Analysts said that security remains an important barrier to customer adoption of Web services, a set of evolving standards for sharing information. Businesses are using Web services software to link disparate systems internally, but no single standard for security exists.
Security software company Netegrity and several partners have published Web services reference architecture guidelines to help companies make decisions about security and navigate through a wide range of Web services products. The guidelines spell out the capabilities of Web services products from different providers and how their respective products should interact. The document also defines system requirements and provides templates for using Web services applications.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
Netegrity executives said the guidelines are necessary because there is a lot of confusion over the security and management capabilities that these niche Web services products provide.
"People are picking up point products like an XML firewall and feel that solves the security. The danger is that down the road there will be isolated islands of implementation," said Prateek Mishra, director of technology and infrastructure at Netegrity.
Several specialized Web services providers have endorsed the Netegrity reference architecture for Web services security, including Web services management companies Forum Systems.and , as well as hardware providers such as and
Different products will share information using the WS-Security standard, which is still in development. For example, a company could ensure that an e-commerce Web site shares identity information from authorization software with a Web services management product, which guarantees certain performance thresholds.
In other Web services security news, the WS-Security standard has been "functionally frozen," meaning that it's ready for companies to test, Mishra said. In addition to his duties with Netegrity, Mishra is the co-chair of the Security Services Technical Committee at the Organization for the Advancement of Structured Information Standards (OASIS), the body responsible for the WS-Security standards. The standard will now be published for public comments and is expected to be completed within a few months, Mishra said.
OASIS also announced Monday that the Secure Assertion Markup Language (SAML) version 1.1 has been ratified. The SAML specification provides a data format that allows a person to enter name and password information to log onto several networks.