8 April 2004 The WS-Security web services specification has finally been locked down by OASIS, the Organisation for the Advancement of Structured Information Standards, after more than two years on IBM and Microsoft’s web services ‘roadmap’.
The finalisation of the standard will help vendors and users to decide the web services security standards that are adopted out of the plethora that have emerged in the last five years — and to decide on the ones that are left by the wayside.
It follows a month-long vote by members of the WS-Security technical committee, which is led by IBM and Microsoft, but includes representatives from Novell, Netegrity, Oracle, SAP, RSA Security and Sun Microsystems, among others.
WS-Security will be used to help authenticate the identity of users and to ensure the security of data passed between two applications. WS-Security is expected to be embedded in a range of applications, including XML firewalls, web services management packages and network access and identity management software.
Security standards are critical to the widespread adoption of web services, particularly outside the firewall between different organisations’ systems.