ZapThink: "Security is the immediate roadblock facing widespread implementation of Web Services technologies across the enterprise. As a result, many software vendors are throwing their hat into the XML and Web Services security ring, offering a broad and confusing number of solutions to a variety of real and perceived problems. However, much of this effort amounts to jostling for defensible market positioning ahead of a solid demand for enterprise-class XML and Web Security products and services.As a result, ZapThink believes that the emerging market for XML and Web Services security solutions will be characterized by a period of turbulence, as companies struggle to clarify their messages and shake the kinks out of their product offerings. Nevertheless, over the next few years, the XML and Web Services security market will grow quite rapidly, in pace with the overall Web Services market. By 2006, ZapThink believes that most application level security solutions will be XML and Web Services-related."

Analysts agree with this viewpoint and they are saying us, "yes, security is a roadblock for web services". On the other hand, security-aware bloggers such as John Udell or Brent Sleeper think that the "roadblock" phrase is a cliché that had been used so often that it became common wisdom.

If you have a look at the ZapThink web services roadmap, or listen to IT chit-chat in conference hall lobbies, you will find that web services are currently mostly used internally. Which means that corporations can happily switch the security off; in the end both end-points reside within a single legal entity. Alternatively, they can cook their own authentiaction schemas, wrapping userids in the headers etc. Lack of pre-built support for sharing user entitlements is no big barrier for web services adoption in this scenario. However, as organisation will move from the use of web services as internal application integration mechanism to use them externally, first on one-off basis and later on to enable them to loosely couple their business processes and make them more flexible, proprietary schemas won't be sufficient. They will become too expensive to implement and such an implementation would take too long. Then security (or digital identity, if you like) will become a roadblock.

9:51:26 PM