WS-I Basic Security Profile

The Web Services Interoperability Organization (WS-I) started as an industry initiative by leading technology vendors and organizations. Its ultimate goal is to promote interoperability in Web services implementations across platforms, applications, programming languages, and devices. As part of its deliverables plan, WS-I introduced the notion of WS-I profiles to address the interoperability issues due to specification versions, dependencies, requirements, and vendor interpretations. The WS-I Basic Security Profile Version 1.0 provides a set of requirements and guidelines to promote interoperability by adhering to standards and specifications that contribute to Web services security. In particular, it is intended to address the interoperability issues related to the following:

• SOAP Message Security

• Transport Layer Security (HTTP over SSL/TLS)

• Security Tokens (Username Tokens, Binary security tokens and XML security tokens)

• XML Signature

• XML Encryption

• Algorithms

• Relationship with WS-I Basic Profile

• SOAP Attachment Security

• Security considerations

• Usage scenarios

WS-I Basic Security Profile is an extension to the WS-I Basic profile that addresses the additional security-related functionalities without affecting interoperability. The security profile incorporates specifications based on the OASIS WS-Security 1.0 standard, the W3C XML signature, W3C XML encryption, and IETF-HTTP over SSL/TLS as an underlying protocol. It also identifies extensibility points to support additional cipher suites and algorithms that require private agreement between the peers involved in Web services.

At the time of writing this book, WS-I Basic security profile 1.0 is released as a working group draft, and conforming security provider implementations were not available. To find out the current status of WS-I Basic security profile from the WS-I Security profile working group, refer to the WS-I Web site at http://www.ws-i.org/deliverables/workinggroup.aspx?wg=basicsecurity.