The Basic Security Profile is an interoperability profile that addresses transport security, SOAP messaging security and other security considerations for the Basic Profile 1.0, as well as the Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0, currently available for public review as Working Group Drafts. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the OASIS Web Services Security 1.0 specification, and provide clarifications and guidance designed to promote interoperability of those specifications.

The Basic Security Profile focuses on the interoperability characteristics of two main technologies: HTTP over TLS and Web Services Security: SOAP Message Security. HTTP over TLS is a point-to-point technology that protects the confidentiality of all information that flows over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP messages and applies even when a message passes through several intermediary waypoints, allowing differing levels of protection for selected portions of a message. The Basic Security Profile describes a way to apply SOAP Message Security to attachments.

The Basic Security Profile also incorporates Web Services Security: Username Token Profile and Web Services Security: X.509 Certificate Token Profile. The Basic Security Profile Working Group is planning to incorporate the Web Services Security: Kerberos Token Profile into the Basic Security Profile upon completion of the technical work by the OASIS Web Services Security Technical Committee. WS-I is considering incorporating other token profiles such as the Web Services Security: SAML Token Profile and Web Services Security: XRML Token Profile into the Basic Security Profile.

• Cloud Networking: IETF Forms LISP Working Group