Scott Dietzen urged customers to critically examine whether suppliers are committed to IBM and Microsoft’s WS-Security specification, as he believes it is here to stay.
Dietzen cautioned, though, work remained on WS-Security, adding the specification could learn a thing or two from the Liberty Alliance Project’s activities.
Speaking at the Burton Group’s Catalyst Conference in San Francisco, California, Dietzen – like IBM and Microsoft earlier in the week – advocated convergence of Liberty with IBM and Microsoft’s WS- roadmap of specifications.
BEA is a member of Liberty but has provided input into WS- specifications via WS-Federation, announced last week. BEA also supports WS-Security and Security Assertion Markup Language (SAML), a cornerstone assertion used by Liberty, in products.
Dietzen endorsed interoperability between Liberty and the WS- stack but called convergence a good thing. Our hope is we can converge these things around a single unified model. Not that there are competing stacks, Dietzen said.
He indicated, though, WS-Security remains some months from final completion. WS-Security is pretty close with support for PKI, SAML, X.509, usernames and passwords, he said, but the specification requires more time to cook.
He added: The WS- specification effort needs to look at Liberty.
Despite this, Dietzen expressed firm support for WS-Security. The specification defines a set of Simple Object Access Protocol (SOAP) extensions that support multiple security and authentication tokens and encryption technologies.
WS-Security fits with WS-Federation, to describe how information is federated across multiple systems, and WS-Trust, to enable applications to construct trusted SOAP message exchanges.
Anyone that doesn’t have WS-Security today better have a roadmap where they deliver it in two and a half years or I would question their approach, Dietzen said.
Source: Computerwire
