One of the most active parts of the XML Web services community is the groups developing security standards.
Today, we have more than 40 security standards in various stages of specification at several different organizations, as well as various implementations in similar states of completion and conformance.
On the one hand, this is good news, because good security is crucial to the widespread adoption of XML Web services. One of the expected benefits of XML Web services is a more direct connection between back-office systems and a larger group of potential customers by providing a common set of "Web middleware" that removes barriers to connecting. In order for this to happen without undue risk, security standards are needed that can provide assurances about identity, message content and data protection.
On the other hand, the number of security-related specifications (not to mention their page count!) can overwhelm all but a vast team of the most dedicated architects or developers. This article provides a road map to help you pick your way through the major players and the specs they're writing.
It's helpful to view the development of Web services security standards as a pipeline with three parts: initial development, standardization and profiling.
