WS-Security Gains Sun Support, Open Source Pledge

Vendor warring over B2B web services security may be cooling down this summer. See where peace is breaking out, and if developers can count on it.

Tags: Web Services, Sun, Standards, IBM, Security, WS-I, Board Members,

The vendor warring over security for B2B web services may be cooling down a bit this summer as harmony over the standard seems to be breaking out on a number of fronts.

First, Sun Microsystems has agreed to drop its objection to the IBM/Microsoft/Verisign WS-Security plan, the proposal for allowing web services to be shared outside firewalls between partners. Sun made the decision to join them on the WS-Security web services specification, after getting assurances from them that they would not charge other companies to license any technology associated with that specification. This is based on a statement made by Bill Smith, director of Liberty Alliance technology for Sun.

And there's more good news for web security buffs. It now appears that future fighting over web services security may be kept to a minimum. Management of the standards effort will pass to OASIS. WS-Security supporters have agreed to donate source code to enable an open source(caps?) version of the spec to be implemented. OASIS (Organization for the Advancement of Structured Information Standards), is the non-profit group which operates and has also proposed ebXML as another B2B web services framework to enable sharing of data and application/business rules between business partners.

Bury All Hatchets?
But, despite progress on WS-Security, it appears that not all is well among IBM, Microsoft and Sun on the fate of all web services standards.

Last month, IBM announced it would shift its position and support Sun's becoming a full board member of the WS-I (Web Services Interoperability Organization). Sun has initially welcomed the endorsement by IBM that it would play a part as a "founding member" or at least a broad (board)?of director of WS-I.

But a Sun exec late this week conceded that there are still some major details to be worked out. Infoworld quotes John Bobowicz, chief technical strategist at Sun Microsystems's Sun One project as saying: "We want to be part of WS-I ,but we have not been invited properly yet." He reportedly made the comment to InfoWorld at a web services conference in Tokyo this week.

Despite IBM's support for Sun's joining WS-I, Bobowicz suggested there may still be too many conditions attached. "They [IBM] announced to the world that they will allow two more board members but then they announce that the board members they are going to add can only have term limits of two years. IBM and Microsoft won't have term limits, so quite frankly, I don't think we are interested in those kind of games," said Bobowicz.

Meanwhile, read more about what others say about the easing of tensions over WS-Security and the role of OASIS in bringing some quick progress to standards adoption at,1367,53540,00.html and Also, get the latest from OASIS and its security committee work.