First let me say that the base, consolidating specification for Web services security is the WS-Security specification from OASIS. This specification is now out for public review and will probably be an approved specification in another month or two. It is now at the stage where companies can and are building products based on it. Note that there are additional specifications for portions of Web services security that have been released and for which some products have been released.
There are some 36 member companies of the WS-Security security specification of which I expect a number to come out with products in the Web services security space. In addition, we have had about 15 companies participating in the WS-Security interoperability tests. So it can be said that, at a minimum, these companies will have products in this space.
At this time, the major products that are available and support WS-Security are WebSphere from IBM and the .NET extension from Microsoft. Both of these implementations are "developer kits" and are not yet fully supported as a product. In addition, for the most part, they support the original version of the spec. released by IBM, Microsoft and VeriSign. Also, Sun has a developer kit available for download that supports many of the Web services models.
Dig deeper on SOA security strategy
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.