W3C home > Mailing lists > Public > www-ws-arch@w3.org > February 2004

Annotated List of Web Services Specs

From: Paul Denning <pauld@mitre.org>
Date: Mon, 02 Feb 2004 17:45:52 -0500
Message-Id: <>
To: www-ws-arch@w3.org

Below is essentially the same list as sent previously by Roger Cutler,

(At least one broken link has been corrected)

The WSAWG has referred to other similar lists, which may be updated and 
maintained in the future (after the close of WSAWG):

   (RSS Feed) http://www.dehora.net/rss/wsasf-rss10.xml


Paul Denning

The following annotated list of specs related to Web services was 
originally compiled by Roger Cutler.  Paul Denning subsequently added 
significantly to the references and organization of the list.  The 
annotations are one person's opinions of what is going on, and do not 
reflect a consensus of the Working Group, the W3C or anybody's 
employer.  As will be apparent, some of the annotations reflect the 
limitations of what I happen to know about.

SOAP - Basic messaging spec for Web services. SOAP 1.1 has been very widely 
implemented and is part of the WS-I Basic Profile Version 1.0. SOAP 1.2 
went to Recommendation status in June, 2003. It does not seem likely that 
SOAP 1.2 will be particularly controversial and major vendors will probably 
implement it quickly now that it is a recommendation.

         Web Services Interoperability Organization, Basic Profile Version 
1.0a, Final Specification, 2003-08-08, 
         W3C NOTE, SOAP: Simple Object Access Protocol 1.1, 08 May 2000, 
         W3C, SOAP Version 1.2 Part 1: Messaging Framework, W3C 
Recommendation, 24 June 2003, 
         W3C, SOAP Version 1.2 Part 2: Adjuncts, W3C Recommendation, 24 
June 2003, http://www.w3.org/TR/2003/REC-soap12-part2-20030624/

EbMS - EbXML Messaging - transport, routing and packaging of business 
transactions. Part of the larger ebXML structure, this spec leverages SOAP 
1.1 but adds a number of business-critical capabilities such as security 
(roughly at the level of WS-Security, I think) and reliability. EbMS 1.0 
was part of the original ebXML package, ebMS 2.0 is a significant 
improvement, currently in "final draft" in OASIS (I think). In practice it 
appears that much of the industry uptake of ebXML has been essentially ebMS 
as opposed to the higher level portions of the ebXML package.

         OASIS, Message Service Specification, Version 2.0, OASIS ebXML 
Messaging Services Technical Committee, 1 April 2002, 

WSDL - Basic Web services description spec. WSDL 1.1 has been very widely 
implemented and is part of the WS-I Basic Profile Version 1.0. WSDL 1.2 is 
being developed in the W3C and is in a "middle" stage of the process. There 
does not seem to be any particular competition to WSDL 1.2 in other 
standards organizations and major vendors will probably implement it 
quickly once it becomes a recommendation (which will take a while).

         W3C, Web Services Description Language (WSDL) 1.1, W3C Node, 15 
March 2001, http://www.w3.org/TR/2001/NOTE-wsdl-20010315
         W3C, Web Services Description Language (WSDL) Version 1.2 Part 1: 
Core Language, W3C Working Draft, 11 June 2003, 
         W3C, Web Services Description Language (WSDL) Version 1.2 Part 2: 
Message Patterns, W3C Working Draft, 11 June 2003, 
         W3C, Web Services Description Language (WSDL) Version 1.2 Part 3: 
Bindings, W3C Working Draft, 11 June 2003, 

EbCPPA - EbXML Collaboration Protocol Profile and Agreement - The 
Collaboration Protocol Profiles (CPPs) and Agreements (CPAs) which define a 
business partner's technical capabilities to engage in electronic business 
collaborations with other partners, and the technical agreement between two 
or more partners to engage in electronic business collaboration. Version 
1.0 was part of the original ebXML package, version 2 has significant 
upgrades and was ratified Dec, 2002. Although the CPP/CPA framework seems 
very business oriented, I do not know of many (or any, to be honest) 
examples of it being used in production.

         OASIS, Collaboration-Protocol Profile and Agreement Specification, 
Version 2.0, OASIS ebXML Collaboration Protocol Profile and Agreement 
Technical Committee, 23 September 2002 

UDDI (Universal Description, Discovery, and Integration)- Web services 
registry. Version 2 adopted 4/2003 has been implemented by a number of 
vendors. Version 3, under development, includes new features like 
subscriptions/notification, support for digital signatures, keys assigned 
by publishers rather than registry providers (which may facilitate the 
development of federation), better support for copying of registry entries 
between non-replicated registries. UDDI v3 specifies Schema Centric 
Canonocalization when using digital signatures.  Implementation of UDDI on 
the internet has stalled but there is widespread interest in using UDDI in 
corporate intranets.

         OASIS, Universal Description, Discovery and Integration (UDDI) 
Version 3.0 Published Specification, 19 July 2002, 
         OASIS, Universal Description, Discovery and Integration (UDDI) 
V2.0, 19 July 2002, 

         OASIS, Schema Centric XML Canonicalization, Version 1.0, 10 July 
2002, http://uddi.org/pubs/SchemaCentricCanonicalization-20020710.htm

ebXML Registry Services - - ebeXML registry, provides function along lines 
similar to UDDI. Version 2 adopted 12/2001. See also the ebXML Registry 
Information Model

         OASIS, OASIS/ebXML Registry Information Model v2.0, Approved OASIS 
Standard, OASIS/ebXML Registry Technical Committee, April 2002, 
         OASIS, OASIS/ebXML Registry Services Specification v2.0, Approved 
OASIS Standard, OASIS/ebXML Registry Technical Committee, April 2002, 

AS2 - Probably best viewed as an alternative to Web services, AS2 is a 
draft spec from the IETF. It has not made it completely through the IETF 
process, but it appears to be relatively stable nonetheless. It provides 
basic but non-extensible security and reliability features for a payload 
that may be a binary file (typically an old fashioned EDI file) or XML. AS2 
seems to be appropriate for simple transactions, particularly those that 
can be performed synchronously, but may not lend itself to more elaborate 
scenarios. WalMart has provided a huge boost to AS2 implementation by 
requiring in order to do EDI business with them. See, for example, 
discussions in product offerings from Isoft and Sterling Commerce.

XML Signature - Digital signature for an XML document, providing proof of 
data integrity, message and user authentication. Used by WS-Security and 
ebXML security. This is a mature, widely used spec.

         W3C, XML-Signature Syntax and Processing - W3C Recommendation, 12 
February 2002, http://www.w3.org/TR/xmldsig-core/

XML Encryption - Digital encryption of documents or portions of documents. 
Recently (12/2002) finalized, not yet widely used but presumably it will be.

         W3C, XML Encryption Syntax and Processing - W3C Recommendation, 10 
December 2002, http://www.w3.org/TR/2002/PR-xmlenc-core-20021003/

XKMS - XML Key Management - Protocols for distributing and managing public 
keys, intended for use with XML Signature and Encryption. Work in progress. 
Based on XKMS proposal http://www.w3.org/TR/xkms/

         W3C, XML Key Management Specification (XKMS) - W3C Note, 30 March 
2001, http://www.w3.org/TR/xkms/

WS-CHOR - Web Services Choreography WSCI, from Sun and others (not MS/IBM), 
was a major submission but the working group has received other submissions 
and has moved significantly beyond WSCI. Describes the flow of messages 
exchanged by a Web Service participating in choreographed interactions with 
other services. Considerable overlap with BPEL, but more declarative and 
oriented toward message sequencing rather than process description. WS-CHOR 
is intended to be a language that allows machines to figure out how to use 
Web services, BPEL focuses on how to control Web services.  (See also 

         W3C NOTE, Web Service Choreography Interface (WSCI) 1.0, 8 August 
2002, http://www.w3.org/TR/2002/NOTE-wsci-20020808
         *** W3C NOTE, Web Services Conversation Language (WSCL) 1.0, 14 
March 2002, http://www.w3.org/TR/2002/NOTE-wscl10-20020314/

BPEL - Web Services Business Process Execution Language business process 
execution language which form the necessary technical foundation for 
multiple usage patterns including both the process interface descriptions 
required for business protocols and executable process models. Based on 
BPEL4WS submission from Microsoft, IBM and BEA. WSFL (IBM) and XLANG 
(Microsoft) were earlier efforts. Considerable overlap with Web Services 
Choreography, but more process oriented. See above.

         BEA/IBM/Microsoft, Business Process Execution Language for Web 
Services, Version 1.0, 31 July 2002, 
         BEA/IBM/Microsoft/SAP/Siebel, Business Process Execution Language 
for Web Services, Version 1.1, 5 May 2003,

         ***IBM, Web Services Flow Language (WSFL 1.0), May 2001, 
         ***Microsoft, XLANG, 2001, 

ebBPSS - ebXML Business Process - Representation and model compatible with 
an underlying generic metamodel for business processes, activities, and 
collaboration. This is the ebXML version of choreography, and I think it is 
simpler than either WS-CHOR or BPEL. Version 1.001 was part of the original 
ebXML package, and I think that an OASIS TC is just now in the process of 
starting up to work on enhancements. I am not aware of any significant 
applications of ebBPSS.

