The first draft of a new web services security standard has been released by the Web Services Interoperability Organisation (WS-I) for public comment.
"The WS-I Basic Security Profile working group has made this working draft public in order to solicit feedback from the Web services community, with the goal of ensuring the high quality and broad applicability of the profile," said chair Paul Cotton in a statement. "The process of incorporating public feedback was critical to the success of the WS-I Basic Profile, and we anticipate the same benefits from this process," he added.
The Basic Security Profile is designed to deal with a range of security issues including transport security, SOAP messaging security and intends to work with other existing specs, including OASIS Web Services Security 1.0, which was approved last month. Others include SOAP Message Security, X.509 and possibly Kerberos, SAML and XRML. It will also "provide clarifications and guidance designed to promote interoperability of those specifications", according to WS-I.
"The successful deployment of standards-based security technologies will be a key determinant in the widespread adoption of Web services," said Ray Wagner of Gartner. "Along with the Security Scenarios that were made available for public comment this past February, the Basic Security Profile will be an important resource for Web services developers and security architects concerned with security and interoperability."
WS-I members include IBM, Microsoft, SAP and Sun.