WS-I Publishes SAML and REL Interoperability Profiles for
Use with Basic Security Profile
Web Services Consortium Seeks Public Comment for New Working Group Drafts
SAN FRANCISCO, June 6, 2005 — The Web Services Interoperability Organization (WS-I) today announced that it has published interoperability profiles for the WS-Security SAML Token Profile and REL Token Profile OASIS Standard for use with the WS-I Basic Security Profile. These new profiles, along with an updated version of the Basic Security Profile, have been published as “Working Group Drafts” and are available for review and public comment at www.ws-i.org.
The WS-I Basic Security Profile is a collection of guidelines for ensuring that Web services developed in accordance with security specifications, including the WS-Security 1.0 OASIS Standard, are interoperable. When the Working Group Draft of the Basic Security Profile was initially published, it encompassed uses of the first Token Profiles provided with WS-Security, the Username and X.509 Certificate Token Profiles. In response to industry feedback, WS-I has extended the Basic Security Profile to include the newer WS-Security token profiles for SAML and REL.
“Publication of the WS-I profiles of the SAML and REL tokens extends the coverage of the Basic Security Profile to all of the parts of the WS-Security 1.0 OASIS Standard,” said Paul Cotton, Chairman of WS-I’s Basic Security Profile Working Group. “In addition, the other Working Group Drafts, including the Basic Security Profile, have been greatly improved based on feedback provided by the public and other WS-I Working Groups.”
The WS-Security: SAML Token Profile is an OASIS Standard that describes the use of Security Assertion Markup Language (SAML) v1.1 assertions with the baseline WS-Security: SOAP Message Security specification.
The WS-Security: Rights Expression Language (REL) Token Profile is an OASIS Standard that describes the use of ISO/IEC 21000-5 Rights Expressions with the baseline WS-Security: SOAP Message Security specification.
Since its initial publication in May 2004, significant enhancements have been made to the Basic Security Profile in response to public comment and to feedback from the various WS-I working groups. For example, the conformance targets of many of the profile’s requirements have been renovated, many of the requirements now have rationales and explanations that make them easier to understand, and changes have been made to ensure that the Basic Security Profile reflects the WS-Security 1.0 OASIS Standard errata.
The Basic Security Profile is expected to receive formal approval of the WS-I membership and to be published as “Final Material” this Fall.
About WS-I
WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies by providing guidance, recommended practices and supporting resources for developing interoperable Web services. For more information, please visit http://www.ws-i.org or e-mail [email protected].
# # #
Public Relations Contact:
Christian Danella
Prequent, Inc. (for WS-I)
(415) 441-6639 office
(415) 350-4830 mobile