XML and Web Services Security

Key Findings:

  • The next roadblock on the path to Web Services adoption is security. Security is today’s key enabler for Web Services.
  • The XML and Web Services security market will reach $4.4 billion in 2006, which will represent 65% of the total authentication, authorization, and administration security market. This growth represents an average compound annual growth rate of 300%.
  • Web Services offer great potential for B2B communication and integration, but the lack of robust security and manageability solutions currently inhibit the ability for companies to conduct business with each other via Web Services over the Internet.
  • The combination of adequate funding, solid business models, seasoned management teams, and high quality engineering staff leads some startups to offer surprisingly robust XML and Web Services security solutions.
  • The best positioned companies to be profitable in the XML and Web Services security space are those companies that already have deep technical knowledge of application level security technologies, coupled with a solid customer base.
  • There will be a spike in demand for Web Services security solutions within the next 12 months.
  • Web Services will not play a major role in transactional environments in 2002-2003.
  • The 2003 timeframe won’t see many multiple-company B2B Web Services, because companies will choose to implement B2B Web Services on a point-to-point basis.
  • Existing 3A security vendors will incorporate XML and Web Services into their product lines, so by 2006, most 3A security products will support or provide XML and/or Web Services security.
  • This report must be placed into the context of an overall security strategy. Simply securing all of a company’s Web Services alone can only provide a false sense of security.
  • Enterprises must institute policies that apply to their entire enterprise network (including participants invited from outside), and administer that security in a hierarchical fashion.
  • Next-generation firewalls must be capable of looking at the content of XML streams, and the security mechanisms for such data must be part of that content.
  • Companies planning on using Web Services across the firewall will necessarily have to resolve the resulting security issues first.

Table of Contents:

  • I. Report Scope
  • II. Context for Security in the Web Services Model
    • 2.1 The ZapThink Web Services Roadmap
    • 2.2 Security: The Key Enabler for Web Services
    • 2.3 Context: Security Products & Services
    • 2.4 Context: Web Services Management and Infrastructure Products
    • 2.5 Context: Global Identity Services
    • 2.6 Context: Digital Rights Management Technologies
    • 2.7 Context: Directory Servers
  • III. Technology Landscape
    • 3.1 XML security and the shift to Service-oriented computing
    • 3.2 Principles of Application Security
      • 3.2.1 Application level security requirements
      • 3.2.2 Authentication
      • 3.2.3 Authorization and Access Control
      • 3.2.4 Confidentiality
      • 3.2.5 Data Integrity
      • 3.2.6 Non-Repudiation
    • 3.3 IT Security Precursors
      • 3.3.1 Encryption and Decryption
      • 3.3.2 Symmetric-Key Encryption
      • 3.3.3 Public-Key Encryption
      • 3.3.4 Digital Signatures
      • 3.3.5 Digital certificates
      • 3.3.6 Authentication with certificates
      • 3.3.7 How CA Certificates Establish Trust
      • 3.3.8 Managing Certificates
      • 3.3.9 Kerberos
      • 3.3.10 Using HTTP
      • 3.3.11 Secure Sockets Layer (SSL)
    • 3.4 XML Security Efforts
      • 3.4.1 XML Signature
      • 3.4.2 XML Encryption
    • 3.5 Web Services Security Efforts
      • 3.5.1 SAML
      • 3.5.2 XACML
      • 3.5.3 XKMS
      • 3.5.4 X-KRSS
      • 3.5.5 X-KISS
      • 3.5.6 WS-Security
  • IV. Market Segmentation
    • 4.1 Web Services Security Platforms
    • 4.2 Web Services Infrastructure Management Vendors
    • 4.3 Secure Integration/EAI Vendors
    • 4.4 Global Trust Services
    • 4.5 Identity Management/Authorization/Single Sign-On Vendors
    • 4.6 Access & Policy Management Vendors
    • 4.7 PKI Vendors
    • 4.8 Web Services Security Toolkit Vendors
    • 4.9 Software XML Firewalls
    • 4.10 Private Web Services Network Providers
    • 4.11 Enterprise Security Services
    • 4.12 Security Service Providers
  • V. Current State of the Market
    • 5.1 Approaches to the Market
      • 5.1.1 Focused technology startups
      • 5.1.2 Established Web Services vendors
      • 5.1.3 Larger public vendors
    • 5.2 Customer perspective
  • VI. Business & Technology Trends
    • 6.1 Long Term Trends: Relationship to the 3A Security Market
    • 6.2 Long term trends: relationship to Web Services market
    • 6.3 Inhibitors to the Growth of the XML and Web Services Security Market
  • VII. Conclusions
    • 7.1 Key Notes
    • 7.2 Decision Points
    • 7.3 Figures
    • 7.4 Tables
  • VIII. Vendor Profiles
    • 8.1 Web Services Security Platforms
    • 8.2 Secure Integration Vendors
    • 8.3 Global Trust Services
    • 8.4 Identity Management/Authorization/Single Sign-On Vendors
    • 8.5 Access & Policy Management Vendors
    • 8.6 Software XML Firewalls
    • 8.7 PKI Vendors
    • 8.8 Enterprise Security Services
  • A. Related Research
  • B. Supporting Resources
  • C. Trademark Notice and Statement of Opinion
  • About ZapThink, LLC

Download the Full Report