Sun signs up to rivals' security standards
Published: 27 Jun 2002 15:52 BST
Microsoft, IBM and VeriSign have submitted a security specification for Web services to an industry standards body, a move that has won the backing of an unlikely supporter: Sun Microsystems.
WS-Security is a two-month-old technology that encrypts information and ensures that data passed between companies remains confidential. Its three creators -- Microsoft, IBM and VeriSign -- said on Thursday they have submitted the specification to a standards body called the Organization for the Advancement of Structured Information Standards (OASIS).
Sun had been devising its own rival Web services security specification, but the royalty-free licensing of WS-Security specifications allayed Sun's concerns, a source familiar with the negotiations said.
Sun will now focus all its development work on WS-Security and work with its rivals to improve the specification through the OASIS group, said Bill Smith, Sun's director of Liberty Alliance technology.
"They're taking WS-Security into a recognized, open industry organisation, and Web infrastructure on a royalty-free basis is an important thing as well," Smith said. "You should expect Sun to actively participate in this forum. We will bring whatever we have that can help fill out WS-Security. This is where (the security work) is being done."
Sun's support of WS-Security alleviates concerns about a possible standards war over Web services security. Proponents of Web services have feared that industry squabbling could derail the much-hyped movement. Every software maker has touted Web services as the future of software because such services allow companies to interact and conduct business via the Internet. But Web services won't work unless the entire tech industry coalesces around a single set of standards.
Analysts have said lack of security is the biggest obstacle to the adoption of Web services -- and that WS-Security took a big step in addressing the issue. Besides WS-Security, IBM, Microsoft and VeriSign plan to build five more security specifications in the next year and a half to provide additional security measures that businesses may need for Web services.
Although Smith declined comment on it, sources said Sun had been quietly working on its own security specification that was royalty free. Over the past several months, Sun executives had expressed concern that IBM and Microsoft might charge "tolls" to developers -- in the form of royalties on patents--for using two existing Web services specifications: the Simple Object Access Protocol (SOAP) and Web Services Description Language (WSDL). Neither Microsoft nor IBM has formally stated a desire to charge royalties on the standards, which are in part based on patents held by them.
Despite the accord on security specs, continued political battling among Sun and IBM and Microsoft could still sidetrack an industry consortium's efforts to promote Web services. Such efforts focus on ensuring that software from many technology makers is compatible.
The organisation, called the Web Services Interoperability (WS-I) Organization, is working on a proposal to pave the way for Sun to join on equal footing with WS-I founding board members Microsoft and IBM. The group is considering a proposal that would allow Sun to be elected as a founding board member. But to be considered for a founding board member spot, Sun has to first join the organisation, which now has more than 100 companies supporting its efforts, WS-I organisers say. Sun has thus far refused to join unless it's offered a position as founding board member.
And there is still some duplication of efforts between rival camps. Sun on Wednesday released a Web services specification that mimics previous ones created by Microsoft and IBM. Sun released the Web Services Choreography Interface (WSCI), which describes how multiple Web services can work together within and between businesses. Microsoft and IBM have previously built competing languages called Xlang and Web Services Flow Language (WSFL), respectively.
Nevertheless, Smith said Sun's support of WS-Security could mean an era of goodwill between the rival companies.
"I'm hoping it's a harbinger of good things to come," Smith said. "We've made no secret of our views on the need to do things on an open and royalty-free basis. We will continue to advocate that and are very happy to be able to work cooperatively with these other folks. I'm hopeful we can do more. Time will tell."
Representatives of Microsoft and IBM were unavailable for comment.
As for WS-Security, other companies such as Baltimore Technologies, BEA Systems, Cisco Systems, Documentum, Entrust, Intel, IONA, Netegrity, Novell, Oblix, OpenNetwork, RSA Security, SAP, and Systinet say they will also support the security specification and will work within the OASIS group to further improve the technology.
OASIS, which has strong ties with businesses in different industries, has developed many e-business standards, including Security Assertion Markup Language (SAML), a security and authentication specification that could complement WS-Security. OASIS and a United Nations organisation last year co-developed Electronic Business XML, or ebXML, which allows companies in many industries to communicate over the Web.
News.com's Stephen Shankland contributed to this report.
For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
33 out of 76 people found this useful
- Share this article:
