Web Services Interoperability group tackles security

A new working group within the Web Services Interoperability Organization (WS-I) will focus on ways to develop secure Web services, according to a statement released by the WS-I on Tuesday.

The Basic Security Profile Working Group (BSPWG) is chartered with developing guidelines for interoperability between different Web services implementations, referred to as the Basic Security Profile. That security profile will be an extension of the WS-I Basic Profile 1.0, according to WS-I.

The WS-I Basic Profile provides guidelines for how Web services specifications such as SOAP (Simple Object Access Protocol), XML (Extensible Markup Language) or UDDI (Universal Description, Discovery, and Integration) should be used together to develop interoperable Web services.

In particular, the BSPWG will tackle interoperability issues involving transport security, SOAP messaging security as well as other issues raised by the WS-I Basic Profile.

BSPWG will also be responsible for developing usage scenarios and corresponding MEPs (message exchange patterns), according to WS-I.

An MEP is a template for passing messages between two parties using Web services technologies.

The BSPWG has been in the works since November, according to WS-I. At that time, a Basic Security Work Plan Working Group was created within the WS-I to identify and prioritize key Web services interoperability issues related to security.

That group presented its findings and recommendations to the full organization at the recent WS-I plenary session in Salt Lake City, WS-I said.

Resolving security issues that arise from the need for interoperability between different Web services implementations is key to the continued expansion of Web services, according to WS-I.

WS-I is one of a number of industry groups that was created to promote open standards for Web services interoperability across platforms, applications, and programming languages.

The group has a number of IT heavyweights on its board of directors including BEA Systems Inc., Hewlett-Packard Co., IBM Corp., Intel Corp., Microsoft Corp., Oracle Corp., SAP AG and, most recently, Sun Microsystems Inc.

Other groups with a hand in developing Web services standards include OASIS (Organization for the Advancement of Structured Information Standards), W3C (World Wide Web Consortium), and Liberty Alliance.

A timeline for delivering the Basic Security Profile and usage scenarios will be decided on within the next month, according to WS-I.