Boston, MA, USA; 21 June 2007 — OASIS, the international open standards consortium, today announced that its members have approved Web Services Reliable Messaging (WS-ReliableMessaging) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. WS-ReliableMessaging allows messages to be transferred reliably despite failures in software components, systems, or networks. It enables a broad range of reliability features, including ordered delivery, duplicate elimination, and guaranteed receipt.

"Reliable messaging is one of the features customers demand most as they move to electronic business. The problem is that messages can be lost, repeated, or reordered, and host systems can fail," explained Paul Fremantle of WSO2, co-chair of the OASIS Web Services Reliable Exchange (WS-RX) Technical Committee. "WS-ReliableMessaging addresses all these risks by providing a modular mechanism that identifies, tracks, and manages the reliable transfer of messages between a source and a destination."

Sanjay Patil of SAP, co-chair of the OASIS WS-RX Technical Committee, added, "WS-ReliableMessaging delivers a key element in the openness of an enterprise service-oriented architecture (SOA) and provides a critical building block that can be used in conjunction with other specifications and application-specific protocols to reliably handle a wide variety of SOA requirements and scenarios."

The extensible nature of WS-ReliableMessaging allows additional functionality, such as security, to be tightly integrated. It incorporates a SOAP binding for interoperability and allows additional bindings to be defined. The protocol can be implemented with a variety of robustness characteristics ranging from in-memory persistence scoped to a single process lifetime, to replicated durable storage that is recoverable in the most extreme circumstances.

OASIS president and CEO, Patrick Gannon, noted, "WS-ReliableMessaging integrates with and complements the WS-Security OASIS Standard as well as other Web services specifications. Combining these standards offers companies many reliable, secure messaging options."

The WS-ReliableMessaging OASIS Standard was developed by representatives of Adobe, BEA Systems, Fujitsu, Hitachi, IBM, Intel, IONA, Microsoft, NEC, Nortel, Novell, Oracle, Progress Software, Red Hat, SAP, Sun Microsystems, TIBCO, webMethods, and others. The WS-ReliableMessaging OASIS Standard and the archives of the OASIS WS-RX Technical Committee work are publicly accessible. OASIS hosts the ws-reliablemessaging-dev mailing list for exchanging information on implementing the standard.

Support for WS-ReliableMessaging OASIS Standard
ACORD "On behalf of ACORD, we welcome the official release of the WS-ReliableMessaging OASIS Standard. ACORD is committed to Web services standards as part of its Service Oriented Architecture strategy and has been working for several years with its members on a profile for Web service protocols based on insurance industry use cases. WS-ReliableMessaging is a piece of the puzzle we have been critically expecting in support of robust message exchange, flexible deployment of services, and mass transit on the Internet. We are strongly encouraging the implementation of this set of protocols in software libraries and tools, in support of Web services deployment in the insurance industry," said Lloyd Chumbley, Assistant Vice President of Standards, ACORD.

Adobe "Interoperable reliable messaging is a critical component in enabling real-world distributed Service Oriented Architectures (SOA). WS-ReliableMessaging provides a framework for reliable and robust exchange of business information as part of Web services and SOA, enabling the enterprise to realize reliable integration and collaborative business processes leveraging disparate applications," said Charlton Barreto, Senior Computer Scientist and Architect, Adobe Systems.

BEA Systems "The acceptance of WS-ReliableMessaging as an OASIS Standard represents an important milestone in the development of reliable, secure services that can leverage today’s heterogeneous infrastructures. Ensuring that messages are delivered, eliminating duplicate messages, and delivering messages in the order they are sent are fundamental capabilities for building flexible, SOA-based applications. With the standardization of WS-ReliableMessaging, BEA Systems plans to continue its commitment to and leadership in Web services standards," said Gilbert Pilz, Sr. Principal Technologist, Office of the CTO, BEA Systems, Inc.

Hitachi "Enterprise systems are nothing if they are not reliable, and no Web service that employed intermediaries could be reliable until now. WS-ReliableMessaging is widely adopted. Platform users can now have high confidence that this core functionality will be available to them on a variety of platforms from most enterprise vendors. We thank the committee for all of its work in resolving the many challenges that arose in the production of this specification. Hitachi anticipates that this result has been worth the work," said Takao Nakamura, Executive General Manager, Software Division, Hitachi Ltd.

Microsoft "Microsoft is pleased to see WS-ReliableMessaging 1.1 become an approved standard. Product interoperability is increasingly important, and we believe that the addition of reliable message exchange to the suite of standard WS-* protocols will benefit both customers and the industry," said Omri Gazitt, a Product Unit Manager at Microsoft.

Oracle "Oracle is committed to driving standards that facilitate the development of modular business services that can be easily integrated and reused–creating flexible, adaptable IT infrastructures. The new WS-ReliableMessaging standard will help provide an interoperable way to guarantee message delivery to applications or Web services, which is an essential capability for implementing Service Oriented Architectures (SOAs)," said Don Deutsch, vice president Standards Strategy and Architecture, Oracle.

Red Hat "With WS-Security and WS-Transaction having been approved as OASIS Standards, WS-ReliableMessaging is the last key component to enable secure, reliable and transacted Web services in an interoperable fashion. We’re pleased to have been associated with such an important standard," said Mark Little, Director of Standards for Red Hat.

Sun Microsystems "We are pleased to have contributed to the standardization of this much-needed software infrastructure component. Wide industry support for the WS-ReliableMessaging 1.1 standard will lead to highly interoperable Web Services stacks, making this technology ubiquitous for users who require robust service-oriented applications. It will be a welcome addition to the Web Services capabilities (JAX-WS) of Sun Java(TM) System Application Server, Open Source Project Glassfish, and Sun Java(TM) System SE/EE," said Thomas Kincaid, executive director, Application Platforms, Sun Microsystems.

Additional information:
WS-ReliableMessaging 1.1 OASIS Standard: http://www.oasis-open.org/specs/index.php#wsrx-rm1.1
OASIS WS-RX Technical Committee: http://www.oasis-open.org/committees/ws-rx/
Cover Pages Technology Report: Reliable Messaging http://xml.coverpages.org/reliableMessaging.html

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 19 June 2007 — OASIS, the international standards consortium, today announced that its members have approved the Content Assembly Mechanism (CAM) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. CAM provides an open, XML-based system for using business rules to define, validate, and compose specific business documents from generalized schema elements and structures. CAM also provides the foundation for creating industry libraries and dictionaries of schema elements and business document structures to support business process needs.

"CAM has been described as a Swiss army knife for XML structures," said David Webber, chair of the OASIS Content Assembly Mechanism (CAM) Technical Committee. "That’s because CAM addresses the three issues that are crucial for automated information integration. It delivers the capability to design transactions consistently, to document their usage clearly, and to drive software that can apply rules and test information content correctly."

CAM can be used wherever manipulation or validation of information content structures is required. The most widely used application is the validation of content passing through a messaging system, where CAM ensures that the information received is compatible with the supported business systems. CAM can also direct the creation or processing of transactions in a business process engine or be deployed as a Web service to allow trading partners to pre-validate XML instances before using them in message exchanges.

