InformationWeek.com

Welcome Guest. | Log In| Register | Membership Benefits

April 2, 2001

RADICAL SIMPLICITY
Plug-And-Play Redefined

continued...page 2 of 2

By Jason Levitt (jlevitt@cmp.com)

More on web services:

TechWeb: In Web Services, Good Technology Is Not Enough (3/8/01)

TechWeb: Sun Launches Web Services Strategy (2/6/01)

TechWeb: Bowstreet Readies Upgrade Of Web Services Tools (1/30/01)

Unlike other vendors, HP's approach appears to be truly infrastructure-agnostic, which gives businesses more of a choice when it comes to deploying Web services infrastructure. The core component of E-Speak--the E-Speak Engine--is written in Java, and is freely downloadable open-source code, running on HP-UX, Linux, and Windows NT. HP already offers certificate-based security with E-Speak, something the other vendors are working on and with which XML standards bodies are grappling. The only requirement is that E-Speak must be used on both ends of the connection.

"We use very fine-grained, rule-based security using SPKI, which is attribute-based certificates, but you could use the X.509 [certificate format]," Gupta says. E-Speak also provides management data on Web services usage by generating XML Application Measurement data, which can be monitored by management frameworks such as Tivoli.

Oracle's Dynamic Services are tied closely to the upcoming Oracle9i database. The Dynamic Services Framework Web services-management software is included with Oracle9i, and you must run the Oracle 9i database in order to use it. Oracle has also implemented a UDDI registry using the Oracle Internet Directory server.

Oracle is focusing its development efforts on management software and is touting the combination of its management capability and database as the basis for large-scale Web service deployments. "If you're really going to take Web services seriously and move into these scalable environments where ASPs are delivering Web services, and you need to bill customers and track the failure rate of the Web services, this is where the need for this sort of management infrastructure comes into play," says John Magee, Oracle9i product marketing director.

More so than any other vendor, Microsoft is best positioned to offer a complete back-office infrastructure for Web services, which potentially lets it more tightly integrate its security and management systems with Web services. Additionally, Microsoft has the most impressive developer offerings for Web services with its Visual Studio .Net developer tools, and Soap Toolkit for Visual Studio. These tools are the best so far for hiding details of Web services from developers while providing a rich graphical environment.

Microsoft also promises that Windows developers will be able to easily build Web services interfaces into their applications. For .Net deployment, Microsoft has disclosed various security features (both access and role based); data access via ADO.Net; and other components that they expect to deliver during the next 12 months.

Web services is offering IBM the opportunity to do a lot more of what it does best--provide consulting and architectural assistance to large companies. For many companies, implementing Web services will be a major plumbing issue. Early adopters might find they have to do some heavy lifting before realizing the benefits of Web services.

"As people move to using software that's already in place--one company using another company's software via Web services--the world of shrink-wrapped software becomes less important, and the world of customization and configuration becomes more important," says IBM's Holbrook. "Each company is unique; therefore, their unique approach may require a lot of hand holding."

IBM offers the most up-to-date Web services protocol support of all the vendors in its WebSphere application server preview, WebSphere Technology for Developers. This platform supports Soap, UDDI, and WSDL.

Sun was noticeably late to the table with both marketing and products despite its long history of open-standards support. Sun says its Forte For Java development environment will ship in late spring with Web services protocol support. The key to deployment will be a future version of the iPlanet Process Manager, a bundle that includes application server, Web server, directory server, and Process Builder. Chart

Sun's spin is that Web services must be "smart"--capable of contextual learning and personalization, tailor-ing themselves to meet the needs of the client. "This is what smart Web services is all about: I want my automobile to be able to interoperate with other devices, so that when I'm out driving and I'm at an eighth of a tank, my car's computer runs an online, real-time auction with all of the gas pumps in the vicinity and says: 'Who wants to fill my tank?'" Sun CEO Scott McNealy says. (see Q & A with Scott McNealy)

The idea of intelligent agent technology working in concert with Web services is a popular theme, and one that other companies are pursuing. "Web services and intelligent agents, fundamentally peer-to-peer networking of autonomous entities--that's the only way you can put together multivendor, industry-level solutions," says Toufic Boubez, chief technology officer of Saffron Technology, a company developing intelligent agent technology.

Getting to the level of simplicity, speed, and fluidity suggested by McNealy's "smart" automobile will be a long, hard slog. But the success or failure of Web services will surely be measured by the degree of interoperability it achieves. That will require an unprecedented agreement on standards, many of which are still in early draft form or haven't been submitted to standards bodies at all.

Security standards in particular are of primary importance, since connecting to exposed Web services interfaces over the Internet will require new levels of trust between business partners.

"There are a couple of things that need to be resolved before we make hard and fast plans around Web services: security specifications and transaction specifications," says Conleth O'Connell, chief technologist for architecture at Vignette Corp., a maker of content-management systems. "For interoperability to really work for us, those are the two areas that need to be finalized."

Unfortunately, security is also one of the most complex technologies to implement, and XML standards for public key infrastructure are still evolving. In the short term, security for Web services will be just another layer of complexity, largely because of unspecified or missing standards.

Soap, UDDI, and WSDL provide a foundation for Web services, but the real world of business jargon will require vertical XML languages, which are standardized dialects aimed at specific industries. Literally hundreds of vertical XML languages have been under development for the past two years, covering everything from aircraft parts to weather reporting, but few are ready to use.

"Many of the deep, vertical standards have gone a long way to finally establishing a common dialogue for the exchange of business-to-business processes, so in these instances, we have a resounding 'yes' to the issue of delivering on the promise to simplify business-to-business communication. However, these are few and far between," says Ron Schmelzer, senior analyst for ZapThink, an organization that specializes in XML reporting.

With so little in the way of real standards on which to base Web services, early adopters will have to choose to use proprietary vendor mechanisms, draft standards, or homebrewed solutions.

Just 14 years ago the Internet consisted of many disparate network technologies. Since then, the widespread standardization on TCP/IP as the core Internet transport has greatly simplified global communications for both businesses and consumers. A similar widespread agreement on the use of Web services could spark the same revolutionary simplification for business-to-business collaboration.