LOS ANGELES, CA, USA; 20 APRIL 2005 — Fourteen organizations joined together for the first time to demonstrate interoperability of the WS-Security OASIS Standard at the Gartner Application Integration and Web Services Summit in Los Angeles today. WS-Security, developed by the OASIS Web Services Security (WSS) TC, delivers a technical foundation for implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services applications.

Gartner analyst, Ray Wagner, describes WS-Security as "the standard for the majority of Web services…committing to it now will allow enterprises to easily modify the security profile of deployed Web services in the future."*

WS-Security allows a wide range of key security methods such as authentication and access control to be reliably, readily associated with SOAP messages. The OASIS InterOp at the Gartner Summit demonstrated the exchange of messages protected by WS-Security using the X.509 Token Profile.

"It is gratifying to see so many vendors supporting the WS-Security OASIS Standard with their interoperable implementations," observed Hal Lockhart of BEA Systems, lead of the OASIS InterOp team. "We came together with a common goal: to make it clear to all implementers-not just the larger enterprises that have already embraced the standard-that the time is right to adopt WS-Security."

Patrick Gannon, president and CEO of OASIS, agreed. "WS-Security provides a key component for the broader security frameworks that users need. Many of the participants in today’s InterOp are also deeply involved in advancing other OASIS Standards for security, such as the Security Assertion Markup Language (SAML) and the eXtensible Access Control Markup Language (XACML). The synergy between these efforts goes a long way towards meeting the marketplace’s need for a cohesive fit between standards," said Gannon, who also participated in Gartner’s "Power Panel: A Conversation on Standards" at the event.

Vendors Collaborate on WS-Security Interoperability

DataPower "DataPower has a unique first-hand perspective on the importance of interoperability of WS-Security to end-users having supported early versions in customer deployments since late 2002," said Eugene Kuznetsov, CTO at DataPower. "It’s easy for a vendor to claim support for WS-Security, but only independent interop testing ensures that it will work for customers. Now that WS-Security is an official OASIS Standard, this interoperability event is the final step in demonstrating the maturity of Web services security."

IBM "When we originally worked on this standard with Microsoft and other partners, we saw WS-Security as the foundation of secure Web services," said Anthony Nadalin, Chief Security Architect of IBM Software Group and IBM Distinguished Engineer. "We are pleased to see the work we took to OASIS, and saw become a standard, get such broad industry adoption."

Microsoft "The WS-Security standard is the cornerstone to building secure Web Services and is composable with the broader WS-* architecture where secure, reliable and transacted Web services are achieved," said Ari Bixhorn, Director, Web Services Strategies for Microsoft. "This demo provides an example of trusted interoperability and showcases the companies’ commitment to evolving standards that meet customer demands for interoperability and security across heterogeneous systems. Microsoft has played a key role in the development of Web services standards, and WS-Security delivers on this roadmap."

Oracle "It is evident that Web services are rapidly becoming the cornerstone for integration and B2B transactions," said Hasan Rizvi, vice president, Development at Oracle. "Our participation in the WS-Security OASIS demonstration illustrates Oracle’s support for the standard and its ability to help enable the secure exchange of information among partners."

Panacea Software "Panacea Software is delighted to demonstrate our 100% BPEL-based implementation of WS-Security at the OASIS Interop. We provide complete end-to-end Web services-enabled solutions to build, deploy, run, manage, monitor and optimize business processes in alignment with both corporate IT and web strategies across the extended enterprise," said Ajay Sarkar, CEO, Panacea Software. "WS-Security is the key to providing the security required in our end-to-end business process solution set."

Reactivity "WS-Security has matured significantly and gained more widespread adoption since Reactivity delivered our first XML security product in June 2002," said Andrew Nash, CTO at Reactivity. "As a member of the OASIS WSS Technical Committee, Reactivity is proud to have contributed to the development of WS-Security, and we are pleased to participate in this OASIS InterOp event at the Gartner Summit in LA."

Sun Microsystems "As an OASIS Foundational Sponsor, we were very keen to participate with other leading innovators to demonstrate the value of the WS-Security OASIS Standard as it enforces Sun’s commitment to security, interoperability and open standards – central themes of the Sun Java Enterprise System," said Rich Sharples, Group Product Marketing Manager, Application Platform Products, Sun Microsystems.

Systinet "Systinet has a longstanding commitment to supporting interoperability initiatives for Web services and SOA," said Luc Clement, Senior Product Manager, Systinet, and co-chair of the OASIS UDDI Technical Committee. "Interoperability between different vendor products is essential. We’re pleased to support the WS-Security OASIS InterOp."

TIBCO " As an active participant in the OASIS WS-Security Technical Committee, which contributes to the evolution of this security standard, TIBCO is committed to the development of such open industry standards and the widespread adoption of Web services," said Aiaz Kazi, General Manager, Business Integration, TIBCO Software Inc. "The WS- Security OASIS InterOp is a key step that showcases the power of a standards-based and secure exchange of information between Web service producers and consumers. Enterprises will greatly benefit from the collaborative efforts of the software industry’s top leaders participating in this InterOp."

Verisign "WS-Security has increasingly become the basis of all SOAP security standards, providing a sound foundation for implementing reliable security parameters in Web services security. As an original author of the specification, VeriSign is pleased to see such broad adoption," said Hemma Prafullchandra, director, Advanced Products and Research Group, VeriSign. "The significant number of companies participating in this collaboration shows that we have proven that future SOAP security standards in development are building on strong, trusted technology."

* From Gartner Research ‘Web Services Security Advances With Approval of Key Standard’ April 2004.

About OASIS OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WS-Security, XACML, and XCBF. http://www.oasis-open.org

Additional information:

OASIS Web Services Security Technical Committee http://www.oasis-open.org/committees/wss

Press contact: Carol Geyer Director of Communications OASIS carol.geyer@oasis-open.org +1.978.667.5115 x209

BOSTON, MA, USA; 5 APRIL 2005 – Issues of interoperability at the business layer bring standards developers and users together at the OASIS Symposium in New Orleans, 24-29 April 2005. The program will feature two days of presentations related to "The Future of XML Vocabularies," where attendees will explore options for solving cross-sectoral needs for the global exchange of business information. Mitchell Kapor, chairman of the Open Source Applications Foundation, will provide the keynote address for the event, which will also include technical committee meetings, tutorials, training sessions, and the annual OASIS member meeting.

"The global economy depends on a foundation of openness and the coordinated production of an information commons–one which will not replace but transform proprietary ownership and market competition," said Kapor. "I look forward to discussing the treatment of intellectual assets with OASIS members, as the consortium takes steps to clarify its own intellectual property rights policy."

The program also includes a keynote by Joanne Friedman, CEO of ConneKted Minds, and presentations on OASIS work including the Universal Business Language (UBL), Darwin Information Typing Architecture (DITA), and the XML Localisation Interchange File Format (XLIFF).

Representatives from Boeing, Cendant, General Motors, JPMorganChase, and Lockheed Martin will discuss "The Impact of Vocabularies on End User SOA Strategies" in an industry panel moderated by DataPower. Executives from the Open Applications Group, Open Geospatial Consortium, Petrotechnical Open Standards Consortium, RosettaNet, and UN/CEFACT comprise a second panel where standards bodies draw on their experiences to explore "The Past As a Guide to the Future" for vocabulary development. This panel will be moderated by SAP.

"This year’s Symposium speakers are an amazingly diverse and impressive representation of the community. The agenda brings together some of the most prominent pioneers of Internet e-Business with technology leaders in Web services and SOA, major end users, governments, and industry consortia,” stated Patrick Gannon, president and CEO of OASIS. “This type of broad, influential participation is essential if we are to solve the universal semantic interoperability challenges that affect businesses in our global economy."

The Symposium is open to both members and non-members of OASIS. Sponsors of the event include BEA Systems, DataPower, HP, IBM, Innodata Isogen, SAP, and Sun Microsystems. The program is coordinated by the OASIS Technical Advisory Board and chaired by Jishnu Mukerji of HP and William Cox.

Additional Information:

OASIS Symposium: http://www.oasis-open.org/events/symposium_2005/

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WS-Security, XACML, and XCBF. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

BOSTON, MA, USA; 14 MARCH 2005 — OASIS, the international e-business standards consortium, today announced that its members have approved the Security Assertion Markup Language (SAML) version 2.0 as an OASIS Standard, a status that signifies the highest level of ratification. SAML v2.0 enables the secure exchange of authentication, attribute, and authorization information between disparate security domains, making vendor-independent Web single sign-on and secure e-business transactions possible. Version 2.0 adds key functions to create and manage federated networks that combine and appropriately share pre-existing repositories of identity information.

"Prior to SAML, there was no XML-based standard that enabled the exchange of security information between a security system and an application," said John Pescatore, analyst at Gartner, Inc. "SAML provides a standard XML schema for specifying authentication, attribute, and authorization decision statements, and it also specifies a Web services-based request/reply protocol for exchanging these statements."

"The number of digital identities in today’s world is exploding and business partners need better ways to federate and manage those identities in order to control access to their resources in the face of growing regulatory and compliance requirements," noted Rob Philpott of RSA Security, co-chair of the OASIS Security Services Technical Committee. "SAML v2.0 is the convergence point for the major identity federation initiatives deployed in the industry today; that is, SAML v1.x, Liberty ID-FF, and the Internet2’s Shibboleth effort. With the release of SAML v2.0, the industry now has a very robust, proven foundation upon which to build identity-based solutions that meet those requirements."

SAML leverages core Web services standards including XML, SOAP, Transport Layer Security (TLS), XML Signature (XMLSIG), and XML Encryption (XMLENC).

"SAML v2.0 builds on the success of SAML v1.1 by providing a full-featured foundation for identity federation on the Internet," explained Prateek Mishra of Principal Identity, co-chair of the OASIS Security Services Technical Committee. "Some of its features fill in important ‘gaps’ observed in practical deployments: for example, the attribute profiles and metadata specification simplify agreement between businesses participating in a federation. Other features such as encryption, pseudonyms and user consent enable confidentiality and privacy of information about users."

"SAML v2.0 has the benefit of real implementations in a variety of industries to help the market drive adoption," stated Patrick Gannon, president and CEO of OASIS. "Major technology vendors are already shipping identity management products and appliances built on SAML, and governments are incorporating it into their architectures. Many other key XML standards already have defined clear profiles for working with this flexible and extensible OASIS Standard for the federated model of identity management."

Over 27 member organizations globally participate in this ongoing work, including representatives of AOL, BEA Systems, Boeing, Booz Allen Hamilton, Computer Associates, Entrust, Hewlett-Packard, IBM, Neustar, Nokia, Novell, Oracle, RSA Security, SAP, and Sun Microsystems. Participation remains open to all, and suppliers, end-users, and systems integrators are invited to join OASIS to advance the continued development and adoption of SAML. OASIS hosts an open mail list for public comment and the saml-dev mailing list for exchanging information on implementing the standard.

Industry Support for SAML 2.0 OASIS Standard

BEA Systems "In a relatively short time, SAML has become one of the most widely accepted standards for exchanging authorization data in Federated Identity environments. SAML 2.0 reflects this broad support in the number of organizations and individuals who contributed new features to it. BEA looks forward to increasing our support for SAML in future product offerings," said Hal Lockhart, Principal Engineering Technologist, BEA Systems.

Cordance "SAML 2.0 will be the keystone that enables many other elements of XML trust infrastructure to interoperate. For example, the upcoming XRI 2.0 specifications from the OASIS XRI (Extensible Resource Identifier) Technical Committee uses SAML 2.0 assertions to provide trusted XRI resolution services. The OASIS XDI (XRI Data Interchange) Technical Committee also plans to foster trusted data interchange relationships using SAML 2.0," said Drummond Reed, CTO Cordance Corporation, co-chair, OASIS XRI and XDI Technical Committees.

DataPower "SAML is fast becoming the dominant Web services standard for federating ‘identity as a service’, and promises to break the traditional lock between Web SSO ‘shim’ and server. The 2.0 version of SAML and the very successful 12-vendor OASIS SAML Interop lab at the RSA Conference are further proof of SAML’s maturity," said Eugene Kuznetsov, CTO and Chairman of DataPower.

Nokia "Nokia has long recognized the importance of security and identity management to Web services and is pleased to see SAML v2.0 reach standardization," said Frederick Hirsch, Senior Architect at Nokia. "SAML v2.0 will do much to reduce market confusion and to drive adoption of federated identity technology, converging Liberty Alliance Federation Framework, SAML v1.1, and Shibboleth technologies. Achieving SAML v2.0 standardization is a major accomplishment in an important area."

Oracle "The SAML 2.0 OASIS Standard marks a huge step forward in delivering on the promise of secure Web Services," said Uppili Srinavasan, senior director, Identity Management and Security Products, Oracle. "Organizations can now rely on SAML to facilitate secure interactions not just among employees within the enterprise, but extend this security beyond the traditional enterprise to the broader trading community consisting of customers, partners and suppliers."