"Before a Web service can exchange XML data between applications, the information usually needs to be validated and transformed," explained Patrick Gannon, president and CEO of OASIS. "CAM offers a new way to accomplish this by using specialized templates that allow contextual business rules to be applied to any XML structure. These business rules can be used to validate the structure or to transform XML data to fit a specified form."

The CAM OASIS Standard was developed by representatives of AmberPoint, the U.S. National Institute of Standards and Technology (NIST), Sun Microsystems, and others.

The CAM OASIS Standard and the archives of the OASIS CAM Technical Committee work are publicly accessible. OASIS hosts the cam-dev mailing list for exchanging information on implementing the standard.

Additional information:
CAM 1.1 OASIS Standard: http://www.oasis-open.org/specs/index.php#camv1.1
OASIS CAM Technical Committee: http://www.oasis-open.org/committees/cam/
CAM FAQ: http://www.oasis-open.org/committees/cam/faq.php

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 7 June 2007 — OASIS, the international standards consortium, today announced that its members have approved Digital Signature Services (DSS) version 1.0 as an OASIS Standard, a status that signifies the highest level of ratification. DSS defines an XML interface to process digital signatures for Web services and other applications, enabling the sharing of digital signature creation, verification and other associated services, without complex client software and configuration.

"DSS makes it easy to use digital signatures because it lets companies control their signature applications on an organizational basis through a network-based server," said Juan Cruellas of Centre d’aplicacions avanades d’Internet (CANET), co-chair of the OASIS DSS Technical Committee. "Instead of being managed individually, signing keys are maintained on a secure server with controls that minimize the risk of compromise. Signatures can still be created by authorized individuals, but instead of requiring specialized signing equipment for each person, DSS allows organizations to use their existing authentication mechanisms, such as passwords, two factors, biometrics, etc."

DSS describes two XML-based request/response protocols, one for signatures and a second for verification. Using these protocols, a client can send documents to a server and receive back a signature on the documents; or send documents and a signature to a server and receive back an answer on whether the signature verifies the documents.

"A DSS signature secures an organization’s documents efficiently and effectively while maintaining accountability down to the individual level," said Nick Pope of Thales eSecurity Ltd., co-chair of the OASIS DSS Technical Committee. "What’s more, DSS allows sensitive signing keys to be protected by using tamper-proof signing devices and by locating the server in a room with controlled access. Costs are reduced with DSS, because security can be highly localized."

DSS supports a range of signature formats including XML and CMS. It is designed around a core set of elements and procedures which can be profiled to support specific uses such as time-stamping (including XML structured time-stamps), corporate entity seals, electronic post marks and code signing.

The OASIS DSS Technical Committee worked closely with the Universal Postal Union, an agency of the United Nations, to facilitate the use of DSS within its Electronic Post Mark system (UPU EPM).

"Deploying support for digital signatures can be extremely challenging, especially for large companies. The task of allocating and certifying user keys can be burdensome and difficult to secure," said OASIS president and CEO, Patrick Gannon. "The DSS OASIS Standard presents an approach to digital signing which significantly reduces these obstacles. The added services enabled by this standard are meeting global needs, and the Universal Postal Union is a good example."

The DSS OASIS Standard was developed by representatives of the American Bar Association, Austria Federal Chancellery, BEA Systems, CATCert-Agencia Catalana de Certificacio, IBM, Nokia, Universal Postal Union, and others. The DSS OASIS Standard and the archives of the OASIS DSS Technical Committee work are publicly accessible. OASIS hosts the dss-dev mailing list for exchanging information on implementing the standard.

Additional information:
DSS 1.0 OASIS Standard: http://www.oasis-open.org/specs/index.php#dssv1.0
OASIS DSS Technical Committee: http://www.oasis-open.org/committees/dss/
DSS FAQ: http://www.oasis-open.org/committees/dss/faq.php

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 24 May 2007 — The international open standards consortium, OASIS, has expanded its Public Key Infrastructure (PKI) work to encompass the full identity and trusted infrastructure marketplace. The new OASIS IDtrust Member Section will promote greater understanding and use of standards-based technologies, policies, and practices for identity and trusted infrastructure. The group will provide a neutral setting where government agencies, companies, research institutes, and individuals can work together to facilitate the use of these technologies.

"The U.S. federal government has been working for years to develop standards, procedures and guidelines for implementing e-identity management services that can ensure trusted, secure transactions over the Internet. IDtrust will help accomplish that mission," said Peter Alterman, Ph.D., Asst. CIO, EAuthentication, National Institutes of Health, and Federal PKI Policy Authority Chair.

"IDtrust will advance standards that provide the basic security necessary for carrying out electronic business," added June Leung, chair of the Steering Committee for the OASIS IDtrust Member Section. "These standards make it possible for parties who do not know one another or who are widely distributed to communicate securely by adopting a chain of trust."

Other members of the IDtrust Member Section Steering Committee include Abbie Barbir of Nortel Networks, Arshad Noor, John Sabo of CA, and Ann Terwilliger of Visa International.

Working to identify trust policies for assurance and standardization, IDtrust members will focus on validating and building trust paths. They plan to catalog implementation projects, publish adoption reports, and conduct studies on costs, benefits and risk management. The Member Section will also oversee the work of two OASIS Committees: Enterprise Key Management Infrastructure (EKMI), which defines symmetric key management protocols; and PKI Adoption, which advances the use of digital certificates as a foundation for managing access to network resources and conducting electronic transactions. The Steering Committee seeks suggestions for forming additional committees.

IDtrust has its roots in PKI Forum, an organization that was founded in 1999. It transitioned its work to OASIS in 2002, where it continued to operate as an independent body focused on broadening adoption for PKI.

"The expansion and re-chartering of OASIS PKI as IDtrust marks an exciting milestone in the evolution of this work," noted Patrick Gannon, president and CEO of OASIS. "By broadening its scope, IDtrust will be better positioned to reduce barriers to adoption and effectively address data privacy and cryptographic issues, as well as interoperability, outsourcing and application integration of trusted infrastructures."

Organizations participating in IDtrust include CA, CATCert Agencia Catalana de Certificacio, EMC, Forum Systems, Jericho Systems, Nortel Networks, Sterling Commerce, Verisign, Visa International, WISeKey, and others. Public sector agencies from around the world, including Canada’s Public Works & Government Services, Norway’s Directorate of Labour and Welfare, and Tunisia’s National Digital Certification Agency–as well as the Electronics and Telecommunications Research Institute (ETRI) and Oxford University–are also participating. IDtrust welcomes other interested parties to join their work at any time.

Support for IDtrust
CA "CA is pleased to support the formation of the IDtrust Member Section. Its broad focus on identity technologies, trust policies, and education will help meet the growing need for open, standards-based trust infrastructure," said John Sabo, director of government global relations at CA.

Visa "My experiences in implementing public key cryptography at Visa have made me very aware of the importance of identifying workable solutions. I am committed to supporting the work of IDtrust to achieve this," said Ann Tertwilliger, Director of Security Projects, Visa International.

