Develop Your Web Services Security Strategy Now 29 August 2003 Back To Security & Privacy Focus Area

	Most Web services applications have been deployed within the relatively secure confines of an enterprise's intranet. Although the widespread deployment of Web services across firewalls is several years away, now is the time to develop the layers of security that eventually will be required for it. Adopt appropriate Web services standards: A wide variety of Web services security standards operate at the protocol, XML and policy levels. These standards are at various stages of development, adoption and maturity. Identify those standards that are required to support your business and application requirements. Develop an identity and access management strategy: Outward-facing Web services applications will require a way to authenticate communications with external business partners, and may require a federated approach to identity and access management. A recent implementation by Southwest Airlines represents a milestone event in the area of SAML-enabled identity management. Make Web services security technology decisions: Web services security platforms (that is, Web services application firewalls) have emerged to provide perimeter protection at the application layer. Web services management platforms enable centralized management, monitoring and security functions. During the next three years, there will be major changes in the general-purpose firewall market and the Web services security technology market that will affect your Web services security options. Develop strategies to protect against new forms of malicious-code attacks: The current set of Web services security standards and technologies can't protect Web services applications from a new class of malicious-code attacks that will emerge as the number of external-facing Web services applications increases. Implement Web services interfaces carefully, with special precautions for enterprise application interfaces.		Mark Nicolett Vice President, Gartner Research Ray Wagner Research Director, Gartner Research

	Making Sense of Web Services Security Standards 22 August 2003 Ray Wagner  Conflicting standards make Web services security decisions complex and difficult. Begin with simple Web services deployments that support only your current business needs.		Southwest Airlines Shows SAML's Promise 13 August 2003 Ray Wagner  Roberta J Witty  Southwest Airlines' decision to use Security Assertion Markup Language (SAML) to authenticate communications with external business partners is a sign of things to come.
	Web Services Security Vendors Come to a Fork in the Road 18 July 2003 Ray Wagner  "Pure-play" security platform vendors, one of two key segments in Web services security, will disappear during industry consolidation as Web services security functions are added to perimeter security and management solutions.		Web Services Security Standards Aren't Enough 18 July 2003 Ray Wagner  The growing deployment of web services raises serious security challenges that will require significant new solutions from enterprises and vendors.