Businesses should begin to look seriously at deploying web services because security and standardisation issues are being rapidly resolved, allowing products based on the technologies to enter the corporate mainstream.
According to Gartner, increased commitment of key technology providers should give enterprises the confidence to prepare for implementation of upcoming web services standards, as real-world products based on these standards are now in development.
Gartner welcomed the recent announcement by IBM, Microsoft and a group of other technology providers, including Actional, BEA Systems, Computer Associates, Oracle, RSA Security and VeriSign, that they plan to place three key web services security specifications under the control of the Organisation for the Advancement of Structured Information Standards (Oasis).
The three specifications, all based on the core WS-Security, are:
- WS-Trust (which defines extensions for requesting security tokens and brokering trust relationships)
- WS-SecureConversation (which defines mechanisms for securing multiple messages)
- WS-SecurityPolicy (which defines security policy assertions for WS-Security, WS-Trust and WS-SecureConversation)
A newly published report, written by Gartner analysts Daniel Sholler, Charles Abrams and Ray Wagner, stated: "The decision to place these three key web services specifications under Oasis control reflects the growing maturity of web services security standards.
"Most of the basic building blocks for secure web services with a mechanism to represent trust relationship are now in place."
According to the study, the publication of these specifications as Oasis standards will help to advance interoperability, although further work, perhaps in the form of enhancements to the Web Services Interoperability (WS-I) Basic Security Profile, may be required to help enterprises make their deployments as compatible as possible.
"This is a generally positive development, but some elements are missing from the announcement," the report warned.
"One is that WS-Federation is not included. Another is that the basic security policy language is likely to require extensions, which will be implemented in both proprietary and future standard versions.
"Still another concern is that there appear to be no new players involved. The vendors seem to be the same as in earlier versions of the specifications.
"Interested parties should, however, be able to comment on, and influence, future Oasis standards. Gartner believes that the WS-I should begin adding best practices for these standards to the Basic Security Profile immediately."
Gartner advised enterprises to expect the ratification and implementation of these web services specifications to move rapidly. The forthcoming standards are likely to appear in implementations by web services security vendors by the end of 2005 and will be ubiquitous by the end of 2006.
Companies should also demand that new products include WS-Security capabilities, as well as the WS-I Basic Profile and Basic Security Profile, the analyst firm said.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23