Web Services Evolution

Published in TDAN.com April 2003


Web Services Evolution – Phase 1: 1999-2001

In June 2001 Gartner Group documented a timeline for the adoption of Web Services from 2001 – 2005. They suggested that 2001 would see many Web Services development tools delivered. With Beta
and Final Release tools from Microsoft, IBM, Sun, Software AG, Oracle and many others, this proliferation of Web Services tools is well underway. We will refer to this period (1999-2001) as
Phase 1” of Web Services evolution.

Web Services Evolution – Phase 2: 2002-2004

Gartner suggested that 2002 will see Business Web Services start to appear in large numbers, also with Business-to-Consumer (B2C) access to mass consumer-oriented Web Services. One example of such
B2C Web Services is “My Services” from Microsoft (code-named “Hailstorm”). My Services are scheduled to be released in 2002 in association with Microsoft

From 2003 the adoption of UDDI Registries (Universal Description, Discovery and Integration – see TEN#17 – www.ies.aust.com/~ieinfo/ten17.htm) is projected to grow, with Private Registries emerging to support Private exchanges. Public Registries will emerge to
support Public exchanges, with Government usage of Web Services also accelerating sharply. Some of these Registries may offer free access to Web Services, but most are expected to be released on a
fee-paying basis. We will discuss some of the implications of fee-based Web Services in the following section.

2004, according to Gartner, will see the adolescence of Web-Services-based business models, with Private Registries still dominating. New revenue-generation models and channel opportunities will
become commonplace. Gartner predicts that by 2004, 40% of financial services transactions will leverage Web Services models, with 35% of online government services delivered as Web Services. We
will refer to this period (2002-2004) as “Phase 2” of Web Services evolution.

2005 will see Public UDDI Registries gain attention as Public B2B Exchanges begin to re-emerge after a relative hiatus in 2001 – 2002 during the dot-Com downturn. Dynamic Web Services will
also gain more attention. We will refer to this period (2005 and beyond) as “Phase 3” of Web Services evolution.

For Web Services to deliver fast, seamless integration of Business Partners on an enterprise scale during Phase 2, a number of issues will need to be addressed. These include: Quality of Service
(QoS); network reliability; transaction recovery; real-time messaging; security; and billing mechanisms. Some of these issues are discussed in the following paragraphs.

Web Services networks between Service Providers and Service Requestors must handle end-point authentication between partners, and must provide security, data encryption and non-repudiation of
transactions. Web Services network vendors will also need to offer both synchronous and asynchronous messaging; the latter enables a Client Service Requestor to carry out other tasks while waiting
for a response from a Service Provider. Network-quality monitoring, error management and data-compression schemes will help improve network scalability and reliability.

Web Service Network vendors are emerging to address these issues, such as Grand Central, Flamenco Networks, and Kenamea. Grand Central uses a centralized hub topology, while Flamenco uses a server
proxy for a multipoint network approach. Both focus on transactional stability, with network monitoring on a server-to-server basis. Kenamea specializes in “last mile” network delivery
to a broad range of device types, such as for supply chains.

Transaction Recovery is an important concern, particularly with Web Services transactions that involve concurrent database changes carried out by Web Services delivered by more than one Service
Provider. In TEN#17 – www.ies.aust.com/~ieinfo/ten17.htm – in the section Internet Web Services Example we discussed that
three Service Providers were involved: the Bank; the Supplier; and the Shipping (Logistic) Company. In this example, performance issues associated with Internet latency and message traffic delays
typically demand that asynchronous messaging be used to communicate with these three Service Providers. But errors can often occur:

1. The Bank may decline to accept credit card payment for purchase because the customer’s credit limit has been exceeded.
2. The Supplier may find that some or all of the requested products are out-of-stock and so must be back-ordered, with credit card payment adjusted to pay only for products that can be delivered.

In these situations, if error 1) occurs the complete order placed with the Supplier – as well as the pick-up to be made by the Logistic Company – must both be cancelled. While error 2)
is less serious, because of the back-order the credit card payment amount with the Bank must be adjusted to the correct value for the actual products to be shipped.

The three Web Service transactions are in fact inter-dependent; each Web Service can only commit its database processing when it is certain that all related Web Services have completed
successfully. But if complete failure occurs – such as for error 1 above – all database changes by each Web Service must be completely rolled-back. We see that Web Service Transaction
Recovery in a multi-enterprise example such as this is certainly non-trivial. Full transaction recovery support must be provided by Web Services products that offer the functionality used in this

Web Services Authentication and Security vendors such as Netegrity, Oblix and OpenNetwork have been developing products to manage authorization credentials for disparate Web Services environments.
But one of the most significant security products is Microsoft Passport. This moves security for Web Services from the responsibility of each machine, instead to a security layer that spans the
Internet. Once an end-user has been authenticated to Passport, a User ID is allocated. This single ID identifies that person throughout the Internet; with this User ID other Service Providers can
find information about the user, based only on the specific details that the user has authorized for others to see and use. The overriding principle of Microsoft Passport is that the user is always
in control. The user has sole authority to make as much, or as little, information available to others. There are over 165 million users of Hotmail and MSDN who can already use Passport.

During 2002 Microsoft will add Kerberos support to Passport. This is a network-authentication protocol that adds strong, secret-key cryptography. With Kerberos support, Passport will offer
interoperability with other Kerberos-compliant protocols, all delivering strong authorization security. With interoperability as an objective, OASIS is defining the Security Assertion Markup
Language (SAML).

As we have discussed, Phase 2 of Web Services will evolve throughout 2002-2004. This phase will provide a dynamic infrastructure for businesses to interoperate using Web Services, leading to what
IBM refers to as “Dynamic e-Business”.

