Businesses should begin to look seriously at deploying web services because security and standardisation issues are being rapidly resolved, allowing products based on the technologies to enter the corporate mainstream.
According to Gartner, increased commitment of key technology providers should give enterprises the confidence to prepare for implementation of upcoming web services standards, as real-world products based on these standards are now in development.
Gartner welcomed the recent announcement by IBM, Microsoft and a group of other technology providers, including Actional, BEA Systems, Computer Associates, Oracle, RSA Security and VeriSign, that they plan to place three key web services security specifications under the control of the Organisation for the Advancement of Structured Information Standards (Oasis).
The three specifications, all based on the core WS-Security, are:
- WS-Trust (which defines extensions for requesting security tokens and brokering trust relationships)
- WS-SecureConversation (which defines mechanisms for securing multiple messages)
- WS-SecurityPolicy (which defines security policy assertions for WS-Security, WS-Trust and WS-SecureConversation)
A newly published report, written by Gartner analysts Daniel Sholler, Charles Abrams and Ray Wagner, stated: "The decision to place these three key web services specifications under Oasis control reflects the growing maturity of web services security standards.
"Most of the basic building blocks for secure web services with a mechanism to represent trust relationship are now in place."
According to the study, the publication of these specifications as Oasis standards will help to advance interoperability, although further work, perhaps in the form of enhancements to the Web Services Interoperability (WS-I) Basic Security Profile, may be required to help enterprises make their deployments as compatible as possible.
"This is a generally positive development, but some elements are missing from the announcement," the report warned.
"One is that WS-Federation is not included. Another is that the basic security policy language is likely to require extensions, which will be implemented in both proprietary and future standard versions.
"Still another concern is that there appear to be no new players involved. The vendors seem to be the same as in earlier versions of the specifications.
"Interested parties should, however, be able to comment on, and influence, future Oasis standards. Gartner believes that the WS-I should begin adding best practices for these standards to the Basic Security Profile immediately."
Gartner advised enterprises to expect the ratification and implementation of these web services specifications to move rapidly. The forthcoming standards are likely to appear in implementations by web services security vendors by the end of 2005 and will be ubiquitous by the end of 2006.
Companies should also demand that new products include WS-Security capabilities, as well as the WS-I Basic Profile and Basic Security Profile, the analyst firm said.
Antarctica lost on average 252 gigatons of ice mass per year from 2009 to 2017, claims study
Buyers can demand refunds if they've had a game for no more than 14 days and not registered more than two hours of play
Total lunar eclipse 2019: 'Super Blood Wolf Moon' to be visible across Europe and North America on Sunday night
Moon will turn reddish-orange in colour during this weekend's total lunar eclipse
Hackers to compete for prize money of between $35,000 and $250,000 cracking the Tesla Model 3 at this year's Pwn2Own contest