• Article

Resource File

Web Services Security Specs and TrustBridge

Contents

TrustBridge

On this page, we provide information on the most current Microsoft developer resources. This month, we continue our focus on security, as well as offer links to topics that relate to the articles in this issue.

WS-Security is a recently proposed specification from Microsoft, IBM, and VeriSign. It has been submitted to OASIS for industry standardization. WS-Security builds on the SOAP specification to provide you with a standard mechanism to exchange secure, signed messages in a Web Services environment.

WS-Security is designed to be neutral with respect to identity assertion mechanisms and protocols. It supports many types of credential information, including Kerberos, PKI, XrML, SAML, and SSL/TLS. Therefore, organizations can begin to build solutions on this foundation without discarding their current security infrastructure. As new credential types are developed and implemented, WS-Security will be able to evolve with the technology to support new security approaches.

The WS-Security spec can be found at Web Services Security.

Microsoft and IBM also jointly published "Security in a Web Services World: A Proposed Architecture and Roadmap", which describes an evolutionary approach to security and defines additional Web Services security capabilities that are built on the foundation of WS-Security.

In addition to WS-Security, Microsoft, IBM, and VeriSign have proposed six more specifications.

WS-Policy defines how to express the capabilities and constraints of security policies.

WS-Trust describes the model for establishing both direct and brokered trust relationships (including third parties and intermediaries).

WS-Privacy defines how Web Services state and implement privacy practices.

WS-Secure Conversation describes how to manage and authenticate message exchanges between parties, including security context exchange and estab-lishing and deriving session keys.

WS-Federation describes how to manage and broker trust relationships in a heterogeneous federated environment, including support for federated identities. Federated identity is the ability to securely recognize and use identities that are owned by trusted organizations other than your own.

WS-Authorization defines how Web Services manage authorization data and policies.

TrustBridge

In addition to this standards work, Microsoft is developing a set of technologies code-named "TrustBridge," which embrace WS-Security and other WS standards, and enable applications to use credentials created on a wide range of systems, including Active Directory, Microsoft .NET Passport, and other products that support WS-Security (for example, IBM middleware products).

TrustBridge, which is planned to ship in 2003, will be able to federate with other enterprise or Internet-based authentication systems. This will make it possible for enterprises that choose to interoperate with the Passport system to allow their users to sign in with their existing credentials at Passport-participating sites.

Microsoft development tools and the .NET Framework will add further support for these new interoperability standards so that developers can build applications that use WS-Security and related specifications from the WS-Security roadmap.