IBM is trying to embed its technology at the core of emerging Web
services standards, with the release of a set of application
programming interfaces (APIs) designed to address critical security
and third-party integration needs.
The company says the APIs, to be included in the WebSphere Version
5.1 e-business platform later this year, are designed to give
customers the ability to adopt a best-of-breed approach to
incorporating competing security products into Web services
environments.
Although the plan addresses enterprise concerns regarding the lack
of standards around Web services security, industry executives
argue that IBM risks being accused of pursuing its own agenda and
adding to the myriad security efforts already under
development.
Among the organisations pushing security initiatives are the World
Wide Web Consortium (W3C), the Organization for the Advancement of
Structured Information Standards (Oasis), and even the IBM and
Microsoft-led Web Services Interoperability Organisation (WS-I).
Meanwhile, the Liberty Alliance is expected to announce its
federated, single sign-on (SSO) system for e-commerce late this
month.
"IBM has done a very good job of making itself look very open to
the market, in effect taking away some of the cache Sun has had as
the inventor of Java and developer of the Open Network
Environment," said Laura Koetzle, an analyst at Forrester Research.
"This opening up of WebSphere APIs is an extension of that."
Mike Kass, product manager of Microsoft .net, said his company was
shaking off the proprietary label by delivering .net-ready
standards - such as XML digital signature and XML encryption - that
the software giant has helped present to the W3C.
In other Web services developments, IBM, Microsoft, and VeriSign
have made good on their promises by submitting the latest version
of the WS-Security specification to Oasis for development.
But because Microsoft's ultimate goal is to sell more copies of
Windows and to impede Linux, as well as prevent LDAP from cutting
into Active Directory's installation base, the company is pushing
out "tilted" WS-Security standards to make Web services easier to
pull off in a Windows - not Unix - environment, said John
Pescatore, research director of Internet security at analyst group
Gartner.
Despite its API efforts, IBM has to face the reality that companies
do not want to lock themselves into one centralised server for Web
services security or management. "The vast majority [of customers]
are looking for Web services to make application integration
easier, not to jump into some giant centralised framework for
control," Pescatore said.