Vendors Prep Tweaks, Addendum To WS-Security Spec

Microsoft IBM VeriSign

The addendum will include details on handling certificates and time stamps in requests for services, said Kelvin Lawrence, an IBM distinguished engineer and co-chair of the organization for the advancement of structured information standards (OASIS) Web Services Security Technical Committee.

"There will be a better, more specific description of how you look up keys in a directory," said Chris Kaler, a Microsoft architect and also co-chair of the committee.

The first take on the specification, first formulated and submitted by IBM, Microsoft and VeriSign last spring, was fairly broad.

"The original paper we wanted to be very focused on things we were all in agreement on. We wanted to be as uncontroversial as possible to avoid any rat holes," said Phillip Hallam-Baker, chief scientist at VeriSign. "The addendum will add meat--consensus on things like time stamps, how certificates are handled."

id

unit-1659132512259

type

Sponsored post

The addendum will be published and submitted to the full working body, comprising some 56 companies.

WS-Security is just one of a handful of specifications under way covering encryption, signatures and the handling of non-XML attachments.

But security is the most critical issue in the Web world. "Without true security, everything's DOA," Hallam-Baker said. "Web services have to be like e-mail in that everyone can talk to everyone, but it has to be secure."

Microsoft, IBM and VeriSign were out in force this week at the XML Web Services One show here. Microsoft and IBM execs demonstrated how a Web brokerage application can work even when an IBM WebSphere application server is swapped out for a Microsoft .Net implementation.

Java-based WebSphere and .Net "are fundamentally different systems depending on two different styles of programming, and yet a generic front end can talk to both," said Bob Sutor, director of e-Business Standards Strategy at IBM.

It is unclear how many actual customers are implementing such services, although the vendors all maintain that companies are taking a serious look at Web services in hopes that the computing model will save them money.

"Web services is technology we can wrap around legacy systems. Legacy systems are legacy systems because they work," Hallam-Baker said.

Interoperability while building services could represent a golden opportunity for VARs and integrators, he said.

"There are huge opportunities--huge margins here with companies moving their supply chain integration to this model," Hallam-Baker said. "Enterprises will look to place orders for everything from office supplies to bulk chemicals on the Web. . . . I foresee a day when there will be Web services transaction appliances plugging into these companies, just as there are now e-mail appliances."