Weak security taints directory
Fake listings, lack of vetting undermine UDDI
Computerworld - A major industry effort to build an online directory of Web services for business is riddled with embarrassing security problems that have marred its arrival.
Last month's launch of the Universal Description, Discovery and Integration directory, a Yellow Pages-style directory that lets businesses register their Internet services and capabilities online, was intended to drive support for Web services (see story). But lax security by UDDI founders IBM and Microsoft Corp. has permitted the Web-based directory to be populated with fake firms, false links and uninformed participants.
For example, "Loud Speakers Inc." is registered as a Mountain View, Calif.-based firm run by John McLoud, whose public speakers talk at a level higher than 100 decibels. The UDDI also describes Loud Speaker's Web service as juju beads for "warding off evil spirits." The company isn't listed with directory assistance and can't be found on the Web.
As for bad links, the UDDI listing for Oracle Corp. links to a pornography site, not a Web service.
"Microsoft is aware that security is an issue," said Darryl Plummer, an analyst at Stamford, Conn.-based Gartner Inc. "As you open things up, you open up the door for security holes. They're trying to come up to speed in a public forum, and if large controls were in place, it wouldn't take off."
Microsoft officials said controls for vetting companies that register in the UDDI directory would be discussed at a private conference for the registry's adviser group in Atlanta this week.
But beyond the challenge of vetting registrants, the sponsors of the UDDI directory also appear to be facing another problem: uninformed directory members.
Markle Stuckey Hardesty & Bott is listed in the UDDI directory. But David Hardesty, vice president of the Larkspur, Calif.-based e-commerce accounting firm, said he has no idea what the directory is and has no plans to introduce Web services at his company.
"I have no recollection of registering," said Hardesty. "We haven't used it, and we don't know anything about it, but that's not to say that we didn't sign up for it. There are lots of things out there on the Web, but you just can't remember everything."
Bob Gill, owner of Shrimp Landing, a seafood wholesaler in Crystal River, Fla., said he agreed to register after responding to an e-mail solicitation from IBM.
But Gill said he doesn't see himself using or offering Web services from the company's one-page Web site.
"I'm sticking my neck into an area for which I know nothing about," said Gill. "First, I need to get my site up and running. Then I'll think about it."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The value of smarter oil and gas fields With global energy requirements continuing to rise, the exploration, development and production of new oil and gas resources are shifting to increasingly challenging...
- Smarter Environmental Analytics Solutions: Offshore Oil and Gas Installations Example This IBM Redbooks® Solution Guide describes a solution for implementing smarter environmental monitoring and analytics for oil and gas industries. The solution implements...
- Piecing Together the Business Intelligence Puzzle Business intelligence (BI) technology collects and analyzes company data, delivering relevant information to corporate decision-makers in an effort to produce favorable outcomes.
- Harness IT -- An Introduction to Business Intelligence Solutions Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- The Software-Defined Data Center: Is your ADC ready? Data center transformation is accelerating beyond virtualization to next-generation cloud architectures and software-defined data centers, bringing new challenges for application performance, scalability and...
- Application Acceleration: Optimize the End-User Experience Watch this on-demand webcast and learn how you can optimize your web content, accelerate performance across any device and browser combination, and offload...