OASIS Web Services Security TC

The original Call For Participation for this TC may be found at http://lists.oasis-open.org/archives/tc-announce/200207/msg00004.html

The charter for this TC was last modified on 20 September 2002; this change was announced at http://lists.oasis-open.org/archives/tc-announce/200209/msg00002.html

The charter for this TC is as follows.


OASIS Web Services Security Technical Committee (WSS)

Statement of Purpose

The purpose of the Web Services Security TC (WSS) is to continue work on the Web Services security foundations as described in the WS-Security specification [1], which was written within the context of the Web Services Security Roadmap as published in April 2002 [2]. The work of the WSS TC will form the necessary technical foundation for higher-level security services which are to be defined in other specifications. The TC shall not further develop the security roadmap, nor shall the roadmap constitute a normative part of the output of the TC.

The Technical Committee will take advantage of the OASIS provided services for such things as e-mail lists and archives, and also web pages for tracking progress. E-mail archives will be visible to the public.

Relationship to Existing Activities:

Many efforts related to Web services security and related technologies are underway throughout the industry. The following work may be relevant to this Web Services Security TC:

  • OASIS Access Control TC (XACML)
  • OASIS XML Common Biometric Format TC (XCBF)
  • OASIS Provisioning TC (PSTC)
  • OASIS Rights Language TC (XrML)
  • OASIS Security Services TC (SAML)
  • W3C XML Signature
  • W3C XML Encryption
  • W3C XML Key Management

List of Deliverables

The TC has the following initial set of deliverables.

  • The "core"specification (final name TBD)
  • A SAML profile
  • An XrML profile
  • A Kerberos profile
  • An X.509 profile

The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas:

  • Using XML signature to provide SOAP message integrity for Web services
  • Using XML encryption to provide SOAP message confidentiality for Web services
  • Attaching and/or referencing security tokens in headers of SOAP messages
  • Carrying security information for potentially multiple, designated actors
  • Associating signatures with security tokens

Each of the security mechanisms will use implementation and language neutral XML formats defined in XML Schema.

The OASIS Web Services Security TC will:

  1. Accept as input the Web Services Security (WS-Security) specification published by IBM, Microsoft, and VeriSign on April 11th 2002 [1] and other subsequent submitted documents.
  2. Produce as output a specification, in one or more documents, for Web Services Security. This specification will reflect refinements and changes made to the submitted version of WS-Security that are identified by the WSS TC members for additional functionality within the scope of the TC charter.
  3. Liaise and/or forge relationships with other Web services efforts to assist in leveraging WS-Security as a part of their specifications or solutions.
  4. Coordinate with the chairs of the other OASIS security related groups via the Security Joint Coordination Committee.
  5. Oversee ongoing maintenance and errata of the WS-Security specification.


[1] WS-Security Specification (as submitted)

[2] Web Services Security Roadmap