Profiles for conveying the secure communication requirements of Web services

The lack of a single authority in the Grid environment is perhaps the biggest source of security and interoperability challenges faced by Grid systems designers. A strong commitment to meaningful, interoperable security is crucial for fostering Grid adoption and buy-in. The issues of securityinteroperability are twofold: (a) grids require federation of distinct trust and security domains, and (b) grid participants need to convey and discover their secure communication requirements. This paper presents two new OGF security profiles that address this latter issue. The Secure Communication Profile 1.0 is a refinement of the WS-SecurityPolicy specification. The goals of this profile are to impose more restrictive conformance requirements on the WS-Security mechanisms described by WS-SecurityPolicy assertions, to facilitate key distribution, and to profile normative “well-known” policy documents that identify commonly-used security mechanisms. The Secure Addressing Profile 1.0 refines the WS-Addressing specification in order to profile the inclusion of security policy within Endpoint References (EPRs). This approach of conveying security policy within EPRs is well-suited to the Grid paradigms of stateful Web service resources and factory patterns.