Sun edges towards IBM and Microsoft on Web Services
Palo Alto, California-based Sun will support submission of WS-Security to the Organization for the Advancement of Structured Information Standards (OASIS).
If adopted, WS-Security would pass to an OASIS technical committee to be developed and modified with input from other vendors. Until now, the two-month old specification has been the work of just IBM, Microsoft and VeriSign Inc.
Sun's inclusion in this web services security initiative could help heal a growing rift between vendors over web services specifications. The split has seen IBM and Microsoft in one camp and Sun firmly in the other.
Tensions were sparked with the formation of the Web Services Interoperability (WS-I) organization in February. Sponsored by Microsoft and IBM, Sun was believed to have been excluded with the support of Microsoft chairman and chief software architect Bill Gates.
Sun, meanwhile, helped initiate the Liberty Alliance Project for secure network identity against Microsoft's plan for federated Passport. Sun has pledged directory products based on Liberty specifications - due for publication next month - in the next quarter.
Sun also announced the Web Service Choreography Interface (WSCI), to describe and manage the flow of elements inside a web service. WSCI is backed by BEA Systems Inc, SAP AG and little-known business process management vendor Intalio Inc.
Sun is believed to have been approached over WS-Security by IBM, and Sun's director of Liberty Alliance technology Bill Smith said Sun would develop as-yet unspecified future products supporting WS-Security. "We will be committing resources to this," he said.
Smith, who sits on Liberty's board, added Liberty could end up supporting WS-Security in its own specifications. Microsoft and IBM have been absent from Liberty, while developing the federated version of Redmond, Washington-based Microsoft's Passport. Liberty members have held discussions with Microsoft to join the organization.
"There is the possibility of [WS-Security's] use within Liberty," Smith said. He added, though, Liberty was still not up-to-speed on details of WS-Security.
"Liberty is driving a specification for network identity. WS Security is about secure messaging. Liberty needs secure messaging and may rely on WS Security in some context," Smith said.
WS-Security, announced in April, defines a standard set of Simple Object Access Protocol (SOAP) extensions or message headers to ensure the confidentiality and integrity of messages exchanged in web services environments. WS-Security is the first in a set of six security and communication specifications for web services, initially based on Microsoft technology.
A spokesperson for Liberty said: "We will look at WS-Security as one of many existing specifications."
Smith said it endorsed the decision to submit WS-Security to OASIS as a means of opening the specification to public scrutiny and ensuring development on a royalty-free basis. Royalty free became an issue since IBM recently highlighted its ownership of patents on certain technologies in ebXML.
"As soon as [WS-Security] is made publicly available we can take a look at it and see the major technology holes and the issues. Before, it was done behind closed doors... and the terms that underlay the technology were unclear," Smith said.
Other companies which will also participate in WS-Security development are Baltimore Technologies Plc, BEA Systems, Cisco Systems Inc, Documentum Inc, Entrust Inc, Intel Corp, IONA Technologies, Netegrity Inc, Novell Inc, Oblix Inc, OpenNetwork Inc, RSA Security Inc, SAP AG and Systinet Corp.