April 17, 2002

IBM delivers new technology for building secure Web services

IBM recently announced new security features and

functions in its Web Services Toolkit for dynamic e-business (WSTK) 3.1,

now available for free, trial download on alphaWorks, (www.alphaWorks.ibm.com), the destination for IBM emerging technology.
These additions to the IBM WSTK provide an implementation of SOAP Security

Token and Digital Signature components of the WS-Security specification.

WS-Security is a new specification, co-developed by IBM and announced this

week, to help companies build secure, broadly interoperable Web services

applications. SOAP is an XML-based industry protocol for accessing Web

services in a platform- and language-independent manner.

The SOAP Security Token indicates the message sender's properties - name,

identity, credentials and capabilities - and is passed with SOAP messages,

which helps identify the message sender to the Web service provider. This

modular technology is useful to Web service providers when they need to

support users with different authentication mechanisms. It also enables Web

services providers to incorporate additional security features to their Web

services applications over time.

"Security is a paramount issue for organizations that are planning to

deploy Web services in mission critical applications, and IBM is committed

to giving businesses early access to the technology necessary for building

secure Web services," said Bob Sutor, director of e-business standards

strategy, IBM. "IBM's WSTK 3.1 provides developers with the resources and

tools to start to address end-to-end Web services security, thereby helping

to drive application development and industry adoption."

Continuing IBM's commitment to open standards and cross-platform

interoperability, the WSTK 3.1 functions are based on open specifications

such as SOAP, WSDL, WS-Inspection and UDDI, and run on Linux, Windows XP

and Windows 2000 operating systems. IBM offers the most comprehensive Web

Services toolkit for Linux, the open source platform.

The WSTK 3.1 consolidates Web services-related technologies from various

IBM development and research labs and provides an implementation based on

non-proprietary interfaces that supports a variety of platforms. Other

tools and technologies now available in WSTK 3.1 include:

Business Explorer for Web Services (BE4WS)

This XML-based UDDI exploring engine provides application developers with

standard interfaces to perform complex searches in multiple UDDI

directories using a single query request. This allows users to more

efficiently retrieve information about businesses, their services and

service interfaces from one or more UDDI registries. By aggregating results

from multiple UDDI queries and processing the intersecting information from

those searches, BE4WS can help speed the development of Web services


Web Services Description Language (WSDL) Explorer

Web Services Description Language (WSDL) Explorer is a browser-based tool

that generates an automatic user interface for helping users examine a WSDL

document to understand, discover and invoke available Web services. WSDL is

a protocol for a Web services to describe its capabilities. This will

enable users who do not have a working knowledge of WSDL and XML Schema to

easily make SOAP message requests to a Web service without having to write

code. This thereby simplifies the Web service testing process.

Web Services Management

This management technology illustrates an approach to managing Web services

by providing a Java Management Extensions (JMX) -based systems management

interface. JMX is the Java standard for Management APIs. A JMX M-Bean

Server that tracks Web services statistics -- such as the number of times

the Web service is invoked, start/stop times, etc. -- is instantiated

globally within the application server's Java Virtual Machine (JVM). This

allows Web services statistics to be tracked across all installed Web

applications. By using the Web services management technology, a systems

administrator can gather Web services statistics to help manage their

company's infrastructure and better understand how to distribute Web

services applications across several machines.

Buyer-Seller Web Services Demo

The Buyer-Seller demo combines Web services and standardized business

documents to show an end-to-end purchase of electronics components. It

illustrates the use of Web services technologies in a simulated

environment where a basic end-to-end business transaction is implemented.

Users can view the business interactions between the various components in

the demo through simple dashboards, or windows. The demo uses various

aspects of Web Services components -- such as WSDL, WS-Inspection, UDDI,

AXIS, etc. -- in a standards-based J2EE runtime environment.

About IBM

IBM is the world's largest information technology company, with 80 years of

leadership in helping businesses innovate. IBM software offers the widest

range of infrastructure software for all types of computing platforms,

allowing customers to take full advantage of the new era of e-business. The

fastest way to get more information about IBM software is through the IBM

home page at http://www.ibm.com/software.

Click Here!