Web Services Standards

Microsoft, IBM, BEA Systems, RSA Security, VeriSign and SAP published advance specifications designed to let companies share information securely between applications in their own systems, as well as with other enterprises, according to executives from the companies.

The specs are based on SOAP standards and fall into two categories: technical issues surrounding security and business policy implementation.

>> Microsoft, IBM, BEA, RSA, VeriSign and SAP team up to promote the new standards.

WS-Trust, WS-Secure-Conversation and WS-SecurityPolicy, co-authored by IBM, Microsoft, RSA and VeriSign, address security issues. WS-Trust is a description for managing, establishing and assessing trust relationships between parties exchanging information via Web services.

WS-SecureConversation describes a framework to establish security around multiple messages between organizations. And WS-SecurityPolicy outlines general security policies.

id
unit-1659132512259
type
Sponsored post

The second batch of specifications, WS-Policy, WS-PolicyAttachment and WS-PolicyAssertions, focus on implementing business policies for Web services. BEA, IBM, Microsoft and SAP co-authored these three specs.

WS-Policy describes how parties on both ends of a Web service can communicate system requirements and capabilities to each other, allowing senders and receivers of messages to discover the information they need to access a particular Web service. WS-PolicyAttachment proposes a standard way to attach the requirement and capability statements of message senders and receivers to Web services. WS-PolicyAssertions describes general policies attached to a particular Web service.

While the industry has widely accepted security assertion markup language (SAML) as a basic security protocol for Web services, higher-level standards have not been developed or approved yet, said Pragnesh Dave, enterprise architect at solution provider Genisys Consulting, Elk Grove Terrace, Ill.

Edward Cobb, BEA's vice president of architecture and standards and a co-author of the WS-Policy spec, said the creation of the new standards shows that vendors are committed to hastening Web services adoption.