Reactivity "SAML has rapidly been established as the accepted mechanism for making authoritative electronic assertions about user authentication and identity information. Reactivity supports the enhancements in SAML v2.0 that build on that success to provide a comprehensive framework for federating identities, controlling user sessions and identifying web transactions," said Andrew Nash, CTO of Reactivity.

RSA Security "By accepting SAML v2.0 as an OASIS Standard, the technology industry has demonstrated its commitment to delivering open, interoperable solutions that enable companies to leverage the benefits of seamless identity federation," said Jason Lewis, vice president of product marketing and management at RSA Security. "RSA Security is proud to have contributed to the development of SAML, and we look forward to continuing to support initiatives which provide the greatest flexibility and choice to our customers."

Sun Microsystems "Sun continues to drive identity management and Web services standards both through our participation with organizations, such as OASIS and the Liberty Alliance, as well as providing full support of the latest industry standards within our products," said Sara Gates, vice president identity management, Sun Microsystems, Inc. "Sun is proud to have been a supporter of SAML from its inception, and we are excited to see it approved by the members of the OASIS Security Services Technical Committee as an OASIS Standard."

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Additional information:

OASIS Security Services Technical Committee http://www.oasis-open.org/committees/security

SAML FAQ http://www.oasis-open.org/committees/security/faq.php

Cover Pages Technology Report: SAML http://xml.coverpages.org/saml.html

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 9 March 2005 — OASIS, the international e-business standards consortium, today announced that its members have approved Web Services Distributed Management (WSDM) as an OASIS Standard, a status that signifies the highest level of ratification. WSDM enables management applications to be built using Web services, allowing resources to be controlled by many managers through a single interface.

"The industry has been wrestling with the complexity of managing business systems for years," said Cameron Haight, Research Vice President, Gartner, Inc. "One of the main challenges stems from the diversity of products enterprises use to construct their business systems. Several providers of these core infrastructure components have come together to address this classic problem by creating an integration layer between managers and the different protocols used to instrument resources. That integration layer is called WSDM, and now that the standard has been built, it is hoped that other technology providers will come on board to help complete the picture."

"WSDM offers a key to solving a long standing pain point for resource providers, management software vendors, and their customers," said Heather Kreger of IBM, co-chair of the OASIS WSDM Technical Committee. "By integrating heterogeneous resources into heterogeneous management software using heterogeneous protocols and platforms, WSDM uses Web services to start solving the management integration problem."

WSDM consists of two specifications, Management Using Web Services (MUWS) and Management Of Web Services (MOWS). WSDM MUWS defines how to represent and access the manageability interfaces of resources as Web services. It defines a basic set of manageability capabilities, such as resource identity, metrics, configuration, and relationships, which can be composed to express the capability of the management instrumentation. WSDM MUWS also provides a standard management event format to improve interoperability and correlation. WSDM MOWS defines how to manage Web services as resources and how to describe and access that manageability using MUWS. MOWS provides mechanisms and methodologies that enable manageable Web services applications to interoperate across enterprise and organizational boundaries.

"WSDM represents the first step in defining the Web services stack layers for Management," noted Winston Bumpus of Dell, co-chair of the OASIS WSDM Technical Committee. "Simultaneously, WSDM MOWS is also the first step in Web services management."

Patrick Gannon, president and CEO of OASIS, stated, "OASIS has been very pleased with the amount of participation in WSDM development and the support we’ve received from other standards organizations, including the Distributed Management Task Force (DMTF) and the Global Grid Forum (GGF). We appreciate their commitment to collaborate on a consistent management standard for the Web services community. We look forward to engaging with more industry groups and standards organizations as adoption of WSDM grows."

WSDM was developed by members of the OASIS WSDM Technical Committee, which includes representatives of Actional, BEA Systems, BMC Software, Computer Associates, Dell, Fujitsu, Hewlett-Packard, Hitachi, IBM, Novell, TIBCO, and others. Participation remains open to all, and suppliers, end-users and system integrators are invited to join OASIS to advance the continued development and adoption of WSDM. OASIS hosts an open mail list for public comment and the wsdm-dev mailing list for exchanging information on implementing the standard.

Industry Support for WSDM

Computer Associates "The WSDM OASIS Standard will significantly enhance interoperability among management applications and tools, enabling IT organizations to both optimize service levels and reduce operational costs," said Muhi Majzoub, CA’s vice president of development. "CA WSDM, our solution for managing services in a service-oriented architecture, will leverage this important new OASIS Standard to help customers maximize the business value generated by their increasingly complex service-oriented environments."

DataPower "DataPower is proud to have been one of the first Web services security vendors to implement an early version of WSDM in 2003, and as part of the OASIS WSDM Technical Committee, we are delighted with its approval as an OASIS Standard. WSDM is critical, not just for managing Web services, but for using Web services to manage all other systems within the enterprise, on demand. Just like SNMP did in its time, WSDM breaks the lock-in between the managed node and the management server," said Eugene Kuznetsov, CTO and Chairman of DataPower.

Fujitsu "Fujitsu is enthusiastic about the potential of open standards in the area of Web services-based management. The WSDM specifications, MUWS V1.0 and MOWS V 1.0, represent a usable architecture for distributed management, which provides a stable starting point for the design of open management systems. Fujitsu plans an implementation of these WSDM specifications and will in turn provide products reflecting the WSDM V1.0 specifications along with the enhanced capabilities expected from the future work of the OASIS WSDM Technical Committee," said Seigo Hirosue, General Manger, Strategy and Technology Division, Software Group, Fujitsu Limited.

HP "HP has actively supported the WSDM work from the start, including submitting the Web Services Management Framework as input for the work of the technical committee," said Mark Potts, CTO of HP Management Software. "We see WSDM 1.0 as a key milestone in providing a standard-based environment for loosely-coupled management interactions, as called for by HP’s Adaptive Enterprise strategy."

IBM "Many of our customers have already experienced substantial business benefits from initial SOA deployments," said Karla Norsworthy, vice president, IBM Software Standards. "WSDM will enable them to achieve additional benefits by providing a common approach that simplifies the management of existing solutions as well as future applications that are planned to be included in their SOA. WSDM will allow complex IT infrastructures to become more self-managing, greatly reducing system management burdens so IT professionals can concentrate on business issues and innovation."

