Looks like the WSS group over at OASIS just approved WS-Security as an OASIS standard. Congrats all!

Here's a blurb from the press release:

Boston, MA, USA; 15 February 2006 -- OASIS, the international e-business standards consortium, today announced that its members have approved WS-Security version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. Developed through an open process by the OASIS Web Services Security (WSS) Technical Committee, WS-Security delivers a technical foundation for implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services applications.

Gartner analyst, Ray Wagner, advised, "Enterprises should adopt WS-Security formatting for all across-the-firewall Web service deployments, even in cases where no security needs have been identified. Gartner believes that WS-Security will be the standard for the majority of Web services, and committing to it now will allow enterprises to easily modify the security profile of deployed Web services in the future."

What I'm trying to wonder is who out there is actually making use of WS-Security, mainly in environments where multiple vendors tools are employed. Or are most deployments still using a single vendor implementation on both sides of the connection.

Do you feel OASIS and WS-I are making a difference. I am a member of both sets of working groups and can't always get a good view on those actually applying the standards outside from the vendors themselves.