This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Interoperable Security Standards for Web Services
September/October 2010 (vol. 12 no. 5)
pp. 42-47
Sitaraman Lakshminarayanan, GE Energy, Dunwoody

Web services are increasingly being provided and consumed in and between cloud environments. Learn how to leverage various interoperable standards to address security challenges in a cloud or distributed Web services architecture.

1. Web Services Security: SOAP Message Security 1.1 (WS-Security 2004), Organization for the Advancement of Structured Information Standards (Oasis), Feb. 2006; http://docs.oasis-open.org/wss/v1.1wss-v1.1-spec-os-SOAPMessageSecurity.pdf .
2. Assertions and Protocols for the Oasis Security Assertion Markup Language (SAML) V2.0, Organization for the Advancement of Structured Information Standards (Oasis), Mar. 2005; http://docs.oasis-open.org/security/saml/ v2.0saml-core-2.0-os.pdf.
3. M. Bartel et al., XML Signature Syntax and Processing (Second Edition), World Wide Web Consortium (W3C) recommendation, June 2008; www.w3.org/TR/2008REC-xmldsig-core-20080610 .
4. eXtensible Access Control Markup Language (XACML) Version 2.0, Organization for the Advancement of Structured Information Standards (Oasis), Feb. 2005; http://docs.oasis-open.org/xacml/2.0access_control-xacml-2.0-core-spec-os.pdf .
5. SAML 2.0 Profile of XACML V.2.0, Organization for the Advancement of Structured Information Standards (OASIS), Feb. 2005; http://docs.oasis-open.org/xacml/2.0access_control-xacml-2.0-saml-profile-spec-os.pdf .
6. WS-Trust 1.4, Organization for the Advancement of Structured Information Standards (Oasis), Feb. 2009; http://docs.oasis-open.org/ws-sx/ws-trust/ v1.4/osws-trust-1.4-spec-os.html.
7. SOAP Version 1.2 Part 0: Primer (Second Edition), World Wide Web Consortium (W3C) recommendation, Apr. 2007; www.w3.org/TRsoap12-part0.
8. Web Services Policy 1.5—Framework, World Wide Web Consortium (W3C) recommendation, Sept. 2007; www.w3.org/TRws-policy.
9. Web Services Policy 1.5—Attachment, World Wide Web Consortium (W3C) recommendation, Sept. 2007; www.w3.org/TR/2007REC-ws-policy-attach-20070904 .
10. WS-Security Policy 1.2, Organization for the Advancement of Structured Information Standards (Oasis), July 2007; http://docs.oasis-open.org/ws-sx/ws-securitypolicy/ 200702ws-securitypolicy-1.2-spec-os.html .
11. WS-SecureConversation 1.4, Organization for the Advancement of Structured Information Standards (Oasis), Feb. 2009; http://docs.oasis-open.org/ws-sx/ws-secureconversation/ v1.4/osws-secureconversation-1.4-spec-os.pdf .
12. XML Key Management Specification (XKMS 2.0), World Wide Web Consortium (W3C) recommendation, June 2005; www.w3.org/TR/2005REC-xkms2-20050628.
13. Web Services Metadata Exchange (WS-MetadataExchange), World Wide Web Consortium (W3C) recom mendation, Mar. 2009; www.w3.org/TR/2009WD-ws-metadata-exchange-20090317 .

Index Terms:
WS-Security, Security Assertion Markup Language, SAML, Extensive Access Control Markup Language, XACML, WS-Policy, WS-SecurityPolicy, WS-Trust, cloud security, cloud computing, information technology, security & privacy
Citation:
Sitaraman Lakshminarayanan, "Interoperable Security Standards for Web Services," IT Professional, vol. 12, no. 5, pp. 42-47, Sept.-Oct. 2010, doi:10.1109/MITP.2010.98
Usage of this product signifies your acceptance of the Terms of Use.