News

Microsoft Releases Web Services Security Spec

IBM and VeriSign to join Microsoft in developing specifications.

(New Orleans, Louisiana) Microsoft's new emphasis on security gained several prominent industry partners today with the announcement that the company has joined forces with IBM Corp. and VeriSign on a Web services security specification.

The partnership is a "roadmap for six specifications that talk about security from end to end," Microsoft vice president for .NET Enterprise Servers Paul Flessner announced at Thursday's TechEd keynote presentation.

The new specification, which the companies are calling WS-Security, "provides standard mechanisms to exchange secure, signed messages in a Web services environment, and provides an important foundation layer that will help developers build more secure and broadly interoperable Web services," according to a Microsoft press release. Currently, there are no agreed-upon rules for Web services security, and many of the industry's heavy hitters, including IBM, Hewlett-Packard, Oracle, Sun and Microsoft are developing and implementing Web services frameworks.

At the heart of the model is an effort to bring together disparate security technologies like Public Key Infrastructure (PKI) and Kerberos for protecting the integrity and confidentiality of messages, "as well as mechanisms for associating security-related claims with the message," according to a joint Microsoft-IBM white paper on the subject, available at http://msdn.microsoft.com/ws-security/.

Another key to WS-Security is its interoperability. It utilizes common Web services standards like XML and SOAP, allowing companies to configure their environments for the appropriate level of security across any platform.

The other proposed specifications include a modular approach to security, broken down into two general categories: the first three—WS-Policy, WS-Trust and WS-Privacy—relate to setting up a secure session and establishing privacy guidelines, while the second group—WS-Secure Conversation, WS-Federation and WS-Authorization—deals with message security, interoperability between different systems and authorization policies.

Web services is key to Microsoft's .NET strategy of connecting disparate systems for data exchange, and ensuring privacy and security is key to the success of .NET. Microsoft recently suffered a blow when the My Services initiative, formerly known as Hailstorm, was killed, partially due to concerns about Microsoft's ability to keep safe and secure data for millions of users in one repository. With .NET being a much bigger, broader and more important program, collaborating with companies like IBM and especially VeriSign, which provides digital certificates verifying the authenticity of information for much of the Internet, Microsoft is attempting to allay fears about how seriously it takes security.

WS-Security has yet to be submitted to a standards body.

About the Author

Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.