         OASIS-UN/CEFACT, ebXML Business Process Specification Schema 
(BPSS), Version 1.01, 11 May 2001, http://www.ebxml.org/specs/ebBPSS.pdf

WS-Security  Construct secure SOAP message exchanges, including provision 
for multiple security tokens for authorization and authentication, multiple 
trust domains, multiple encryption technologies and end-to-end 
message-level security (not just transport-level security). Out of scope: 
multiple message exchanges, key exchange, establishing and maintaining 
trust. WS-Security defines two core capabilities: 1- how to use 
XML-Signature and XML-Encryption with SOAP messaging. It specifies how to 
pass signatures and key information in a SOAP header. 2- how to pass 
security tokens with a SOAP message. WS-Security supports a variety of 
security tokens (each defined by its own binding specification), such as 
userid/password, X.509 certificates, Kerberos tickets, and SAML tokens. The 
WS-Security TC is just starting in OASIS, but major vendors (MS, IBM) have 
already implemented the submitted spec.

         IBM/Microsoft/VeriSign, "Web Services Security (WS-Security)", 5 
April 2002, http://msdn.microsoft.com/ws/2002/04/Security/
         IBM/Microsoft/VeriSign, "Web Services Security Addendum", Version 
1.0, 18 August 2002, http://msdn.microsoft.com/ws/2002/07/Security/
         OASIS, Web Services Security, 

SAML  Security Assertion Markup Language. Exchanging authorization and 
authentication information. Version 1.0 finalized 11/2002. SAML defines 
three core capabilities: 1- how to represent security tokens in XML. These 
tokens are called assertions, and SAML defines three types of assertions -- 
authentication, authorization, and attributes. (attributes provide 
qualifying information that constrain the other assertions -- such as 
spending limits or timing constraints). An assertion is made by some type 
of trust authority. 2- a process model for obtaining security tokens from a 
trust authority. This includes a set of protocols for accessing a trust 
authority. SAML defines two types of trust authorities: Policy Decision 
Points (PDPs) and Policy Enforcement Points (PEPs). SAML has defined 
bindings for multiple protocols, including SOAP/WSDL. 3- a set of protocol 
bindings for conveying SAML tokens. SAML 1.1 defines how to pass SAML 
tokens for browser applications. It does not define bindings for how to 
pass SAML tokens in SOAP messages -- that is left to WS-Security. It 
appears that this spec may be getting some real traction in terms of 
practical implementations. See, for example, this auto industry implementation.

         OASIS, Security Assertion Markup Language (SAML) v1.1, OASIS 
Standard, 2 September 2003, 
         OASIS, Security Assertion Markup Language (SAML), v1.0, OASIS 
Standard, 5 Nov 2002, http://www.oasis-open.org/committees/download.php/2290/

*** Trust  -
         *** IBM/Microsoft/VeriSign/RSA Security, Web Services Trust 
Language (WS-Trust), Version 1.0, 18 December 2002, 

Reliable Messaging: A protocol that allows messages to be delivered 
reliably between distributed applications in the presence of software 
component, system, or network failures by implementing an acknowledgement 
infrastructure. There are two major specs that differ in some technical 
respects but which by and large implement the same type of functionality:
- Web Services Reliability - OASIS TC. Based on WS-Reliability submission 
from Oracle, Sun and others.
         Fujitsu/Hitachi/Oracle/Sonic/Sun, Web Services Reliability 
(WS-Reliability) Ver1.0, 8 Jan 2003, http://www.sonicsoftware.com/wsreliability

- WS-ReliableMessaging from BEA Systems, Microsoft, IBM, Tibco. Not 
currently submitted to any standards body but being implemented 
nevertheless by several technology vendors.
         BEA/IBM/Microsoft/TIBCO Software, "Web Services Reliable Messaging 
Protocol (WS-ReliableMessaging)", 13 March 2003, 

XACML  XML Access Control Markup Language  Fine-grained access control to 
XML documents, including by element, sub-tree, temporal, data dependent and 
so on. Here is a brief introduction to XACML. XACL from IBM, was one of the 
major submissions for this spec but there were a number of others and XACML 
differs substantially from XACL. Spec finalized 2/2003.

