-enough lever"> Affirmatively, one can say that an SOA anticipates evolution. In a well-realized SOA, its easy to replace one process implementation with another that performs the same business function. It should not matter if the new implementation is internal to the enterprise or is externally provided by either a supply chain partner or a commodity service provider. That modularity implies, however, that an SOA incorporates security and message integrity mechanisms as part of the services fabric. Only built-in protocols and disciplines will free the process implementer from needing to know the detailsor to risk the complex and subtle errorsof securing and ensuring process communications one link at a time.However, even while achieving consensus on standards for secure and reliable messaging, vendors are quick to note the difference between merely having those standards and having productive tools and frameworks that support them. "We looked at the code required to do a representative application, with end-to-end secure messaging, and it ran to about 60,000 lines of code on .Net without our Web Services Enhancements library," said Microsoft "Indigo" architect John Shewchuk. "You dont want to distract someone from a business opportunity to focus on something like that, but we can put a small team on that and package up that code in a library like WSE. We can take 20,000 lines of security code and reduce it to 10 lines." Would-be SOA architects need to drill below a vendors generic claim of support for a services standard and find out just how much work it will take to use that standard in real applications that meet enterprise standards of reliability. The forthcoming Indigo framework is a high-level messaging infrastructure that Microsoft initially promoted in the same breath as its now-delayed "Longhorn" update to Windows. With remarkably little code, an application using Indigo can incorporate such key services benefits as reliable message delivery and asynchronous data transfer among various devices and applications. The result is not merely a reduction in lines of code but also an improved ability to define and enforce policies on all applications in an enterprise portfolio. Unlike some promised Microsoft technologies whose timing has lately slipped, Shewchuk and other Microsoft engineers claimed that Indigo is on time for incorporation in 2006 into Windows XP and Windows Server 2003, as well as being part of future platforms. Despite the well-warranted concern over slippage of Microsofts Longhorn timeline, eWEEK Labs continues to find Microsofts Indigo strategy a compelling path toward SOA integration into a mainstream platform. Indigo has yet to become available for independent testing by eWEEK Labswhich, combined with its long lead time, has to dampen our enthusiasmbut it nonetheless points the way. Next Page: Turning up the tempo
Crucial multivendor standards, such as the WS-Security and WS-Policy frameworks, are finally filling the conspicuous "this space intentionally left blank" omissions in early versions of key Web services protocols such as SOAP (Simple Object Access Protocol).