While Web services has been hailed as the next best thing since sliced bread, the reality is without security standards that allow companies to automatically share and authenticate each other’s security tokens, access privacy policies and resolve trust issues, the promise of Web services as a firewall-crossing business tool will remain elusive at best.
The good news is the first steps along this road have already been taken with the almost-ready-to-be-ratified WS Security standard proposed last year by Microsoft (MS), IBM and VeriSign. WS Security is currently in the hands of OASIS, an e-business standards board, and on its way toward ratification (exactly when, though, is still very much an open question, it seems).
In fact, software companies such as BEA and Microsoft and others, are so confident OASIS will ratify WS Security in its current form, the proposed standard has already been incorporated into new versions of the companies’ software, said Mark O’Neill, CTO at Dublin-based Vordel, an xml security and management firm.
Even so, WS Security is just the first in a series of standards (often referred to as the WS ‘road map’) such as WS Policy, WS Trust, WS Federation, which are intended to make the use of Web services (WS) and Service Orientated Architectures as ubiquitous as e-mail and Web browser access are today. But don’t throw out your vendor contact lists and hard-wired networks just yet, said O’Neill, this may take a while.
“WS Security is pretty close (to ratification), maybe three or four months,” he said. “There hasn’t been a lot of changes to it. But further up the stack, WS Policy, WS Trust and so forth, those haven’t yet been submitted to a standards body, so those are obviously going to take quite a while. So, you’re talking in terms of years for all of them to take shape.”
What WS Security does, and why it is such an important first step, is it allow companies doing business with WS to encrypt selected parts of a transaction and automatically share security token information (regardless of platform or protocol), as opposed to the more commonly used SSL, which is simply a way to encrypt an entire channel of communication, said James Phillips, senior vice president of Products and Marketing at Web services vendor, Actional. By allowing selected, messaged-based encryption, WS Security facilitates data sharing while giving senders the peace of mind of knowing sensitive information is only viewed by those they authorize.
Without WS Security and its affiliated standards, some of which have yet to be submitted to OASIS — a sore point with competitors of MS and IBM — WS will remain behind the firewall and used primarily the way it is being used today, as an integration tool, said Jason Bloomberg, senior analyst at ZapThink, a New York-based Web services-centric consultancy.
“We see it as the primary road block to Web services adoption, both within the enterprise and particularly for business-to-business communication of Web services,” he said. “The importance of WS Security is really best understood in the context of (the) road map. WS Security by itself builds a layer of abstraction on top of underlying security mechanism. So, if one company or department is using Kerberos and another is using PKI, you can use WS Security to federate those two. So, all by itself, it’s a piece of the puzzle.”
While OASIS tackles the job of actually issuing standards still other groups like The Liberty Alliance Project, which includes heavyweights like American Express and Hertz, are busy figuring out how best to use the WS Security standards to actually facilitate security among users, said O’Neill. “It’s really more about using Web services for security rather than securing Web services.”
So far, the hype of Web services has far outpaced its reality, said Eric Austvold, research director at AMR Research. Until standards are agreed upon up and down the security stack that include things like standardized privacy policies and trust certificates, Web services will continue its inside-the-firewall metamorphosis as an integration tool.
“Web services, in the last 18 months, have been the most over hyped technology by the software community,” he said. “Everybody talks about it and talks about their plans for it but in reality customers aren’t buying it.”
To speed things up what’s needed is a dedicated, non-partial standards setting body that all software providers can agree will ride herd over interoperability issues, he said. Right now, trust is an issue and politics are slowing the pace of ratification at OASIS. And, if history is any guide, IBM and Microsoft will squash any competing standards like they did with BPML (business process markup language), he said.
“The likelihood of that happening again is high,” Austvold said. “The driver behind (standards) has less to do with technology — the technology that’s available today in the marketplace can solve this — but, because there are so many players involved here the question becomes ‘Who can we trust?'”
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.