Additional information:
OASIS IDtrust Member Section: http://www.oasis-idtrust.org/
OASIS EKMI Technical Committee: http://www.oasis-open.org/committees/ekmi/
OASIS PKI Adoption Committee: http://www.oasis-open.org/committees/pki/

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 8 May 2007 — OASIS, the international standards consortium, today announced that its members have approved Web Services Transaction (WS-Transaction) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. WS-Transaction describes an extensible framework for providing protocols that coordinate the actions of distributed applications. Such coordination protocols can be used to support a wide variety of applications that require consistent agreement on the outcome of distributed transactions. WS-Transaction is offered on a Royalty-Free basis, as provided under OASIS policies.

"Web services increasingly tie together large numbers of participants to form distributed applications. The result can be extremely complex," said Eric Newcomer of IONA, co-chair of the OASIS Web Services Transaction (WS-TX) Technical Committee. "WS-Transaction gives developers the framework they need to build reliable, distributed applications."

The WS-Transaction OASIS Standard comprises three specifications: WS-Coordination; WS-AtomicTransaction; and WS-BusinessActivity. WS-Coordination enables an application service to create the context necessary for propagating an activity to other services. WS-AtomicTransaction defines agreement protocols for short-lived activities having the all-or-nothing property, and WS-BusinessActivity defines protocols for long-running transactions that require compensation-based agreement. Working together, these specifications enable existing transaction processing, workflow, and other systems to hide their proprietary protocols and operate in a heterogeneous environment.

"The technical committee recognized that there is no single transaction model appropriate for all use cases, and so WS-Transaction defines an extensible coordination framework that accommodates classic two-phase-commit, as well as more relaxed forms of transactions with isolation behavior appropriate in loosely-coupled systems," noted Ian Robinson of IBM, co-chair of the OASIS WS-TX Technical Committee.

"The effort to standardize WS-Transaction brought together most of the major stakeholders in Web services–large, multi-national companies as well as smaller innovators," OASIS president and CEO, Patrick Gannon, observed. "We applaud these organizations for collaborating in the open process to deliver a Royalty-Free standard to the marketplace."

The WS-Transaction OASIS Standard was developed by representatives of Active Endpoints, Adobe Systems, AmberPoint, BEA Systems, Fujitsu, Hitachi, IBM, IONA, Microsoft, Nortel, Oracle, Red Hat, Ricoh, Sun Microsystems, TIBCO, and others. IBM, Microsoft, and Red Hat verified successful usage of WS-Transaction, in accordance with eligibility requirements for all OASIS Standards.

The WS-Transaction OASIS Standard and the archives of the OASIS WS-TX Technical Committee are publicly accessible. OASIS hosts the ws-transaction-dev mailing list for exchanging information on implementing the standard.

Support for WS-Transaction OASIS Standard
Adobe "The approval of WS-Transaction as an OASIS standard is critical to the future growth of Web services and Service Oriented Architecture (SOA). WS-Transaction provides enterprises with the transactional integrity and interoperability across diverse assets to help develop and manage mission critical applications. This enables such applications to be successfully built and deployed using Web services, without sacrificing multi-vendor interoperability," said Charlton Barreto, Senior Computer Scientist and Architect at Adobe.

Hitachi "Transactions are the core of business applications. WS-Transaction has constructed a normative and consistent way for Web Services to participate in these critical business processes. We at Hitachi expect that these new system building blocks will allow Web Services to move from the periphery to the center of new business applications. Hitachi highly appreciates the ratification of this new OASIS Standard," said Takao Nakamura, Executive General Manager, Software Division, Hitachi Ltd.

IBM "WS-Transaction becoming an OASIS Standard brings important capability to customers who want to execute transactions in a mixed vendor environment. With this specification, all the steps of the process are either executed or canceled. For example, either the item is shipped and the credit card is charged – or neither of those actions are taken. This ability to provide consistency across multiple data services is important as customers move critical business processes to SOA. IBM products such as CICS and WebSphere Application Server have mature support for earlier drafts of the WS-Transaction specifications and will support this new OASIS Standard in forthcoming releases," said Karla Norsworthy, vice president, IBM Software Standards.

IONA "With a greater number of organizations turning to SOA as the foundation for interoperable and mission-critical business applications, the ability to reliably handle transactions is critical. This is a very important specification, and we’re pleased to see its approval as an OASIS Standard," said Eric Newcomer, CTO, IONA.

Microsoft "Microsoft is pleased with the approval of Web Services Transaction 1.1 and with the benefits the specification delivers, including identifying a means to implement two different types of transactions in Web Services," said Chris Kurt, Group Program Manager in the Connected Division Systems at Microsoft.

Oracle "The ability to build and manage transactional systems is key to the deployment of enterprise information systems. With Service Oriented Architecture becoming prevalent, Web Service transaction management will be vital to the success of SOA-based deployments. Oracle welcomes the standardization of the WS-Transaction family of specifications," said Jeff Mischkinsky, director, Oracle Fusion Middleware and Web Services Standards.

Red Hat "Red Hat believes that this is a significant contribution to the emerging Web services architecture as well as transaction processing. Interoperability of transaction systems has always been an elusive goal and for the first time we have a standard that offers a low cost route to achieve that goal," said Mark Little, Director of Standards for Red Hat.

SOA Software "The approval of WS-Transaction as an OASIS Standard represents a significant step in the evolution of SOA and Web services. WS-Transaction allows Web services to be used as part of mission critical business processes. It allows us to further extend the value of Mainframe Web services to the distributed enterprise," said James Crew, vice president of SOLA at SOA Software.

Additional information:
WS-Transaction OASIS Standard: http://www.oasis-open.org/specs/index.php#wstransactionv1.1
OASIS WS-TX Technical Committee: http://www.oasis-open.org/committees/ws-tx

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 2 May 2007 — Members of the OASIS consortium have formed a new committee to advance the WS-Federation specification through the international standards process. WS-Federation aims to extend the scope of identity management, enabling federations of trust. Version 1.1 of the specification, which was created by a cooperative of eight companies, will be contributed to the new OASIS WS-Federation Technical Committee for advancement and input from the broader community.

"It’s good to see WS-Federation submitted to a standards body," said Gerry Gebel, Identity and Privacy Strategies service director at Burton Group. "We’re hopeful that this move will make convergence of existing standards more likely since OASIS has also produced WS-Security, WS-Trust, WS-SecureConversation, SAML, XACML, and SPML."

"Organizations and business partners will be able to collaborate more safely and smoothly with WS-Federation," noted Paul Cotton of Microsoft, convener of the OASIS WS-Federation Technical Committee."Today, it often takes weeks for a company to set up user accounts and access privileges to enable their partner organizations’ staff to safely gain access to shared materials. When a project is complete, all that time and effort must be repeated in order to revoke the partner’s accounts. WS-Federation allows user accounts to continue to be owned, stored, and managed by the users’ companies, and shared as needed with partner organizations, instead of relinquishing control to them or creating duplicate copies."

The OASIS WS-Federation Technical Committee will work to simplify interactions between the participants of a federation. The group will advance capabilities for structuring and acquiring federation metadata, sign-out notifications, and the use of pseudonym and identity mapping and attribute services. In addition, the Committee will enable brokered trust relationships and distributed authentication and authorization to be used in browser-based scenarios.

"WS-Federation is a method for expressing and managing trust relationships among parties sharing identity data," explained James Bryce Clark, director of standards development for OASIS. "This specification was intended for programs that use the WS-Trust OASIS Standard for security token exchange, the WS-Policy family of methods for describing constraints and rules, and the WS-Security OASIS Standard for associating security content with SOAP messages. This set of specifications is designed to compose, together with other related standards (including WS-Reliable Messaging and the WS-Transaction OASIS Standard), as a seamless and exclusive stack of specifications for secure and reliable Web services."

Representatives of Active Endpoints, AmberPoint, BEA Systems, BMC Software, CA, Forum Systems, HP, IBM, IONA, Novell, Microsoft, Progress Software, Red Hat, SOA Software, TIBCO, VeriSign, webMethods, and others make up the OASIS WS-Federation Technical Committee. Participation remains open to all companies, non-profit groups, governments, academic institutions, and individuals.

The WS-Federation Technical Committee will operate under the Royalty Free on RAND Terms mode, as defined by the OASIS Intellectual Property Rights Policy. As with all OASIS projects, archives of the Committee’s work will be accessible to both members and non-members, and OASIS will host an open mail list for public comment.

Support for WS-Federation
AmberPoint "The success of the next generation of SOA deployments will be contingent on the ability to securely share identity information among cooperating enterprises. WS-Federation is a key component to defining solutions that enable business processes to securely span enterprise boundaries, while meeting regulatory requirements and keeping sensitive data in the proper hands. We’re glad for the opportunity to bring our expertise to the OASIS WS-Federation Technical Committee and are confident that this effort will be of significant value to our customers and the SOA marketplace in general," said Gene Thurston, security architect, AmberPoint.

BEA Systems "BEA is enthusiastic about bringing WS-Federation to an open standards organization. There is an opportunity to align it with other, related security technology standards, which can advance the progress of Web Services and help enable the development of flexible, agile and highly interoperable SOA solutions," said Hal Lockhart, Office of the CTO, BEA Systems.

BMC Software "Standardization of WS-Federation is the next logical step following the recent OASIS approval of WS-Trust and WS-SecureConversation, and the progress being made on WS-SecurityPolicy. We believe WS-Federation as an OASIS Standard will be a key part of our customer’s Business Service Management infrastructure, and it has already seen widespread adoption," said Jeff Bohren, Software Architect, BMC Software.

CA "Leveraging WS-Federation helps enable dynamic business-to-business relationships by bridging identity and security across Web services. The work of the OASIS Technical Committee will therefore be of significant benefit to both CA customers and global commerce as a whole," said Andy Rappaport, architect for identity and access management at CA.

IBM "Working with our customers, IBM recognized early that security is a key component for Web services deployments. With WS-Federation, we complete the Web Services Security Roadmap which includes WS-Security, WS-Trust, WS-Secure Conversation and WS-Security Policy. IBM has already included early versions of this capability in our products, as have others, to enable customers to develop applications using Web services to assure authorized access to key resources across security boundaries whether within an enterprise or between companies or governments. We look forward to working with OASIS on the next steps towards making WS-Federation a standard," said Karla Norsworthy, vice president, IBM software standards.

Microsoft "Microsoft is pleased to see a Technical Committee formed to support the process in ratifying WS-Federation. WS-Federation extends WS-Trust to provide a flexible federated identity architecture with clean separation between trust mechanisms, security token formats, and the protocol for obtaining tokens. Federations built on this architecture can address the identity requirements of both Web applications and Web services," said Don Schmidt, Principal Program Manager in the Connected Systems Division at Microsoft.

Red Hat "Red Hat is pleased to support WS-Federation and sees it as an important missing piece in the WS-* architecture. Standardization in this area is of critical importance," said Dr. Mark Little, Director of Standards for Red Hat.

SOA Software "WS-Federation will be an important specification to enable inter-company secure Web services transactions. As a leading provider of security mediation solutions for SOA and Web services, SOA Software believes that WS-Federation and related standards will simplify the deployment and integration of our solutions for large enterprises," said Alistair Farquharson, chief technology officer of SOA Software.

Additional information:
OASIS WS-Federation Technical Committee: http://www.oasis-open.org/committees/wsfed/

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 25 April 2007 — OASIS, the international standards consortium, today announced that its members have approved Web Services Context (WS-Context) version 1.0 as an OASIS Standard, a status that signifies the highest level of ratification. WS-Context defines an open framework for supporting coordinated and transactional compositions of multiple Web services applications. The new standard is offered on a Royalty-Free basis, as provided under OASIS policies.

"When Web services are used in combination, the ability to set the boundaries of an activity (such as start/end or success/failure) and to inform participants of changes to activities become extremely important," explained Eric Newcomer of IONA Technologies, co-chair of the OASIS Web Services Composite Application Framework (WS-CAF) Technical Committee. "WS-Context provides standard, interoperable ways to demarcate and coordinate Web services activities. Business process transactions can be recovered predictably and consistently with WS-Context, and the standard allows participants to define their relationships with one another."

"WS-Context ensures that multiple Web services deployed in a variety of execution environments behave as if they are deployed in a single, consistent environment," added Martin Chapman of Oracle, co-chair of the OASIS WS-CAF Technical Committee. "For example, an organization’s Service Oriented Architecture (SOA) may require security information, conversational session information, database and file handles and process IDs, among other services, to be shared across multiple execution environments built on different platforms. WS-Context ensures that the Java, .NET, and other Web services in the enterprise all behave similarly and as expected at runtime."

"A wide variety of applications that involve workflow or business-to-business interactions will benefit from the composability that WS-Context delivers," observed OASIS president and CEO, Patrick Gannon. "We congratulate the members of the OASIS WS-CAF Technical Committee for their work in advancing this important addition to the growing list of Web services standards."

WS-Context was developed by representatives of ESI Acquisition, IONA, Oracle, Red Hat, Sun Microsystems, and other members of OASIS. Werner Enterprises, Red Hat, and IONA all verified successful usage of WS-Context, in accordance with eligibility requirements for OASIS Standards.

WS-Context and the archives of the OASIS WS-CAF Technical Committee are publicly accessible. OASIS hosts the ws-context-dev mail list for exchanging information on implementing the standard.

Support for WS-Context OASIS Standard
IONA "Shared state management across communication sessions becomes increasingly important as SOA deployments incorporate a greater number of existing systems and execution environments, and as Web services include additional qualities of service. WS-Context is unique in providing support for both the SOAP header and REST based approaches. WS-Context is also unique in providing a common mechanism for shared session state for such qualities of service as reliability, availability, security, and transactions, to name a few. The approval of WS-Context as an OASIS standard is an important step toward standardizing this important SOA capability," explained Eric Newcomer, CTO, IONA Technologies.

Oracle "WS-Context is a vital element to support compatibility of Web services by providing a common mechanism to manage contextual data. As active participants, Oracle is pleased to see its original contribution progressed through committee and interoperability work to an approved OASIS Standard. This further illustrates Oracle’s commitment to driving industry standards," said Don Deutsch, vice president Standards Architecture and Strategy, Oracle.

Red Hat "WS-Context is a key component of the evolving Web services architecture. Over the years of its development, we’ve seen how using context is critical to ensuring Web services retain the loosely coupled scalable nature and bridging the gap between REST and Web services approaches. Red Hat is pleased to have been involved with the technical committee and glad to see WS-Context become a standard," said Mark Little, Director of Standards for Red Hat.

