16 October 2002 Worries about web services security are the biggest obstacle to developers deploy the technology, according to analysts Evans Data.

In a survey of 600 developers, a quarter said a lack of end-to-end security was preventing deployment of projects using the web services standards. Ambiguity in standards was the second biggest barrier, with 21% of those surveyed citing it as their biggest obstacle, and 16% said questions over how to architect and integrate applications were preventing them.

Web services use XML-based interfaces, messages and protocols to exchange data between applications, even if they are separated on a network or over the Internet. An application that uses web services provides a standard, platform-independent mechanism for data-exchange, so that developers can integrate it into workflows and with other applications without having to use proprietary tools or technology.

However, web services data is unencrypted and there is no mechanism within the established standards for authentication – verifying that senders of web services traffic are who they claim to be. The WS-Security standard, one of the main planks of the intended web services security infrastructure, has just been approved and drafts for standards that support digitally signing and encrypting XML documents and authenticating users have been published. Yet 22% of those polled have stayed away from these standards.

There is some good news for web services proponents: while 21% said that ambiguity was preventing them from adopting web services, this was down from 23% six months ago – so the message is getting through, albeit very slowly.