Cleaning Up SOAPs Act
For SOAP to be enterprise-worthy, security must be an integral part of the Web services standard.Its not an overstatement to say that much of B2Bs future depends on SOAP, the Web services standard that defines how two computers engage each others services via XML commands. Without Simple Object Access Protocol, Web services-based computing, including business-to-business e-commerce, would be in doubt. Fortunately, support for SOAP is widespread, and mature implementations are emerging. But security was left unaddressed in the SOAP 1.1 specification, leaving this critical component of IT infrastructure to be implemented in ad hoc, incompatible waysor ignored entirely.
When the World Wide Web Consortium took on future SOAP standard development efforts in late 2000, we sighed with relief. The W3C is known for its ability to develop standards that stand the test of time. The XML Protocol working group at the W3C is now very close to finishing its work on SOAP 1.2; we expect the standard to be voted on by summer. However, as we report in this weeks eWeek Labs package on Web services, security was again left out of SOAP. It was not part of the working groups charter to address the problem in Version 1.2. That omission allowed the committee to complete its work sooner by making its task more focused, but, once again, the SOAP standard has failed to meet a critical IT requirement.