Monthly newsletter Weekly news roundup Breaking news notification      

Web services security interoperability guidelines published for review

Get free weekly news by e-mailThe Web Services Interoperability Organization (WS-I) has announced the availability of the first Security Scenarios Working Group Draft for public review. Developed by the WS-I Basic Security Profile Working Group, the Security Scenarios document identifies security challenges and threats in building interoperable Web services and countermeasures for these risks.

"The development of the Security Scenarios Working Group Draft is an important step in furthering the progress of web services and driving customer adoption," said Paul Cotton, chair of the WS-I Basic Security Profile Working Group. "By enabling web services architects and developers to identify potential security challenges and threats, they can more easily ensure the successful deployment of their web services projects and achieve greater levels of interoperability."

"Enterprises that deploy web services without mature strategies for security will be vulnerable to cyberattacks," said Ray Wagner, research director, Information Security Strategies at Gartner. "Web services security decisions are complex, and interoperability is a key challenge. WS-I's guidance, including the Security Scenarios and the forthcoming Basic Security Profile, could be an important factor in the success of enterprises' web services security initiatives. WS-I can provide much-needed clarity for the practical and pragmatic use of web services security standards."

Security challenges, threats and countermeasures
The Security Scenarios document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including:

* Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness;

* Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks;

* Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security: SOAP Message Security 1.0 can be used to counter some of these threats;

* Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns(MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications.

The Security Scenarios Working Group Draft is now available on the WS-I website

WS-I is requesting public comment from all interested parties to ensure quality and broad applicability. Feedback should be sent to secprofile_comment@ws-i.org

Date: 26th February 2004 •Region: N.America/World •Type: Article •Topic: ISM
Rate this article or make a comment - click here


Copyright 2004 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help