EB SERVICES - PART 2
using Real-time Web Services
Web Services – Part 2
AUSTRALIA – February 28, 2002: The last
issue of TEN (http://www.ies.aust.com/~ieinfo/ten17.htm) provided an introduction to XML Web Services. This issue examines the
expected evolution of web service concepts in more detail.
TEN - The Enterprise Newsletter
Back to Contents.
In June 2001 Gartner Group documented a timeline for the adoption
of Web Services from 2001 – 2005. They suggested that 2001 would see many Web
Services development tools delivered. With Beta and Final Release tools from
Microsoft, IBM, Sun, Software AG, Oracle and many others, this proliferation of
Web Services tools is well underway. We will refer to this period (1999-2001) as
“Phase 1” of Web Services evolution.
Gartner suggested that 2002 will see Business Web Services start
to appear in large numbers, also with Business-to-Consumer (B2C) access to mass
consumer-oriented Web Services. One example of such B2C Web Services is “My
Services” from Microsoft (code-named “Hailstorm”). My Services are
scheduled to be released in 2002 in association with Microsoft .NET.
From 2003 the adoption of UDDI Registries (Universal Description,
Discovery and Integration (see TEN#17) is projected to grow, with
Private Registries emerging to support Private exchanges. Public Registries will
emerge to support Public exchanges, with Government usage of Web Services also
accelerating sharply. Some of these Registries may offer free access to Web
Services, but most are expected to be released on a fee-paying basis. We will
discuss some of the implications of fee-based Web Services in the following
2004, according to Gartner, will see the adolescence of
Web-Services-based business models, with Private Registries still dominating.
New revenue-generation models and channel opportunities will become commonplace.
Gartner predicts that by 2004, 40% of financial services transactions will
leverage Web Services models, with 35% of online government services delivered
as Web Services. We will refer to this period (2002-2004) as “Phase 2” of
Web Services evolution.
2005 will see Public UDDI Registries gain attention as Public B2B
Exchanges begin to re-emerge after a relative hiatus in 2001 – 2002 during the
dot-Com downturn. Dynamic Web Services will also gain more attention. We will
refer to this period (2005 and beyond) as “Phase 3” of Web Services
For Web Services to deliver fast, seamless integration of
Business Partners on an enterprise scale during Phase 2, a number of issues will
need to be addressed. These include: Quality of Service (QoS); network
reliability; transaction recovery; real-time messaging; security; and billing
mechanisms. Some of these issues are discussed in the following paragraphs.
Web Services networks between Service Providers and Service
Requestors must handle end-point authentication between partners, and must
provide security, data encryption and non-repudiation of transactions. Web
Services network vendors will also need to offer both synchronous and
asynchronous messaging; the latter enables a Client Service Requestor to carry
out other tasks while waiting for a response from a Service Provider.
Network-quality monitoring, error management and data-compression schemes will
help improve network scalability and reliability.
Web Service Network vendors are emerging to address these issues,
such as Grand Central, Flamenco Networks, and Kenamea. Grand Central uses a
centralized hub topology, while Flamenco uses a server proxy for a multipoint
network approach. Both focus on transactional stability, with network monitoring
on a server-to-server basis. Kenamea specializes in “last mile” network delivery
to a broad range of device types, such as for supply chains.
Transaction Recovery is an important concern, particularly with
Web Services transactions that involve concurrent data base changes carried out
by Web Services delivered by more than one Service Provider. In
TEN#17 – in the section Internet Web
Services Example we discussed that three Service Providers were involved:
the Bank; the Supplier; and the Shipping (Logistic) Company. In this example,
performance issues associated with Internet latency and message traffic delays
typically demand that asynchronous messaging be used to communicate with these
three Service Providers. But errors can often occur:
1. The Bank may decline to
accept credit card payment for purchase because the customer’s credit limit has
2. The Supplier may find that
some or all of the requested products are out-of-stock and so must be
back-ordered, with credit card payment adjusted to pay only for products that
can be delivered.
In these situations, if error 1) occurs the complete order placed
with the Supplier – as well as the pick-up to be made by the Logistic Company –
must both be cancelled. While error 2) is less serious, because of the
back-order the credit card payment amount with the Bank must be adjusted to the
correct value for the actual products to be shipped.
The three Web Service transactions are in fact inter-dependent;
each Web Service can only commit its data base processing when it is certain
that all related Web Services have completed successfully. But if complete
failure occurs – such as for error 1 above – all data base changes by each Web
Service must be completely rolled-back. We see that Web Service Transaction
Recovery in a multi-enterprise example such as this is certainly non-trivial.
Full transaction recovery support must be provided by Web Services products that
offer the functionality used in this example.
Web Services Authentication and Security vendors such as
Netegrity, Oblix and OpenNetwork have been developing products to manage
authorization credentials for disparate Web Services environments. But one of
the most significant security products is Microsoft Passport. This moves
security for Web Services from the responsibility of each machine, instead to a
security layer that spans the Internet. Once an end-user has been authenticated
to Passport, a User ID is allocated. This single ID identifies that person
throughout the Internet; with this User ID other Service Providers can find
information about the user, based only on the specific details that the user has
authorized for others to see and use. The overriding principle of Microsoft
Passport is that the user is always in control. The user has sole authority to
make as much, or as little, information available to others. There are over 165
million users of Hotmail and MSDN who can already use Passport.
