Only in IT can folks plan a demonstration and bill it as a festival.
Some 15 to 20 vendors such as IBM, Microsoft and BEA Systems are scheduled Wednesday to demonstrate how well the Web Services Security (WS-Security) standard works with each other's products to help mark the first anniversary of the specification's ratification. The "interoperability fest," as one participant called it, will take place at the Gartner Application Integration and Web Services Summit in Los Angeles.
Anthony Nadalin, chief security architect for IBM's software
WS-Security essentially adds encryption and digital signatures to the Simple Object Access Protocol (SOAP) used in Web service messaging. A user can scramble individual elements or entire messages using keys that are decrypted by an intermediary. Nadalin, who's also an IBM distinguished engineer, was WS-Security's lead author.
"I think the simplicity sells itself and the practicality of it," he said. "We did spend quite a bit of time even before we submitted it to a standards body looking at the practicality of it and the scenarios that would be involved."
The anniversary comes at a time when consumers are wary of doing business online amid constant publicity of data thefts -- not all arising from Web service attacks. Meantime, more organizations now conduct business via an intranet and the Internet. Nadalin said: "People have come to some realization that Web services are here to stay and they realize they have to produce some secure messages … to achieve their goals."
Nadalin said WS-Security is gaining significant traction in the application server space, such as with XML Web service providers and XML firewall vendors. This lets the application developer easily protect messages in transit in a Web server or .NET environment.
"Today we have a lot of vendors that produce these messaging stacks and then they have a reliability aspect on top of them and they wind up using different security models," he said. "Our goal here was 'composability' and not having to change the base specification that you've implemented to achieve secure, reliable transactions."
Nadalin didn't know exactly how many vendors have incorporated WS-Security features in their product lines, but he says the strong showing at this week's Gartner show is an indication of its growing popularity. During the demo, billed as the broadest interoperability display for WS-Security to date, each vendor will show how its software was coded to include WS-Security.
Nadalin joked that the large number of bugs reported in the past year also shows WS-Security is being widely used. "It's a sad way to track it, but otherwise we have no way to track that people are using it," he said.