New Web Services Security Spec on Tap

 
 
By Darryl K. Taft  |  Posted 2003-07-08 Print this article Print
 
 
 
 
 
 
 

Led by Microsoft and IBM, a group of companies Tuesday plans to announce a new Web services specification for handling security in Web services environments.

Led by Microsoft Corp. and IBM, a group of companies Tuesday plans to announce a new Web services specification for handling security in Web services environments. At the Burton Group Inc.s Catalyst conference in San Francisco, IBM, Microsoft, BEA Systems Inc., RSA Security Inc. and VeriSign Inc. will announce the publication of the WS-Federation specification, another in a series of standards IBM and Microsoft outlined in the Web services security roadmap they co-authored last year. Karla Norsworthy, director of e-business technology at IBM, said WS-Federation enables developers to manage trust relationships across enterprises that use different types of security solutions.
"Were announcing the crown jewel of the Web services security roadmap, the Web services federation specification," Norsworthy said. "That allows you to take companies or parts of companies with very different security solutions and different trust domains… Such as one might use Kerberos and one might use user ID and password. And you can make it really easy to allow a new user who is authenticated by one domain to be able to do business across a variety of companies and their Web services without requiring either the end user to re-authenticate or requiring a lot of bureaucracy from the participating companies. So these specifications are solutions that hold together Web services security [WS-Security], Trust [WS-Trust], the security part of Policy [WS-Policy] into allowing this kind of federation so that out clients can do successful business process integration and have the security part come easy."
Steven VanRoekel, director of Web services at Microsoft said, "From a Microsoft perspective, this is the technology that will enable TrustBridge." TrustBridge is Microsofts upcoming technology that will allow organizations to share user identities across business boundaries, the company said. "WS-Federation is built to be extensible to utilize any broad range of identification mechanisms, like Passport, like SAML [Security Assertion Markup Language] or like anything else in between," VanRoekel said.


 
 
 
 
Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel