Power trio pushes Web services security

Making good on earlier promises, IBM Corp., Microsoft Corp., and VeriSign Inc. on Thursday submitted their latest version of the Web Services Security spec to OASIS (Organization for the Advancement of Structured Information Standards) for ongoing development.

The WS-Security specification, seen by many as one of the key Web services standards, is the first such standard to support, integrate, and unify multiple security models, mechanisms, and technologies. It is intended to allow a range of different systems to interoperate in a platform and language-neutral manner, according to officials at the three companies.

Officials reiterated on Thursday they will continue to work together to move forward standards-based specifications that better enable Web services security technologies, as was stated in their “Security in a Web Services World” road map released in April.

The WS-Security specification fundamentally provides the foundation for that road map, defining a standard set of SOAP (Simple Object Access Protocol) extensions that can then be used to implement both integrity and confidentiality in Web services applications.

Besides IBM, Microsoft, and VeriSign, other companies throwing their support behind the proposed standard and ongoing development effort include Baltimore Technologies, BEA Systems, Cisco Systems, Documentum, Entrust, Intel, Iona, Netegrity, Novell, Oblix, OpenNetwork, RSA Security, SAP, Sun Microsystems, and Systinet.