Skip to Content
It has been a little while that my day job has taken all my energies. I haven’t got too many chances to sit and do a little reading on subjects outside my focusing areas. I did it today, browsing the magazines piles on my desk, and I am glad that I did it. A few short articles provide me a good deal briefing about what’s going on around.

I want to share with you one article in the October issue of Application Development Trends magazine, by David Chappell on web services security. It may not be the best article introducing the ws security subject, but it certainly did a good job to me explaining the natures of the problems people are trying to solve today.

It starts with “I can’t help admiring the ambition of people working on Web services security. The problem they face — creating multivendor agreements on authentication, authorization and more for SOAP — is tremendously difficult. Not only that, but in a very real sense, no one has ever solved this problem before. Complete multi-vendor security for distributed applications? Please — it’s been a pipe dream.” (BTW, as one of the “standards” guys, I certainly appreciate the author’s appreciation for the work my colleagues are diligently tackling), it then goes on bringing into the picture related specifications, including ws-security, XML signature, XML encryption, and so on.

One caveat I would like to put here – I am not sure if David is correct indicating a “WS-SecurityPolicy” spec and a “soon-to-be-published protocol”. It might just be my ignorance, but I am not aware such specs in the standards horizon I monitor. The feature covered by the “soon-to-be-published protocol” is being covered by WSDL2.0 and WS-policy. It also might be when the article was written (usually it takes a few months to publish an article) things were not as clear as today and David was using his best knowledge at that time.

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply