Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Specs Upgrade Safety of Web Services

    By
    Darryl K. Taft
    -
    January 6, 2003
    Share
    Facebook
    Twitter
    Linkedin

      A group of Web services heavyweights has announced a new set of security and policy specifications based on the Web Services-Security road map developed last April to help enterprises share information securely.

      The first in the set of specifications introduced by IBM and Microsoft Corp., along with BEA Systems Inc., RSA Security Inc., VeriSign Inc. and SAP AG, includes WS-Trust, which defines a framework for managing, setting up and assessing trust relationships to enable Web services to securely interoperate—a common way to access security services.

      The specifications also include WS-Secure- Conversation, which defines a framework to set up a secure context for parties that want to exchange multiple messages without having to continually reauthenticate, and WS-SecurityPolicy, which defines general security policies that can be associated with a service, according to Karla Norsworthy, director of dynamic e-business technologies at IBM, in Somers, N.Y.

      The six specifications, announced last month, fall into two categories: the first set of three, which build on technical issues in Microsoft and IBMs road map; and those that focus on implementing business policies in Web services.

      Scott Collison, director of Web services management at Microsoft, in Redmond, Wash., said the specifications are based on accepted standards in the areas of the Simple Object Access Protocol, security, transactions and discovery to provide a framework for implementing business policy and security for a broad set of applications.

      “Were delivering additional specifications that are part of our … overall Web services vision to allow companies to have broadly interoperable Web services regardless of the platform,” Collison said.

      “These are initial versions of the specs, so customers still need to give their feedback,” said Jason Bloomberg, an analyst with ZapThink LLC, based in Cambridge, Mass.

      New WS-Security Specifications

      • WS-Trust sets stage for managing trust relationships among Web services
      • WS-SecureConversation provides secure context for Web services
      • WS-SecurityPolicy describes security policies associated with a Web service
      • WS-Policy enables users to define requirements and access services
      • WS-PolicyAttachments provides way to attach requirement and capability statements to Web services
      • WS-PolicyAssertions describes general policies associated with a Web service

      Steve Anderson, a product architect at OpenNetwork Technologies Inc., based in Clearwater, Fla., said that for developers “the new specs provide a common framework so that the applications they are building can be translated into any security platform.”

      For end users, the specifications “provide a universal standard for Web services and transaction security,” further mitigating the risks of doing business over the Web, Anderson said.

      The second set of specifications includes WS-Policy, which outlines a way for Web services senders and receivers to communicate their requirements and capabilities, including the ability to search for and discover the information they need to access the service; WS-PolicyAttachments, which provides a standard mechanism for attaching requirement and capability statements to a Web service; and WS-Policy- Assertions, which describes general policies that can be affiliated with a service. BEA, IBM, Microsoft and SAP authored these specifications.

      “Policy is important across a broad set of disciplines,” IBMs Norsworthy said. “I might want to express policy that tells what human language interface a Web service would need to expose to be appropriate for a particular end user. Or I might want to express policy that tells what version of a standard like HIPAA [Health Insurance Portability and Accountability Act] that a service in the medical space needed to conform to.”

      Darryl K. Taft
      Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×