The Month: Web-services security standards hailed

May 10, 2007

Analysts have hailed the ratification of two web-services security standards as a key development in the area, saying it shows that "web services security has finally reached a level of maturity acceptable to many enterprises". The Organisation for the Advancement of Structured Information Standards (Oasis) recently approved WS-SecureConversation version 1.3 for establishing and maintaining extended secure sessions, and WS-Trust version 1.3, for obtaining and exchanging security credentials.

Gartner said it was a positive step for vendors and customers alike. Itsreport stated: "This adds to a credible toolset for federation efforts,which has proved elusive to many enterprises due to the issues ofbrokered authentication availability and scalability the standardsaddress. WS-Trust alone is vital to enabling the credential usenecessary for networked, consumable web services."

Oasis members that collaborated to develop WS-SecureConversation andWS-Trust included Fujitsu, HP, IBM, Microsoft, Nokia and Oracle.

prestitial ad