Web Services Security Initiatives
236
S
ECURING
W
EB
S
ERVICES
means through which many of these may be verified. The digital signature of a
document is a piece of information based on both the document and the signer's
private key. It is typically created through the use of a hash function and a private
signing function (encrypting with the signer's private key), but there are other
methods.
For more information on cryptography, please read this document: RSA Labora-
tories' Frequently Asked Questions About Today's Cryptography, Version 4.1,
available
at
(Some of the text in this section was excerpted, by permission, from this docu-
ment.)
Web Services Security Initiatives and
Organizations
The following organizations work on web services security specifications, guide-
lines, and tools:
· The World Wide Web Consortium (W3C)
· Organization for Advancement of Structured Information Standards
(OASIS)
· Web Services Interoperability Organization (WS-I)
· Java Community Process (JCP)
Basically, the JCP, W3C, and OASIS are developing specifications related to
web services security. WS-I creates profiles that recommend what to implement
from various specifications and provides direction on how to implement the
specifications. The following sections briefly discuss the specifications and pro-
files being developed by each organization.
W3C Specifications
The mission of the World Wide Web Consortium (W3C), according to its Web
site at
, is to lead the World Wide Web to its full potential
by developing protocols and guidelines that ensure long-term growth for the
web. W3C primarily pursues its mission through the creation of Web standards
