A comprehensive security framework is necessary that addresses today's Web service needs and is also sufficiently flexible to support the requirements of future applications. Figure 8-8 depicts a Web services security roadmap that, once fully specified, will provide such a framework. This roadmap is based on a document entitled "Security in a Web Services World: A Proposed Architecture and Roadmap" that was jointly submitted by IBM and Microsoft.
Figure 8-8. Web services security roadmap.
A summary of each specification in Figure 8-8 follows. All of these are forward-looking specifications, with the exception of WS-Security, which is fairly well defined.
The combination of all of these specifications will result in a comprehensive framework that supports and enables securing of many scenarios that are not possible today.
In the next section, we take a more detailed look at WS-Security and how it builds on SOAP to provide message integrity and confidentiality.