The jointly developed specification, called WS-Security, defines a set of SOAP (Simple Object Access Protocol) extensions and describes how to exchange secure and signed messages in a Web-services environment, providing a foundation for Web-services security, Microsoft, IBM and Verisign said in a joint statement.
Web services are software applications or components linked together over the Internet using a standards-based approach. SOAP, itself based on XML (Extensible Markup Language), is one of the protocols enabling this.
Microsoft, IBM and Verisign said the WS-Security specification will be submitted to a standards body. No submission plan or date was provided.
Microsoft and IBM added that they plan to develop a range of security specifications for Web services together with key customers, partners and standards organisations such as the World Wide Web Consortium (W3C) and the Internet Engineering Task Force.
Six of the other proposed specifications are WS-Policy, WS-Trust, WS-Privacy, WS-Secure Conversation, WS-Federation and WS-Authorisation. These proposed specifications can be grouped into two categories, with the first three dealing with defining security policies, establishing trust relationships and implementing privacy policies, and the last three handling the sending and receiving of messages sent between Web services.
Microsoft, IBM and Verisign, after gaining an official stamp from a standards body, expect implementations from multiple vendors. The Web-services security model should enable businesses to develop secure and interoperable Web services, the three companies said.
The security initiative is not the first joint Web-services initiative involving Microsoft and IBM. In February the pair were part of a consortium that formed the Web Services Interoperability Organisation, a consortium with the goal of ensuring that vendors developing products for Web services implement the most commonly used standards in the same way.