OASIS, W3C to Helm Web Services Security Forum

The two most influential organizations steering the Web services ship will team together later this month to cosponsor the Forum on
Security Standards for Web Services, as part of the XML Web Services One conference in Boston.

On August 26, the Organization for the Advancement of Structured Information Standards (OASIS) and the World Wide Web Consortium (W3C) will lead the conference
attendees on what has undoubtedly become one of the hottest topics in the Web services sector this year — the question of security
across networks that deliver Web services.

For example, rancorous debate has reigned over whether Microsoft’s Passport, a single sign-on authentication service that
precipitates the use of Web services from the software giant, is safe for users. Together, OASIS and W3C will provide an overview of the Web services
security work currently being accomplished at W3C, OASIS, and other standards groups.

Topics at the Forum on Security Standards for Web Services will run the gamut of security issues and specs for Web services, including updates
on the status of specifications such as XML Signature (XML-SIG),
XML Key Management Specification (XKMS), XML
Encryption (Xenc)
, the developing model for Web Services Architecture and the security segment from W3C, as well as the Security
Authorization Markup Language (SAML) , WS-Security, and standards for access control, provisioning, biometrics and
digital rights from OASIS.

Web services research firm ZapThink has asserted that the major roadblock on the path to Web Services adoption is security.

Estimating the Web services security market will hit $4.4 billion by 2006, ZapThink analyst Jason Bloomberg said that although the
benefits of saving time and money with Web services are well publicized, the lack of security inhibits the ability for companies to
conduct business with each over the Internet.

“You can’t just buy a little security,” Bloomberg said in a research report. “You have to cover all the bases to be secure.”

As Daniel J. Weitzner, W3C’s Technology and Society Domain Leader, and Karl Best, director of technical operations for OASIS, sum it
up, the conference is about getting together to discuss who is working on what standards — and how to make them work together to
create the best possible schema for securing Web services.

“People are very much aware that security standards are critical for Web services, but there are a lot of questions about who is
doing what and how the pieces fit together,” Best said. “W3C and OASIS are coming together to host this forum in order to give the
community a better understanding of the relationship between security standards and shed light on connects,
disconnects, overlaps, and gaps.”

The Forum, for which more details may be found here, will feature speakers
from Sun Microsystems, Verisign, and the U.S. Federal Government. Experts from the Liberty
will also participate.

News Around the Web