|
1.
|
Clear description of the referenced document:
|
|
|
|
Name:
|
OASIS Standard 200401
|
|
Title:
|
Web Services Security: SOAP Message Security 1.0 (WS-Security 2004) OASIS Standard 200401, March 2004
|
|
|
2.
|
Status of approval:
|
|
|
This document is an approved OASIS standard.
|
|
3.
|
Justification for the specific reference:
|
|
|
OASIS Standard 200401 describes enhancements to SOAP messaging to provide message integrity and confidentiality. The solution based on this document is used for the security of metadata.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
IPR issues on OASIS publications can be found at http://www.oasis-open.org/committees/wss/ipr.php.
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
The technology described in this document is widely accepted in the market.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
The content of OASIS Standard 200401 has been stable since 2004 (see its Appendix C for details of revision history).
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
OASIS Standard 200401 refers to publications of other standard bodies.
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
[GLOSS] Informational RFC 2828, "Internet Security Glossary," May 2000./
[KERBEROS] J. Kohl and C. Neuman, "The Kerberos Network Authentication Service (V5)," RFC 1510, September 1993,/
http://www.ietf.org/rfc/rfc1510.txt ./
[KEYWORDS] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels," RFC 2119, Harvard University, March 1997/
[SHA-1] FIPS PUB 180-1. Secure Hash Standard. U.S. Department of Commerce / National Institute of Standards and Technology./
http://csrc.nist.gov/publications/fips/fips180-1/fip180-1.txt/
[SOAP11] W3C Note, "SOAP: Simple Object Access Protocol 1.1," 08 May 2000./
[SOAP12] W3C Recomendation, “http://www.w3.org/TR/2003/REC-soap12-part1-20030624/”, 24 June 2003/
[SOAPSEC] W3C Note, "SOAP Security Extensions: Digital Signature," 06 February 2001./
[URI] T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax," RFC 2396, MIT/LCS, U.C. Irvine, Xerox Corporation, August 1998./
[XPATH] W3C Recommendation, "XML Path Language", 16 November 1999/
/
The following are non-normative references included for background and related material:/
[WS-SECURITY] "Web Services Security Language", IBM, Microsoft, VeriSign, April 2002. "WS-Security Addendum", IBM, Microsoft, VeriSign, August 2002. "WS-Security XML Tokens", IBM, Microsoft, VeriSign, August 2002./
[XMLC14N] W3C Recommendation, "Canonical XML Version 1.0," 15 March 2001/
[EXCC14N] W3C Recommendation, "Exclusive XML Canonicalization Version 1.0," 8 July 2002./
[XMLENC] W3C Working Draft, "XML Encryption Syntax and Processing," 04 March 2002 W3C Recommendation, “Decryption Transform for XML Signature”, 10 December 2002./
[XML-ns] W3C Recommendation, "Namespaces in XML," 14 January 1999./
[XMLSCHEMA] W3C Recommendation, "XML Schema Part 1: Structures,"2 May 2001. W3C Recommendation, "XML Schema Part 2: Datatypes," 2 May 2001./
[XMLSIG] W3C Recommendation, "XML Signature Syntax and Processing," 12 February 2002./
[X509] S. Santesson, et al,"Internet X.509 Public Key Infrastructure Qualified Certificates Profile,"/
http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.509-200003-I/
[WSS-SAML] OASIS Working Draft 06, "Web Services Security SAML Token Profile", 21 February 2003/
[WSS-XrML] OASIS Working Draft 03, "Web Services Security XrML Token Profile", 30 January 2003/
[WSS-X509] OASIS, “Web Services Security X.509 Certificate Token Profile”, 19 January 2004, http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0/
[WSSKERBEROS] OASIS Working Draft 03, "Web Services Security Kerberos Profile", 30 January 2003/
[WSSUSERNAME] OASIS,”Web Services Security UsernameToken Profile” 19 January 2004, http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss1704username-token-profile-1.0/
[WSS-XCBF] OASIS Working Draft 1.1, "Web Services Security XCBF Token Profile", 30 March 2003/
[XPOINTER] "XML Pointer Language (XPointer) Version 1.0, Candidate Recommendation", DeRose, Maler, Daniel, 11 September 2001.
|
|
9.
|
Qualification of
OASIS:
|
|
|
OASIS is recognized under the provisions of ITU-T Recommendations A.5 and A.4. Qualifying information is on file at TSB.
|
|
10.
|
Other (for any supplementary information):
|
|
|
None
|
|
