MS and IBM demo secure Web services
Milestone of sorts
Web Service interoperability between the Microsoft and IBM environments using tools compliant with the WS-Security specification was successfully demonstrated for the first time earlier this week.
SSL and web server-enforced security is generally considered inadequate when deploying mission critical Web Services on the Net. To address this, IBM and Microsoft helped develop products compliant with the WS-Security specification.
Microsoft worked with CBDI Forum, an independent industry analyst and think tank specialising in Web Services, to show WS-Security based protocols enabling systems from multiple vendors to interoperate successfully.
For its demo, CBDI used the recently released Microsoft Web Services Enhancements (WSE).NET product, together with the alpha release of Web Services Toolkit (WSTK) for IBM WebSphere. With these tools it showed, using signed and encrypted messages, that the applications at both ends of a conversation can have confidence that the sender is authentic and the message has not been tampered with or read by a third party.
Microsoft described the demonstration as a "milestone" along the path to a standards based approach for Web services security.
Striking a more cautious note, the CBDI Forum said the "WS-Security SOAP enhancement is just one aspect of interoperability", albeit an important factor in Web services for the future.
More information here. ®