member login

WebServices dot org

Todays Featured Content:

SOA Platform 30-Day Free Evaluation Subscription

The JBoss Enterprise SOA Platform includes service oriented architecture (SOA) open source middleware such as JBoss Enterprise Service Bus (ESB), JBoss jBPM, JBoss Rules and the JBoss Enterprise Application Platform to integrate applications, services, transactions, and business components into automated business processes.

Full story from www.redhat.com
JBoss calls for SOA reality check

Service oriented architectures are not about building a grand software vision, says JBoss.

Full story from www.itnews.com.au
Who's the BOSS? JBoss Seam and JBoss Rules, of course

InfoWorld recently awarded the Best Open Source Software for the Enterprise (aka the 2007 InfoWorld Bossies).

Full story from blogs.jboss.com
JBoss Enterprise Middleware

JBoss Enterprise Middleware is an extensible and scalable suite of products for creating and deploying e-business applications, offering cutting-edge technology components which customers can mix-and-match and roll out into their line of business infrastructure - all at zero-cost software licenses.

read more
Featured Content provided by JBoss, a division of Red Hat
JBoss Application Server 5.0.0 GA released to the community

"We have been waiting for that day for a long time. Too long certainly. But here we are, the community version of JBoss.org AS 5.0 just got released.Our foundations are now ready to absorb the changes the Java landscape will go through in the next 5 years. We have the strongest API-agnostic implementation of the core middleware services - our DNA (messaging, persistence, security, remoting, etc.). We have the most evolutive and flexible microcontainer on the market. Thanks to those two, we are able to morph our DNA to whatever API/programming model the market might move towards, and implement several of those simultaneously if needed. They are the (important) bells and whistles on top of our rock-solid and non-monolithic engine."....

Full story from www.jboss.org

OASIS Approves New Web Services Security Standards

Thursday 29 March 2007

Members approve WS-SecureConversation and WS-Trust as OASIS Standards.

OASIS, the international standards consortium, announced that its members have approved WS-SecureConversation version 1.3 and WS-Trust version 1.3 as OASIS Standards, a status that signifies the highest level of ratification. Developed by the OASIS Web Services Secure Exchange (WS-SX) Technical Committee, these new standards define policies and extensions to WS-Security that enable the trusted exchange of multiple SOAP messages.

"

"In order to secure communication between two parties, both must exchange security credentials. Before that can take place though, each party needs to determine if they can 'trust' the asserted credentials of the other," explained Anne Thomas Manes, research director with the Burton Group. "Applications that communicate using the Web services framework (e.g., SOAP and WSDL) can use WS-Trust to obtain and exchange security credentials--either directly or through a trusted third party--and use WS-SecureConversation to establish and maintain an extended secure session."

"

WS-Trust provides methods for issuing, renewing, and validating security tokens as well as establishing, detecting, and brokering trust relationships. WS-SecureConversation allows security contexts to be created and key material to be exchanged more efficiently. Together, WS-Trust and WS-SecureConversation can increase the overall performance and security of exchanges.

"

"We defined the basic mechanisms for providing secure messaging in WS-Security," explained Kelvin Lawrence of IBM, co-chair of the OASIS WS-SX Technical Committee. Lawrence, along with WS-SX co-chair, Chris Kaler of Microsoft, previously led the WS-Security development effort at OASIS. "WS-Trust builds upon WS-Security by introducing an XML syntax and a protocol that enable the issuance and dissemination of credentials between different trust domains via a Security Token Service (STS)."

"
"

"WS-Security focuses on the security of a single message, which is useful in many situations," noted Kaler. "WS-SecureConversation adds a security context authentication model that is extremely beneficial for long-running exchanges. When two parties are passing multiple rounds of secured messages back and fourth, the added security and efficiency provided by WS-SecureConversation becomes essential."

"

IBM, Microsoft, and Sun Microsystems have verified successful implementations of WS-SecureConversation and WS-Trust, in accordance with eligibility requirements for all OASIS Standards.

