Computerworld - A new industry standard is raising hopes for Web services security. In April, OASIS (Organization for the Advancement of Structured Information Standards), a global standards consortium in Billerica, Mass., announced that its members had approved Web Services Security Version 1.0, a status that signifies the highest level of ratification.
WSS builds on security technologies such as XML Digital Signature, XML Encryption and X.509 certificates to provide a standard way of securing Web services message exchanges. The standard provides a framework for companies to apply security technologies such as authentication and authorization in a Web services environment. WSS has garnered broad support from vendors, and proponents say it will lead to increased adoption of Web services.
"[WSS] will become a standard for most Web services," says Ray Wagner, an analyst at Gartner Inc. "I have suggested that organizations developing strategic Web services begin using [the standard] even if they have no current security requirements. This will set the stage for easily adding security as the profile of the service changes."
Raphael Holder, vice president of shared services operations at Northrop Grumman, says his company is tracking the standard.
Read more about App Development in Computerworld's App Development Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
