WS-I to clear path for Web services security
Published: 02 Apr 2003 09:06 BST
A standards body is hoping to remove one of the biggest hurdles standing in the way of greater Web services adoption.
The Web Services Interoperability Organization (WS-I) this week said that it has established a working group to sort through overlapping proposals aimed at adding security to Web services applications.
The announcement is the latest milestone in the WS-I's long-term plan for Web services security. Last month, the organisation said that it intends to publish guidelines to show software companies and their customers how to use Web services security tools to ensure interoperability across different products.
The WS-I was formed last year at the behest of companies including IBM and Microsoft. The group now has approximately 160 members, including about 20 companies that are not information technology suppliers.
Web services is both a programming method and a series of protocols for building applications that can easily exchange data and processes. Some businesses are already using Web services, along with existing security software, as a way to integrate computing systems.
But widespread adoption of Web services has been slowed due to disagreement over standards proposals and a lack of key security specifications, among other reasons. For instance, security software used by one company may not work with security tools implemented by another company. A standardised method for reliable security would drive broader usage of Web services, according to analysts.
For example, an agreed-upon method for Web services security would make it easier to validate the authenticity of business documents sent from one company to another.
The WS-I's security effort comes after a task force spent several months determining the scope of the security problem and the expected needs of businesses. The working group will deliver a security "profile," or a series of published guidelines on how to adhere to standards in order to guarantee interoperability.
One security specification expected to be under consideration by the WS-I is WS-Security, which is now being developed in the OASIS standards body.
The WS-I said that the security profile will be an extension to the WS-I's basic profile, which describes how to comply with low-level Web services communications specifications, including the Simple Object Access Protocol (SOAP) and Web services Description Language (WSDL).
Let the editors know what you think in the Mailroom.
Did you find this article useful?
42 out of 102 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
