OASIS Web Services Security (WSS) TC
Completed
Delivering a technical foundation for implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services applications
Table of Contents
- Announcements
- Overview
- Technical Work Produced by the Committee
- External Resources
- Mailing Lists and Comments
- Additional Information
November 28th 2006
We are pleased to announce that a set of Errata has been approved by the OASIS Web Services Security (WSS) TC. The errata are as follows:
- WS-Security SOAP Message Security 1.1 Errata
- X.509 Token Profile 1.1 Errata
- Kerberos Token Profile 1.1 Errata
- SAML Token Profile 1.1 Errata
- SOAP With Attachments (SWA) Profile Errata
The specs and the related errata can be found here.
The formal announcement of this Errata from OASIS is available here.
February 21st 2006
The WS-Security 1.1 document set that was submitted for public review towards the end of last year has now been approved as a formal OASIS standard. Links to those documents can be found below in the Technical Work Produced by the Committee section.
The purpose of the OASIS WSS TC is to continue work on the Web Services security foundations as described in the WS-Security specification, which was written within the context of the Web Services Security Roadmap as published in April 2002. The work of the WSS TC will form the necessary technical foundation for higher-level security services which are to be defined in other specifications.
For more information, see the TC Charter and FAQ
Technical Work Produced by the Committee
OASIS Standard 1.1
The following documents make up the WS-Security 1.1 OASIS standard. The links below are to the PDF versions of the documents. If you prefer HTML or Microsft Word (.doc) versions of the documents, you will find those in the document repository.
- WS-Security Core Specification 1.1
- Username Token Profile 1.1
- X.509 Token Profile 1.1
- SAML Token profile 1.1
- Kerberos Token Profile 1.1
- Rights Expression Language (REL) Token Profile 1.1
- SOAP with Attachments (SWA) Profile 1.1
Related schema files
Here are the links to the 1.1 and 1.0 schema files. Note that the 1.1 schema does not replace the 1.0 schema, rather it builds upon it by defining an additional set of capabilities within a 1.1 namespace.
OASIS Standard 1.0
- Web Services Security: SOAP Message Security V1.0
- Web Services Security: Username Token Profile V1.0
- Web Services Security: X.509 Token Profile V1.0
- Web Services Security:SAML Token Profile V1.0
- Web Services Security REL Token Profile V1.0
- Schema files V1.0 [1] and [2]
Note that all OASIS Standards documents are available from the standards page.
1.0 Errata - Updated February 2006
The WSS TC has produced a set of non-normative errata to these 1.0 documents. Note that these documents are errata to the WS-Security 1.0 OASIS Standard documents but are not themselves documents that have gone through the full OASIS standards process. They are Committee Draft documents produced by the WSS TC. The errata material is listed below.
- Errata to the OASIS Standard 1.0
About our other documents/work in progress
The TC is currently working on a set of documents that will be the 1.1 version
of the specification. The latest versions of those documents are in the document
repository.
The e-mail archive is available here. If you experience problems please notify webmaster@oasis-open.org
Although not produced by the OASIS WSS TC, the following information offers useful insights into its work.
OASIS WSS TC Approves Three Web Services Security Specifications for Public Review
Cover Pages, 9 Sept 2003
OASIS Web Services Security TC (WSS) Approves Committee Draft Specifications.
Cover Pages, 26 Jan 2004
OASIS Web Services Security Specification Approved as an OASIS Standard.
Cover Pages, 8 April 2004
OASIS Web Services Security TC Prepares Additional WSS Profiles.
Cover Pages, 13 Aug 2004
Companies Demonstrate Interoperability of WS-Security OASIS Standard
OASIS News, 20 Apr 2005
Japanese translation of WS-Security provided as a voluntary service to the community by the XML Consortium.
wss: the list used by TC members to conduct Committee work. TC membership required to post. TC members are automatically subscribed; the public may view archives.
wss-comment: a public mail list for providing input to the OASIS wss Technical Committee members. Send a comment or view archives.
wss-dev: an unmoderated, public mail list that provides an open forum for developers to exchange ideas and information on implementing the wss OASIS Standard. Subscribe or view archives.*
*To minimize spam, you must subscribe to this list before posting.
Meetings
In general, the TC meets by phone every other week on Tuesdays at 7am Pacific Time (10am Eastern Time). Exceptions to this rule will occur from time to time and will be posted here. The full meeting schedule is now in the on-line calendar. From now on please use the on-line calendar to find meeting times, logistics and agendas.
You can access the on-line calendar here or by clicking on the schedule link in the menu at the top of this page.
Liaisons
Click here
to see a summary of WSS TC liaison reps to other groups.
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.