RealTime IT News

A Practical Guide to Safe And Easy Web Services

Safe and easy are now two words you can think when you're thinking Web services.

The Web Services Interoperability Organization (WS-I) has published the WS-I Basic Security Profile (BSP 1.0), a guide for making sure Web services are secure and interoperable.

Web services , or communication between disparate applications, can automate certain business transactions, including order fulfillment for supply chains and services.

Many companies are considering using Web services but cannot build their own, and the lack of security, interoperability and management as part of a standards framework prohibits businesses from adopting them.

WS-I, whose backers Microsoft , IBM , Oracle  and others, has been working since 2002 to foment standards that make Web services practical.

Burton Group analyst Anne Thomas Manes said BSP 1.0 builds on the Basic Profile 1.1 from WS-I and is designed to make Web services safe and practical over the Internet.

The document focuses on the interoperability traits for HTTP over TLS and Web Services Security: SOAP Message Security.

HTTP over TLS secures the confidentiality of information that flows over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP  messages and their attachments across several disparate nodes.

The BSP 1.0 also incorporates the following components of OASIS' Web Services Security standards: Username Token Profile, X.509 Certificate Token Profile, Kerberos Token Profile, SAML Token Profile and XRML Token Profile.

The new document was approved by the WS-I board after IBM, Microsoft, Novell, Oracle and SAP demonstrated interoperability of BSP 1.0.

Manes said documents such as BSP 1.0 are necessary to remove some of the interoperability stumbling blocks developers run into.

"One of the challenges we have with specifications is that specifications are designed to support a lot of different cases and offer a lot of different options," Manes said.

"When you're a developer who's trying to implement a particular specification, sometimes it's hard to figure out how to interpret the specifics and the options supplied by a specification. That tends to lead to interoperability challenges."

Profiles such as BSP 1.0, Manes said, are a strong indicator that a specification is ready for prime time.

So where does WS-I's work fit into the evolving world of Web services standards?

Manes said WS-I conceivably lays the groundwork for federation efforts such as Project Liberty's Web Services Framework, which allows business users to associate identity with a service. This would, for example, allow corporate employees to query colleagues' calendar services to schedule meetings.