Tackle WS-Security Specification Interoperability Challenges David Leigh, IBM developerWorks

Posted by Gary E Smith - THE SOA NETWORK at Friday, May 04, 2007 8:12 AM
Categories: Article
 

Tackle WS-Security Specification Interoperability Challenges David Leigh, IBM developerWorks

Web services are often promoted as the ideal solution to application interoperability, and they are effective at integrating applications regardless of platform, vendor, and programming language. But they're not immune from interoperability issues. As various WS-* Web services extensions evolve, vendors must choose which draft specifications to support, and developers occasionally need to cope with incompatibility issues between different specifications. The WS-Security standard provides mechanisms for applying authentication, integrity, and confidentiality to SOAP messages. These capabilities are often required for the adoption of Web services and Services-Oriented Architecture

(SOA) within the enterprise. Unfortunately, due to changes in the wire format of the WS-Security SOAP header specification, Web service consumer applications and target Web services that conform to the draft 13 specification can't interact with consumer applications and target services that conform to the version 1.0 specification. For example, a J2EE 1.3 Web service consumer application running in WebSphere Portal Server V5.1 can't use WS-Security to communicate with a J2EE 1.4 service provider application running in WebSphere Application Server V6.0. And the problem isn't limited to the IBM middleware software stack. For example, the Microsoft .NET Web Services Enhancements (WSE) 1.0 is also based on a draft version of the WS-Security specification, and the same interoperability problems occur when trying to communicate between this stack and any other that's based on the WS-Security 1.0 specification. This article outlines the relative benefits and drawbacks of workarounds to help you to determine the best workaround approach for your situation:

(1) Upgrade Web service consumer applications to J2EE 1.4; (2) Use a middleware proxy; (3) Use an EJB proxy; (4) Add a new provider endpoint.

http://www-128.ibm.com/developerworks/webservices/library/ws-securityspec/


_____________________________________________

>> Back to Main Page

Gary E. Smith
SOA Network Architect - SOA in a Connected World


 
Trackbacks
Trackback specific URL for this entry
  • Trackbacks are closed for this entry.
Comments
  • No comments exist for this entry.
Leave a comment

Comments are closed.