Additional information:
WS-Context OASIS Standard: http://www.oasis-open.org/specs/index.php#wscontextv1.0
OASIS WS-CAF Technical Committee: http://www.oasis-open.org/committees/ws-caf/
WS-Context developers mail list: subscribe-ws-context-dev@lists.oasis-open.org http://www.oasis-open.org/archives/ws-context-dev/

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 12 April 2007 — OASIS, the international standards consortium, today announced that its members have approved the Web Services Business Process Execution Language (WS-BPEL) version 2.0 as an OASIS Standard, a status that signifies the highest level of ratification. WS-BPEL uses Web services standards to describe business process activities as Web services, defining how they can be composed to accomplish specific tasks.

"The concept of BPEL that began in the earliest days of Web services has become a cornerstone, not only for bringing more finely grained business processes closer to the business department, but also for ensuring that common ways can be constructed among technology providers designing frameworks for future Service Oriented Business Processes," said Charles Abrams, Research Director at Gartner. "The approval of WS-BPEL as an OASIS Standard should be noted as a milestone in the fulfillment of the open Web services vision."

WS-BPEL defines a model and a grammar for describing the behavior of a business process based on interactions between the process and its partners. The interaction with each partner occurs through Web services interfaces. The WS-BPEL process defines how multiple service interactions with these partners are coordinated to achieve a business goal, as well as the state and the logic necessary for this coordination.

"Think of a WS-BPEL process as a reusable definition that can be deployed in different ways and in different scenarios, while maintaining a uniform application-level behavior across all of them," said Diane Jordan of IBM, co-chair of the OASIS WSBPEL Technical Committee. "WS-BPEL introduces systematic mechanisms for dealing with business exceptions. This is essential because not all transactions are straightforward and simple. WS-BPEL lets you define how you want activities to be compensated in cases where exceptions occur or a partner requests reversal."

WS-BPEL separates the public aspects of business process behavior from internal or private aspects–and supports both. The standard can be used both for executable processes, which describe the actual behavior of participants in business interactions, and for abstract processes, that may be used to represent publicly observable behaviors. Abstract processes serve a descriptive role and allow for more than one possible use case.

"By providing a language for specifying both executable and abstract business processes, BPEL extends the Web services interaction model to help better support business-to-business transactions," explained John Evdemon of Microsoft, co-chair of the OASIS WSBPEL Technical Committee. "This protects business partners from the need to reveal all their internal decision making and data management to one another. Separating public from private processes also provides companies with the freedom to change confidential aspects of the process implementation without affecting the observable behavior."

WS-BPEL leverages other Web services standards such as SOAP and WSDL for communication and interface description. By describing the inbound and outbound process interfaces in WSDL, BPEL enables them to be easily integrated into other processes or applications. In turn, this allows consumers of a process to inspect and invoke a BPEL process just like any other Web service, thereby inheriting all other aspects of a Web service such as quality of service policies.

OASIS president and CEO, Patrick Gannon, observed, "WS-BPEL is a fine example of the benefits that can be gained by open standardization and widespread collaboration. The BPEL specification evolved considerably under the OASIS process and emerged stronger–a true, foundational standard for Web services and SOA."

More than 37 organizations collaborated to develop WS-BPEL, including representatives of Active Endpoints, Adobe Systems, BEA Systems, Booz Allen Hamilton, EDS, HP, Hitachi, IBM, IONA, Microsoft, NEC, Nortel, Oracle, Red Hat, Rogue Wave, SAP, Sun Microsystems, TIBCO, webMethods, and other members of OASIS. Active Endpoints, IBM, Intalio, SEEBURGER, and Sun Microsystems verified successful usage of WS-BPEL, in accordance with eligibility requirements for all OASIS Standards. Several open source implementations of WS-BPEL 2.0 are currently available or in development.

The WS-BPEL OASIS Standard and the archives of the OASIS WSBPEL Technical Committee are publicly accessible. OASIS hosts the ws-bpel-dev mailing list for exchanging information on implementing the standard.

Support for WS-BPEL OASIS Standards
Active Endpoints "The approval of WS-BPEL 2.0 marks a significant milestone in the evolution of service-oriented computing. In much the same way that SQL provides a standard data language for relational databases, BPEL provides a standard language for service orchestration. Active Endpoints has been an enthusiastic contributor to the development of WS-BPEL 2.0, and we look forward to participating in future endeavors related to this critical standard," said Chris Keller, co-founder and vice president of Product Development, Active Endpoints, Inc.

Adobe "BPEL is already the industry foundation for orchestrating Web services. The new WS-BPEL v2.0 standard is an important milestone that represents a significant evolution of the original specification. WS-BPEL enables our customers to build and deploy successful Web services and SOA projects that scale with the organization as they add new partners, customers and services to their infrastructure. We were pleased to work alongside other technology vendors to develop WS-BPEL v2.0, and look forward to helping to accelerate its adoption," said Charlton Barreto, Senior Computer Scientist and Architect at Adobe.

BEA Systems "BEA sees WS-BPEL 2.0 as a very important milestone in the ongoing effort to align the industry behind a common technology for orchestrating services within an SOA," said Michael Rowley, BEA Technical director and standards architect, in a statement released by the company. "This supports our efforts to serve our customers through aggressive support of open standards."

HP "As enterprises work to speed adoption of SOA, they need standards to ensure business process interoperability, especially in multiple vendor environments. HP SOA Systinet, a system-of-record for SOA business services, supports the latest WS-BPEL standard through the Governance Interoperability Framework (GIF), a widely-accepted method for integrating SOA-enabling technologies. This will help our customers optimize the business outcomes of their SOA initiatives by capturing business process related information," said Avrami Tzur Vice President of SOA Software, HP.

IBM "IBM’s leadership in SOA has been built upon a foundation of standards and service oriented principles. IBM delivers Business Process Management (BPM) enabled by SOA. Core to the execution of our process portfolio is Business Process Execution Language (BPEL). We recognized the benefits and importance of the BPEL specification at its outset and that’s why we have built our process technology based on it. We are thrilled that OASIS has ratified the specification as a formal standard, as this lays the foundation and a clear path for increasing portability of processes, protecting customer investments, reducing risk, and providing stability and a clear direction for the future of process execution semantics," said Sandy Carter, Vice President, SOA & WebSphere Strategy, Channels and Marketing, IBM.

Microsoft "Microsoft is pleased with the OASIS approval of WS-BPEL, having been supportive of and involved in the standardization process. We are further driving interoperability by supporting this approval process as we committed to ensuring customers have great solutions for this type of challenge," said Chris Kurt, Group Product Manager of Connected Systems Division, Microsoft.

Oracle "As one of the earliest supporters of BPEL, Oracle has been enabling production BPEL customers for the past several years. The release of BPEL 2.0 is a significant development for the industry and will serve to increase the already strong momentum behind the BPEL standard. In particular, our customers see BPEL 2.0 as enabling a smooth evolution path from BPEL 1.1 and are excited to see several key process orchestration requirements now included in the standard," said Don Deutsch, vice president Standards Strategy and Architecture, Oracle.