TIBCO "WSDM is an integral part of TIBCO’s Web services enabled technology and the release of this key specification by OASIS is the realization of our vision for the widespread adoption of Web services," said Matt Quinn, Vice President, Product Strategy, TIBCO Software Inc. "WSDM provides an essential conduit to bridge the gap between IT Asset management and BPM making it possible for IT and business managers to understand and analyze operational performance as it relates to business-critical situations, then initiate the appropriate actions to ensure business continuity."

Additional information:

OASIS WSDM Technical Committee: http://www.oasis-open.org/committees/wsdm

WSDM FAQ: http://www.oasis-open.org/committees/wsdm/faq.php

Cover Pages Technology Report: http://xml.coverpages.org/computingResourceManagement.html

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 8 March 2005 — OASIS, the international e-business standards consortium, today announced that Jim Hughes of HP has been appointed to chair the OASIS Board of Directors and that Bob Glushko of the University of California at Berkeley has been elected to the Board. Working with fellow directors, members, and staff, Hughes and Glushko will provide business leadership to advance OASIS as a major standards-setting body for Web services, e-business, security, and other applications.

Hughes, who has served on the OASIS Board since 2001, noted, "OASIS is now reaching a broader and more diverse set of implementers with e-business standards that accelerate the adoption of advanced technologies. The Board will continue drive this acceleration by giving value to both the industry at-large and our members."

Former entrepreneur, Bob Glushko, has been a member of OASIS since the consortium was founded as SGML Open in 1993. Now, as an Adjunct Professor in the School of Information Management and Systems, he directs Berkeley’s Center for Document Engineering and teaches courses on XML, business process modeling, information architecture, content management, and model-based application development.

With a diverse background that includes consulting, founding start-ups, working for large companies and now teaching, Glushko is uniquely qualified to represent the balanced member base of the consortium. "As a Board director, I will work to keep OASIS focused on the need for its standards to be compatible with the requirements, values, and business models of the not-for-profit institutions in society."

OASIS is distinguished by its transparent governance, which is accountable and unrestricted. Officers of the OASIS Board of Directors are chosen by democratic election to serve two-year terms. Consortium leadership is based on individual merit and is not tied to financial contribution, corporate standing, or special appointment.

Other OASIS Board directors include John Borras of the UK Cabinet Office’s e-Government Unit, Edward Cobb of BEA Systems, Mike DeNicola of Fujitsu, Patrick Gannon of OASIS, Eduardo Gutentag of Sun Microsystems, Frederick Hirsch of Nokia, Christopher Kurt of Microsoft, Jeff Mischkinsky of Oracle, and Michael Weiner of IBM.

On behalf of the organization, Patrick Gannon, president and CEO of OASIS, expressed appreciation to departing Board member, Colin Evans of Intel, for his service and guidance over the past four years.

Additional Information:

OASIS Board of Directors: http://www.oasis-open.org/who/bod.php

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

BOSTON, MA, USA; 2 MARCH 2005 — OASIS, the international e-business standards consortium, today announced that its members have approved the Extensible Access Control Markup Language (XACML) version 2.0 as an OASIS Standard, a status that signifies the highest level of ratification. XACML is used to represent and evaluate access control policies.

Dan Blum, Senior Vice President and Research Director of the Burton Group, noted, "Access control is a requirement of almost every application. XACML goes beyond simply denying or granting information access, it defines the mechanism for creating the rules and policy sets that enable meaningful authorization decisions."

To meet the needs of a wide range of users across many different environments, XACML 2.0 incorporates new profiles for Role Based Access Control (RBAC) and Privacy. XACML 2.0 profiles also provide integration and hierarchical resources for the Security Assertion Markup Language (SAML) OASIS Standard.

"XACML is designed to standardize the use of declarative policy to control access to resources, which can reduce costs while increasing security," said Hal Lockhart, co-chair of the OASIS XACML Technical Committee. "XACML 2.0 can be of particular interest to those deploying SAML, looking for a practical way to implement RBAC or protecting hierarchical resources, such as portions of XML documents."

Before becoming an OASIS Standard, XACML v2.0 first completed an extensive public review and was approved by the OASIS XACML Technical Committee. Then, the specification demonstrated its readiness through multiple implementations, after which XACML was reviewed and approved by the OASIS membership as a whole.

"The approval of XACML 2.0 as an OASIS Standard builds on a solid base of XACML implementations by major international companies, start-ups, and open source providers," noted Patrick Gannon, president and CEO of OASIS. "Increasingly, XACML is being recognized as an integral part of enterprise security frameworks. Our congratulations go to the members of the OASIS XACML Technical Committee for their hard work in advancing this standard."

XACML is part of the growing portfolio of OASIS Standards for security, which also includes the Application Vulnerability Description Language (AVDL), SAML, Service Provisioning Markup Language (SPML), WS-Security, and XML Common Biometric Format (XCBF). OASIS members also advance specifications such as Digital Signature Services (DSS) and Public Key Infrastructure (PKI).

XACML v2.0 was developed by members of the OASIS XACML Technical Committee, which includes representatives of BEA Systems, Booz Allen Hamilton, Computer Associates, Entrust, Gluecode Software, IBM, Sun Microsystems, and others. Participation remains open to all, and suppliers, end-users and system integrators are invited to join OASIS to advance the continued development and the adoption of XACML. OASIS hosts an open mail list for public comment and the xacml-dev mailing list for exchanging information on implementing the standard.

Industry Support for XACML OASIS Standard

BEA Systems "BEA realizes the importance of a portable description for security policy and the significant benefit it can bring to customers. As a result, BEA supports the release of the XACML 2.0 specification as an OASIS standard and is working to incorporate support for the standard in future releases of BEA’s product family," said Paul Patrick, Chief Security Architect, BEA Systems.

Cordance "By taking the industry standard for policy-based access control to a new level, XACML 2.0 provides even more incentive for enterprises to adopt XML-based resource management infrastructure. The OASIS XRI (Extensible Resource Identifier) and XDI (XRI Data Interchange) Technical Committees look forward to providing other key pieces of this infrastructure that will leverage the power of XACML 2.0," said Drummond Reed, CTO of Cordance Corporation and co-chair, OASIS XRI and XDI Technical Committees.

DataPower "XACML finally enables organizations to move access control policy out of custom spaghetti code and into an interoperable, declarative XML form," said Eugene Kuznetsov, CTO, founder and chairman of DataPower. "Whether driven by new security threats, regulatory mandates or Web services, there is a growing need for fine-grained authorization for heterogeneous systems."