Web Services Evolution – Phase 3: 2005 and Beyond

In Phase 3 of the evolution of Web Services, organizations will change not only their business processes, but also their business models as they move to real-time collaboration and integration of
processes both within and between enterprises. While Phase 1 and Phase 2 address the surfacing of Web Services previously locked away in current and legacy systems, Phase 3 will see the emergence
of new software products and systems that are designed and developed from the outset to be delivered as Web Services. These will be used by organizations to find business partners dynamically, or
to use remote resources, and will enable those organizations to adapt rapidly to change.

As the previous issue of TEN discussed, the adoption of Web Services from a technical perspective is not complex. The XML definitions of each Web Service will all be automatically generated: for
SOAP (Simple Object Access Protocol); WSDL (Web Services Description Language); and UDDI (Universal Description, Discovery and Integration). For example, Microsoft Visual Studio.NET provides
automatic generation for Visual Basic.NET, C++.NET and C#.NET functional calls. IBM WebSphere Studio Application Developer provides automatic generation for J2EE (Java 2 Enterprise Edition)

The real challenge, however, will be associated with new business models that will emerge to support Web Services during Phase 2, for wide business use in Phase 3. As IBM indicates at www-106.ibm.com/developerworks/webservices/library/ws-arc5.html, there are several questions that need to be addressed:

  • What revenue models will be applicable for the service?
  • How does the service provider address pricing?
  • Does the service provider host their service or outsource the hosting?
  • How is billing handled?

New terminology is starting to emerge to describe this new environment. IBM has suggested the terms listed below. (See www-106.ibm.com/developerworks/webservices/library/ws-arc4.) Similar terms are also emerging from Microsoft and others;
these are shown below in [square brackets].

Asset Owner is the person or entity that owns a particular Web service and the associated intellectual property pertaining to the software resource. Hosted Service Providers are a
type of asset owner. Business entities in this category are usually companies that have a software asset that has been enabled for Web services, who have selected a business-model-like subscription
and now need a deployable environment to be hosted and managed. This role is best suited for small ISVs, who prefer to delegate the actual hosting aspects of the service to an entity that is more
adapt at managing the infrastructure and quality of service issues associated with such a role. Independent Service Providers are another type of asset owner. Business entities in this
category are usually companies that wish to establish their own environment for Web services and maybe even create a private UDDI node to publish those services to the Web. This role is best suited
for enterprise customers.

Service Consumer is the requesting application or another service provider playing the role of an aggregator that will consume at least one, fee-based software service

Service Broker is a role that could be addressed by possibly two companies. The first could be any business entity interested in exploring the opportunities around directory services or
yellow pages for reusable software components. The second would be a vendor who can provide the necessary UDDI and hosting assets needed to provide a public UDDI service (green pages).

Service Provider is the person or entity that is actually implementing the hosting environment for the asset owner. The service provider may be the same as the asset owner, as in the case
of an independent service provider. A service provider is the entity that is responsible for the deployment environment and provisioning aspects related to making a fee-based Web service available
for sale. [Microsoft tends to use the term: Service Operator.]

Software Asset Mall (SAM) is a business entity that provides deployment and hosting facilities for two or more asset owners (hosted service providers). In such a case the operator of the
mall will collect revenue based on a combination of possible (but not exhaustive) service fees: hosting charges, transaction surcharges and access registration. A utility server is also necessary
to meet the deployment and provisioning needs of a SAM.”

An extensive list of enabling services associated with the above terminology is suggested by IBM. These address: Security; Key management; Transformation; Logging; Clock; Calendar;
Authorization control; User management; Tax calculator; Credit check; Payment services; Account management; Billing; Fulfillment; Order management; Currency conversion; Service credentialing; and
Metering service
to name a few. IBM discusses each of these services at www-106.ibm.com/developerworks/webservices/library/ws-arc6.

The XMETHODS web site provides a public list of Web Services at www.xmethods.com. This lists several hundred Web Services that are already available and based
on SOAP, with direct links to each Asset Owner. Each Service Name link and Description provides the full invocation details needed by each SOAP message, plus coding instructions and examples.

A UDDI browser is available from www.soapclient.com/uddisearch.html. This provides a very easy online search capability directly from a
browser, without any programming. A Service Operator can be selected between XMETHODS, Microsoft and IBM, or separate Microsoft or IBM UDDI Test Registries. This supports searching for: UDDI
Business Names; Service Names; Service Types (tModel); SOAP Services (tModel); Discovery URL; DUNS Code; ISO 3166 Codes; and others. This UDDI browser will enable you to gain an appreciation of
some of the many Web Services that are becoming available. Both Microsoft and IBM also provide a number of UDDI development tools, including UDDI Editors, UDDI Publishing Tools, WSDL Editors and
WSDL Generators.

Previously published in “The Enterprise Newsletter” (TEN).
TEN is a free Electronic Newsletter that is issued quarterly and sent via email.

Share this post

Clive Finkelstein

Clive Finkelstein

Clive is acknowledged worldwide as the "father" of information engineering, and is Managing Director of Information Engineering Services Pty Ltd in  Australia. He has more than 45 years of experience in the computer industry. Author of many books and papers, his latest book,  Enterprise Architecture for Integration: Rapid Delivery Methods and Technologies,  brings together the methods and technologies for rapid delivery of enterprise architecture in 3-month increments. Read the book review at http://www.ies.aust.com/ten/ten32.htm. Project references, project steps and descriptions are available from   http://www.ies.aust.com. Click on the  Projects link from any page. Clive may be contacted at cfink@ies.aust.com.

scroll to top