Web Services Security Spec Sent to OASIS

Aiming to address critical security issues that still hang over Web services, the powerhouse triumvirate of VeriSign , IBM , and Microsoft Thursday submitted their Web Services Security (WS-Security)
specification to the OASIS standards body.

Analysts have long considered security one of the missing pieces hampering the adoption of Web services technologies, which allow
the rapid integration of disparate platforms and legacy systems, applications and information. Even more tantalizing is the
possibility of supply chain integration by tying together the systems of partners, customers and suppliers. But before that can
happen on a large scale, the security issues must be addressed.

WS-Security defines a set of SOAP extensions which can be used to implement integrity and confidentiality in Web
services applications, laying the groundwork for higher-level facilities like federation, policy and trust.

The three companies are making the specification available royalty-free, and even Sun Microsystems , which has
been opposing IBM and Microsoft by backing the development of rival specifications, threw its support behind the WS-Security
specification and said it would participate in the OASIS development effort.

Other firms which promised to back the specification include Baltimore Technologies, BEA Systems, Cisco Systems, Documentum, Entrust, Intel, IONA, Netegrity, Novell,
Oblix, OpenNetwork, RSA Security, SAP, and Systinet.

VeriSign, IBM and Microsoft have five more security specifications planned in the next year and a half.