Gluecode Software "We are pleased to contribute to the advancement of the XACML 2.0 standard," said Bill Parducci, security architect for Gluecode Software. "As an open source infrastructure company, participation in these standardization efforts allows us to deliver leading-edge solutions to our customers. We look forward to incorporating XACML 2.0 in our products to facilitate integration with an enterprise’s central security policies."

Nokia "Nokia applauds the accomplishment of the OASIS XACML Technical Committee in producing the XACML v2.0 open standard," said Frederick Hirsch, Senior Architect at Nokia. "Having an open and standard means of expressing and resolving authorization and entitlement policies will aid in building secure systems. Nokia is working to use such open standards to enhance the capabilities of its mobile platforms."

Sun Microsystems "XACML is an important piece of technology for enabling access control for web services and part of the broader solution in providing a policy and security framework for web services," said Ed Julson, director of engineering for Web Technologies & Standards at Sun Microsystems. "Sun’s active participation in the development of OASIS XACML 2.0 and our open source implementation of XACML are further evidence of our commitment to open standards and the interoperability benefits they bring to customers."

Additional Information:

OASIS XACML Technical Committee: http://www.oasis-open.org/committees/xacml

Cover Pages Technology Report: http://xml.coverpages.org/xacml.html

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

San Francisco, CA, USA; 2005 RSA Conference; 16 February 2005 — Thirteen vendors from around the world teamed with the U.S. General Service Administration (GSA) E-Gov E-Authentication Initiative to demonstrate interoperability of the Security Assertion Markup Language (SAML) 2.0, a security specification developed by the OASIS standards consortium. SAML enables secure exchange of authentication, attribute, and authorization information between disparate security domains, making secure Internet e-business transactions possible.

The OASIS Federated Identity InterOp Lab, co-sponsored by GSA E-Authentication Initiative, Enspier, and RSA Security, demonstrated a combination of web single sign-on, and single logout scenarios.

"SAML 2.0 brings together SAML 1.x, Liberty Alliance and Shibboleth functionality to provide a logical convergence point for new products and deployments in the coming months," said Dan Blum, Senior Vice President and Research Director, Burton Group. "This OASIS InterOp demonstration offers an important proof-of-concept for the new specification."

According to Stephen Timchak, GSA Program Executive, "The E-Authentication Initiative is committed to helping drive the evolution of federated identity management, and that’s why we are excited to sponsor the OASIS Federated Identity InterOp on SAML 2.0 at RSA 2005. I believe that the E-Authentication-sponsored SAML 1.1 interoperability event at last year’s RSA conference helped speed the evolution of the SAML standard, and we look forward to being enthusiastic adopters of SAML 2.0 when it qualifies for inclusion in the E-Authentication architecture."

Vendors Collaborate on SAML Interoperability

Computer Associates "CA’s active participation in this year’s OASIS SAML Interoperability Lab highlights CA’s ongoing commitment to supporting federation standards that empower global enterprises to quickly and easily deliver secure business services," said Marc Chanliau, eTrust product manager at Computer Associates. "As one of the co-founders of the SAML specification, CA is delighted to see SAML 2.0’s latest enhancements which will enable our diverse customer base to further extend their federation initiatives and realize the full business benefits of standards-based identity management."

DataPower "Because organizations cannot possibly agree on a single vendor solution for identity, traditional, proprietary SSO is impractical for federated identity across extranets and Web services. By validating complete SAML interoperability of DataPower’s XS40 XML Security Gateway, we ensure that our customers are getting an open, standards-based solution for federated identity. For the second year in a row, DataPower is participating in OASIS SAML InterOp at the RSA Conference, an event that has done so much to advance the vision of ‘identity as a service,’" said Eugene Kuznetsov, CTO founder of DataPower.

Entrust "OASIS SAML 2.0 represents convergence within the SAML standard and signals the widespread acceptance and increasing importance of Federated Identity standards for interoperability between partner domains," said Chris Voice, Vice President of Technology at Entrust, Inc. "Our participation in the OASIS Federated Identity InterOp Lab demonstrates our ongoing support of open standards such as SPML, XACML and SAML."

Oracle "It is evident that Web services are rapidly becoming the cornerstone for integration and B2B transactions. SAML 2.0 will further propagate the use of Web services for federated identity management to securely connect customers, partners and employees with the information they need," said Uppili Srinavasan, senior director, Identity Management and Security Products, at Oracle Corp. "Oracle’s participation in this demonstration illustrates our support for the specification and its ability to enable the secure exchange of information among partners."

RSA Security "By embracing SAML.2.0 – a convergence standard that is a cornerstone in the future of identity federation – the technology industry will enable companies to collaborate efficiently and securely, across business boundaries," said Toffer Winslow, director of product management and marketing at RSA Security. "RSA Security is proud of its role in contributing intellectual property that led to SAML, and in co-authoring the standard. We’re delighted to see that a broad range of vendors — including RSA Security — are committed to bringing interoperable solutions to market."

Sun Microsystems "Sun continues to drive identity management and Web services standards both through our participation with organizations, such as OASIS and the Liberty Alliance, as well as providing full support of the latest standards within our products," said Sara Gates vice president identity management, Sun Microsystems, Inc. "Sun is proud to have been a supporter of SAML from its inception, and we are pleased to showcase SAML 2.0 interoperability between Sun Java System Access Manager and other vendors products at the RSA Conference."

About OASIS

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Additional information:

OASIS Federated Identity InterOp Lab RSA Conference Booth #1242

OASIS Security Services Technical Committee http://www.oasis-open.org/committees/security

GSA eAuthentication Program http://cio.gov/eauthentication

Press contact: Carol Geyer Director of Communications OASIS carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 7 Feb 2005 — OASIS, the international e-business standards consortium, revised its Intellectual Property Rights (IPR) Policy to enhance support for open standards development. The policy updates OASIS rules to take into account significant changes in the way that intellectual property laws and practices affect e-business standards. Rather than mandate a single set of IPR terms for all work, the OASIS IPR Policy allows members of each of its more than 60 Committees to choose for themselves one of three IPR modes best suited to their specific effort. OASIS Committees elect to work under "Reasonable And Non-Discriminatory (RAND)," "Royalty-Free (RF) on RAND Terms," or "RF on Limited Terms" modes.

"The policy clearly acknowledges the importance of creating royalty-free standards by providing two RF modes, while still allowing for work to be done under RAND terms when members prefer that option," explained Patrick Gannon, president and CEO of OASIS. "While nearly all OASIS Standards can be implemented today on a royalty-free basis, the revised IPR Policy helps to clarify our open standards process and assure implementers worldwide that OASIS Standards can be adopted with confidence."

