Computerworld - A new industry standard is raising hopes for Web services security. In April, OASIS (Organization for the Advancement of Structured Information Standards), a global standards consortium in Billerica, Mass., announced that its members had approved Web Services Security Version 1.0, a status that signifies the highest level of ratification.
WSS builds on security technologies such as XML Digital Signature, XML Encryption and X.509 certificates to provide a standard way of securing Web services message exchanges. The standard provides a framework for companies to apply security technologies such as authentication and authorization in a Web services environment. WSS has garnered broad support from vendors, and proponents say it will lead to increased adoption of Web services.
"[WSS] will become a standard for most Web services," says Ray Wagner, an analyst at Gartner Inc. "I have suggested that organizations developing strategic Web services begin using [the standard] even if they have no current security requirements. This will set the stage for easily adding security as the profile of the service changes."
Raphael Holder, vice president of shared services operations at Northrop Grumman, says his company is tracking the standard.
Read more about App Development in Computerworld's App Development Topic Center.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts