Web Services Insecurity

Back in 2002, only 5% of businesses had finished Web-services projects, according to IDC. But over the next couple of years, most organizations will have deployed Web services in one form or another, and the overall market should be worth a whopping $21 billion by 2007.But as more businesses come to depend on Web services, they are also becoming concerned about security. This is especially critical when Web services are deployed on the "edge" of the enterprise, as they increasingly are. Web services are generally perceived to be less secure than other aspects of IT specifically due to the fact that Web services applications must increasingly interact with applications from outside suppliers, partners, and customers.

This week, we have a great feature that delves into the issue of Web services security. The author, Martin J. Garvey, points out that the lack of a standard approach to Web-services security doesn't help with the situation. Although there are a number of industrial initiatives, none has yet emerged as a clear winner. Still, emerging standards such as WS-Security, the Security Assertion Markup Language (SAML), and WS-Trust are helping companies confirm the identity of companies and applications requesting access by monitoring the exchange of tokens and credentials, making sure that data is properly encrypted, and requiring that information is exchanged in a standard format. Implementation of these standards promises to help speed deployment of Web services initiatives. Read on to see what else Martin has to say about Web services security.

We also had the results of a readers' poll on the enterprise service bus (ESB). The results were instructive. Although ESB is one of the hottest buzzwords in the SOA vocabulary these days, it turns out that a significant proportion of people aren't quite sure what an ESB actually is. Only 13 percent of respondents have already implemented an ESB; 18 percent are planning to implement an ESB within the next twelve months. Another 16 percent have no plans at all to implement an ESB, and a startling 52 percent asked, "what's an ESB?" For anyone in the latter category, we published an ESB primer several months ago that hopefully explains this concept satisfactorily, including a round up of all the disagreements about this concept even among experts in the field.

Finally, we have the winners from the Great Tech Call 'Em Like You See 'Em Contest. If you remember, back in June, we sponsored a four-part contest that invited you to write essays about your favorite hardware, software, future tech, and help desk experiences. Well, the winners are in, and they're terrific. Check them out.

That's all for this week. As always, let me know what you think about these articles and anything else we've posted on SOA Pipeline. And have a good one.