OASIS Stamps Approval on Provisioning Standard

Previously, there was no one way to do this in a uniform manner. With SPML, companies don’t have to waste what could be millions of dollars on development work in order to get people provisioned or deprovisioned, said ZapThink Senior Analyst Ronald Schmelzer.

“What this means for companies is that as they purchase applications that require some sort of user access, they should make sure that they have a standard way of provisioning users on, and deprovisioning users from that application,” Schmelzer told internetnews.com.

“SPML will most likely work within a broader framework for enterprise-wide security infrastructure such as those provided by other standardization initiatives, such as WS-Security and WS-Policy,” he said. “WS-Security and WS-Policy are more concerned with specific user access to business logic, but there are clearly going to be cases when the two specifications will need to overlap. At the very least, any comprehensive security platform for Web Services will need to handle both of these sets of specifications — provisioning of physical and virtual assets and the access to these applications.”

Read more at: Internetnews.com

Web services ID management touted

“SPML adds to the identity management capabilities by providing a standard way in which access to these critical infrastructure resources can be granted or denied,” said analyst Ronald Schmelzer of ZapThink in Waltham, Mass. “This means that companies can build applications that have strict identity and security policies without having to do so in a proprietary and noninteroperable manner.”

“While SPML has more to do with provisioning physical access to specific resources, there is definitely potential for overlap or at least complementary offering to the WS-Security and WS-Policy specifications,” Schmelzer said.

Read more at: InfoWorld

OASIS Forms Committee to Promote BPEL

Ronald Schmelzer, an analyst with ZapThink LLC, a Cambridge, Mass., market research firm, said: “The submission of BPEL to OASIS is a great step for BPEL as well as Web Services in general. BPEL is a key specification aimed at providing a mechanism by which Web Services can be orchestrated into business processes, which can then be exchanged and choreographed with external processes. Business process is a critical aspect of adoption of Web Services and especially Service-Oriented Architectures since business processes are how companies define their business requirements that must then be implemented with Web Services. Without process, all you have is a jumble of Web Services. Specifications like BPEL bring order to the chaos by specifying a logical flow by which Web Services can be orchestrated to meet defined business requirements.”

Read more at: eWeek

Overview of Web Services Security

Download File

Web Services Security Technologies & Markets

Download File

Web Services Security

Download File

What You Need to Know About Web Services Security

Download File

“Five Things You Should Know About Internet Identity”

For instance, consulting company ZapThink was very critical of the initial Liberty release, in large part because it fails to respect the privacy of users, said Jason Bloomberg, ZapThink analyst. “It’s as much about perception as it is reality,” said Bloomberg. “Version one leaves open for discussion how to manage privacy issues surrounding user information. They say it’s up to the policies of individual companies, or that it may be further addressed in version two [of the specification].”

Read more at: InternetWeek

ZapNote: Waveset

Download File

XML and Web Services Security

Security is the immediate roadblock facing widespread implementation of Web Services technologies across the enterprise. As a result, many software vendors are throwing their hat into the XML and Web Services security ring, offering a broad and confusing number of solutions to a variety of real and perceived problems. However, much of this effort amounts to jostling for defensible market positioning ahead of a solid demand for enterprise-class XML and Web Security products and services. As a result, ZapThink believes that the emerging market for XML and Web Services security solutions will be characterized by a period of turbulence, as companies struggle to clarify their messages and shake the kinks out of their product offerings.