The Web Services Interoperability Organization (WS-I) Tuesday said it has completed the creation of a working group to address perhaps the greatest barrier in wholesale Web services adoption -- security.

The WS-I put the finishing touches on the Basic Security Profile Working Group (BSPWG), which will develop an interoperability profile that addresses transport security, SOAP messaging security and other security considerations from the WS-I Basic Profile published last October.

ZapThink Senior Analyst Ronald Schmelzer discussed the significance of the announcement.

"While the Basic Profile was certainly important -- if only to prove that the WS-I was capable of releasing a profile that met their overall charter objectives, it is the Security Profile that really starts to get to the heart of interoperability issues," he said. "Basically, there can be no Web Services interoperability if the different end points make different assumptions about how security will be handled. While there are certainly enough Web Services security standards, it is up to the end user to figure out how to piece these standards together in a way that provides real security. The problem that end users face is that their particular implementation might prevent interoperability with other Web Services implementations they must interact with."

It is true there are a number of working groups in such standards organizations as the World Wide Web Consortium and OASIS that address Web services interoperability -- for security, too. But the WS-I is what some analysts see as the true link to the enterprise. ZapThink Senior Analyst Jason Bloomberg calls WS-I an arbiter of "real-world" Web services interoperability; the group consists of more than 170 member companies, with such giants as Microsoft, IBM and, as of last week, Sun as integral members.

"The work of this committee is on the critical path for many enterprises looking to move toward Service-oriented architectures," Bloomberg told internetnews.com.

Seeds for the BSPWG were already planted some months ago, in the form of the interim security task force, known as the Basic Security Work Plan Working Group. Eve Maler, XML standards architect at Sun Microsystems, chaired that group. ZapThink's Schmelzer said the fact that a representative from Sun is overseeing the work underscores the progress the WS-I made in working harmoniously toward the same end. Sun was not always considered for board member status.

"That is actually a positive sign in two major ways: Sun is being very aggressive about Web Services and interoperability (and taking their role as Board member to heart), and they realize that Security is the primary roadblock to widespread Web Services adoption," Schmelzer said.

While Schmelzer's optimism about the potential boon the group may pose for Web services interoperability was obvious, he offered a caveat: "...failure here will spell problems for the effectiveness of future profile releases."

The BSPWG intends the Basic Security Profile to be an extension to the WS-I Basic Profile 1.0, and it will refer to existing specifications used to provide security, as well as provide clarifications and guidance to promote interoperability of those specifications. The BSPWG will also develop a set of usage scenarios and their component message exchange patterns to guide their work. A timeline for the deliverables will be determined in the next month.