It is almost two years since Microsoft chief technologist Bill Gates first coined the phrase ‘web services’ and explained how the technology would work.

But despite the interest that it has provoked, there is one major shortcoming that chief information officers (CIOs) want to see addressed before committing to web services implementations in their organisations: security.

Dublin, Ireland-based Vordel claims to have a solution. According to chief technology officer Mark O’Neill, the problem is that core web services protocols, particularly XML, the bedrock of web services technology, simply lack measures for authentication, integrity and auditing.

VordelSecure, the company’s first product, therefore seeks to make good these shortcomings by providing an XML security infrastructure for web services, which enables organisations to set their own level of security.

First, it provides an infrastructure for handling authentication and non-repudiation of transactions by using standard XML certificates, based on public key infrastructure (PKI) technology. Second, it enables sessions to be set-up and run under secure sockets layer (SSL) encryption to reduce the risk of them being monitored.

Finally, it generates a digitally-signed audit trail for each transaction. Users can later examine the archive to determine accountability.

The VordelSecure Server is loaded onto a web server and acts as a gate-keeper monitoring XML traffic. It also supports a number of other data formats, such as legacy electronic data interchange (EDI) and HTML. Customers can use an application programming interface to extend data conversion to other data formats.

According to Derek O’Carroll, director of business development at Vordel, web services are currently being examined by clients for internal integration, rather than as a means for opening up elements of their systems for clients and business partners.

Yet such organisations still need to build in security from the start for two main reasons. First, they recognise that about three quarters of all security breaches are internal. Second, at some point in the future, they will open up elements of their systems to outsiders and when that happens they need to be prepared.

Vordel’s proposition has been warmly welcomed among big-name venture capital groups, such as Intel Capital and Dresdner Kleinwort. They have invested a total of $11.3 million (€12.8m).

However, Vordel may face competition from a number of quarters, such as the big web services software technology developers, including Microsoft, IBM and Sun, as well as the big name services vendors. Vordel is seeking partnerships with these companies in a bid to mitigate that risk.