Web services takes another, secure step forward

A standards body is hoping to remove one of the biggest hurdles standing in the way of greater web services adoption.

The Web Services Interoperability Organization (WS-I) on Monday said it has established a working group to sort through overlapping proposals aimed at adding security to web services applications.

The announcement is the latest milestone in the WS-I's long-term plan for web services security. Last month, the organisation said it intends to publish guidelines to show software companies and their customers how to use web services security tools to ensure interoperability across different products.

The WS-I was formed last year at the behest of companies including IBM and Microsoft. The group now has approximately 160 members, including about 20 companies that are not information technology suppliers.

Web services is both a programming method and a series of protocols for building applications that can easily exchange data and processes. Some businesses are already using web services, along with existing security software, as a way to integrate computing systems.

But widespread adoption of web services has been slowed due to disagreement over standards proposals and a lack of key security specifications, among other reasons. For instance, security software used by one company may not work with security tools implemented by another company. A standardised method for reliable security would drive broader usage of web services, according to analysts.

For example, an agreed-upon method for web services security would make it easier to validate the authenticity of business documents sent from one company to another.

The WS-I's security effort comes after a task force spent several months determining the scope of the security problem and the expected needs of businesses. The working group will deliver a security 'profile', or a series of published guidelines on how to adhere to standards in order to guarantee interoperability.

One security specification expected to be under consideration by the WS-I is WS-Security, which is now being developed in the OASIS standards body.

The WS-I said that the security profile will be an extension to the WS-I's basic profile, which describes how to comply with low-level web services communications specifications, including the Simple Object Access Protocol (SOAP) and Web Services Description Language (WSDL).

Martin LaMonica writes for CNET News.com.