Profiles for conveying the secure communication requirements of Web services

A fundamental theme of the services‐oriented Grid paradigm is the collaboration of participants from different administrative and security domains. As such, constructing meaningful, interoperable security that brokers interorganizational trust as well as token syntax and semantics is crucial for fostering Grid adoption and buy‐in. This is a lofty goal that must be tackled together by standards communities, middleware and platform software architects, and domain administrators. A crucial first step toward realizing this goal is the ability to normatively describe the secure communication requirements that affect message format. As such, we present two new OGF security profiles that provide guidance for the expression and conveyance of secure communication requirements. The Secure Communication Profile 1.0 is a refinement of the WS‐SecurityPolicy specification. The goals of this profile are to impose more restrictive conformance requirements on the WS‐Security mechanisms described by WS‐SecurityPolicy assertions, to facilitate key distribution and policy timestamping, and to profile normative ‘well‐known’ policy documents that identify commonly used security mechanisms. The Secure Addressing Profile 1.0 refines the WS‐Addressing specification in order to profile the inclusion of security policy within endpoint references (EPRs). This approach of conveying security policy within EPRs is well suited to the Grid paradigms of stateful Web service resources and factory patterns. Copyright © 2009 John Wiley & Sons, Ltd.