OK, once again, here's a preview of my article that will be forthcoming in next Monday's MSDN Flash newsletter in Southern California.


Developer to developer…

This month and last, I’ve been presenting seminars on security so I thought I’d write about some of the recent news from the OASIS Web Services Security (WSS) technical committee that approved three standards documents last month.


First, OASIS is the Organization for the Advancement of Structured Information Standards, a not-for-profit, international consortium that “drives the development, convergence and adoption of e-business standards.” Its membership includes many experts and representatives from companies such as Intel, IBM, BEA, Sun, Oracle, Nokia, Hewlett-Packard and Microsoft. While the World Wide Web Consortium, W3C, is the organization behind standards like HTTP, HTML and XML, it is OASIS that has established itself as the primary organizing body behind emerging standards for Web services, transactions and security such as UDDI (Universal Discover, Description and Integration) and PKI (Public Key Infrastructure).


One of the OASIS Member Sections is the OASIS Web Services Security Technical Committee which works to establish standards to secure Web services as described in the WS-Security specification published in April 2002. It is this group that approved three key documents, WSS: SOAP Message Security 1.0 which enhances SOAP messages to provide message integrity, message confidentiality and single message authentication, WSS: Username Token Profile 1.0 and WSS: X.509 Certificate Token Profile 1.0, as OASIS standards last month.


Brevity doesn’t allow me to get into each of these new de facto standards – I’ll leave this for you as a reading assignment – but essentially, interested companies now have finished specifications to build their implementations in support of this space and drive interoperability.


When completed, Web Services Enhancements (WSE) 2.0 for Microsoft .NET will provide this support as an add-on to Microsoft Visual Studio .NET and the .NET Framework. A technology preview of WSE 2.0 is currently available (published July 15, 2003) though it is unsupported software and is not licensed for production use. For supported software, WSE 1.0 Service Pack 1 (SP1) for Microsoft .NET is available.


That’s all for now. If you would like to find out more about security as it pertains to developers, please join me at one of my upcoming MSDN Events seminars developer seminars.