Authentication remains a Problem for Web Services Security

Developers working on authentication methods for Web services are more likely to reply on their own custom-developed methods, rather than industry-standard methods like SSL or SOAP, survey reveals. Additionally, authentication remains the largest problem in Web services security schemas.

The survey, conducted by Evans Data Corporation, highlights that almost one in four developers (23 percent) have devised their own security mechanisms to protect Web services transactions, 22 percent use SSL, nine percent use SOAP headers and 68 percent have either adopted a Service-Oriented Architecture (SOA), or are in the process of developing an adoption plan for an SOA. But actual implementations are still few and far between.

Further more, 79 percent say they encounter organization headwinds when attempting to move their Web services efforts forward and 19 percent also say they can't find enough IT talent versed in Web services development.

"We found that a majority of companies are not sharing their Web services with other business units across the enterprise," said Joe McKendrick, Evans Data's Web services/SOA analyst. "This is a result of not having enough IT talent with Web services skills, as well as management buy-in to the concept. Web services and SOA need skilled evangelists to help drive the adoption of the technology forward. This isn't happening yet."

While one of the main value propositions of Web services is sharing them across an enterprise, the survey has found that 55% of Web services are being shared with only one or no other business units within their companies.