Web services security specs hit the standards track

The first meeting of the OASIS Web Services Secure Exchange (WS-SX) Technical Committee is set for early December 2005, and the long-anticipated WS-Trust, WS-SecureConversation and WS-SecurityPolicy specifications will be up for review. WS-Trust sets up an XML syntax for management of credentials across secure domains; WS-SecureConversation will allow multiple message conversations without having to check each new message; and WS-SecurityPolicy defines a set of overarching, general security policies for Web services. No specific timetable has been set for ratifying the specifications, but vendors are already building to the proposed specifications, which have been up on IBM’s developerWorks site for quite a while. The ultimate goal of the WS-SX standards is to create a universal web security system that can be changed without touching the web services themselves. A fourth standard, WS-Federation, is the only specification missing from the set. Its aim is to provide security across multiple domains without the need for a single identity manager. That standard won’t begin being reviewed for another year.


Leave a Reply