Welcome Guest!
Create Account | Login
Locator+ Code:

Search:
FTPOnline Channels Conferences Resources Hot Topics Partner Sites Magazines About FTP RSS 2.0 Feed


Back to Introduction


IBM, Java, and the Future of Web Services (Continued)

The Issue of Web Services Security
FTPOnline: Right now, Web services adoption seems to be held up because of security questions.

Sutor: We see three waves [of development] from a Web-services perspective. The first one, concerned with the basic connections, was done at the end of last year, and included things like SOAP, WSDL, and UDDI. Fundamentally, this wave said, "Here are Web services. Here's how I talk to them and publish them."

The second phase includes security and reliability. The first thing to note is that there are security solutions people can use today. HTTPS won't be thrown away. We need enterprise-quality solutions at the right level of granularity.

IBM and Microsoft published a roadmap for Web services security in April, where we said to users, "We know you've heard about all these specs, but we know you have questions: 'How will I know when you've done enough? When will the security standards be comprehensive and flexible? How will we know when it's done?'" The roadmap spelled out how you communicate with confidentiality and integrity, policy trust and privacy. At its most sophisticated, how do you do federating and bridging across domains when you're talking about outsourcing? So we published a Web services security spec on top of SOAP. It shows how to deal with encryption and digital signatures, and how to deal with other, arbitrary, security credentials.

As we evolve this Web services model, it has to fit on top of what people have done, particularly on Web application servers such as WebSphere. And these are the technologies we've taken to the OASIS consortium with 18 companies. You will see in OASIS and elsewhere what's in this roadmap. We are well on the path to filling this out.

So the first piece is connection; the second is security and reliability.

The third is the enterprise phase. The enterprise phase is several things, in that it doesn't deal with only one Web service. You must talk to many to accomplish particular tasks, such as business processes, workflow, transactions, coordination of these Web services, and systems management. You can do it today, but what will Web services give you in terms of standardized interfaces and communications models to improve on how applications are modified, and what tools do the monitoring? In terms of provisioning, how do you enforce electronic contracts? How do you monitor, meter, and build Web services as well? We're entering the enterprise phase now.

We'll concentrate on these issues that enterprises hold near and dear when they think of Web services for the Internet. Supply chain applications are complex, and the fact that things aren't available from the same supplier complicates workflow and transactions. We will be working in that area. We understand that Web services can be built on layers of existing apps and new ones as well.

IBM's Goals for the SDK The State of Web Services Development


Back to top

Printer-Friendly Version










Java Pro | Visual Studio Magazine | Windows Server System Magazine
.NET Magazine | Enterprise Architect | XML & Web Services Magazine
VSLive! | Thunder Lizard Events | Discussions | Newsletters | FTPOnline Home
 
© Copyright 2001-2007 1105 Media, Inc. | Privacy Policy | Contact Us