Rogue Wave Software "Rogue Wave Software supports the OASIS decision to advance WS-BPEL as an e-business industry standard in SOA. In approving the WS-BPEL 2.0 OASIS Standard, not only will the business value of existing processes greatly increase, by extending interoperability between applications using Web services, but also will enable better support of automated process integration within and across organizations. The OASIS announcement will allow Rogue Wave to continue to successfully deliver high performance SOA software products based upon the SCA model," said Patrick Leonard, Vice President of Product Development at Rogue Wave Software.

SAP "SAP considers the process definition capabilities of WS-BPEL as one of the key building blocks for enterprise SOA. We plan to enhance the existing SAP NetWeaver support of BPEL4WS 1.1 with a WS-BPEL 2.0 implementation. We are excited about the standardization of WS-BPEL, which will significantly enhance our ability to offer service-based integration processes to our customers," said Michael Bechauf, Vice President Industry Standards at SAP.

Sun Microsystems "We are very happy to see the excellent progress that WS-BPEL 2.0 has made. Sun Microsystems and other partner companies drove the design of the WS-BPEL v2.0 OASIS Standard. We’re focused on its use in composite application development to meet our customers’ needs for service integration in a pluggable service-oriented infrastructure. You can see today how we have leveraged WS-BPEL v2.0 as a service engine which plugs into the Java Business Integration-based, SOA platform in Open ESB — our open source development community," said Dale Ferrario, VP, SOA/Business Integration, Sun Microsystems.

TIBCO "The approval of WS-BPEL 2.0 as an OASIS Standard is an important endorsement for assuring companies globally that they can successfully advance their service-oriented and event-driven architectures with ease. As a key contributor and active participant in the making of the specification, we believe BPEL 2.0 will help to address the growing complexity around orchestration," said Matt Quinn, senior vice president of Product Strategy, TIBCO.

webMethods "BPEL’s importance is in providing users with a standardized runtime execution language for business processes. This streamlines deployment of new processes, enhances portability and reduces total cost of ownership. The WS-BPEL 2.0 standard extends this value proposition with enriched support for collaborative business processes. Enterprises can now more easily share process models beyond the firewall while preserving the confidence of their corporate data and intellectual property. We’re proud to have served as the specification’s editor as this standard can play an important role in extending the value of current SOA and BPM investments," said Marc Breissinger, CTO, webMethods, Inc

Additional information:
OASIS WSBPEL Technical Committee: http://www.oasis-open.org/committees/wsbpel
Cover Pages Technology Report: http://xml.coverpages.org/bpel4ws.html

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 11 April 2007 — OASIS, the international standards consortium, today announced the formation of the Open Composite Services Architecture (Open CSA) Member Section, a new initiative to advance standards that simplify Service Oriented Architecture (SOA) application development. Open CSA will promote the further development and adoption of the Service Component Architecture (SCA) and Service Data Objects (SDO) families of specifications, which will be provided to the community on a Royalty Free basis.

SCA helps organizations more easily design and transform IT assets into reusable services that can be rapidly assembled to meet changing business requirements. SDO lets application programmers uniformly access and manipulate data from heterogeneous sources, including relational databases, XML data sources, Web services, and enterprise information systems.

Gartner analysts, Daniel Sholler, Jess Thompson, and Yefim V. Natis observed, "SCA is an ambitious initiative, intended to offer mainstream software projects an easy-to-use way to deploy consistently well-designed, multiplatform service-oriented business applications." In their 26 March 2007 report, Long-Awaited SCA Initiative Begins to Gain Momentum, the analysts note that, "This approach would simplify the design and deployment of services and establish a ‘transportable’ set of engineering skills for SOA design. [SCA would] enable many of the static analysis features that developers have come to expect in programming environments, but that have been absent in services (such as dependency analyses and type checking)."

Both SCA and SDO were created by the Open SOA Collaboration, an informal group of 18 software vendors. After successfully shepherding the specifications through their incubation phase, these vendors selected OASIS as the most effective venue for advancing SCA and SDO through the open standardization process.

"OASIS appreciates the work of the Open SOA Collaboration to see these specifications through their incubation stage and then contribute them into the open standards process," noted OASIS president and CEO, Patrick Gannon. "Advancing this work within OASIS will enable the SCA and SDO specifications to receive input from a broader international community of software developers, systems integrators, and users. The Open CSA Member Section will be able to coordinate the standardization of multiple specifications, provide education, and promote implementation in order to achieve the most extensive industry adoption of this work."

The Open CSA Member Section will oversee several new OASIS Technical Committees for the SCA and SDO families of specifications. Everyone is invited to participate in this work. Charters for these new Committees will be available in the coming weeks.

Members of the Open CSA Member Section include Active Endpoints, Avaya, BEA Systems, Hitachi, IBM, Oracle, Primeton, Progress Software, Red Hat, Rogue Wave Software, SAP AG, SOA Software, Sun Microsystems, TIBCO, Xcalia, and others.

Support for Open CSA
Active Endpoints "Open CSA provides the infrastructure specifications that allow developers to transform a wide variety of IT assets into reusable services. We believe that the Open CSA work, combined with WS-BPEL, delivers tremendous value to organizations aiming to implement applications in a service-oriented architecture. We are pleased to participate in the Open CSA initiative," said Chris Keller, VP R&D, Active Endpoints, Inc.

BEA Systems "BEA is excited about the possibilities for this new member section, and we look forward to being involved in the development of high quality specifications that will be a true benefit to the software development community," said Michael Rowley, BEA Technical Director and Standards Architect.

Hitachi "Hitachi believes that the launch of the OASIS Open CSA Member Section could be a significant cornerstone of an SOA. Technologies included in Open CSA will enable much broader adoption of SOA, providing methods for the implementation of ‘services’ in more efficient ways. It is a great honor for us to be a part of these activities, and we intend to actively participate," said Takao Nakamura, Executive General Manager, Software Division, Hitachi Ltd.

IBM "We are delighted with the SCA and SDO submission to OASIS, and support the creation of the Open CSA Member Section to oversee their future development and stewardship. The adoption of SCA/SDO will provide the missing link between process and data in composite SOA application implementation. Our customers are enthusiastic about the capabilities of these specifications, which dramatically improve developers’ ability to create applications and solutions in an SOA style," said Karla Norsworthy, Vice President, IBM Software Standards, IBM Corporation.

Oracle "Oracle is excited to be a founding member of the OASIS Open CSA Member Section and to continue to help drive the development and adoption of the SCA/SDO specifications. With these specifications now becoming part of the open standards process, we look forward to working within the larger OASIS community to build consensus and deliver these important and comprehensive SOA standards to the industry," said Jeff Mischkinsky, director of Oracle Fusion Middleware and Web Services Standards, Oracle.

Primeton "The OASIS CSA Member Section is a new step toward a long term goal. We look forward to fruitful collaborations with other members for the improvement and adoption of SCA/SDO standards," said Chris Cheng, VP of Primeton Technologies.

Progress Software "Progress Software is pleased to be a founding supporter of the Open CSA effort, and to have the opportunity to help build what will become an important technology for the next generation of SOA developers. This effort dovetails nicely with our world-class integration, management, and mediation technologies, and we look forward to bringing significant advantages to SCA developers in our upcoming product releases. Standardizing the SCA framework in an open and collaborative forum like OASIS is an important step for these specifications," said Gordon Van Huizen, vice president and general manager of the Enterprise Infrastructure Division, Progress Software.

