Delegates to the conference last week feared being caught out by immature, overlapping standards, or by vendors implementing agreed standards differently. Others expressed concern about the shortage of skills needed to use standard Internet technologies, such as XML and Simple Object Access Protocol, to link disparate applications into Web services.
In an effort to allay such fears, two groups working on key Web services standards - the World Wide Web Consortium and the Organisation for the Advancement of Structured Information Standards (OASIS) - gave a day-long joint presentation to delegates.
However, some users were left with as many questions as answers. Chet Ensign, senior director of architecture and development services business information group LexisNexis, said: "My nightmare would be a standards arms race." Ensign, who gave a user presentation at the forum, said: "Everyone outside the small groups of security specialists working on this problem is confused. We don't yet see a clear story of what the problems are, the framework for how the security will be provided and how the individual efforts fit together."
Ensign highlighted a potential overlap with three standards - Security Assertion Markup Language, Extensible Access Control Markup Language and Extensible Rights Markup Language. "That's an expensive problem to solve if we have to invent our own solution to every single permissions issue as it comes along," Ensign said.
Kevin Cronin, chief technical architect at Niteo Partners, a services firm owned by NEC, said its clients in the financial services industry were concerned about overlapping security standards. Until the issues were resolved, he said, the use of Web services might be limited at the retail banking level.
Stephen Whitlock, enterprise security architect at aircraft manufacturer Boeing, said: "Having been burned several times, I still need something that is multi vendor, interoperable and not driven by one or two vendors. We need some assurance that it's going to work and that we can switch vendors if we need to."
Despite the doubts being expressed, Patrick Gannon, president and chief executive of OASIS, advised companies to take part in pilots now so they will be ready to undertake more extensive projects as Web services standards mature over the next two years.