The Web Services Interoperability Organization (WS-I) has published the WS-I Basic Security Profile (BSP 1.0), a guide for making sure Web services are secure and interoperable.
Web services (define), or communication between disparate applications, can automate certain business transactions, including order fulfillment for supply chains and services.
Many companies are considering using Web services but cannot build their own, and the lack of security, interoperability and management as part of a standards framework prohibits businesses from adopting them.
Burton Group analyst Anne Thomas Manes said BSP 1.0 builds on the Basic Profile 1.1 from WS-I and is designed to make Web services safe and practical over the Internet.
The document focuses on the interoperability traits for HTTP over TLS and Web Services Security: SOAP Message Security.
HTTP over TLS secures the confidentiality of information that flows over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP (define) messages and their attachments across several disparate nodes.
The BSP 1.0 also incorporates the following components of OASIS' Web Services Security standards: Username Token Profile, X.509 Certificate Token Profile, Kerberos Token Profile, SAML Token Profile and XRML Token Profile.
The new document was approved by the WS-I board after IBM, Microsoft, Novell, Oracle and SAP demonstrated interoperability of BSP 1.0.
Manes said documents such as BSP 1.0 are necessary to remove some of the interoperability stumbling blocks developers run into.
"One of the challenges we have with specifications is that specifications are designed to support a lot of different cases and offer a lot of different options," Manes said.
"When you're a developer who's trying to implement a particular specification, sometimes it's hard to figure out how to interpret the specifics and the options supplied by a specification. That tends to lead to interoperability challenges."
Profiles such as BSP 1.0, Manes said, are a strong indicator that a specification is ready for prime time.