Red Hat "Red Hat is pleased to help push SCA into the open standards process under OASIS and believes that the resulting work will be important for interoperable SOA foundations," said Mark Little, Director of Standards, Red Hat.

Rogue Wave Software "SCA and SDO standards are key to helping our customers adopt SOA without sacrificing their existing technology investments. With HydraSCA and HydraSDO, Rogue Wave Software has delivered scalable, high performance implementations of the SCA and SDO specifications. We look forward to working in the Open CSA group to continue to mature and evolve SCA and SDO," said Patrick Leonard, vice president of product development, Rogue Wave Software.

SAP AG "SCA and SDO are important technologies that will simplify service composition, increase composite application development productivity and help SAP customers achieve higher business agility. We are excited to have the opportunity to participate in the Steering Committee of the newly formed Open CSA Member Section and look forward to working with the OASIS community on the standardization of this important set of specifications," said Michael Bechauf, vice president of industry standards, SAP AG.

SOA Software "Open CSA provides an opportunity for advancing industry consensus in providing end-user organizations with a consistent approach to standards-based design, modeling, representation, lifecycle management and governance of composite services and their supporting architectures. Having explicit standards-based architectural support, along with an accompanying assembly-oriented SOA programming model for composite services, provides user organizations with choice, flexibility and predictability as they adopt compositional application models that enable the realization of business-driven IT value," said Frank Martinez, Executive Vice President, Product Strategy, SOA Software.

Sun Microsystems "Sun is pleased to join the OASIS Open CSA Member Section to lend our expertise in standards and component technologies to the direction of this work. Composition of services continues to be challenging for developers, and Sun believes that having richer, standardized metadata supporting this task can help to simplify software development for our customers," said Mark Hapner, Distinguished Engineer, Sun Microsystems, Inc.

TIBCO "The formation of OASIS Open CSA is a significant milestone for the developers and vendors responsible for taking SOA forward within the industry. As one of the first vendors to market with an SCA-based service container for the enterprise (TIBCO ActiveMatrix Service Grid), we understand the importance of supporting open standards as a foundation of service-oriented, event-driven enterprise architectures," said Matt Quinn, Vice President of Product Management and Strategy at TIBCO Software.

Additional information:
OASIS Open CSA Member Section: http://www.oasis-opencsa.org/
Open SOA Collaboration: http://www.osoa.org/

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 27 March 2007 — OASIS, the international standards consortium, today announced that its members have approved WS-SecureConversation version 1.3 and WS-Trust version 1.3 as OASIS Standards, a status that signifies the highest level of ratification. Developed by the OASIS Web Services Secure Exchange (WS-SX) Technical Committee, these new standards define policies and extensions to WS-Security that enable the trusted exchange of multiple SOAP messages.

"In order to secure communication between two parties, both must exchange security credentials. Before that can take place though, each party needs to determine if they can ‘trust’ the asserted credentials of the other," explained Anne Thomas Manes, research director with the Burton Group. "Applications that communicate using the Web services framework (e.g., SOAP and WSDL) can use WS-Trust to obtain and exchange security credentials–either directly or through a trusted third party–and use WS-SecureConversation to establish and maintain an extended secure session."

WS-Trust provides methods for issuing, renewing, and validating security tokens as well as establishing, detecting, and brokering trust relationships. WS-SecureConversation allows security contexts to be created and key material to be exchanged more efficiently. Together, WS-Trust and WS-SecureConversation can increase the overall performance and security of exchanges.

"We defined the basic mechanisms for providing secure messaging in WS-Security," explained Kelvin Lawrence of IBM, co-chair of the OASIS WS-SX Technical Committee. Lawrence, along with WS-SX co-chair, Chris Kaler of Microsoft, previously led the WS-Security development effort at OASIS. "WS-Trust builds upon WS-Security by introducing an XML syntax and a protocol that enable the issuance and dissemination of credentials between different trust domains via a Security Token Service (STS)."

"WS-Security focuses on the security of a single message, which is useful in many situations," noted Kaler. "WS-SecureConversation adds a security context authentication model that is extremely beneficial for long-running exchanges. When two parties are passing multiple rounds of secured messages back and fourth, the added security and efficiency provided by WS-SecureConversation becomes essential."

IBM, Microsoft, and Sun Microsystems have verified successful implementations of WS-SecureConversation and WS-Trust, in accordance with eligibility requirements for all OASIS Standards.

Representatives of Adobe, AmberPoint, Axway, BEA Systems, BMC Software, CA, EDS, Forum Systems, Fujitsu, HP, IBM, IONA, Microsoft, Neustar, Nokia, Nortel, Novell, Oracle, Progress Software, Red Hat, Ricoh, SAP, SOA Software, Software AG, Sun Microsystems, TIBCO Software, VeriSign, and other members of OASIS collaborated to develop WS-SecureConversation and WS-Trust.

"The support for this work has been tremendous," observed Patrick Gannon, president and CEO of OASIS. "Specifications that were initiated by a few vendors two years ago have evolved and benefited significantly by participation from the broader international community. Today, with 90 participants from more than 40 organizations, WS-SX represents one of the largest Committees at OASIS. This is an indication, not only of the breadth of input that has gone into these standards, but also of their ability to meet the needs of the marketplace."

Participation in the OASIS WS-SX Technical Committee remains open to all, and OASIS hosts the public ws-sx-dev mailing list for exchanging information on implementing the standard.

Additional information:
OASIS WS-SX Technical Committee: http://www.oasis-open.org/committees/ws-sx/

Support for WS-SecureConversation and WS-Trust OASIS Standards

BEA Systems "The standardization of WS-SecureConversation and WS-Trust is a key step towards enabling the development of secure SOA services which are highly efficient and scalable," said Hal Lockhart, Principal Engineering Technologist, BEA Systems.

BMC "BMC has been a long time supporter of OASIS and its industry standardization efforts around Web services. The approval of WS-Trust and WS-Secure Conversation adds important pieces to the Web services standards puzzle which will enable customers to enjoy better interoperability between products and custom developed application and support their Service Oriented Architecture strategy. BMC looks forward to the adoption of the new standards and the role it will play in our customer’s Business Service Management infrastructure," said Jeff Bohren, Identity Management Business Unit, BMC Software.

CA "The approval of the WS-Trust and WS-SecureConversation standards represents an important step in making cross-domain and cross-enterprise Web services more secure and interoperable. This secure interoperability is essential for enabling the kinds of Internet-based business relationships that many organizations are embracing," said Andy Rappaport, architect for identity and access management at CA.

IBM "We are pleased to see WS-Trust and WS-SecureConversation become OASIS Standards. Customers have been asking for an industry standard framework that supports the requesting and issuing security tokens, brokering of trust relationships and providing secure messaging semantics that support multiple message exchanges between parties. In conjunction with the existing WS-Security standard, these new standards provide the necessary mechanisms to enable a number of secure Web services-based scenarios that our customers have told us they want to deploy. IBM already offers support for earlier drafts of WS-Trust and WS-SecureConversation in many of our WebSphere and Tivoli products, and these new OASIS Standards will be fully supported across the IBM software portfolio," said Karla Norsworthy, vice president, IBM Software Standards.