During 2002 Microsoft will add Kerberos support to Passport. This
is a network-authentication protocol that adds strong, secret-key cryptography.
With Kerberos support, Passport will offer interoperability with other
Kerberos-compliant protocols, all delivering strong authorization security. With
interoperability as an objective, OASIS is defining the Security Assertion
Markup Language (SAML).
As we have
discussed, Phase 2 of Web Services will evolve throughout 2002-2004. This phase
will provide a dynamic infrastructure for businesses to interoperate using Web
Services, leading to what IBM refers to as “Dynamic e-Business”.
Back to Contents.
In Phase 3 of the evolution of Web Services, organizations will
change not only their business processes, but also their business models as they
move to real-time collaboration and integration of processes both within and
between enterprises. While Phase 1 and Phase 2 address the surfacing of Web
Services previously locked away in current and legacy systems, Phase 3 will see
the emergence of new software products and systems that are designed and
developed from the outset to be delivered as Web Services. These will be used by
organizations to find business partners dynamically, or to use remote resources,
and will enable those organizations to adapt rapidly to change.
previous issue of TEN discussed, the adoption of Web Services from a technical
perspective is not complex. The XML definitions of each Web Service will all be
automatically generated: for SOAP (Simple Object Access Protocol); WSDL (Web
Services Description Language); and UDDI (Universal Description, Discovery and
Integration). For example, Microsoft Visual Studio.NET provides automatic
generation for Visual Basic.NET, C++.NET and C#.NET functional calls. IBM
WebSphere Studio Application Developer provides automatic generation for J2EE
(Java 2 Enterprise Edition) methods.
challenge, however, will be associated with new business models that will emerge
to support Web Services during Phase 2, for wide business use in Phase 3. As IBM
there are several questions that need to be addressed:
revenue models will be applicable for the service?
the service provider address pricing?
service provider host their service or outsource the hosting?
terminology is starting to emerge to describe this new environment. IBM has
suggested the terms listed below. (See
terms are also emerging from Microsoft and others; these are shown below in
is the person or entity that owns a particular Web service and the associated
intellectual property pertaining to the software resource. Hosted Service
Providers are a type of asset owner. Business entities in this category are
usually companies that have a software asset that has been enabled for Web
services, who have selected a business-model-like subscription and now need a
deployable environment to be hosted and managed. This role is best suited for
small ISVs, who prefer to delegate the actual hosting aspects of the service to
an entity that is more adapt at managing the infrastructure and quality of
service issues associated with such a role. Independent Service Providers
are another type of asset owner. Business entities in this category are usually
companies that wish to establish their own environment for Web services and
maybe even create a private UDDI node to publish those services to the Web. This
role is best suited for enterprise customers.
is the requesting application or another service provider playing the role of an
aggregator that will consume at least one, fee-based software service
is a role that could be addressed by possibly two companies. The first could be
any business entity interested in exploring the opportunities around directory
services or yellow pages for reusable software components. The second would be a
vendor who can provide the necessary UDDI and hosting assets needed to provide a
public UDDI service (green pages).
is the person or entity that is actually implementing the hosting environment
for the asset owner. The service provider may be the same as the asset owner, as
in the case of an independent service provider. A service provider is the entity
that is responsible for the deployment environment and provisioning aspects
related to making a fee-based Web service available for sale. [Microsoft tends
to use the term: Service Operator.]
Software Asset Mall
(SAM) is a business
entity that provides deployment and hosting facilities for two or more asset
owners (hosted service providers). In such a case the operator of the mall will
collect revenue based on a combination of possible (but not exhaustive) service
fees: hosting charges, transaction surcharges and access registration. A utility
server is also necessary to meet the deployment and provisioning needs of a
list of enabling services associated with the above terminology is suggested by
IBM. These address:
Security; Key management; Transformation; Logging; Clock;
Calendar; Authorization control; User management; Tax calculator; Credit check;
Payment services; Account management; Billing; Fulfillment; Order management;
Currency conversion; Service credentialing;
and Metering service to
name a few. IBM discusses each of these services at
web site provides a public list of Web Services at
http://www/xmethods.com/. This lists several hundred Web Services that are
already available and based on SOAP, with direct links to each Asset Owner. Each
Service Name link and Description provides the full invocation details needed by
each SOAP message, plus coding instructions and examples.
A UDDI browser is available from
http://www.soapclient.com/uddisearch.html. This provides a very easy online
search capability directly from a browser, without any programming. A Service
Operator can be selected between XMETHODS, Microsoft and IBM, or separate
Microsoft or IBM UDDI Test Registries. This supports searching for: UDDI
Business Names; Service Names; Service Types (tModel); SOAP Services (tModel);
Discovery URL; DUNS Code; ISO 3166 Codes; and others. This UDDI browser will
enable you to gain an appreciation of some of the many Web Services that are
becoming available. Both Microsoft and IBM also provide a number of UDDI
development tools, including UDDI Editors, UDDI Publishing Tools, WSDL Editors
and WSDL Generators.
many software vendors developing products and tools to support Web Services. We
will look at product offerings, either released or in development, in later
issues of The Enterprise Newsletter.
Back to Contents.