IBM, VeriSign, Microsoft Team On Web Services Security Pact

IBM, Microsoft and VeriSign executives said the spec, which will be downloadable for public perusal and comment, could accelerate real-world adoption of Web services by easing customers' fears about security issues.

"In Web services there are two areas of concern: The first is interoperability, which we hope to alleviate with the WS-I group, and the second is security," said Bob Sutor, director of e-business standards strategy at IBM. There are scattered security efforts under way, but "no big-picture, comprehensive approach," he said.

The vendors hope to take feedback and submit the result to the appropriate standards body within months, but it was unclear which group that would be. IBM and Microsoft will also offer a proposed road map outlining more potential specifications for companies planning Web services.

"Companies are implementing Web services now but within their firewalls or with trusted partners. We need to go the next step, which is to enable Web services between companies and other parties without trusted relationships," said Marcie Verdin, director of enterprise marketing at VeriSign, Mountain View, Calif.

"We owe it to the industry to compete on implementation and get the pipeline plumbing done in a standard way," said Steven VanRoekel, director of Web services marketing at Microsoft.