• United States



by David Senf

Web Services Caution Abounds

Jan 11, 20057 mins
CSO and CISOData and Information Security

Silo: an over-hyped buzzword meaning all things inefficient and costly in non-interoperable software; a target to be conquered by Web services. Why, despite the hype and the passage of roughly three years time, has the promise of Web services not been delivered? And more importantly, will the promise of crumbling software silos ever be delivered?

Depending on where we look in the software stack, there are a variety of reasons (both internal and external to an organization) that have led to this broken promise. These range from limited best practices in services-based architectures to immature technologies and standards at points in the stack (such as workflow management). But the fundamental reasons that a wholesale migration to a services architecture has not occurred, stems from both the risk of moving from the current state and lack of cost justification.

IDC research indicates that organizations remain on the low end of the adoption curve for Web services. However, from this slow start, IDC sees growth rates in software and services markets related to Web services rising significantly through the forecast period out to 2008. Growth is occurring first in larger organizations, then spreading out into medium- and small-sized business markets. In particular, organizations within verticals, such as government and financial services, where a large legacy software installed base creates integration challenges, they are found to be further along with adoption than their peers in other industry verticals.

Organizations that have begun rollout of Web services are engaging in simple application-to-application integration at this point. However, from a strategic perspective, a smaller group of organizations are considering the reusability of composite applications. Using Web services to enable composite applications to dynamically mould to changing business processes, for example, is alluring; but adoption is slowed by tools, technologies and standards that remain too nascent for wide-scale rollout not to mention that mapping application functionality into business processes “as needed” has a prerequisite of having a critical mass of applications exposed as Web services.

For a better handle on risk as it relates to factors outside of an organizations control there are a number of trends that should be tracked to gauge positive/negative impact. The following list includes some of the external trends to watch while planning for further adoption of Web services up the software stack (of course there are many additional internal factors [for example, defining what functionality really needs to be classed and exposed as reusable composite applications] to be tracked that are more unique to each organization):

  • Standards complexity/competition. As with Santa Claus and the Easter Bunny, there is no such thing as truly “open” standards. A constant “tug of war” is at play within standards committees and from outside, as well. Within the committees, each vendor/stakeholder has a strategic vision (agenda) for its own product and services offerings that it tries to infuse into the process. And when that doesn’t work out, turning to an external competing standard remains as a viable lever. IDC does project that standards will coalesce as economics dictate. But there will still be winners and losers: winners adapting standards to their strengths, and losers surrendering ground to play a less dominant role. For the IT department this means either a) waiting until there is a critical mass of industry adoption of a standard, or b) being content (for example, youll only use it internally anyway) even if your bet loses.
  • Best practices and skills availability in a changing environment. As typically occurs when standards are introduced, there needs to be some flexibility to account for a variety of requirements and situations. The consequence, though, is deviation across implementations leading to problems of the intentions of interoperability. To address potential “wiggle room” between implementations of Web services standards, including SOAP and WSDL, the Web Services Interoperability Organization (WS-I) was created. However, there is a lot that still needs to be done in defining best practices for re-architecting to a services based software environment in order to enable organizations to migrate from simple application-to-application use of Web services.
  • REST and Web services architectures. The Representational State Transfer (REST) advances by Roy Thomas Fielding in 2000 have been viewed as both a competitive and complementary model to SOAP- and WSDL-based Web services. Given the number and the complexity of Web services XML standards intended to address issues such as business process management and security architectures, REST pundits are claiming over complexity in the Web services world. REST (which likewise can employ XML but uses HTTP GET, POST, PUT, and DELETE commands rather than SOAP) is coming into vogue with potential for bringing simplicity back to the table.
  • Partnerships and consolidations. In a new market such as the one created around Web services, the initial plethora of vendors eventually dwindles in numbers given consolidation. HP’s acquisitions of Trulogica and TalkingBlocks are small examples of consolidation that has taken place to provide a more complete offering to customers. This trend will continue and bring to customers better integration and better pricing.
  • Sun-Microsoft (a.k.a., Java-.Net) accord. The settlement between Sun Microsystems and Microsoft should allay some of the concerns that organizations have related to interoperability bottlenecks. Yes, both camps support SOAP and WSDL, but there is still plenty of room for improvement in areas such as cross-platform security and performance. This partial laying down of arms will bring to customers more certainty of standards adherence/interoperability and reliability/consistency of offerings up the Web services stack in areas such as identity management.
  • Boardroom-to-developer visibility enablement. Web services-enabled tools are improving to help executives, managers, and analysts gain more control over reconfiguring workflow and dynamically having the application environment follow in lockstep. Tools for designing, developing, deploying, and maintaining code (whether COBOL, C++, Java, or C#) are maturing with capabilities for better team collaboration and visibility by business stakeholders into application development processes.
  • New business models. Online portals such as Google, Amazon, and eBay are starting to form offerings related to ad hoc on-demand Web services. Search engine Google, electronic retailer (etailer) Amazon, and auction site eBay are each offering access via SOAP/WSDL into core services that they provide normally through their own site. What this means is that organizations can leverage the services, such as Google’s spell-checker, Amazon’s book catalog, or eBay’s auction capabilities, within their own applications. As well, Web services brokers such as and hosted service providers such as are threatening to change the traditional software licensing to a “by the drink” model. These new models will fundamentally change software licensing and deployment, but are tied to organizations having some level of Web services sophistication in-house.

A shift in IT from one technology, architecture, process, or approach to another begins slowly as a means of avoiding undue risk. Once the early adopters have worked out the wrinkles and diminished unfamiliarity in the broader marketplace, then broad adoption can occur. For Web services, this cycle will repeat a number of times as Web services move into higher levels of functionality, for mapping business processes to software functionality or for federated identity management, for example. Software silos will therefore fall far more slowly and in different ways than initially proposed; while caution persists regarding adoption of standards and technology even for basic application-to-application integration.