         OASIS, eXtensible Access Control Markup Language (XACML) Version 
1.0, OASIS Standard, 18 February 

WS-Transaction Framework - WS-Transaction and WS-Coordination were 
originally released by IBM, Microsoft and BEA along with BPEL4WS. These 
specifications have recently been updated and revised. The latest set of 
specifications for the WS Transaction Framework, published by the same 
authors, include an updated WS-Coordination spec, WS-AtomicTransaction 
which replaces part 1 of WS-Transaction, and WS-BusinessActivity (still to 
be published) which replaces part 2 of WS-Transaction. WS-Coordination 
defines the protocols for creating activities, registering in activities, 
and transmitting information to disseminate an activity. 
WS-AtomicTransaction defines the Atomic Transaction coordination type, 
which is appropriate to use when building applications that require a 
consistent agreement on the outcome of a short-lived distributed activity, 
where strong isolation is required until the transaction completes. 
WS-BusinessActivity defines the Business Activity coordination type, which 
is appropriate to use when building applications that require a consistent 
agreement on the coordination of a distributed activity, where strong 
isolation is not feasible, and application-specific compensating actions 
are used to coordinate the activity. It appears to me that the 
WS-Transaction Framework and the Web Services Composite Application 
Framework (described below) are playing in more or less the same space and 
are not obviously compatible. That is, that they are in competition.

         BEA/IBM/Microsoft, Web Services Coordination (WSCoordination), 
September 2003, 
         BEA/IBM/Microsoft, Web Services Transaction (WS-Transaction), 
August 2002, http://msdn.microsoft.com/ws/2002/08/wstx/

         BEA/IBM/Microsoft, Web Services Atomic Transaction 
(WSAtomicTransaction), September 2003, 

Web Services Composite Application Framework (WS-CAF) - WS-CAF defines a 
generic framework for applications that contain multiple services used in 
combination (composite applications). It specifies interoperable mechanisms 
to set the boundaries of an activity (such as start/end, or 
success/failure), to create, access and manage context information, and to 
inform participants of changes to an activity. And it supports a range of 
transaction models, including simple activity scoping, single and two phase 
commit ACID transactions, and recoverable long running activities. The 
WS-CAF suite includes three specs published by Arjuna, Fujitsu, IONA, 
Oracle and Sun: Web Service Context (WS-CTX ) a lightweight framework for 
simple context management, Web Service Coordination Framework (WS-CF) a 
sharable mechanism that manages context augmentation and lifecycle, and Web 
Services Transaction Management (WS-TXM) which comprises three distinct, 
interoperable transaction protocols that can be used across multiple 
transaction managers.

Here is the general OASIS reference:


And for the individual specs:

The primer 

WS-Context http://www.oasis-open.org/committees/download.php/4344/WSCTX.pdf

WS-CF http://www.oasis-open.org/committees/download.php/4345/WSCF.pdf

WS-TXM http://www.oasis-open.org/committees/download.php/4346/WSTXM.pdf

WS-Policy is a grammar for specifying Web services policy assertions such 
as authentication schemes, transport protocol selection, privacy policy, 
QoS characteristics. Another Microsoft, IBM, BEA spec, not submitted yet to 
any standards body.

         IBM/Microsoft/BEA/SAP, Web Services Policy Assertions Language 
(WS-PolicyAssertions), 18 December 2002, 
         IBM/Microsoft/BEA/SAP, Web Services Policy Attachment 
(WS-PolicyAttachment), 18 December 2002, 
         IBM/Microsoft/BEA/SAP, Web Services Policy Framework (WS-Policy), 
18 December 2002, http://msdn.microsoft.com/ws/2002/12/Policy/

WS-Addressing - provides transport-neutral addressing for Web services that 
work through firewalls, gateways, etc. Another spec from MS/IBM/BEA, it 
apparently replaces WS-Routing. I don't think it has been submitted to any 
standards body.

         BEA/IBM/Microsoft, Web Services Addressing (WS-Addressing), 13 
March 2003, http://msdn.microsoft.com/ws/2003/03/ws-addressing/

WS-Federation - A spec for standardizing the way companies share user and 
machine identities among disparate authentication and authorization systems 
spread across corporate boundaries. Developed by IBM/MS/BEA/RSA, I think it 
is at least partly in competition with the ID-WSF from the Liberty 
Alliance, discussed below..

         Web Services Federation Language (WS-Federation), Version 1.0, 
July 8, 2003, http://www.ibm.com/developerworks/library/ws-fed/
         WS-Federation: Active Requestor Profile, 08 July 2003, 

SPML - Service Provisioning Markup Language 
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=provision - 
framework for exchanging information between provisioning service 
points.  Provisioning refers to what happens, for example, when a new 
employee shows up and changes are required in corporate LDAP, HR database 
and so on.  This spec does not seem particularly controversial, but there 
also doesn’t seem to be a whole lot of interest in it, although it has 
apparently been implemented in the catalyst industry.

