New Web Services Security Spec on Tap

Led by Microsoft and IBM, a group of companies Tuesday plans to announce a new Web services specification for handling security in Web services environments.

Led by Microsoft Corp. and IBM, a group of companies Tuesday plans to announce a new Web services specification for handling security in Web services environments.

At the Burton Group Inc.s Catalyst conference in San Francisco, IBM, Microsoft, BEA Systems Inc., RSA Security Inc. and VeriSign Inc. will announce the publication of the WS-Federation specification, another in a series of standards IBM and Microsoft outlined in the Web services security roadmap they co-authored last year.

Karla Norsworthy, director of e-business technology at IBM, said WS-Federation enables developers to manage trust relationships across enterprises that use different types of security solutions.

"Were announcing the crown jewel of the Web services security roadmap, the Web services federation specification," Norsworthy said. "That allows you to take companies or parts of companies with very different security solutions and different trust domains… Such as one might use Kerberos and one might use user ID and password. And you can make it really easy to allow a new user who is authenticated by one domain to be able to do business across a variety of companies and their Web services without requiring either the end user to re-authenticate or requiring a lot of bureaucracy from the participating companies. So these specifications are solutions that hold together Web services security [WS-Security], Trust [WS-Trust], the security part of Policy [WS-Policy] into allowing this kind of federation so that out clients can do successful business process integration and have the security part come easy."

Steven VanRoekel, director of Web services at Microsoft said, "From a Microsoft perspective, this is the technology that will enable TrustBridge." TrustBridge is Microsofts upcoming technology that will allow organizations to share user identities across business boundaries, the company said.

"WS-Federation is built to be extensible to utilize any broad range of identification mechanisms, like Passport, like SAML [Security Assertion Markup Language] or like anything else in between," VanRoekel said.