Gartner research director, Ray Valdes, applauded the flexibility of the OASIS IPR Policy, noting, "The diversity of information technology systems built today is increasing significantly. This is not only with regard to their scope, complexity, and interoperability, but also in the way these systems are built, and in the types of organizations that build them. These changes require standards organizations to articulate a broader set of approaches to intellectual property issues than has been the case in the past."

As specified in the new OASIS IPR Policy, the RAND mode defines a basic set of minimal terms a patent holder is obliged to offer (such as granting a license that is worldwide, non-exclusive, perpetual, reasonable and non-discriminatory, etc.) and leaves all other non-specified terms to negotiations between the patent holder and the implementer seeking a license. The Royalty-Free (RF) on RAND Terms mode operates in the same manner as RAND, but does not permit the patent holder to charge fees or royalties for the license. The RF on Limited Terms mode is similar to the RF on RAND Terms mode, but it specifies the exact Royalty Free licensing terms and conditions that may be included in a patent holder’s license and that must be granted upon request without further negotiations.

"In today’s world, no standards organization can guarantee that its work is or will remain completely free of patent claims. The most any standards body can do is provide clear, equitable regulations to govern the behavior of those who participate in its work and publicly document their licensing commitments," said Jim Hughes of Hewlett Packard, chair of the OASIS Board of Directors. "By giving Committee members the clear choice between RAND, RF on RAND Terms, and RF on Limited Terms, the revised OASIS IPR Policy provides both standard developers and implementers with an equitable framework for contributing and licensing intellectual property."

OASIS IPR Policy http://www.oasis-open.org/who/intellectualproperty.php

OASIS IPR Policy FAQ http://www.oasis-open.org/who/ipr/ipr_faq.php

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WS-Security, XACML, and XCBF.

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

BOSTON, MA, USA; 3 FEBRUARY 2005 — The OASIS international standards consortium today announced that its members have approved the Universal Description, Discovery and Integration (UDDI) version 3.0.2 as an OASIS Standard, a status that signifies the highest level of ratification. Advanced through an open process, UDDI is commonly regarded as a cornerstone of Web services, defining a standard method for publishing and discovering network-based software components in a service-oriented architecture (SOA). “The UDDI registry model is one of the central elements of an interoperable framework that ensures the effective interaction of services in a service oriented architecture.” said Frank Kenney, analyst at Gartner. “By enabling policy-based distribution and management of enterprise Web services, a UDDI registry can deliver significant business value. It can help ensure that the convenience of developers, the requirements of enterprise architects, and the underlying business policies are not in opposition; in fact, it brings all of these needs into closer alignment by increasing software flexibility, reuse, centralization and control; allowing enforcement and ultimately governance.” The UDDI OASIS Standard specifies protocols for creating a registry for Web services, methods for controlling access to the registry, and a mechanism for distributing or delegating records to other registries. Version 3.0.2 adds the ability to affiliate registries in keeping with SOA’s emphasis on supporting a variety of infrastructural variations and providing a means to define relationships among a variety of UDDI registries. Although from its inception, the specification included concepts such as delegation and distribution among server peers, earlier UDDI definitions relied upon proprietary means of interaction. By contrast, UDDI v3.0.2 provides an open, standardized approach to ensure widely interoperable communication. “The v3.0.2 OASIS Standard represents another significant milestone in UDDI’s evolution,” noted Luc Clement of Systinet, co-chair of the OASIS UDDI Specification Technical Committee. “It delivers key capabilities for enterprise-level deployment, providing different responses depending upon the security, transport, or quality of service as defined by business rules or taxonomies.” “One of the most significant enhancements of UDDI v3.0.2 is that it allows well-known identifiers for service descriptions to be created, facilitating reuse of service descriptions among registries,” added Tony Rogers of Computer Associates, co-chair of the OASIS UDDI Specification Technical Committee. “This makes it much easier for developers and architects to communicate.” Other v3.0.2 features include support for digital signatures, allowing UDDI to deliver a higher degree of data integrity and authenticity. Extended discovery features can combine previous, multi-step queries into a single-step, complex query. UDDI now also provides the ability to nest sub-queries within a single query, letting clients narrow their searches much more efficiently. Patrick Gannon, president and CEO of OASIS, applauded the thorough approach taken by the UDDI developers, pointing to the large body of use cases and technical notes that supplement the specification. “The technical committee has taken the time to precisely articulate the business case for UDDI. They’ve also actively consulted and collaborated with related standards efforts, such as the OASIS Web Services for Remote Portlets (WSRP) Technical Committee, UN/CEFACT’s ebXML Core Components Working Group, and the OASIS Web Services for Business Process Execution Language (WSBPEL) Technical Committee.” Two new technical notes were released simultaneously with UDDI 3.0.2. The first provides advice on using UDDI and WSBPEL together. The second explains the process using JAX-RPC for a UDDI client. These technical notes are part of the on-going effort by the OASIS UDDI Technical Committee to facilitate and promote the use of UDDI in a wide variety of contexts. Participation in the OASIS UDDI Specification Technical Committee remains open to all organizations and individuals. Suppliers, end-users and system integrators are invited to join OASIS to participate in the continued development and the adoption of UDDI. OASIS hosts an open mail list for public comment and the uddi-dev mailing list for exchanging information on implementing the standard. Industry Support for UDDI v3.0.2 OASIS Standard Computer Associates “As the adoption of Web services by businesses worldwide continues to grow, it’s becoming more important to effectively provide reliable and standards-based discovery of these services. Along with advances in the standards for management and security of Web services, these latest enhancements to UDDI will help enterprises address these challenges and will, therefore, promote broader adoption of Web services and drive development of business solutions that take advantage of interoperability between multiple Web services,” said Toby J Weiss, Senior Vice President of eTrust Product Management at Computer Associates. DataPower “UDDI is doing for server-to-server communication what DNS did for the Internet, by making it much easier and cheaper to connect and stay connected to services,” said Eugene Kuznetsov, chairman and chief technical officer of DataPower, “DataPower customers see the combination of application-aware networking and UDDI as the cornerstone of SOA.” Digital Evolution “Digital Evolution became one of the first companies to offer a commercially available UDDI v3 registry when we released version 2.0 of our Service Manager product in 2003,” said Roberto Medrano, EVP Marketing at Digital Evolution. “We are excited OASIS is backing the latest iteration of UDDI as the right choice for enterprise-class registry deployments.” IBM “UDDI continues to serve an important role in the deployment of Services Oriented Architectures”, said Karla Norsworthy, Vice President of Software Standards for IBM. “IBM will extend support for UDDI Version 3 in the WebSphere Application Server. The security enhancements in UDDI combined with the industry leading enterprise capabilities in WebSphere will be especially important for customers using UDDI to improve reuse and simplify discovery of Web services across their IT infrastructure.” SAP “As one of the initial co-authors of UDDI V3, SAP supports its ratification as an OASIS Standard,” said Michael Bechauf, Vice President NetWeaver Standards at SAP. “Building on the enterprise-readiness of UDDI V2, the enhancements that went into UDDI V3, such as the support of XML digital signatures for data integrity and authenticity and a pub/sub-mechanism for change notifications address commonly requested requirements and make UDDI the canonical candidate for enterprise services registries. The next version of SAP NetWeaver, the open integration and application platform for mySAP Business Suite and SAP xApp composite applications, will support UDDI V3. Its openness reflects SAP’s commitment to industry standards and interoperability that enables users to implement, integrate and maintain their infrastructures through a Web services-oriented architecture.” Systinet “UDDI V3 is an important new specification for SOA,” said David Butler, VP Marketing, Systinet. “New features like registry affiliation, publisher assigned keys and the subscription API provide for enterprise class interoperability. These features are key to advancing UDDI’s ability to deliver significant business value to the enterprise.” Additional information: OASIS UDDI Specification Technical Committee OASIS UDDI Member Section UDDI FAQ Cover Pages Technology Report: UDDI About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Washington, DC, USA; 19 November 2004 — OASIS members from around the world collaborated on multiple interoperability demonstrations of various OASIS Standards and specifications at the XML 2004 conference this week. Implementations were shown of Web services standards for delivering messages reliably, aggregating content to portals, sharing customer data, and disseminating emergency event information in scenarios that ranged from a retail shopping experience to a chemical contamination event.

"The majority of these InterOps showcased work that has already attained the level of an approved OASIS Standard. Clearly, we’re seeing exciting progress in the maturity of Web services," noted Jamie Clark, director of standards development at OASIS. "It’s also significant to note that we’re not just seeing implementations of standards being applied to broad, foundational challenges. We’re also witnessing the development and application of XML standards to solve specific industry needs."

Demo #1: Web Services for Remote Portlets (WSRP) OASIS Standard.

BEA, IBM, Oracle, PeopleSoft, Sun Microsystems, Vignette, and others acted as both WSRP Producers and Consumers to demonstrate how WSRP can be used to define an interface and protocol for accessing remote aggregatable, interactive, presentation-oriented content sources. Their WSRP implementations showed content sources being deployed in a way that allowed portals to quickly incorporate the information into pages served to end users.

Demo #2: Common Alerting Protocol (CAP) OASIS Standard.

In this InterOp, Anteon and other OASIS members simulated a chemical event utilizing plume modeling to demonstrate how CAP employs XML to communicate key emergency event data to a variety of systems. A CAP message containing the affected areas, severity, etc. was posted on a central server, then players extracted the data, activated alert/notifications systems, and displayed incident management information. VIEW SLIDES

Demo #3: WS-Composite Application Framework (WS-CAF).

IONA, Oracle, and others each provided separate Web-based storefronts that used WS-CAF to share customer information, such as such as username/password, credit card data, and shopping cart contents. The customer was able to purchase goods from every store as if he or she was nteracting with a single storefront. VIEW SLIDES

Demo #4: WS-Reliability OASIS Standard.

Fujitsu, Hitachi, Oracle, and NEC demonstrated the use of WS-Reliability to guarantee message delivery over the Internet, enabling companies to conduct reliable business-to-business trading or collaboration using Web services. VIEW SLIDES

Demo #5: ebXML Implementation, Interoperability and Conformance.

Fujitsu and NIST demonstrated how the OASIS ebXML IIC Test Framework is used to conduct remote ebXML testing, either for conformance or interoperability. NIST’s test driver implementation allowed test cases using XML markup to be scripted. Black-box conformance testing of the Hermes open source ebXML Messaging server software was also shown. VIEW SLIDES

Demo #6: ebXML Registry OASIS Standard.

Here, ebXML Registry was demonstrated in tandem with ebXML Message Service (ebMS), Collaborative Partner Profile Agreement (ebCPPA), Business Process Specification Schema (ebBPSS), and Content Assembly Mechanism (CAM) specifications to manage a large community of participants in a typical e-Service and e-Business system, such as the DOD EMall. The service provider deployed the Registry, allowing partners to quickly join the community and integrate their own applications into the e-Service network. Partners selected the business process they wanted to use, picked the versions of transactions they supported, tested compliance, certified their ebMS systems, and then created CPPA definitions and began interacting. VIEW SLIDES

In other XML 2004 news, Robin Cover was awarded the XML Cup for contributions to the XML community. Cover is managing editor of the Cover Pages, http://xml.coverpages.org/, a comprehensive online resource that has served for more than 13 years as the chronicle of the structured information standards community. The Cover Pages is hosted by OASIS and sponsored by its members, Innodata Isogen, SAP, and Sun Microsystems.

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,500 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

ORLANDO, FLORIDA, USA; 17 NOVEMBER 2004–Implementations and interoperability of the Universal Description, Discovery, and Integration (UDDI) OASIS Standard were featured at today’s Gartner Application Integration and Web Services Summit. Representatives from The Hartford and Charles Schwab each presented details on their company’s implementation of UDDI registries as core foundation components of their Service Oriented Architectures (SOA). Then, members of the OASIS UDDI Specification Technical Committee staged a live demo incorporating UDDI product offerings from IBM, Oracle, SAP, Systinet, and others in a business scenario.

"Enterprise business analysts, architects, and developers fully understand that a business services registry is the foundation of the SOA infrastructure, " noted Tony Rogers of Computer Associates, co-chair of the OASIS UDDI Specification Technical Committee. "The UDDI OASIS Standard has established itself as an important enabler of visibility, manageability, adaptability, and reusability of the service-oriented enterprise."

The UDDI OASIS InterOp at Gartner featured an inventory management scenario for a chain of book stores. Varying in size from mall kiosks to large retail outlets, each store maintained its own inventory management processes, which were not centrally controlled. By using UDDI to integrate suppliers and inventory management systems, corporate purchasers were able to monitor inventory levels, replenish stock, respond quickly to demand fluctuations, streamline procurement, and deliver useful information on product demand to publishers.

