RealTime IT News

OASIS, W3C to Helm Web Services Security Forum

The two most influential organizations steering the Web services ship will team together later this month to cosponsor the Forum on Security Standards for Web Services, as part of the XML Web Services One conference in Boston.

On August 26, the Organization for the Advancement of Structured Information Standards (OASIS) and the World Wide Web Consortium (W3C) will lead the conference attendees on what has undoubtedly become one of the hottest topics in the Web services sector this year -- the question of security across networks that deliver Web services.

For example, rancorous debate has reigned over whether Microsoft's Passport, a single sign-on authentication service that precipitates the use of Web services from the software giant, is safe for users. Together, OASIS and W3C will provide an overview of the Web services security work currently being accomplished at W3C, OASIS, and other standards groups.

Topics at the Forum on Security Standards for Web Services will run the gamut of security issues and specs for Web services, including updates on the status of specifications such as XML Signature (XML-SIG), XML Key Management Specification (XKMS), XML Encryption (Xenc), the developing model for Web Services Architecture and the security segment from W3C, as well as the Security Authorization Markup Language (SAML) , WS-Security, and standards for access control, provisioning, biometrics and digital rights from OASIS.

Web services research firm ZapThink has asserted that the major roadblock on the path to Web Services adoption is security.

Estimating the Web services security market will hit $4.4 billion by 2006, ZapThink analyst Jason Bloomberg said that although the benefits of saving time and money with Web services are well publicized, the lack of security inhibits the ability for companies to conduct business with each over the Internet.

"You can't just buy a little security," Bloomberg said in a research report. "You have to cover all the bases to be secure."

As Daniel J. Weitzner, W3C's Technology and Society Domain Leader, and Karl Best, director of technical operations for OASIS, sum it up, the conference is about getting together to discuss who is working on what standards -- and how to make them work together to create the best possible schema for securing Web services.

"People are very much aware that security standards are critical for Web services, but there are a lot of questions about who is doing what and how the pieces fit together," Best said. "W3C and OASIS are coming together to host this forum in order to give the community a better understanding of the relationship between security standards and shed light on connects, disconnects, overlaps, and gaps."

The Forum, for which more details may be found here, will feature speakers from Sun Microsystems, Verisign, and the U.S. Federal Government. Experts from the Liberty Alliance will also participate.