Microsoft "Microsoft is pleased with the benefits that WS-SecureConversation 1.3 and WS-Trust 1.3 can offer the industry. Both standards can engage in secure communications while adding increased performance and security exchanges," said Chris Kurt, Group Product Manager of Connected Systems Division, Microsoft.

Oracle "Oracle is deeply committed to helping bring security standards to the market. The latest standards to come out of the OASIS WS-SX Technical Committee provide applications with a secure way to communicate with one another and strengthen the ‘hot-pluggable’ capabilities of Oracle’s comprehensive family of identity management products," said Prateek Mishra, director, Security Standards, Oracle.

SAP "SAP considers WS-SecureConversation and WS-Trust key components for an enterprise SOA, addressing important security scenarios that are a critical success factor for the development and integration of business applications. We are pleased to announce the support of these two security standards in the next release of SAP NetWeaver. With WS-SecureConversation and WS-Trust, we’ll enhance our support to securely manage change which is a significant factor in our customer’s success in adapting to increasingly dynamic business environments," said Michael Bechauf, Vice President Industry Standards, SAP.

TIBCO "The approval of WS-Secure Conversation and WS-Trust as OASIS Standards represents a significant step in advancing Web service messaging security. As a charter member of the OASIS WS-Security Technical Committee, we are thrilled at the group’s progress and look forward to future collaborations," said Donald Adams, Vice President, Chief Security Officer and Chief Technology Officer, TIBCO.

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Beijing, China; 15 March 2007 — OASIS, the international open standards consortium, has selected Changfeng Open Standards Platform Software Alliance to host the new OASIS China Office in Beijing. Established in 1993, OASIS brings together organizations from around the world to agree on intelligent ways to exchange information over the Internet and within their businesses. The OASIS China Office will focus on increased opportunities for new participation and enhanced services for existing members in China. A Chinese version of the OASIS web site has been introduced in support of this outreach effort.

"OASIS enjoys increasingly strong participation from the Chinese business community. The new OASIS China Office will enable us to better support and grow our membership base in this very important area of the world," commented Patrick Gannon, president and CEO of OASIS. "As a recognized advocate of open standards in China, Changfeng Alliance has the expertise and commitment to provide the highest level of support for our Chinese members."

"Chinese companies have much to contribute to the international dialogue on open standards," noted Lan Xiao, Secretary General of Changfeng Alliance. "The driving philosophy behind OASIS is that all those affected by eBusiness standards should have a voice in their creation. We want to help Chinese organizations realize the benefits of working with other software developers from around the world to ensure China’s needs are represented in the standards that affect trade, and to promote the adoption of OASIS Standards by Chinese software companies."

According to Xiao, Chinese companies are drawn to OASIS because the Consortium encourages open collaboration on interoperability issues critical to Asia, such as Web services and Service Oriented Architecture (SOA). The international focus of the Consortium facilitates global participation. Members of each OASIS technical committee specify which language they will use to conduct their work, and most discussions are held via email or conference calls to accommodate participants from multiple continents.

In conjunction with the OASIS China Office launch, the OASIS Unstructured Operation Markup Language (UOML) Technical Committee was also announced. This new committee will advance an XML operation standard for unstructured documents based on a specification created by Beijing Sursen and supported by China’s UOML Alliance. The chair of the OASIS UOML Technical Committee is based in China, and the Committee will bring developers in China together with others throughout the world.

Chinese organizations interested in learning more about OASIS should contact Andy Li at javola@ebridgechina.com.

Additional information:
OASIS Chinese web site: http://www.oasis-open.org/cn/
OASIS UOML Technical Committee: http://www.oasis-open.org/committees/uoml/

About Changfeng Alliance:

Changfeng Open Standard Platform Software Alliance is composed of well-known software companies and third-party intermediary service organizations. Founded in 2005, Changfeng aims to promote the development and adoption of open standards in China. http://www.changfeng.org.cn/

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, BCM, CAP, DITA, DocBook, DSML, ebXML BPSS, ebXML CPPA, ebXML Messaging, ebXML Registry, EDXL-DE, EML, OpenDocument, SAML, SOA-RM, SPML, UBL, UDDI, WSDM, WS-Notification, WS-Reliability, WSRF, WSRP, WS-Security, XACML, XCBF, and XML Catalogs. http://www.oasis-open.org

Chinese Press contact: Andy Li javola@ebridgechina.com

English Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 1 March 2007 — Open standards supporters from around the world are expected to gather in San Diego, California, 15-17 April 2007, for the fourth annual OASIS Symposium. Centered on the theme, “eBusiness and Open Standards: Understanding the Facts, Fiction, and Future,” sessions will examine SOA, identity management, Web services, business process, enterprise content, and information management. Presentations on OpenDocument, WS-BPEL, SAML, DITA, ebXML and other specifications will be featured. “We’re not living in the standards world of the 70s, 80s, or 90s, and customers know it. They’re demanding real open standards and not those where ‘open’ was inserted by the marketing team,” said Robert Sutor, Ph.D., vice president of standards and open source at IBM. In the Symposium’s keynote address, Dr. Sutor will explore the current climate for standards, how we got here, and where current actions are leading us. The OASIS Symposium will feature a Management Track of sessions on the latest technologies, applications, and services from a business perspective. A Technical Track, geared at providing IT professionals with the most up-to-date processes, tools and techniques for practical applications and implementations, will also be offered. The event is open to the public, and members as well as nonmembers of OASIS are invited to participate. Burton Group vice president and research director, Anne Thomas Manes, will lead the closing panel, “Five Years of Web Services & SOA: You Are Here.” Executives from BEA Systems, EDS, IBM, SAP, and Sun Microsystems will share and debate their perspectives on the successes and failures experienced in SOA as well as the challenges and promises that remain. “OASIS is on the verge of delivering a number of newly ratified standards that will propel Web services to a new level of capability,” said Manes. “I’m looking forward to leading a lively discussion on the current state of Web services and SOA, and what we can expect for the future.” A table-top exhibition showcasing standards-compliant products from the event’s Foundational Sponsors, BEA, EDS, IBM, SAP and Sun Microsystems, will be featured. Additional sponsorship and exhibitor opportunities are available. OpenDocument Workshop Hosted by the OASIS ODF Adoption Committee, this special workshop will focus on the ‘implementability’ of using applications that comply with the OpenDocument format OASIS Standard (ISO/IEC 26300). Leaders from Europe and the US will discuss the latest advances in OpenDocument adoption, accessibility, and programmability. WS-BPEL Workshop The Web Services Business Process Execution Language (WS-BPEL) is central for defining SOA business processes. This workshop will clarify the business value that BPEL offers, examine common scenarios in which the specification should be applied, and explore usage of advanced constructs. Attendance at either half-day workshop is free with Symposium registration and also available separately. For more information: http://www.oasis-open.org/events/symposium/2007/ About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, BCM, CAP, DITA, DocBook, DSML, ebBP, ebXML CPPA, ebXML Messaging, ebXML Registry, EDXL-DE, EML, OpenDocument, SAML, SOA-RM, SPML, UBL, UDDI, WSDM, WS-Notification, WS-Reliability, WSRF, WSRP, WS-Security, XACML, XCBF, and XML Catalogs. http://www.oasis-open.org Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)