OASIS approved WS-Security 1.1 as an official standard, establishing a foundation for securing distributed applications and Web services.A standards body on Wednesday gave final approval to a security specification that is recognized as a foundation for securing distributed applications and Web services.The Organization for the Advancement of Structured Information Standards (OASIS) approved WS-Security 1.1 as an official standard. The designation is the highest level of ratification within OASIS.What WS-Security solves for end users is the problem of how to pass data securely between Web services. The 1.1 specification, crafted by the Web Services Security (WSS) Technical Committee, is highlighted by enhancements to security token support, message attachments and rights management. The 1.0 version became a formal standard in April 2004.The 1.1 specification includes the core WS-Security specification and the Username Token Profile 1.1, X.509 Token Profile 1.1, Kerberos Token Profile 1.1, SAML Token Profile 1.1, Rights Expression (REL) Token Profile 1.1, SOAP With Attachments (SWA) Profile 1.1 and Schema 1.1. With WS-Security, users have a general-purpose method for building integrity, confidentiality and authentication into the message exchanges between or among Web services applications. The protocol fosters integration of technology used to secure messages, including X.509 certificates and Kerberos.Coupled with extensions such as WS-Policy, WS-Trust and WS-Secure Conversation, the specification allows more sophisticated and secure ways for Web services to interact.The protocol’s ratification comes a day after Bill Gates, chief software architect for Microsoft, opened up the annual RSA Security Conference by pointing out that security cannot evolve to support a “trust ecosystem” without Web services and other standards.Although he did not name any standards by name, WS-Security has emerged as one of those critical standards.Research firm Gartner says WS-Security 1.1 will become a standard for the majority of Web services and that users should adopt it now to make it easier to update their Web services in the future.WS-Security has been adopted by other standards bodies such as the Liberty Alliance, which incorporates it into their identity federation and by numerous vendors. The list of those contributing to work on the WS-Security 1.1 specification includes Actional/Progress Software, Adobe, AmberPoint, BEA Systems, BMC Software, Computer Associates, EMC, Forum Systems, Fujitsu, HP, Hitachi, IBM, Intel, Microsoft, Neustar, Nokia, Oracle, Reactivity, RSA Security, SAP, Sun, Tibco, and VeriSign. Related content news Nvidia’s new chips for China to be compliant with US curbs: Jensen Huang Nvidia’s AI-focused H20 GPUs bypass US restrictions on China’s silicon access, including limits on-chip performance and density. By Anirban Ghoshal Dec 06, 2023 3 mins CPUs and Processors Technology Industry news EU approves $1.3B in aid for cloud, edge computing New projects focus on areas including open source software to help connect edge services, and application interoperability. By Sascha Brodsky Dec 05, 2023 3 mins Technology Industry Edge Computing Cloud Computing brandpost Sponsored by HPE Aruba Networking Bringing the data processing unit (DPU) revolution to your data center By Mark Berly, CTO Data Center Networking, HPE Aruba Networking Dec 04, 2023 4 mins Data Center feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Servers Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe