Security standard gains a new ally

It used to be called “”co-opetition,”” but it’s really just smart planning.

This week, Sun Microsystems decided to go along with IBM, Microsoft and VeriSign by supporting the Web Services Security (WS-Security) standard. Sun joined the party after the spec was submitted to the Organization for

the Advancement of Structured Information Standards (OASIS), which promotes other standards such as extensible markup language (XML) and standard generalized markup language (SGML). The transfer to a less-partisan organization, along with royalty-free licensing, apparently won Sun (and other companies) over to the cause.

Just over two months old, WS-Security encrypts information and maintains its confidentiality when shared among companies over the Web. It’s a joint IBM and Microsoft effort and works within the simple object access protocol (SOAP).

The announcement may not be earth-shattering news, but it is a step forward in making good on the promise of Web service interoperability.

First, there’s no way solely proprietary technologies can offer the level of compatibility needed for enterprise-level transactions on the Web.

Second, security is crucial to making Web services work.

On both points, greater co-operation among vendors is a good thing.

Of course, there’s a lot of politicking going on, and it’s about as complicated as the technology itself. Sun execs have fretted about IBM and Microsoft possibly charging royalties for the use of their Web services technologies. At the same time, Sun has also been cosying up to the Web Services Interoperability (WS-I) Organization, trying to gain the same status as founding members Microsoft and IBM. Also, last month, evidence from the ongoing Microsoft antitrust trial revealed possible attempts to curtail Sun’s involvement in the WS-I by none other than Bill Gates and co.

That’s hardly conducive to building cross-platform, enterprise-level software for Web services. But in spite of all the backstabbing and bickering, it just might work.

If developers are able to keep focused on the big picture (open standards) and not get caught up in short-sighted fights over licensing, Web services may arrive sooner than later. The key here is a shared understanding of the longer-term benefits over more immediate opportunities. Trying to corner the market with your own technology may work for operating systems, but not the Web.

Admittedly, the stakes are high, so it’s not difficult to understand the squabbling. IDC predicts the revenues from combined services, software and hardware generated from the global Web services market will shoot from US$1.6 billion in 2004 to a whopping $34 billion by 2007. That’s a pretty good compound annual growth rate — if the forecast holds true.

The jockeying is far from over, but at least there’s been some improvement. Security is a key factor in making Web services work, as is building broader industry-wide support for open technologies. Putting WS-Security in the hands of OASIS and committing to a royalty-free model helps build trust among vendors. Let’s hope it continues.

johnsaunders@sympatico.ca

Share on LinkedIn Share with Google+