New Web services standards proposed

Microsoft Corp., IBM Corp. and VeriSign Inc. on April 12 announced a joint effort to craft new standards for addressing security concerns that many corporate users have raised about Web services.

Web services aim to help companies link their applications to the often disparate systems of their partners and customers through XML-based messages sent via the Simple Object Access Protocol (SOAP). But few companies have been rushing to build Web services, and one of their oft-cited concerns has been the lack of a solid security model.

Officials from Microsoft, IBM and Mountain View, Calif.-based VeriSign said they hope the new specification they have co-authored, called WS-Security, will serve as a starting point for tackling the problem. WS-Security, in part, calls for support of World Wide Web Consortium standards for XML message encryption and digital signatures. The specification also serves as the foundation for a broader road map of additional security standards that the vendors plan to work on with other industry participants.

“You have to start somewhere,” said Bob Sutor, IBM’s director for e-business standards strategy. “This is our intellectual contribution to get this started.”

John Meyer, an analyst at Cambridge, Mass.-based Giga Information Group Inc., said the move represents a logical step for Microsoft, IBM and VeriSign. But he noted that some security issues the group may address potentially could put them in conflict with security efforts from rival vendors, such as Sun Microsystems Inc.

“People are going to have to look at how flexible and open the [WS-Security] specification is,” Meyer said.

The road map published by IBM and Microsoft defines additional standards they intend to pursue and turn over to appropriate standards bodies at a later date. Those include: WS-Policy, for defining capabilities and constraints in security policies; WS-Trust, for establishing direct and brokered relationships; WS-Privacy, for implementing privacy practices; WS-Secure Conversation, for managing and authenticating message exchanges; WS-Federation, for managing and brokering trust relationships in heterogeneous environments that use different security models; and WS-Authorization, for defining how Web services manage authorization data and policies.

Steven VanRoekel, director of Web services marketing at Microsoft, said he expects those additional specifications will be completed within 12 to 18 months. IBM’s Sutor asserted that the group will be “inclusive,” and he said he welcomes the input of other industry players.

The WS-Security effort marks a continuation of work between IBM and Microsoft to develop Web services standards, such as SOAP and Universal Description, Discovery and Integration (UDDI). They’re also spearheading a WS-Interoperability group that promotes Web services interoperability across platforms, operating systems and programming languages.

Their WS-Security effort has taken the same name as an initiative announced last year by Microsoft. But VanRoekel said the new joint effort is more comprehensive than Microsoft’s past attempt to push forward security standards.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now