Future Proof

E-business software vendors sort out standards for strategic Web services

How close are we to seeing the Web services vision manifest — that of reliable, cheaply integrated, dynamic, cross-enterprise applications from reusable components? Dynamically created B2B applications may always be unrealistic, chiefly because they may always be undesirable. But easily and cheaply integrated Web services are already being used as the basis for secure, reliable, and strategic B2B applications. And as standards become established, the cost of deploying such Web services should only decrease.

Currently, implementers of Web services must choose from a wide array of technology options for reliable and secure transport of called Web services objects. Although simple object access protocol (SOAP, which makes objects accessible via Internet protocols) was designed to travel via HTTP, SOAP over HTTP still isn't secure or reliable.

So Web services implementers must engage middleware such as message brokers to deliver components to the requesting systems. Because message brokers use proprietary technology, using them to deliver Web services detracts from the openness that makes Web services so attractive in the first place. Says Daniel Sholler, a Meta Group analyst, "You can make any of this stuff happen, it's just that there are too many choices. If you want things to be interoperable, you have to pick one way that everybody agrees to do it ... at least to support that as the lowest common denominator."

The Web Services Interoperability Organization (WS-I) formed and some members began rolling out specifications for open reliability and security standards for Web services this year. The two largest vendors behind WS-I, Microsoft and IBM, along with VeriSign Inc., jointly published WS-Security 1.0, which "describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication," according to the document. IBM already had proposed HTTPR, a reliability protocol, to the Internet Engineering Task Force in August 2001.

WS-I will not be a standards body, but does plan to deliver the following items by fall 2002:

• A list of core specifications for Web services, along with conventions and recommendations for coordinating their use
• Sample applications illustrating best practices
• A suite of self-administered tests that verify Web services' interoperability across platforms, applications, and programming languages.

Sholler adds, "Where we are right now, most people's use of Web services is internally focused. They're using the SOAP mechanism as a way of future-proofing their interfaces. If you create a SOAP interface [for an object], then you're pretty well assured that at any point in the future, you'll be able to call that interface from virtually any environment that you may have."

With the establishment of more than basic Web services-related standards, which seem to be coming rapidly, that future-proofing may pay off soon ... as long, Sholler comments, as infrastructure vendors and software architects also make adjustments to support a more services-oriented approach. But that's a different discussion altogether.

— Jeanette Burriesci

In this Issue: