"WS-Security describes a base mechanism for securing SOAP messages. With WS-SX, we'll concentrate on trust brokering, multi-message exchanges, and policies that describe how to secure message exchanges with a Web service," said Kelvin Lawrence of IBM, proposed co-chair of the OASIS WS-SX Technical Committee, as 
members of the OASIS international standards consortium announced plans to define extensions to the WS-Security OASIS Standard that will enable the trusted exchange of multiple SOAP messages and will define security policies that govern the formats and tokens of those messages.

The new OASIS Web Services Secure Exchange (WS-SX) Technical Committee brings together users and vendors in an open process to refine and finalize a set of specifications based on three initial contributions, WS-SecureConversation, WS-SecurityPolicy and WS-Trust. Other contributions and changes to these input documents will be accepted for consideration without prejudice or restriction and evaluated based on technical merit.

"In order to meet the growing demands of secure Web service messaging, we need facilities beyond what is provided in the WS-Security OASIS Standard," Lawrence said.

With input from the entire community, the OASIS WS-SX Technical Committee will advance a set of modular specifications that standardize the concepts, WSDL documents, and XML Schema renderings for trusted brokering of SOAP message exchanges, shared security contexts, and security policies. WS-SecurityPolicy defines a general set of security policies that can be associated with a Web service. WS-Trust provides a description for managing, establishing and assessing trust relationships between parties exchanging information. WS-SecureConversation serves as a building block to create a secure context for organizations to exchange multiple messages without constantly reauthenticating.

"The WS-Security OASIS Standard describes how to use security tokens to obtain message integrity, confidentiality, and authentication of the message sender, but in order to use these mechanisms, tokens must be obtained and trust brokered. Furthermore, a mechanism is needed to describe security exchange patterns," noted Chris Kaler of Microsoft, proposed co-chair of the OASIS WS-SX Technical Committee. "WS-Trust and WS-SecurityPolicy include additional primitives to enable the obtaining of tokens and brokering of trust relationships as well as expressing supported security exchange patterns as policy expressions associated with SOAP endpoints."

By advancing the specifications within OASIS, WS-SX developers are able to work in close proximity to related projects also underway at the consortium, including the OASIS Web Services Reliable Exchange (WS-RX), Web Services Transaction (WS-TX), and Web Services Security Committees. Participants in the OASIS WS-SX Committee intend for their work to be readily composable with these other specifications.