specifications that were initiated by a few vendors two years ago have evolved and benefited significantly by participation from the broader international community. Today, with 90 participants from more than 40 organizations, WS-SX represents one of the largest Committees at OASIS. This is an indication, not only of the breadth of input that has gone into these standards, but also of their ability to meet the needs of the marketplace."

"

"

"The standardization of WS-SecureConversation and WS-Trust is a key step towards enabling the development of secure SOA services which are highly efficient and scalable," said Hal Lockhart, Principal Engineering Technologist, BEA Systems.

"

"

"BMC has been a long time supporter of OASIS and its industry standardization efforts around Web services. The approval of WS-Trust and WS-Secure Conversation adds important pieces to the Web services standards puzzle which will enable customers to enjoy better interoperability between products and custom developed application and support their Service Oriented Architecture strategy. BMC looks forward to the adoption of the new standards and the role it will play in our customer's Business Service Management infrastructure," said Jeff Bohren, Identity Management Business Unit, BMC Software.

"

"

"The approval of the WS-Trust and WS-SecureConversation standards represents an important step in making cross-domain and cross-enterprise Web services more secure and interoperable. This secure interoperability is essential for enabling the kinds of Internet-based business relationships that many organizations are embracing," said Andy Rappaport, architect for identity and access management at CA.

"

"

"We are pleased to see WS-Trust and WS-SecureConversation become OASIS Standards. Customers have been asking for an industry standard framework that supports the requesting and issuing security tokens, brokering of trust relationships and providing secure messaging semantics that support multiple message exchanges between parties. In conjunction with the existing WS-Security standard, these new standards provide the necessary mechanisms to enable a number of secure Web services-based scenarios that our customers have told us they want to deploy. IBM already offers support for earlier drafts of WS-Trust and WS-SecureConversation in many of our WebSphere and Tivoli products, and these new OASIS Standards will be fully supported across the IBM software portfolio," said Karla Norsworthy, vice president, IBM Software Standards.

"

"

"Microsoft is pleased with the benefits that WS-SecureConversation 1.3 and WS-Trust 1.3 can offer the industry. Both standards can engage in secure communications while adding increased performance and security exchanges," said Chris Kurt, Group Product Manager of Connected Systems Division, Microsoft.

"

"

"Oracle is deeply committed to helping bring security standards to the market. The latest standards to come out of the OASIS WS-SX Technical Committee provide applications with a secure way to communicate with one another and strengthen the 'hot-pluggable' capabilities of Oracle's comprehensive family of identity management products," said Prateek Mishra, director, Security Standards, Oracle.

"

"

"SAP considers WS-SecureConversation and WS-Trust key components for an enterprise SOA, addressing important security scenarios that are a critical success factor for the development and integration of business applications. We are pleased to announce the support of these two security standards in the next release of SAP NetWeaver. With WS-SecureConversation and WS-Trust, we'll enhance our support to securely manage change which is a significant factor in our customer's success in adapting to increasingly dynamic business environments," said Michael Bechauf, Vice President Industry Standards, SAP.

"

"

"The approval of WS-Secure Conversation and WS-Trust as OASIS Standards represents a significant step in advancing Web service messaging security. As a charter member of the OASIS WS-Security Technical Committee, we are thrilled at the group's progress and look forward to future collaborations," said Donald Adams, Vice President, Chief Security Officer and Chief Technology Officer, TIBCO.

"