Web Site Authentication, a "Home-Grown" Enterprise
Web services security is a "home-grown" enterprise, with more companies developing their own authentication instead of using industry-standard protocols.
Web site authentication takes backstage to email authentication due to new initiatives using SIDF and other formats. A study conducted by Evans Data Corporation, “Spring 2005 Web Services/SOA Development Survey,” looks into how developers address authentication.
Evans identified Web services security as a “home-grown” enterprise, stating upto 23 percent of developers build their own authentication systems. The survey reports 22 percent use SSL (define), and only nine percent use SOAP (define) headers, both industry-standard protocols. One quarter respondents cite authentication as the largest problem in Web services security.
| What Will Your Web Services Primarily Use for Authentication? | |||
|---|---|---|---|
| Frequency | Percent | Valid Percent | |
| Custom-developed | 82 | 20.0 | 23.4 |
| SSL | 77 | 18.7 | 21.9 |
| SOAP headers | 32 | 7.8 | 9.1 |
| Kerberos | 23 | 5.6 | 6.6 |
| Custom security token | 20 | 4.9 | 5.7 |
| HTTP auth XACML | 20 | 4.9 | 5.7 |
| Passport | 17 | 4.1 | 4.8 |
| Client certificate | 16 | 3.9 | 4.6 |
| X.509 certificate | 11 | 2.7 | 3.1 |
| Novell | 8 | 1.9 | 2.3 |
| Netegrity | 6 | 1.5 | 1.7 |
| Liberty Alliance | 2 | 0.5 | 0.6 |
| RSA’s Clear Trust | 3 | 0.7 | 0.9 |
| Tivoli Access Manager | 1 | 0.2 | 0.3 |
| Other | 33 | 8.0 | 9.4 |
| Total | 351 | 85.4 | 100.0 |
| No answer | 60 | 14.6 | |
| Total | 411 | 100.0 | |
| Source: Evans Data Corp., 2005 | |||
Developing authentication for an enterprise site creates resource demands, and finding IT professionals versed in Web services development is an issue for 19 percent of respondents.
“The value of the Web service, a standardized applications unit, are realized when the component is available for reuse within or outside the enterprise. The developers only need to build and test this application one time,” said Joe McKendrick, an analyst at Evans Data Corporation. ” The ROI will be realized when these services are reused on a frequent basis across enterprises. ”
Recommendations in the report suggest businesses share Web service resources, yet 55 percent of respondents say they don’t share, or only share with one other business unit within their company. Only six and a half percent share across more than 20 businesses.
