This document describes a proposed strategy for addressing security within a Web service environment. It defines a comprehensive Web service security model that supports, integrates and unifies several popular security models, mechanisms, and technologies (including both symmetric and public key technologies) . . .
This document describes a proposed strategy for addressing security within a Web service environment. It defines a comprehensive Web service security model that supports, integrates and unifies several popular security models, mechanisms, and technologies (including both symmetric and public key technologies) in a way that enables a variety of systems to securely interoperate in a platform- and language-neutral manner. It also describes a set of specifications and scenarios that show how these specifications might be used together.

A key benefit of the emerging Web services architecture is the ability to deliver integrated, interoperable solutions. Ensuring the integrity, confidentiality and security of Web services through the application of a comprehensive security model is critical, both for organizations and their customers.

Responding to concerns expressed both from our customers and the industry, IBM and Microsoft have collaborated on this proposed Web services security plan and roadmap for developing a set of Web Service Security specifications that address how to provide protection for messages exchanged in a Web service environment.

For the first time, we have created a security model that brings together formerly incompatible security technologies such as public key infrastructure, Kerberos, and others. In short, this is not an idealized framework but a practical one that can allow us to build secure Web services in the heterogeneous IT world in which our customers live today.

The link for this article located at developerWorks is no longer available.