Security is coming but where is WSDL?  

News article today on News.com IBM steps up Web services security. This is good news for everyone as WebSphere 5.0 will support WS-Security, the major problem this presents for most developers of web services is that few if any WSDL code generators support headers. Anyone who has looked at the recent spate of WS-xxxx standards has seen extensive use of SOAP Headers. I think this is the correct approach and one my company employs to enhance the security and reliability of messages (Grand Central Communications).

The problem it presents for ease of use by consumers of services is how do we describe these enhanced capabilities in WSDL such that all toolkits can consume them without complex programming. Unless toolkits and WSDL catch up to the proposed standards we are going to be taking several major steps backwards.

posted by John McDowall | 3:46 PM