Web services crossed key thresholds of enterprise acceptance during the last months of 2003, with corporate IT builders expressing dramatically greater interest in using the model for transactions up and down the supply chain as well as for in-house applications.
Last fall, Forrester Research Inc. found almost three-fifths of a sample of 75 large corporate sites planning customer service initiatives and more than two-fifths planning supply chain projects using Web services technologies. Crucially, the same study found comparable or greater percentages of these sites migrating customer and product/service data to XML-based formats, an important precursor to broader use of Web services models. Gartner Inc., of Stamford, Conn., went further, projecting that Web services would be the dominant model—used for at least two-thirds of all new development projects—by next year.
Conventional wisdom has been that outward-facing Web services would not gain momentum until key security issues were addressed directly by Web services standards.
This view failed to appreciate the strong value proposition of loosely coupled interactions among heterogeneous systems, according to John Lily, vice president and chief technology officer at Web services security company Reactivity Inc., in Belmont, Calif. “Theres a whole set of businesses whose reason for being is connection with others,” Lily said, citing the use of Web services by transportation companies with many local partners and by financial services companies providing 401(k) and other services that companies want to integrate into their employee Web portals.
As for security, said Lily, theres no longer a notable difference between internal and external standards. At one company, he said, the labels applied to internal and external users were formerly “trusted” and “untrusted.” Now, Lily said, the labels are “untrusted” and “hostile”—a difference in degree rather than kind. Both inside and outside the firewall, he said, the default is moving from “grant unless forbidden” to “deny unless authorized.”
In this environment, Web services are at no particular disadvantage, but their security improvement is the focus of considerable industry effort.
With so much interest in making the trip, it would be nice to have agreement on where the destination lies. Web services can be defined in the affirmative—what they are—or in the negative—what they are not.
The easiest way to describe a Web service is to say that if its done on the Internet, using Web protocols, and it doesnt involve a live user operating a Web browser, then its a Web service. Microsoft Corp. CEO Steve Ballmer has called the result “the programmable Web,” emphasizing the evolution from a Web of people clicking on hyperlinks to a Web of applications accessing standards-based interfaces.
This definition encourages a focus on the benefits of the model: the growing ubiquity of a standards-based network of wired and wireless connections, the exploding resource base of data and functions accessible on that network, and the proliferation of convenient tools for leveraging those assets into a supporting background or a foreground user interface in a custom application.
More conventionally, proponents define Web services as application components that use WSDL [Web Services Description Language] for self-description, UDDI [Universal Description, Discovery and Integration] data for mutual discovery, TCP/IP for transport, HTTP for interaction, SOAP [Simple Object Access Protocol] for requesting and granting actions, and XML for underlying representation. The advantage of this definition is that it provides a checklist for the enterprise IT builder in terms of skills that must be developed and open standards whose evolution must be tracked.
With the interface sharply drawn, developers can more hopefully pursue interoperability of modules built by independent teams.
The open and nonproprietary standards of the Web are no guarantee of that well-behaved interaction, but the efforts of the WS-I (Web Services Interoperability Organization) are gaining credibility as a means of closing the gaps. That group ended last year by releasing a broad portfolio of sample applications supporting Version 1.0 of its Basic Profile meta-specification, released near the end of last summer, for Web services interoperability. With associated testing tools due for release by WS-I in the early part of this year, enterprise developers will find that the picture of Web services is clearer and more colorful than ever before.
Technology Editor Peter Coffee can be contacted at [email protected].