Web services chugging along

Impediments remain, but are being addressed

Web services has had its ups and downs since its rise to prominence early in the decade.

Although the vendors backing Web services are confident they are properly addressing any kinks, Web services remains hobbled by issues such as standardization and WSDL complexity. To make matter worse, its impacts are growing, with both the .Net and Java development technologies focusing on Web services. Additionally, Web services is doing double duty as the lynchpin of the growing SOA trend.

RouteOne, a hosted service that processes credit applications for car loans, is a business built on Web services. The company started developing specifications for its business operations in September 2002 and was in a pilot phase by July 2003. It estimates it has since processed millions of transactions via Web services.

“We could not have done it in the timeframe in which we wanted to do it,” if not for Web services, said T.N. Subramaniam, director of technology and chief architect at RouteOne.

Corillian, which provides retail online banking, goes one better when asked about its level of Web services processing. “I think it’s probably incalculable,” said Scott Hanselman, chief architect at Corillian. “You’re talking billions [of Web services calls], I would say.”

“When I think about Web services, the way I typically talk about it is developers have been building distributed apps for a long time and what they want to do is get a long-term return on their short-term investments in this software. Web services allows them to do that,” by offering interoperability, said Microsoft’s Ari Bixhorn, director of Web services strategy at the company.

Microsoft cites the September 1999 unveiling of its Windows DNA 2000 program as marking the beginning of the company’s vision for XML-based Web services.

With Web services, integration can be easier and less costly than previous methods such as EDI. WSDL, however, one of the key components of a Web services solution, was called unworkable by a JavaOne attendee during an open-mike session at the JavaOne show in San Francisco last month. Further, the multitude of Web services specifications and standards efforts can be hard to follow even for experts in the field.

At the BMC Remedy User Group 2005 conference in San Jose last week, John Neels, a senior systems engineer and project manager at business process consulting firm Column Technologies, presented lists of Web services advantages and disadvantages to a packed room of approximately 100 attendees. Advantages included boosts in integrating legacy systems, lowering operational and development costs, faster system development and better integration with external business systems.

Disadvantages cited were Web server downtimes; immutable interfaces, in which changes can cause failure if a client is not updated; and lack of protocols for guaranteed execution and security. Neels also noted a performance issue in that HTTP requests that require a fresh connection with the server at each URL call. XML processing also is an issue, Neel said.

But vendors and even Neel himself presented possible solutions to these impediments, such as Neel’s suggestion that Web server farms be used to maintain Web server uptime.

Neel’s views on disadvantages drew sharp disagreements from vendors such as Sun Microsystems.

“I would think that a Web server is one of the single most reliable pieces of infrastructure that currently exists,” said Tim Bray, director of Web technologies at Sun.

Microsoft’s Bixhorn emphasized the company’s planned Indigo technology as the answer to many issues cited with Web services. Due in 2006 in the Windows Longhorn client, Indigo removes the reliance on Web servers by extending beyond HTTP to support protocols such as SMTP, TCP, and REST (Representational State Transfer).

Indigo also supports autonomous versioning of Web services, so releasing a new version of a Web service will not break existing Web services, Bixhorn said.

Corillian is using Indigo in a prototype system. “Indigo is that managed spackle over messaging,” supporting multiple transport layers, Hanselman said, comparing it to how the .Net Framework makes APIs easier to use.

Bixhorn rejected the notion that there is no Web services security protocol. “That’s actually not true. WS-Security is the industry standard for Web services security,” Bixhorn said. WS-Security allows for use of existing security technologies such as X.509 certificates, Kerberos, or SAML, he said.

To provide for standardization in Web services deployments usage, Microsoft is emphasizing the WS-* specifications, spoken as “WS star.” WS-Security is one of these specifications that cover areas ranging from business processes to reliable messaging. 

Vendors, though, acknowledged that there may be too many Web services specifications for technology users to follow. Asked to explain the differences between the similar-sounding WS-ReliableMessaging (WS-RM) and WS-Reliability specifications, Bixhorn offered to follow up with the answer. In that subsequent e-mail, Microsoft said both have different design goals. WS-ReliableMessaging is a modular specification that works alone or with other WS-* specifications. WS-Reliability has a larger footprint that overlaps with capabilities of WS-* specifications.

Sun’s Bray supported the notion of too many standards proposals. There are too many people writing standards and a lot of nasty politics is going on related to them, he said. “I think some of the standards, frankly, are very much hot air,” Bray said.

Sun was a late arriver to the WS-* standards movement, but Bixhorn emphasizsed the inclusiveness of WS-* development. “There are more than 70 vendor organizations that are involved in the WS-* process,” he said.

To navigate the broad spectrum of specifications, vendors pointed to the Web Services Interoperability Organization Basic Profiles, which can serve as guidelines for users about which specifications to implement for specific situations.

“You do want to make sure that customers don’t have to deal with that alphabet soup of specs,” but can just focus on profiles, said Karla Norsworthy, IBM vice president of software standards.

OASIS has jurisdiction over 16 specifications pertaining to Web services and SOA, including WS-Security and BPEL (Business Process Execution Language).

“I think when people see the list of specifications, they mistakenly assume that they have to use all of them. That doesn’t happen,” said Jamie Clark, director of standards development at OASIS.

Complaints about WSDL sounded reasonable to Bray, who called it one of the weak links in Web services. “It’s insanely complex,” Bray said. But he pointed out Sun’s support of and commitment to WSDL.

“The process of exploring alternatives has just started,” Bray said.

Bray cited a future version of Java and Microsoft’s Indigo as examples of technology intended to hide WSDL’s complexity, but added, “I think it’s a pity that you have to hide something from the developer."

At BEA, Paul Patrick, chief architect for the company’s AquaLogic product line, said he recognized that improvements could be made in WSDL. However, “I’m not hearing the customers beating down the door, saying, ‘WSDL is a disaster, I can’t use it so I can’t even get going.’"

“Some users are going to use tools and not ever deal directly with the WSDL,” IBM’s Norsworthy said. An update of WSDL, known as version 2.0, is “more intuitive,” Subramaniam said.

XML, a verbose data language, does enable interoperability in Web services, Norsworthy said. IBM and others have invested in XML to make its processing competitive for a majority of applications, she said. “XML gives you a self-defining data stream,” Norsworthy added.

The use of stateless connections in Web services is not necessarily a bad thing, according to Neels. Web services is a more lightweight connection that does not require a real-time link, and it reduces bandwidth. This is unlike CORBA, which needs a dedicated circuit, Neels said. “CORBA takes a long time to program,” Neels said.

“There’s a great world where stateless things are goodness,” said BEA’s Patrick. Users, for example, can send complete documents involved in a transaction rather than bits and pieces at a time. “There’s no need for us to have conversational state anymore," he said.

WS-ReliableMessaging, meanwhile, will provide for guaranteed response when sending a Web service, Patrick said. “The problem’s been identified and there are standards bodies working [on] that problem,” Patrick said.

Hewlett-Packard last week announced that three Web services projects it submitted to Apache have been promoted from the incubation stage to full-scale projects. These include an implementation of the Web Services Resource Framework, for state and lifecycle management; Pubscribe, which implements the Web Services Notification specifications for publishing and subscribing in an event-based model, and Muse, which implements the OASIS MUWS (Management Using Web Services) specifications.

An analyst put the onus on improving the user understanding of Web services.

“The main advantages of Web services are in easing the loose coupling between service providers and consumers within SOA implementations,” said Jason Bloomberg, senior analyst at ZapThink, in an e-mail response to questions. “Among the problems that Web services still face, I'd put at the top of my list a still-prevalent lack of understanding of what they're for and how to use them. Think [of] a 6-year-old with a circular saw.”

Copyright © 2005 IDG Communications, Inc.