resource center
  See your link here
|
Computerworld -
BOSTON -- IT professionals should wait for the Web Services Security specification to be finalized and implemented before they start building sophisticated Web services that extend beyond their company's firewalls, according to the specification's co-author.
Phillip Hallam-Baker, principal scientist at Mountain View, Calif.-based VeriSign Inc., said it could take between six months and two years to nail down the WS-Security specification that he helped to write. Hallam-Baker spoke with Computerworld's Carol Sliwa about the state of Web services security during this week's XML Web Services One Conference here.
The WS-Security specification was announced in April by IBM, Microsoft Corp. and VeriSign and was turned over to the Organization for the Advancement of Structured Information Standards (OASIS). A technical committee working to advance WS-Security will hold its first face-to-face meeting next week.
Hallam-Baker was also senior author of the XML Key Management Specification (XKMS), and he served as editor of the Security Assertion Markup Language core schema and protocol specification. Here's what he had to say.
Phillip Hallam-Baker, principal scientist at VeriSign Inc.
A: Phase 1 of the Web was the human interacting with computer. And that's how we defined it at CERN. All the time we were thinking about human users talking to machines. We did do some work on machine-to-machine, but that was not what HTTP was optimized for.
What Web services are about is machine-to-machine communication. The base technology is XML and XML schema. If we want to narrow it to what types of Web service specifications are you going to be most interested in supporting -- obviously SOAP [Simple Object Access Protocol], WS-Security, XKMS.
Q: You said that users can build basic Web services today. When do you predict they'll be able to develop more sophisticated Web services?
A: I would look at it saying, first of all, don't look at Web services. Look at functionality. ... Look at the applications that meet that functionality. If there is a standard out there already and it's fine, then use it. If there isn't and you're looking to form some sort of group to build that type of functionality, then the platform to look at is Web services, because it's definitely where you'll get more programmer support, the most platform vendor support and all that great stuff.
Q: What events will need to happen for IT professionals to be able to start thinking about doing more sophisticated Web services that traverse firewalls?
A: Well,
Return on Information: Google Enterprise Search pays you back
Download this whitepaper showing how Google Enterprise Search boosts your bottom line.
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Case Study: Live Nation and Citrix NetScaler
When Live Nation spun off from Clear Channel Communications it urgently needed to consolidate nearly 100 different Web sites.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Southern Company
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Defending Against the Storm
Download Now
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Share our Strength
Download Now
The Commercialization of ITIL: Lessons Learned
Register for this event today!
Sign up to receive updates on the latest Development resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
