Implementing Secure Web Services in B2B Environments

Businesses are increasingly seeing Web Services as both a practical and economical way to solve a number of long-standing integration issues. While such companies are using many Web Services and Service-Oriented Architecture (SOA) approaches to solve integration issues behind the corporate firewall, many companies are also finding significant success in deploying Web Services to solve their business-to-business (B2B) integration challenges.

Yet, successful deployment of B2B Web Services involves careful consideration of a number of significant issues, not the least of which is making sure that the Services interactions between companies are secured and reliable. This whitepaper illustrates how companies can surmount their security challenges as they roll out B2B Web Services solutions. Showing how different industries have approached their B2B Web Services deployments, this paper explains how companies can tackle different aspects of security, from confidentiality to authentication and identity, in a straightforward, cost-effective manner that meets their integration needs.

Is now the time to manage Web services?

In the meantime, vendors in the Web services management arena have been playing a near-constant game of musical chairs. “There are a lot of vendors, and they’re all trying to figure out their niche,” explained Jason Bloomberg, senior analyst at consultancy ZapThink LLC in Waltham, Mass. “They’re all changing their story and moving around,” trying to figure out the most appropriate mix of features to meet customers’ needs.

Another big difference from even a year ago, noted ZapThink’s Bloomberg, is that “last year we saw soup-to-nuts functionality,” where every vendor implemented virtually every feature one could ever want in a management package. Now, however, some suppliers are starting to specialize in certain niches — managing or creating service-level agreements, for instance, or audit and version control. Some are targeting security as a core feature, while others are working to ensure that their management suites work with existing Web security leaders like VeriSign and Netegrity.

Read more at: Application Development Trends

Liberty Alliance Touts Adoption Of Identity Standard

Wednesday’s announcement showed that the alliance was making progress in building the foundation for widespread adoption of its technology, Ronald Schmelzer, analyst for ZapThink LLC, said. Beyond information technology products, Liberty will have to show that major retailers, banks, credit card companies and more are also adopting the technology, since those are the companies that will have direct contact with consumers.

That, however, is expected to take time, since companies have only recently started installing identity-management software, Schmelzer said. Those systems will have to be in place first, before they can start using Liberty standards in sharing customer data during transactions.

“Companies have yet to build good, robust identity management systems in general, but that’s rapidly changing,” Schmelzer said. “Companies are implementing them very rapidly. That’s a really hot growth area.”

In the meantime, Liberty Alliance has a potential competitor in the Web Services-Federation Specification under development by IBM, Microsoft Corp., BEA Systems Inc., RSA Security Inc. and Verisign Inc., Schmelzer said.

Nevertheless, IBM supporting Liberty is an “important step, and a positive one” he said. “There’s nothing negative about this announcement.”

Read more at: TechWeb

Web Services Management

Of all the markets that the rush to capitalize on Web Services and Service-Oriented Architectures (SOA) spawned, the space known as Web Services Management (WSM) is likely the most turbulent. Marked by a large number of new entrant vendors and cutthroat competition for a steadily increasing number of customers, WSM products have come to offer a core set of functionality as well as many of the key capabilities necessary for companies to build and run SOAs.

In spite of significant press and early adopter attention to the vendors in this space, there have been too many vendors chasing too few deals, and as a result, most WSM vendors have reconfigured their product and marketing strategies at least once, as they seek the right niche to build the customer traction so critical to their survival. As a result, the WSM market is filled with short-term fragmentation, as vendors jockey for position, and longer-term consolidation, as incumbent vendors make strategic acquisitions and build their WSM capabilities as the market matures.

This report provides WSM vendors with the perspective they need to focus their market and product strategies for the next one to two years, and it illustrates the complete WSM landscape for end-users, enabling them to understand which vendors will be able to provide the capabilities they require, both now and as they build out their Service-Oriented Architectures.

ZapThink: Web Services Management Market Set To Expand Dramatically; Growth Tempered by Fragmentation of Market Leading to Dominance by Incumbent Vendors

“Companies are coming to understand that Web Services Management is critical for both the operation of Web Services as well as SOAs,” said Jason Bloomberg, Senior Analyst with ZapThink. “As a result, vendors in this space are finding customer traction by offering a range of different capabilities, from monitoring, to SOA enablement, to metadata management.”

Read more at: BusinessWire

OASIS ratifies core security spec

“This standard is quite an important step,” said ZapThink LLC senior analyst Jason Bloomberg. “This is a key security standard in the Web Services series [of specs]. Ratification of this as a standard is important to the ability of enterprises to use the standard.”

“WS-Security handles the interoperability of the different security specifications,” Bloomberg said. “It’s like a level of abstraction above Kerberos, PKI, SSL and others.”

“Vendors have already been building WS-Security products for a while now. They don’t want to wait [for ratification],” Bloomberg said. “Every time a specification goes through a revision like this, vendors have to adjust. This will signal the next phase, so to speak.”

Read more at: TechTarget

Web services security vendors focus on access control, XML firewalls

That hasn’t changed much, as customers wait for vendors to finalize standards such as XML Key Management Specification (XKMS is for managing the keys needed to encrypt and decrypt Web services messages), says Jason Bloomberg, a senior analyst at ZapThink, an analysis and consulting firm in Waltham, Mass.

Single-point authentication and access control are important because Web services can’t make users more efficient if those users have to enter a new user ID and password each time their request hits another application. “Larger entities might have [10,000, 20,000] or 30,000 users,” says Bloomberg, each of whom might have different access rights on dozens of different systems — access rights that need to be changed, or even withdrawn, as the employee’s responsibilities change or they leave the company.

Major vendors such as Microsoft, IBM and Sun Microsystems Inc. are building Web services security into their broader product platforms. Sun “has leadership in the directory space with their Directory Server,” says Bloomberg, which is the foundation for the Sun ONE Identity Server. Microsoft has also announced plans for a technology code-named “TrustBridge,” which would allow secure authentication of users, and sharing of their user identities across business and security boundaries.

Read more at: SearchWin2000

Tech Update Software Infrastructure

Decision-makers have a new vendor to consider thanks to Novell’s January release of an identity management solution. “The Nsure Identity Manager is well positioned to be a leader in the enterprise identity management space alongside Netegrity and Oblix,” said Jason Bloomberg, senior analyst for ZapThink.

Read more at: ZDNet

Novell Conjures New ID Management Software

Jason Bloomberg, senior analyst with XML and Web services research firm ZapThink, gave kudos to Novell’s evolution from an operating system and directory company to a competent Web services infrastructure provider.

“The Nsure Identity Manager is well positioned to be a leader in the enterprise identity management space alongside Netegrity and Oblix,” Bloomberg told internetnews.com. “What Novell can offer that these other, more specialized vendors cannot is a much broader solution set for companies moving toward Service-oriented architectures (SOAs).”

Bloomberg said Novell’s exteNd product provides application development and integration capabilities, which, when bundled with Nsure, will offer customers a broad set of tools for building and securing SOAs that few competitors can touch.

Such product suites are considered an important linchpin to help Web services succeed, as enterprises are increasingly demanding products that bridge communications between employees and partners.

“Identity management is becoming increasingly important because applications are no longer discrete, isolated islands of information in the enterprise,” said ZapThink Senior Analyst Ronald Schmelzer. “The movement to standards-based computing… means that systems are increasingly being shared, integrated, and combined into composite applications to power the new class of enterprise applications.”

Read more at: Internetnews.com

Service Orientation Market Trends

While Web Services have been getting the attention through 2003, in 2004 the IT computing story will be focused squarely on Service Orientation. Offering an evolutionary approach to distributed computing that provides greater business agility while enabling companies to use heterogeneous resources more efficiently, Service Orientation, based on established Web Services standards, is set to fundamentally change many different IT markets as enterprises transition to Service-Oriented Architectures.

In particular, the markets of application security, security appliances, system management, application integration, data integration, and business process management are six key markets that will become transformed as vendors in those markets Service-enable their products. Furthermore, there is a window of opportunity for new entrants in each of these markets to build Service-oriented offerings. Those windows will soon close, however, as the established, incumbent vendors in each space consolidate their respective markets.

These consolidation trends will continue through the rest of the decade, as large vendors round out their suites of software that support Service Orientation, resulting in a combined market consisting of vendors offering a full-function SOA Implementation Framework. These frameworks will offer enterprises all the functionality they need to build, run, and manage SOAs. The market for SOA Implementation Frameworks is still nascent as of 2004, but will dominate the distributed computing arena by 2010.