New Web Services Security Spec Under Way

An electronic business standards group has formed a committee to create a Web services standard that will improve the sharing of secure, trustworthy XML documents over several applications and domains.

The new OASIS XRI Data Interchange (XDI) committee, which includes chip maker AMD , said the new identity management spec will make it possible for users to automatically exchange Web documents, such as purchase orders, and to assign controls over who has what level of access to shared data.

The specification is based on a “Dataweb” concept provided by a Sammamish, Wash., software company called Cordance. The company says on its Web site that the Dataweb “is more than just XML and Web services, it is a new way to use XML to link data across domains just like the Web links content across domains.”

For example, data from any address books, calendars, inventory levels, price lists, or blog entries, can be shared across two or more Internet applications just like content from any content source can be shared on the Web today.

It can then be actively linked and synchronized so updates can “flow”
between linked domains and applications just like water flows through pipes.

Within OASIS, the Dataweb is represented in the context of XDI, which is based on descriptive identifiers, called Extensible Resource Identifiers (XRI), that determine how to maintain a identity regardless of location.

With XDI, identities represented by XRIs, including people, businesses, devices, or applications, will be able to exchange and synchronize data for the lifetime of a relationship while preserving the security and privacy of that data.

Practical examples include prescribing security and identity attributes across many domains, such as e-business cards across directories; searches across multiple private Web sites; automatic data synchronization across computing devices such as desktops, laptops or PDAs; and automated site registration.

“The goal of XDI is to do for controlled data sharing what the Web did for open content sharing,” said Drummond Reed, co-convenor of the OASIS XDI Technical Committee and employee of Cordance. “XDI does not displace any specialized XML vocabulary designed to support specific applications or Web services. Rather, it augments them by providing a standard, generalized way to identify, describe, exchange, link, and synchronize other XML documents encoded in any XML language or schema.”

XDI committee members include AMD, AmSoft Systems, Booz Allen Hamilton, Cordance, Epok, Neustar and NRI.

The formation of the group and planned spec come at a time when wholesale Web services adoption remains stuck in the mire because of the lack of proven security standards.

Experts from several companies currently crafting Web services standards and frameworks, including IBM and Sun Microsystems, got together at a conference in New York earlier this week to stress the need for the secure delivery of electronic documents, such as purchase orders.

But security isn’t the only roadblock to implementing Web services.

IBM Senior Program Director and Web Services Interoperability consortium (WS-I) Director Tom Glover said management and interoperability are other areas standards bodies such as the WS-I, OASIS, the World Wide Web consortium (W3C), and their member vendors are currently attempting to address.

News Around the Web