Web Services Face Some Growing Pains

Web services have seen significant developments in standards, usage models and core technologies.

Web services have seen significant developments in standards, usage models and core technologies. A roundtable meeting of technology providers and consultants, convened in December by eWEEK Labs and excerpted here, examines the effects on enterprise plans.

Roundtable Participants

Adam Blum
CTO, Systinet Corp.

Mark Ericson
CTO, Mindreef Inc.

Ted Farrell
Chief Architect and Director of Strategy, Oracle Application Development Tools, Oracle Corp.

Gordon Van Huizen
CTO, Sonic Software Corp.

Doug Kaye
CEO, RDS Strategies LLC

Michael Liebow
Vice President of Web Services, IBM Global Services, IBM

Connie Weiss
Director, Web Technologies and Standards, Sun Microsystems Inc.

Where are we with Web services?

Liebow: Were in a thoroughly mainstream market. Were seeing lots of customers in many different industries pick up the technology and realize significant operating savings.

Were seeing a set of standards that are available today, that are mature enough today to expose existing applications to being connected for both back-office- and front-office-type applications and to realize significant value right now.

Has the enthusiasm for Web standards overrun what the technology is really able to support?

Ericson: Its the right technology for building a service-oriented architecture. At the same time, theres some retooling thats necessary. Well probably see emerging tools in support of a service-oriented life cycle that support the promise of loosely coupled systems and continuous integration. Well see that some of the traditional tools do not carry over.

Where is the services technology in terms of its readiness to make a difference in the enterprise IT space?

Farrell: When we talk about service-oriented architectures, were not just talking about Web services. Those are important, and a good implementation, but one of the definitions of a service-oriented architecture is abstracting the interface from the implementation. Web services can lead to a forced relationship of service-oriented architecture only in the context of Web services. We believe theyre much more than that.

You need to focus on how we continue to implement these abstracted interfaces to allow clients to access a single interface regardless of the implementation behind it.

JSR [Java Specification Request] 227 is a good example of that in the scope of data binding. Submitted earlier this year by Oracle, it basically gives an abstract interface to bind data to any business service. That could be a Web service, it could be an Enterprise JavaBean, it could be a Java class, it could be anything that you want it to be.

So the point is that an enterprise application with certain data requirements could be much more isolated from the specific technology thats used to store and make available that data?

Farrell: Exactly. Web services are definitely prevalent for connectivity right now, and building reusable services to run in complex n-tier environments or in a grid environment will end up being a big benefit for the user. It will give the user a lot of control.

Doug, I know that youve made it a focus of your efforts at RDS Strategies to look at the areas in which the pieces of this puzzle are, or are not, available and really fitting together. Whats your take on what weve heard so far?

Kaye: Well, I think Im the only nonvendor on the panel today, so let me take the contrarian view: I think that were at a very early stage with Web services. I think most of whats out there, in retrospect, could be categorized as trivial implementations—RPC [remote procedure call]-based. In terms of really multivendor or standards-based implementations, there are some big missing pieces.

One of the biggest, and one that we think will be resolved quickly, is security. WS-Security is going to do a lot, but a Gartner [Inc.] report [last year] suggested that if you control the authentication mechanisms on all ends of the system, then securitys going to be in pretty good shape rather quickly. If you have to go into an environment where you have to deal with security policies that are controlled by multiple organizations, thats not doable today in Web services.

You mean it requires technologies that arent considered part of the Web services archipelago?