"Today we provided concrete, real-world examples of UDDI registries as the foundation of SOA, " said Luc Clement of Systinet, CO-chair of the OASIS UDDI Specification Technical Committee. "We demonstrated how enterprises can exploit a UDDI registry to deploy adaptive business services dealing with the realities of change within the enterprise by showing the benefits of location-independence. In the process, we showed how you can add new services without the need to do any configuration other than the act of publishing the new service. And finally, we demonstrated how UDDI brings an increase in visibility and reuse that dramatically reduces the cost of an SOA integration."

Participation in the OASIS UDDI Specification Technical Committee remains open to all organizations and individuals. End-users and system integrators are invited to join OASIS to advance the adoption of this international standardization effort. OASIS hosts an open mail list for public comment and the uddi-dev mailing list for exchanging information on implementing the standard.

Additional information:

OASIS UDDI Specification Technical Committee http://www.oasis-open.org/committees/uddi-spec

OASIS UDDI Member Section http://www.uddi.org

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,500 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 15 November 2004 — The OASIS international standards consortium today announced that its members have approved WS-Reliability version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. Developed through an open process, WS-Reliability provides a method to guarantee message delivery over the Internet, enabling companies to conduct reliable business-to-business trading or collaboration using Web services.

"Reliable message delivery is one of the key issues to be addressed if there is to be widespread adoption of Web services, particularly in business-to-business scenarios," said Neil Macehiter, research director at Ovum. "Communications using Internet-based protocols, such as HTTP and SMTP, are inherently unreliable and do not support the assured or ordered delivery demanded by the applications on which businesses depend. WS-Reliability, being an approved OASIS Standard developed in open forum that addresses these limitations, is an important step on the path to realizing the promise of Web services."

WS-Reliability supports guaranteed delivery, which ensures the message is delivered at least once, duplication elimination, which certifies that the message is delivered at most once, and message delivery ordering, which guarantees messages in a sequence are delivered in the order sent.

"Financial transactions are just one example of the kind of applications that need WS-Reliability to meet quality-of-service standards. A message requesting a money withdrawal, for instance, must be received by an application once and only once," noted Tom Rutt, chair of the OASIS Web Services Reliable Messaging (WSRM) Technical Committee. "With the WS-Reliability OASIS Standard, information can be shared between software programs over the Internet as reliably as within a single application on a laptop."

Patrick Gannon, president and CEO of OASIS, applauded the efforts of the technical committee members who produced the new standard, recalling, "The genesis for WS-Reliability was submitted to OASIS in March 2003 by Fujitsu, Hitachi, Oracle, NEC, Sonic Software, and Sun Microsystems. These companies recognized the importance of advancing their work within an open process where the entire community of vendors, users, and governments could contribute. Today’s approval of WS-Reliability as an OASIS Standard is proof positive that it is possible to garner broad input on the development of a standard and still meet time-to-market needs."

Participation in the OASIS WSRM Technical Committee remains open to all organizations and individuals. End-users and system integrators are invited to join OASIS to participate in the adoption phase of this international standardization effort. OASIS hosts an open mail list for public comment and the ws-reliability-dev mailing list for exchanging information on implementing the standard. WS-Reliability was created by a royalty-free process technical committee within OASIS.

Industry Support for WS-Reliability OASIS Standard:

Fujitsu "Fujitsu believes that reliability of messaging is critical to the successful deployment of Web services. For this reason, we have been actively contributing to the design of WS-Reliability, leveraging the technologies and expertise we have accumulated in developing our customers’ enterprise systems. We intend to apply this OASIS Standard, not only for Web services, but also in our work relating to the Business Grid Computing Project in Japan, which aims to effectively utilize distributed IT resources on the network in enterprise systems. We are pleased, therefore, to see this reliability technology becoming an OASIS Standard and expect that it will accelerate the adoption of Web services", said Seigo Hirosue, General Manager of the Strategy and Technology Division, Software Group of Fujitsu Limited.

Hitachi "Hitachi is pleased with the result of the OASIS WS-Reliability standardization efforts. WS-Reliability is critical for extending business processes across a sometimes imperfect internet. Our customers demand perfect operation of Web services applications, and WS-Reliability provides the capability to meet their needs. One project that will see immediate utilization of WS-Reliability is the Business Grid Computing Project supported by Japanese Ministry of Economy, Trade and Industry. This project, jointly developed by Hitachi, Fujitsu, and NEC, which is approaching its third and final year, will generate middleware to encourage the wide deployment of failure tolerant, low cost, and flexible business grids. Innovations such as these will transform Web services technologies from a laboratory curiosity into a commercial reality with daily practical use. WS-Reliability is a fundamental part of this transformation," said Kiyoshi Kozuka, Executive General Manager, Software Division, Hitachi, Ltd.

NEC "NEC is pleased to see WS-Reliability become an OASIS Standard. We are convinced that this standard will accelerate the adoption of Web services in mission critical enterprise applications, where guaranteed and ordered delivery of messages is crucial to the business process. WS-Reliability will also be widely used in the business grid system we are developing, through an activity of the Japan business grid project," said Yosuke Takashima, General Manager of System Platform Software Development Division, NEC Corporation.

Novell "The ability to reliably exchange messages is a fundamental requirement from customers that deploy Web services across enterprise boundaries for collaboration and electronic transactions. Novell supports OASIS in the development of the WS-Reliability standard in order to provide a secure, reliable and manageable Web services platform," said Frank Auger, vice president of product management and marketing for Novell exteNd and Nsure.

Oracle "As an original supporter of this effort, Oracle views ratification of the WS-Reliability OASIS Standard as an essential step toward allowing organizations to realize the benefits that Web services can offer," said Jeff Mischkinsky, director of Web Services Standards at Oracle Corp. "The WS-Reliability OASIS Standard increases the business value and interoperability of Web services facilities by enabling guaranteed delivery, duplicate elimination, and guaranteed ordering of Web service messages."

Sun Microsystems "Reliable messaging is a key enabler for broad industry adoption of Web services, and WS-Reliability allows companies to deploy Web services with confidence that information is being exchanged between services with the appropriate level of reliability required for the application. Sun is proud to have been a supporter of WS-Reliability from the beginning, and we look forward to incorporating this technology into our product plans," said Ed Julson, Director of Web Technologies & Standards, Sun Microsystems.

Additional information:

OASIS WSRM Technical Committee http://www.oasis-open.org/committees/wsrm

Cover Pages Technology Report: Reliable Messaging http://xml.coverpages.org/reliableMessaging.html

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,500 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209