Vendors Issue 2003 Web Services Security Agenda
With the adoption of the WS-Security spec imminent, Microsoft, IBM and other WS-I members will push "up-the-stack" in 2003 to address two key web services security issues -- setting and managing security policies and communications between trusted partners. Take a look at the six new high-level security proposals on the table.
With the adoption of the core WS-Security spec imminent, IBM, Microsoft and other WS-I members (Web Services Interoperability Consortia) behind WS-Security have just before year's end laid out their most detailed plan to date for expanding web services security standards in 2003.
The proposals, which build on WS-Security, these "up-the-stack" proposals (also part of the WS-I security roadmap) address two key issues for web services security -- setting and managing security policies and inter-organizational (trusted partner) security issues.
The submitters, which include Microsoft, IBM, BEA Systems, RSA Security, Verisign and SAP, bring together leading software and security vendors from both the Java and .NET sectors.
The specifications fall into two key groups. The first helps address key technical concerns in the area of security:
The second group focuses on streamlining the implementation of business policies in a Web services environment:
Many analysts have said that a multi-vendor standards-based approach to more complex web services security will make the integration time substantially shorter for developers and IT managers. And, while the current vendor sponsor list does not include other notable firms (some with competing approaches), such as Oracle, Sun and Cisco, analysts have expressed optimism that all vendors will eventually sign off on the "WS-x" approach, through organizations such as OASIS and W3C -- as well as Sun's expected membership in the WS-I in January.