Current State of Web Services Technology

Although Web Services offer a tremendous future for Internet applications, its critics rightly charge that its technology is not yet fully baked. The largest shortcomings of Web Services today are the issues surrounding security. For Web Services intended for free and open access to the world, the SOAP and WSDL standards offer a great framework. However, the issues surrounding security, specifically encrypting access to Web Services and guaranteeing the integrity of messages sent to and from them, are still being worked out.

To help solve these issues, IBM and Microsoft proposed an initial specification for the WS-Security standard. The initial specification addresses three key aspects of securing SOAP requests : authentication, encryption, and message integrity. The road map proposes to build on this foundation with additional specifications for configuring trust relationships and for handling complex security situations. ^[1]

^[1] "Secure Web Services: WS-Security is a Formidable Proposal," Randy Heffner, Giga Information Group 4/15/2002.

Of course, on an intranet, where many Web Services are commonly used, security is not an issue because Web Services are secured like all intranet applications.

Note that the group currently controlling the Web Services security spec is the Organization for the Advancement of Structured Information Standards (OASIS). They can be reached at:

www.oasis-open.org/ committees /tc_home.php?wg_abbrev=wss