The Web Services Security, or WS-Security, technical committee within the Organization for the Advancement of Structured Information Standards (OASIS) on Wednesday said several security-related technical specifications have been accepted by the group as standards. Now that the Web services security specifications are ratified, software and security companies can incorporate support for them into commercial products.
Web services protocols use XML to make it easier to share data between applications. The goal of the WS-Security specification is to improve interoperability between different security systems using these Extensible Markup Language-based protocols.
IBM and Microsoft originally authored a Web services security "road map" about two years ago. Then, in June 2002, the specification was submitted to OASIS for further development. Other security-related specifications aimed at better system interoperability are also under way at the World Wide Web Consortium and the Liberty Alliance.
Once business applications use WS-Security, Web applications should be able to share information regarding network access. For example, a system should be able to authenticate the identity of a person connecting to several networks at once or pass data between two applications securely.
The ability to share security information such as access privileges between applications will help promote Web services usage, particularly between trading partners that use the Internet to share corporate data, analysts said. Without reliable and interoperable security systems, businesses will be wary of fully moving their corporate applications to Web services standards, according to analysts.
WS-Security is expected to be used in a wide variety of products, including XML firewall products, Web services management software and network access security products.
One company involved in the development of WS-Security said ratification of the standard will help clarify which security standards have the most industry support from vendors.
"Many Web services security standards have emerged, creating confusion in the market. By relying on well-established and proven industry standards such as WS-Security and SAML (Security Assertion Markup Language), companies can securely expose Web services," Marc Chanliau, a product manager at Netegrity, said in a statement.
Another standards organisation, the Web Services Interoperability (WS-I) organisation, plans to publish guidelines on how to implement security standards to ensure interoperability later this year. WS-Security will be one of the standards the WS-I will be incorporating into its security "profile," according to the WS-I.
