Concentrate on the Core Technologies

By Peter Coffee  |  Posted 2002-08-05

Concentrate on the Core Technologies

For anyone who fondly remembers the good old days of the Cold War, the geopolitics of Web services platforms offer a grimly entertaining substitute. All the antagonists espouse the ideals of standards-based interaction among loosely coupled modules, but each craves the status of first among equals—and the power it confers to define the path through the gray areas of those standards.

Enterprise IT architects who want to draw their own technology road map tend to avoid tight coupling to any framework. Theyre learning the Web services technologies of XML for content representation; SOAP (Simple Object Access Protocol) for the exchange of requests and responses; and UDDI (Universal Description, Discovery and Integration) for the disclosure and discovery of capabilities.

However, theyre flipping the switches and turning the knobs using Java, which is widely perceived as being a nonproprietary tool (this despite Sun Microsystems Inc.s major role as an owner of key intellectual property) and as being less risky than letting development options be defined (and limited) by a more elaborate framework of uncertain future openness.

Microsoft Corp.s .Net commands mind share among developers who are looking for the best packaged, best supported, most comprehensive offering. The companys Visual Studio .Net, a radical redesign of what was already the dominant development suite for desktop and client applications, is essentially a portal for exploration, design, testing and deployment of Web services.

Recognizing the enormous learning hump that developers must overcome along the way, Microsoft last month also unveiled a major initiative— the .Net Architecture Center—to address enterprise developers questions about Web services development with an evolving knowledge base of developer guidelines, code fragments and other resources. These build on Visual Studio .Nets exemplary ease of exposing Web site capabilities as services—a crucial step beyond merely rendering pages in a browser and one that paves the way for application-to-application interaction as the dominant model for what the Web enables.

Sun also recognizes the combined challenge of acquiring the proper tools and achieving a more sophisticated understanding of loosely coupled design in making it possible for developers to adopt Web services with confidence.

Early this summer, the company rolled out the Application Services Reference Architecture for its Sun Open Net Environment platform. Like Microsofts .Net Architecture Center, Suns reference architecture attempts to address developers difficulties with tested and documented modules.

With the vertical integration that is either Suns strategic strength or tragic flaw, depending on whos talking, Sun will also offer reference architecture elements through its Sun Customer Ready Systems program to accelerate deployment. The services reference architecture complements previously released Sun architectures for data warehousing, business intelligence, mail and messaging, and management and operations—all among the missions for which companies are evaluating Web services as a connective-tissue technology.

Cooperative Stance

Cooperative Stance

Sun is taking pains to reduce the perception that its offerings are merely stalking horses for sales of more Sun hardware and professional services. For example, it has cooperated with BEA Systems Inc., Intalio Inc. and SAP AG in announcing the publication of the XML-based Web Service Choreography Interface specification for application-to-application collaboration.

Also alleviating concerns about Sun domination of Java is the continued role of Borland Software Corp. in advancing Java technology. This summer, Borland rolled out its Enterprise Server 5.1, a J2EE (Java 2 Enterprise Edition) application server with enhanced support for deploying existing applications as Web services and with emphasis on high-performance bridging into CORBA environments.

Like Microsoft, IBM is courting developers with an increasingly integrated Web services product line of servers and tools, based on what IBM positions as nonproprietary technologies with emphasis on J2EE.

Promised this quarter, IBMs WebSphere Application Server Version 5 will offer expanded visual tools for Web service construction, presumably building on the outstanding technology that has long highlighted the companys VisualAge Java development suite.

IBMs VisualAge for Java is especially distinguished by its smooth integration of configuration management and version-control disciplines into the development cycle, rather than leaving these good practices to the discretion of developers. This is crucial when services must interact reliably despite being devised, deployed and maintained by teams that are unknown to one another.

With so many Web sites already using Microsofts ASP (Active Server Pages) technology, Microsoft has an early lead in attracting developers to its ASP.Net follow-on. By dissolving most of the barriers between Web content and application code, using just-in-time compilation and pluggable modules, ASP.Net puts the power of the Web as a content repository into the service of developers as a department store of functional modules.

The language transparency of .Net—enabling cooperation among everything from scripting languages to COBOL code to new code written in Microsofts C# language—eliminates the "to do" task item of "rewrite everything in Java" thats perceived (more than it deserves to be) as a barrier to adoption of more Java-centric alternatives such as IBMs and Suns.

Prospective service developers should not be too quick to credit .Nets promise of superior language neutrality. Sun, for example, has taken pains to ease the integration of legacy code in C/C++ and FORTRAN into nascent Web service efforts, with facilities including wrappers for non-Java code to provide a Java class interface in its Forte Developer 7 tool set.

Anticipating Abuse

Anticipating Abuse

At the same time, however, the notion of lowering barriers between code and content is rightly greeted with suspicion, or even horror, by enterprise developers whove learned the hard way about intrinsic insecurity due to granting too much trust to third-party executable content.

In a services environment, security becomes indispensable at not just the perimeter but also on every level of an application. Indeed, the perimeter becomes hard to define, since any function may now entail a call to a third-party service on a remote computing resource.

Learning to write applications that anticipate abuse and that guard against unintended behaviors is orders of magnitude more difficult than merely writing applications that correctly handle input that isnt even trying to make trouble (and the latter task still exceeds the grasp of all too many coders).

Microsofts .Net offers new coding constructs for not only stating what resources an application requires but also refusing to accept anything more. Meanwhile, encryption technology vendor RSA Security Inc., of Bedford, Mass., projects its revenues as "very much dependent on the expansion of Web services," said CEO Art Coviello in a conversation with eWEEK this spring, citing the crucial role of authentication in ensuring that a putative service provider is who it claims to be.

Enterprise IT builders will want to explore tools and services for testing of their new applications, calling on providers such as KeyLabs, a unit of Lab Acquisition Corp. KeyLabs announced last month a Web services initiative combining quality, performance and security assessment with conformance and certification testing.

But even before Web services technology takes on the challenge of cross-enterprise interaction, Microsoft is packaging the loosely coupled services model for smaller tasks with low-priced small- and medium-scale versions of its BizTalk Server product. This may prove attractive to organizations that arent yet ready to expose their internal systems to external interactions but want to take advantage of services-based APIs to combine off-the-shelf software modules without the cost and time delays of previous application integration technologies.

"In the education arena, if we go with a single product, obviously theyre not going to have everything that we want," said Judy Brown, emerging technology analyst for the University of Wisconsin System, in Madison, and an eWEEK Corporate Partner. "We would love to be able to pull in some other question generator, an assessment generator, a collaborative discussion tool or conferencing communication tool, or some kind of a grade book. These could be plugged and played through Web services and called out through the right architecture."

This opportunity in controllable environments, replicated across many other application domains, will give Web services takeoff potential long before their security and reliability issues on the public network are fully addressed.

To maximize near- and long-term potentials, development teams should remain focused on the common subset of the core technologies that all Web services frameworks employ, using those frameworks distinctive extensions only by choice—never merely because they are there. (Click here for tips on questions to ask when choosing a Web services platform.)

Technology Editor Peter Coffee can be reached at

Rocket Fuel