Skip the navigation

Sidebar: Help on the Horizon

By Bob Violino
August 16, 2004 12:00 PM ET

Computerworld - A new industry standard is raising hopes for Web services security. In April, OASIS (Organization for the Advancement of Structured Information Standards), a global standards consortium in Billerica, Mass., announced that its members had approved Web Services Security Version 1.0, a status that signifies the highest level of ratification.
WSS builds on security technologies such as XML Digital Signature, XML Encryption and X.509 certificates to provide a standard way of securing Web services message exchanges. The standard provides a framework for companies to apply security technologies such as authentication and authorization in a Web services environment. WSS has garnered broad support from vendors, and proponents say it will lead to increased adoption of Web services.
"[WSS] will become a standard for most Web services," says Ray Wagner, an analyst at Gartner Inc. "I have suggested that organizations developing strategic Web services begin using [the standard] even if they have no current security requirements. This will set the stage for easily adding security as the profile of the service changes."
Raphael Holder, vice president of shared services operations at Northrop Grumman, says his company is tracking the standard.

Read more about App Development in Computerworld's App Development Topic Center.

Our Commenting Policies