ID-FF - IDentity Federation Framework, from the Liberty Alliance. Defines 
an architecture for providing federated network identity that enables 
single signon functionality for a user to multiple service providers. 
Liberty is a major consortium that does not include MS or IBM, and the 
products are more or less in competition with varioius WS-* specs. I think 
that ID-FF is more or less along the same lines as WS-Policy. Submitted to 

ID-WSF - IDentity Web Services Framework - Another spec from the Liberty 
Alliance, it builds on ID-FF and provides a framework for identity based 
web services in a federated network identity environment. I believe that 
ID-WSF is pretty much in the same space, and incompatible with, 
WS-Federation. Detailed comparison is beyond the scope of this document, 
but it appears that both have a number of components for which there is no 
comparable function in the other, with Liberty possibly being the more 
fully developed. In addition, they have made different technology choices 
for similar functions (e.g. ID-WSF Discovery Services vs UDDI for 

WSRP - Web Services for Remote Portlets - Intended to provide "plug-n-play" 
for portals and other apps that aggregate content. Recently adopted as an 
OASIS standard, the players in the interop testing include BEA, IBM and 
Oracle. Microsoft, Sun and many others participated in the TC. This spec 
seems to have wide industry participation, but I have no idea how soon to 
expect implementation.

         OASIS, Web Services for Remote Portlets Specification, OASIS 
Standard, August 2003, 

*** BEA Building Blocks
The following specs, developed by BEA, are available with clear Royalty 
Free (RF) terms.

         BEA, SOAP Conversation Protocol (SOAP Conversation) 1.0, 13 Jun 
2002, http://dev2dev.bea.com/technologies/webservices/SOAPConversation.jsp
         BEA, WS-CallBack Protocol (WS-CallBack), 26 Feb 2003, 
         BEA, Web Service Acknowledgement Protocol (WS-Acknowledgement), 26 
Feb 2003, 
         BEA, Web Services Message Data (WS-MessageData), 26 Feb 2003, 

*** Semantic Web
DARPA, DAML-S (and OWL-S) 0.9 Draft Release, 2003-05, 
W3C, OWL Web Ontology Language Guide, W3C Candidate Recommendation 18 
August 2003, http://www.w3.org/TR/2003/CR-owl-guide-20030818/
W3C, OWL Web Ontology Language Overview, W3C Candidate Recommendation, 18 
August 2003, http://www.w3.org/TR/2003/CR-owl-features-20030818/
W3C, OWL Web Ontology Language Reference, W3C Candidate Recommendation 18 
August 2003, http://www.w3.org/TR/2003/CR-owl-ref-20030818/
W3C, OWL Web Ontology Language Semantics and Abstract Syntax, W3C Candidate 
Recommendation 18 August 2003, 
W3C, OWL Web Ontology Language Test Cases, W3C Candidate Recommendation, 18 
August 2003, http://www.w3.org/TR/2003/CR-owl-test-20030818/
W3C, OWL Web Ontology Language Use Cases and Requirements, W3C Candidate 
Recommendation 18 August 2003, 
ISO/IEC, Information Technology - Document Description and Processing 
Languages, The XML Topic Maps (XTM) Syntax 1.1, JTC 1/SC34 N0398, 
2003-04-03, http://www.isotopicmaps.org/sam/sam-xtm/

*** SOAP Attachments
AT&T/BEA/Canon/Microsoft/SAP/ , SOAP Messages with Attachments, 1 Apr 2003, 
W3C, SOAP Message Transmission Optimization Mechanism, W3C Working Draft, 
21 July 2003, http://www.w3.org/TR/2003/WD-soap12-mtom-20030721
IBM/Microsoft, WS-Attachments, 17 June 2002, 
W3C NOTE, SOAP Messages with Attachments, 11 Dec 2000, 
W3C NOTE, SOAP Version 1.2 Message Normalization, 8 October 2003, 

*** SOAP Bindings

IETF, Using the Simple Object Access Protocol (SOAP) in Blocks Extensible 
Exchange Protocol (BEEP), RFC 3288, http://www.rfc-editor.org/rfc/rfc3288.txt

*** Secure Conversations
IBM/Microsoft/VeriSign/RSA Security, Web Services Secure Conversation 
Language (WS-SecureConversation), Version 1.0, 18 December 2002, 

IBM/Microsoft/VeriSign/RSA Security, Web Services Security Policy Language 
(WS-SecurityPolicy), Version 1.0, 18 December 2002, 

Received on Monday, 2 February 2004 17:46:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:05:58 UTC