Web services have seen a lot of action as of late, with various groups within the industry submitting plans to drive standards.
On April 14 at the RSA Security Conference in San Francisco, the Liberty Alliance announced it has contributed its federated network identity 1.1 specification to the Organization for the Advancement of Structured Information Standards (OASIS).
An OASIS technical committee requested that the Liberty specification be included in future versions of OASIS’ open standard Security Assertion Markup Language (SAML). SAML is an Extensible Markup Language (XML) security-based framework that authenticates and authorizes Web services and has been one of the more crucial components to the Alliance’s federated network architecture.
On the same day, OASIS members talked up a planned standard to define a universal method for exchanging data securely within Web services called the Application Vulnerability Description Language (AVDL). A technical committee has been formed to oversee how outfits will manage application security and is slated to hold its first meeting in May 2003.
On April 16, IBM Corp., Microsoft Corp., and BEA Systems Inc. submitted their own proposal for a Web services standard to OASIS. The Business Process Execution Language for Web Services (BPEL4WS) is a specification that will address automating business processes in complex environments between organizations.
But the standards scene then becomes muddled because the World Wide Web Consortium (W3C) already has similar works in progress. The W3C established a working group for Web services back in January with vendors that include Sun Microsystems Inc., Hewlett-Packard Co. and Oracle Corp.
The Liberty Alliance is online at www.projectliberty.org. W3C is at www.w3.org, and OASIS is online at www.oasis-open.org.