Web services security spec locked down

A very anticipated Web services specification has been approved as an industry standard, paving the way for broader usage of Web services protocols in mainstream business applications. The Web Services Security, or WS-Security, technical committee within the Organization for the Advancement of Structured Information Standards (OASIS) on Wednesday said several security-related technical specifications have been accepted by the group as standards. Now that the Web services security specifications are ratified, software and security companies can incorporate support for them into commercial products.

Web services protocols use XML to make it easier to share data between applications. The goal of the WS-Security specification is to improve interoperability between different security systems using these Extensible Markup Language-based protocols.

IBM and Microsoft originally authored a Web services security "road map" about two years ago. Then, in June 2002, the specification was submitted to OASIS for further development. Other security-related specifications aimed at better system interoperability are also under way at the World Wide Web Consortium and the Liberty Alliance.

Read Full Story