WS-I Finalizes Basic Security Profile 1.1

The Web Services Interoperability Organization (WS-I) has released Basic Security Profile (BSP) 1.1, which integrates OASIS work on WS-Security, and helps ensures devs can build secure and interoperable SOA and web services projects using non-proprietary technologies.

by Vance McCarthy

Tags: WS-I, SOA, web services, BSP, security, integration,

wsilogo_left_03 WS-I (Web Services Interoperability Organization) has published a final version of the WS-I Basic Security Profile (BSP) 1.1 as a guide for ensuring secure, interoperable Web services and SOA projects using non-proprietary Web services specifications.

In specific, BSP 1.1 integrates OASIS Web Services Security (WS-Security) 1.1 key encryption and other features to enhance the interoperability and security for Web services. The WS-I BSP also has clarifications and amendments that will promote interoperability, according to a WS-I official.

“The WS-I Basic Security Profile 1.1 builds upon the strong foundation in BSP 1.0 and extends it to cover core security scenarios in WS-Security 1.1,” said Paul Cotton, Chair of the BSP Working Group. “We believe security is a top priority for Web services and are pleased with the work we’ve been able to achieve to provide solid secure, interoperable Web services for implementers and consumers.”

Publication of WS-I BSP comes after a six-month test six where six WS-I member companies, including Intel, IBM, Layer 7, Microsoft, Oracle and SAP AG, successfully interoperated using BSP 1.1 and contributed to profile improvements based on their results, Cotton added.

BSP 1.1 targets transport and SOAP message security, and Basic Profile-specific security considerations of Web Services and also focuses on Web Services Message Security and HTTP over Transport Level Security (TLS), officials said. BSP 1.1 is based on the key security usage scenarios and requirements identified in WS-I’s Security Challenges document.

BSP 1.1 constrains the use of several common security tokens based on the OASIS Web Services Security (WS-Security) 1.1 and its token profiles including Kerberos, X.509, SAML and Username token.

BPS 1.0 Follows on from web services exchange rules set out in WS-I’s BSP 1.0. In part those specs required that partners exchanging the messages must agree on: