Network World - SAN DIEGO -- IBM and Microsoft Corp. are set to turn over to a standards body a key set of Web services security specifications they have been developing for establishing trust and exchanging data between partners.
In September, the pair will submit WS-Trust, WS-SecureConversation and WS-SecurityPolicy to the Organization for the Advancement of Structured Information Standards (OASIS), which will create a technical committee to develop the specifications into a standard. The two made the official announcement today at the annual Burton Group Catalyst conference.
The most significant specification of the trio is WS-Trust, which establishes a single path for moving between partners security information and security tokens of all kinds, including Kerberos, X.509, the Security Assertion Markup Language (SAML) and any others.
"This is major progress for interoperability," says Jamie Lewis, president of the Burton Group. "WS-Trust is a general-purpose token exchange protocol and a significant piece of the puzzle for an interoperable infrastructure to exchange security information of all kinds."
Lewis says WS-Trust can be used to exchange authentication and federation assertions and could be used in provisioning systems.
WS-Trust also is an important element in Microsoft's model of a standards-based distributed identity infrastructure it calls the Identity Metasystem, which it introduced in May. WS-Trust also is the cornerstone for InfoCard, an interface into user identity information that Microsoft is building into its Longhorn operating system.
The specifications are part of the set of protocols that fall under the WS-Security or so-called WS-* (pronounced "WS-Star") family of protocols that Microsoft and IBM began developing in 2002. Slowly the protocols have been transferred to standards bodies, including OASIS and the W3C.
Two significant protocols still remain to be turned over, WS-Federation and WS-Policy.
Microsoft and IBM say that will happen but have yet to provide a timetable. The two have been under significant pressure from end users and industry experts to submit the remaining specifications to help quicken the pace of standardizing the infrastructure for securing Web services.
WS-Policy appears to be the next protocol that will be submitted. Last October, IBM and Microsoft presented a workshop on WS-Policy to the W3C. The prime motivating factor, however, is that Microsoft relies on WS-Policy for its InfoCard technology.
And while Microsoft is preaching that InfoCard, which is approaching its first beta release this fall, will be a standards-based system, WS-Policy remains the only significant protocol that is not in a standards body.
"WS-Policy will be in a standards organization by the end of the year," says Anne Thomas Manes, research director for the Burton Group. Microsoft officials would not comment on plans
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts