Web services standards march forward

Corporate executives are keeping a sharp eye on new Web services standards development of security, reliable messaging, process workflow, choreography and management specifications. The standards work will help prove if Web services technology can deliver on its promise to spark a new era of networked applications and integration among corporate systems.

"The approach to Web services is now focused on interactions between [Web] services instead of interfaces between systems," says Steve Mori, director of IT enterprise architecture for Autodesk, which develops software for product design and creation. Mori is keeping an eye on emerging standards to see if they can deliver security and reliability.

Early adopters say XML, Simple Object Access Protocol (SOAP) and Web Services Description Language have evolved into solid standards for integration.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Corporate executives are keeping a sharp eye on new Web services standards development of security, reliable messaging, process workflow, choreography and management specifications. The standards work will help prove if Web services technology can deliver on its promise to spark a new era of networked applications and integration among corporate systems.

"The approach to Web services is now focused on interactions between [Web] services instead of interfaces between systems," says Steve Mori, director of IT enterprise architecture for Autodesk, which develops software for product design and creation. Mori is keeping an eye on emerging standards to see if they can deliver security and reliability.

Early adopters say XML, Simple Object Access Protocol (SOAP) and Web Services Description Language have evolved into solid standards for integration.

The trick now is to take Web services application components built with those standards and put them together into a workflow for business processes across corporate and/or partner networks.

Such business-to-business commerce, which often involves machine-to-machine communication, requires certain processes such as secure identification of systems, and assurances that messages are delivered only once and that all processes are completed.

"If you want to do anything serious with Web services you need security, reliable messaging, process [execution] and management," says Ron Schmelzer, an analyst with ZapThink. "The fangs are coming out now among the vendors because these things are so important to Web services adoption."

Secure it

To realize the goal, an entire generation of protocols has to be developed, and that work is ongoing within standards bodies such as the Organization for the Advancement of Structured Information Standards (OASIS) and the World Wide Web Consortium (W3C).

A key protocol is WS-Security, which guarantees a secure way to send messages between two points. IBM and Microsoft developed the protocol before it was turned over to OASIS earlier this year. The specification, which last month was renamed WS-Security: SOAP Message Security, is expected to be finalized by December. Companies such as BEA Systems, IBM, Microsoft, Netegrity, RSA Security and Vordel already support it.

"WS-Security is the low-level enabler," says Kelvin Lawrence, co-chair of the WS-Security technical committee. "Other security building blocks are coming into place so we'll have simple messaging security up to full federated security."

The committee has developed a number of security profiles that explain how WS-Security works in conjunction with security tokens such as Kerberos and the Security Assertion Markup Language (SAML). Last month, the group added a Minimalist Profile, designed to fit WS-Security into mobile devices.

IBM and Microsoft also have developed a road map for six additional specifications that build on WS-Security, although none have been turned over to a standards body. Those specifications include WS-Policy, which details what kind of security is needed to access a Web service, and WS-Secure Conversation, which ensures all messages are part of the same conversation and delivered in the right order.

Security, however, is just one building block for a Web services infrastructure now being called a service-oriented architecture (SOA). A SOA consists of application components that live as services on the network and can be assembled together in infinite combinations.