As more and more Web services come online, more and more information will pass across networks at risk from any number of mishaps, from data loss to break-ins by malicious hackers.

Organizations like the W3C and companies ranging from Microsoft Corp and Sun Microsystems are working together to develop security standards to use in Web services.

While standards bodies meet and deliberate, capitalism delivers. Several companies around the country have come up with security solutions of their own to address growing security concerns like authentication.

One of them is Systinet, a Cambridge, MA, company catering to the development crowd with software products that help in the design and implementation of Web services.

According to Anne Thomas Manes, Systinet chief technology officer, security is the number one issue affecting Web service development today. The common practice of using secure socket layer (SSL) technology, she said, won't work with Web services technology that accesses many different systems.

"One of the problems you have with SSL is that it doesn't allow you to distinguish between the different services that you talk to on the server, because it goes through a single point for authentication," she said. "It doesn't allow you to authenticate with a specific service."

Manes answer was to develop a security product based on a security standard approved by the Internet Engineering Task Force (IETF), called the generic security services application program interface (GSS-API). With it, she said, it allows the server to delegate security credentials to specific services.

Systinet's version of GSS-API is currently sitting on the docket of one of the standards bodies, the Liberty Alliance (which supports the Java framework).

LATEST NEWS

Cyber Monday: More Shoppers, Deeper Discounts
Microsoft-Yahoo Deal 'Fiction,' Report Says
Cell Phones More Distracting Than Passengers
The Social Side of Shopping
Bloggers on Front Lines in Mumbai Attacks

But tools that enhance Web service security are only one facet of the security issue. While partly the responsibility of software developers and providers, businesses also need to take a proactive approach to securing its networks from breaches of other sorts.

So far, corporate America is failing in that department, according to security experts, the result of IT managers who don't secure their network assets (servers, operating systems, work stations, etc.).

"Here's the deal with IT managers, while the media and corporate managers all talk about the need for security and 'best business practices,' IT managers are driven by the bottom line," one security consultant noted. "They hire under-skilled employees and don't train them, then the managers over-task those employees."

Many of the highly-publicized domain name service (DNS) attacks reported last year were the result of servers not using the latest security upgrades or keeping default security values. Many believe simple preventative measures by IT departments would have reduced gaps in the network.

Interoperability is another issue that needs to be hashed out among the various Web services providers.

So far, the various companies driving the standards committees (Microsoft, Sun, IBM, Oracle and Hewlett-Packard ) are playing nice as they hammer out standards the entire Web services community can adhere to, but how long remains a question.

Businesses go with the name they trust, or with the company they've been using all along. The market position each of the five Web service proponents share encompasses much of the computer world today in the U.S. and abroad.

The initial success of the technology will depend largely on the five Web services companies willingness to allow information to be passed from one business to another using different platforms.

-- Prepared by Jim Wagner and Robert Liu with contributions from Thor Olavsrud.

This is the second part of a series. Tomorrow, we will examine the unique role that Microsoft plays as a platform vendor and software provider.

Go to page: Prev  1  2  3