Advertisers
Click here to advertise your jobs
to thousands of job seekers
monthly.
|
|
|
Analysis Careers Ebusiness Education Government ICT Management Legal Issues Security Society Technology Trends Search for Jobs Build a Resume Media Releases Contact Us Privacy Policy Email the Editor IDG registered user login Subscribe to IDG Publications    |
News - Software vendors planning XML-based spec20/12/2000 17:11:26
A dozen vendors have said they will produce a security specification for XML to help XML-based applications share user authentication and authorisation information across online supply-chain environments or trading exchanges. These industry backers say the specification, called the Security Services Markup Language - or S2ML for short - is nearly complete, and they expect to soon submit the technology as a proposed standard to the World Wide Web Consortium (W3C) and Oasis, an organisation working on XML technical and business issues. Backers of the S2ML spec include Netegrity, Sun Microsystems, WebMethods, VeriSign, Art Technology Group, PricewaterhouseCoopers, Tibco Software, Jamcracker, Bowstreet Software and Commerce One, among others. "S2ML is intended for use in e-commerce where companies distribute transactions across sites, such as exchanges or supply-chain hubs," said Bill Bartow, vice president of marketing at Netegrity, which provides Web-access and control software. "How do companies that have completely different platforms exchange information about authenticated users and authorisation? We think S2ML addresses this barrier." Dave Hofert, senior marketing manager at Sun's XML Technology Center, claims S2ML will provide a way to built standardised security services into e-commerce applications using XML, including those built with another XML spec called ebXML. Other vendors say they expect the S2ML-style authentication and authorisation to eventually replace the proprietary methods they use in their products today to capture and store authentication information, such as passwords and IDs. "This is going to allow Web server and application servers to operate in a standard way to define authorisation entitlements," said Jeremy Epstein, principal security architect at WebMethods. However, the backers behind S2ML admit they have not yet tested the nearly finalised specification in cross-vendor applications to determine its operational viability. Previous industry efforts to create a common specification - including one called the Authorisation APIs, which has been approved by the Open Group - have had a modicum of success but found limited adoption. But backers of S2ML claim that the ease of working with XML metatags will make it fairly easy to implement. In online marketplaces, for example, the user authentication data could be inserted inside an XML document to travel with the user across the site, while the exchange would provide a way to gather up the XML-based security information and push it over to another part of the exchange, they argue. "This way, a buyer could move from the buyside part of the exchange into the sellside without having to repeat the authentication again," Bartow suggested. The vendors anticipate completing the specification within a month, submitting S2ML to the W3C and Oasis for review. Several vendors, though, said the W3C is not moving quickly enough on XML standards, and they foresee faster action over at Oasis. Wide-reaching dividends By recruiting representatives of the Java platform space, security, b-to-b, and managed services arena to collaborate on the new standard's design, S2ML will pay wide-reaching open standard dividends by being built directly into products, said John Pescatore, vice-president and research director at Gartner Group. "[Many clients] have a set of totally different rules, security rules, and business rules, trying to do the same thing in two different languages with no connection between them," Pescatore said. "XML seems a likely way to make a bridge between these two languages." Pescatore said S2ML will be highly visible in "hub and spoke" distributor type sites, citing Exxon-Mobil or General Electric as examples of managing internal and distribution sites without needing proprietary language to share privileges and access rights information between disparate systems. He said it bears watching how some of the bigger guns on the market react to the new standard. "There will be many competing approaches. The big guys haven't weighed in yet. They can really torpedo things and freeze anybody from moving on to this." S2ML defines standard XML schemas and XML request/response protocol for authentication and authorisation through XML documents, according to Bartow. The standard will support HTTP and SOAP (Simple Object Access Protocol) and b-to-b messaging frameworks including ebXML. Ellen Messmer
[ Printer Friendly Version ] [ Other stories about PricewaterhouseCoopers, Netegrity, Sun Microsystems, TIBCO Software, VeriSign, Jamcracker, webMethods, Commerce One, Art Technology Group, Tibco, PriceWaterHouseCoopers, General Electric, Open Group, Bowstreet, World Wide Web Consortium, Gartner, W3C, Gartner Group ] |
