Analysts have hailed the ratification of two web-services security standards as a key development in the area, saying it shows that "web services security has finally reached a level of maturity acceptable to many enterprises". The Organisation for the Advancement of Structured Information Standards (Oasis) recently approved WS-SecureConversation version 1.3 for establishing and maintaining extended secure sessions, and WS-Trust version 1.3, for obtaining and exchanging security credentials.
Gartner said it was a positive step for vendors and customers alike. Its report stated: "This adds to a credible toolset for federation efforts, which has proved elusive to many enterprises due to the issues of brokered authentication availability and scalability the standards address. WS-Trust alone is vital to enabling the credential use necessary for networked, consumable web services."
Oasis members that collaborated to develop WS-SecureConversation and WS-Trust included Fujitsu, HP, IBM, Microsoft, Nokia and Oracle.