Representatives of Adobe, AmberPoint, Axway, BEA Systems, BMC Software, CA, EDS, Forum Systems, Fujitsu, HP, IBM, IONA, Microsoft, Neustar, Nokia, Nortel, Novell, Oracle, Progress Software, Red Hat, Ricoh, SAP, SOA Software, Software AG, Sun Microsystems, TIBCO Software, VeriSign, and other members of OASIS collaborated to develop WS-SecureConversation and WS-Trust.

"

"The support for this work has been tremendous," observed Patrick Gannon, president and CEO of OASIS. "Specifications that were initiated by a few vendors two years ago have evolved and benefited significantly by participation from the broader international community. Today, with 90 participants from more than 40 organizations, WS-SX represents one of the largest Committees at OASIS. This is an indication, not only of the breadth of input that has gone into these standards, but also of their ability to meet the needs of the marketplace."

"

Participation in the OASIS WS-SX Technical Committee remains open to all, and OASIS hosts the public ws-sx-dev mailing list for exchanging information on implementing the standard.

Additional information:
OASIS WS-SX Technical Committee:
http://www.oasis-open.org/committees/ws-sx/

Support for WS-SecureConversation and WS-Trust OASIS Standards

BEA Systems

"

"The standardization of WS-SecureConversation and WS-Trust is a key step towards enabling the development of secure SOA services which are highly efficient and scalable," said Hal Lockhart, Principal Engineering Technologist, BEA Systems.

"

BMC

"

"BMC has been a long time supporter of OASIS and its industry standardization efforts around Web services. The approval of WS-Trust and WS-Secure Conversation adds important pieces to the Web services standards puzzle which will enable customers to enjoy better interoperability between products and custom developed application and support their Service Oriented Architecture strategy. BMC looks forward to the adoption of the new standards and the role it will play in our customer's Business Service Management infrastructure," said Jeff Bohren, Identity Management Business Unit, BMC Software.

"

CA

"

"The approval of the WS-Trust and WS-SecureConversation standards represents an important step in making cross-domain and cross-enterprise Web services more secure and interoperable. This secure interoperability is essential for enabling the kinds of Internet-based business relationships that many organizations are embracing," said Andy Rappaport, architect for identity and access management at CA.

"

IBM

"

"We are pleased to see WS-Trust and WS-SecureConversation become OASIS Standards. Customers have been asking for an industry standard framework that supports the requesting and issuing security tokens, brokering of trust relationships and providing secure messaging semantics that support multiple message exchanges between parties. In conjunction with the existing WS-Security standard, these new standards provide the necessary mechanisms to enable a number of secure Web services-based scenarios that our customers have told us they want to deploy. IBM already offers support for earlier drafts of WS-Trust and WS-SecureConversation in many of our WebSphere and Tivoli products, and these new OASIS Standards will be fully supported across the IBM software portfolio," said Karla Norsworthy, vice president, IBM Software Standards.

"

Microsoft

"

"Microsoft is pleased with the benefits that WS-SecureConversation 1.3 and WS-Trust 1.3 can offer the industry. Both standards can engage in secure communications while adding increased performance and security exchanges," said Chris Kurt, Group Product Manager of Connected Systems Division, Microsoft.

"

Oracle

"

"Oracle is deeply committed to helping bring security standards to the market. The latest standards to come out of the OASIS WS-SX Technical Committee provide applications with a secure way to communicate with one another and strengthen the 'hot-pluggable' capabilities of Oracle's comprehensive family of identity management products," said Prateek Mishra, director, Security Standards, Oracle.

"

SAP

"

"SAP considers WS-SecureConversation and WS-Trust key components for an enterprise SOA, addressing important security scenarios that are a critical success factor for the development and integration of business applications. We are pleased to announce the support of these two security standards in the next release of SAP NetWeaver. With WS-SecureConversation and WS-Trust, we'll enhance our support to securely manage change which is a significant factor in our customer's success in adapting to increasingly dynamic business environments," said Michael Bechauf, Vice President Industry Standards, SAP.

"

TIBCO

"

"The approval of WS-Secure Conversation and WS-Trust as OASIS Standards represents a significant step in advancing Web service messaging security. As a charter member of the OASIS WS-Security Technical Committee, we are thrilled at the group's progress and look forward to future collaborations," said Donald Adams, Vice President, Chief Security Officer and Chief Technology Officer, TIBCO.

"

Comments