Phillip Hallam-Baker

Those in the security business, like me, often complain that security is the last thing that people consider when designing a new application. If a little more thought had gone into the security of the e-mail protocols, for example, it would be easier to trace the true origin of an e-mail, which would make tackling the mounting problem of spam much less daunting. One of the reasons Web services are so important is that they represent the first time security issues were considered at a very early stage in the design of a protocol framework. Now that Web services are being used to solve real-world problems, the issues we are starting to face are the problems of success - how will we manage when we are dealing with hundreds of Web services protocols connecting thousands of partners? Managing changes to a network protocol is hard. The first lesson taught at network prot... (more)

Enabling Trusted Web Services

Web services are demonstrating their value and exhibiting the potential to substantially enhance enterprise productivity and reduce operating costs. But they will never reach their full potential without two things: trust and security. That's because Web services are based on open, dynamic exchange of valuable data and services. But for everything to work the way it's intended, those deploying Web services must be able to ensure that the data or services being exchanged are kept confidential, secure, and reliable. To deploy trusted Web services, you really need five things: High ... (more)