Advertisement
Promo

Online business Toolkit

Web services security spec ready for deployment

Martin LaMonica CNET News

Published: 08 Apr 2004 10:05 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A much anticipated Web services specification has been approved as an industry standard, paving the way for broader usage of Web services protocols in mainstream business applications.

The Web Services Security, or WS-Security, technical committee within the Organisation for the Advancement of Structured Information Standards (OASIS) on Wednesday said several security-related technical specifications have been accepted by the group as standards. Now that the Web services security specifications are ratified, software and security companies can incorporate support for them into commercial products.

Web services protocols use XML to make it easier to share data between applications. The goal of the WS-Security specification is to improve interoperability between different security systems using these Extensible Markup Language-based protocols.

IBM and Microsoft originally authored a Web services security "road map" about two years ago. Then, in June 2002, the specification was submitted to OASIS for further development. Other security-related specifications aimed at better system interoperability are also under way at the World Wide Web Consortium and the Liberty Alliance.

Once business applications use WS-Security, Web applications should be able to share information regarding network access. For example, a system should be able to authenticate the identity of a person connecting to several networks at once or pass data between two applications securely.

The ability to share security information such as access privileges between applications will help promote Web services usage, particularly between trading partners that use the Internet to share corporate data, analysts said. Without reliable and interoperable security systems, businesses will be wary of fully moving their corporate applications to Web services standards, according to analysts.

WS-Security is expected to be used in a wide variety of products, including XML firewall products, Web services management software and network access security products.

One company involved in the development of WS-Security said ratification of the standard will help clarify which security standards have the most industry support from vendors.

"Many Web services security standards have emerged, creating confusion in the market. By relying on well-established and proven industry standards such as WS-Security and SAML (Security Assertion Markup Language), companies can securely expose Web services," Marc Chanliau, a product manager at Netegrity, said in a statement.

Another standards organisation, the Web Services Interoperability (WS-I) organisation, plans to publish guidelines on how to implement security standards to ensure interoperability later this year. WS-Security will be one of the standards that the WS-I will be incorporating into its security "profile," according to the WS-I.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
90 out of 224 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business


Company/Topic Alerts

Create a new alert from the list below:



Sentry Posts Blog

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Video icon

Video

Google Chrome

Roundup: Full coverage of Google Chrome

The search giant has launched a beta of its own open-source browser, sending a clear challenge to Microsoft in the way it lets users work with applications More

Blog: Google Chrome has Microsoft's code inside, says MS manager

And furthermore, he says, that's a good thing... More

Blog: Google Chrome — nine things we've found since launch

Google must be very happy with the coverage Chrome has gathered. But it's not all good news... More


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters