WS-I Publishes Basic Security Profile 1.0

The Web Services Interoperability Organization (WS-I) announced the publication of the WS-I Basic Security Profile (BSP) 1.0 as final material for public access. BSP 1.0 is an essential guide for ensuring secure, interoperable Web services, claims the organization. The WS-I Basic Security Profile 1.0 builds on the work already completed in WS-I’s Basic Profile 1.1.

“Publishing the WS-I Basic Security Profile 1.0 is a major step toward achieving WS-I’s objective of advancing interoperability for secure Web services,” said Michael Bechauf, chairman and president of WS-I.

WS-I is an open industry organization whose members promote Web services interoperability across platforms, operating systems and programming languages, according to a statement from the WS-I.

“An interoperability profile offers valuable guidance to product implementers and application developers regarding the interpretation of a specification,” said Anne Thomas Manes, research director and vice president of Burton Group. “A specification typically supports a broad set of requirements and offers a variety of options and approaches, but these options can lead to misinterpretation and result in interoperability challenges. An interoperability profile constrains the options and makes communication easier.”

The WS-I Board approved BSP 1.0 after receiving confirmation that five members demonstrated interoperability (IBM, Microsoft, Novell, Oracle and SAP). Following board approval, the document was submitted to WS-I’s membership, who voted to approve BSP 1.0.

“Security is a concern to any organization operating in the Web services sphere,” said Paul Cotton, chairman of the BSP Working Group. “The WS-I Basic Security Profile 1.0 provides a strong foundation for the development of secure, yet interoperable Web services. We in the Working Group are now working on BSP 1.1, which builds upon that strong foundation.”

About the Basic Security Profile

The WS-I Basic Security Profile is an interoperability profile that addresses transport security, SOAP messaging security and other security considerations for WS-I’s Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0, which are available in final form at www.ws-i.org/deliverables/index.aspx.

Specifically, the BSP1.0 focuses on the interoperability characteristics of two technologies: HTTP over TLS, and Web Services Security: SOAP Message Security. HTTP over TLS is a point-to-point technology that protects the confidentiality of all information that flows over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP messages and applies even when a message passes through several intermediary waypoints, allowing differing levels of protection for selected portions of a message.

The BSP1.0 describes a way to apply SOAP Message Security to attachments. The BSP1.0 also incorporates Web Services Security: Username Token Profile, Web Services Security: X.509 Certificate Token Profile, Web Services Security: Kerberos Token Profile, Web Services Security: SAML Token Profile and Web Services Security: XRML Token Profile.