News Stay informed about the latest enterprise technology news and product updates.

WS-Security celebrates anniversary as a standard

The OASIS Web services security specification was ratified a year ago, and proponents plan to celebrate this week in Los Angeles. Grab your glass.

Only in IT can folks plan a demonstration and bill it as a festival.

Some 15 to 20 vendors such as IBM, Microsoft and BEA Systems are scheduled Wednesday to demonstrate how well the Web Services Security (WS-Security) standard works with each other's products to help mark the first anniversary of the specification's ratification. The "interoperability fest," as one participant called it, will take place at the Gartner Application Integration and Web Services Summit in Los Angeles.

Anthony Nadalin, chief security architect for IBM's software

More on Web services

ADVICE: WS-Security expert advice in an XML Security Learning Guide

group, says this broad display is indicative of the OASIS standard's strong adoption by enterprises trying to create confidence in mission-critical and sensitive information sent via Web services. "I think the uptake is because it's a very simple model, where messages include tokens that vouch for things in the message itself."

WS-Security essentially adds encryption and digital signatures to the Simple Object Access Protocol (SOAP) used in Web service messaging. A user can scramble individual elements or entire messages using keys that are decrypted by an intermediary. Nadalin, who's also an IBM distinguished engineer, was WS-Security's lead author.

"I think the simplicity sells itself and the practicality of it," he said. "We did spend quite a bit of time even before we submitted it to a standards body looking at the practicality of it and the scenarios that would be involved."

The anniversary comes at a time when consumers are wary of doing business online amid constant publicity of data thefts -- not all arising from Web service attacks. Meantime, more organizations now conduct business via an intranet and the Internet. Nadalin said: "People have come to some realization that Web services are here to stay and they realize they have to produce some secure messages … to achieve their goals."

Nadalin said WS-Security is gaining significant traction in the application server space, such as with XML Web service providers and XML firewall vendors. This lets the application developer easily protect messages in transit in a Web server or .NET environment.

"Today we have a lot of vendors that produce these messaging stacks and then they have a reliability aspect on top of them and they wind up using different security models," he said. "Our goal here was 'composability' and not having to change the base specification that you've implemented to achieve secure, reliable transactions."

Nadalin didn't know exactly how many vendors have incorporated WS-Security features in their product lines, but he says the strong showing at this week's Gartner show is an indication of its growing popularity. During the demo, billed as the broadest interoperability display for WS-Security to date, each vendor will show how its software was coded to include WS-Security.

Nadalin joked that the large number of bugs reported in the past year also shows WS-Security is being widely used. "It's a sad way to track it, but otherwise we have no way to track that people are using it," he said.

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.