The Web Services Interoperability Organization (WS-I) announced the publication of the WS-I Basic Security Profile (BSP) 1.1 as final material for public access.
WS-I is an open industry organization chartered to establish and document Best Practices for Web Services interoperability. The WS-I Basic Security Profile is an essential guide for ensuring secure, interoperable Web services, based on a set of non-proprietary Web services specifications, along with clarifications and amendments to those specifications that promote interoperability.
BSP 1.1 integrates OASIS Web Services Security (WS-Security) 1.1 key encryption and signature features that can improve interoperability of practical secure technologies used in current Web services applications. It targets transport and SOAP message security, and Basic Profile-specific security considerations of Web Services. BSP 1.1 focuses on Web Services Message Security and HTTP over Transport Level Security (TLS).
The material constrains the use of several common security tokens based on the OASIS WS-Security 1.1 and its token profiles. Security tokens profiled include Kerberos, X.509, SAML and Username token.
BSP 1.1 is available at no charge here.