Safe and easy are now two words you can think when you’re thinking Web services.
The Web Services Interoperability Organization (WS-I) has published
the WS-I Basic Security Profile (BSP 1.0), a guide for making sure Web
services are secure and interoperable.
Web services (define), or communication between disparate
applications, can automate certain business transactions, including order
fulfillment for supply chains and services.
Many companies are considering using Web services but cannot build their own,
and the lack of security, interoperability and management as part of a
standards framework prohibits businesses from adopting them.
WS-I, whose backers Microsoft (Quote), IBM (Quote),
Oracle (Quote) and others, has been working since 2002 to
foment standards that make Web services practical.
Burton Group analyst Anne Thomas Manes said BSP 1.0 builds on the Basic
Profile 1.1 from WS-I and is designed to make Web services safe and
practical over the Internet.
The document focuses on the interoperability traits for HTTP over TLS and
Web Services Security: SOAP Message Security.
HTTP over TLS secures the confidentiality of information that flows over
an HTTP connection. Web Services Security: SOAP Message Security provides
security protection for SOAP (define) messages and their
attachments across several disparate nodes.
The BSP 1.0 also incorporates the following components of OASIS’ Web
Services Security standards: Username Token Profile, X.509 Certificate Token
Profile, Kerberos Token Profile, SAML Token Profile and XRML Token Profile.
The new document was approved by the WS-I board after IBM, Microsoft, Novell, Oracle and
SAP demonstrated interoperability of BSP 1.0.
Manes said documents such as BSP 1.0 are necessary to remove some of the
interoperability stumbling blocks developers run into.
“One of the challenges we have with specifications is that specifications
are designed to support a lot of different cases and offer a lot of
different options,” Manes said.
“When you’re a developer who’s trying to implement a particular
specification, sometimes it’s hard to figure out how to interpret the
specifics and the options supplied by a specification. That tends to lead to
Profiles such as BSP 1.0, Manes said, are a strong indicator that a
specification is ready for prime time.