IBM beefs up Web Services Toolkit

Wasting little time after Thursday’s announcement of a Web security specification it is co-developing with Microsoft Corp. and VeriSign Inc., IBM Corp. on Friday said that it is adding two new security features into the 3.1 version of its Web Services Toolkit.

The new additions include an implementation of the SOAP Security Token and the Digital Signature components of the newly announced WS-Security specification.

The SOAP Security Token indicates what the name, identity, credentials, and capabilities are of a user sending a message. This sort of technology can be useful to Web services providers in those situations where they must support users with different authentication mechanisms, according to IBM officials.

It also makes it possible for Web services providers to incorporate additional security features to Web services applications over time.

“We think the [Web Services Toolkit] 3.1 will provide developers with the resources and tools to start the process of addressing end-to-end Web services security, thereby helping to drive application development and industry adoption,” said Bob Sutor, director of IBM’s e-business standards strategy.

The WS-Security specification is an effort to offer guidance to users hoping to build secure and more broadly interoperable Web services.

Besides SOAP (Simple Object Access Protocol), the functions within Version 3.1 of the toolkit are based on WSDL, WS-Inspection, and UDDI (Universal Description, Discovery, and Integration). These functions can work with Windows XP, Windows 2000, and Linux.

Version 3.1 also includes the BE4WS (Business Explorer for Web Services), which is an XML-based UDDI “exploring engine” that presents developers with a standard set of interfaces to carry out complex searches in multiple UDDI directories with a single query.

Company officials contend this allows users to more effectively gather information about businesses including their services and service interfaces from one or many UDDI registries. By gathering up results from many UDDI queries and then processing the intersecting information from those searches, BE4WS can help developers create Web services faster.

“This [BE4WS] is really an abstraction layer for people who want to write code to query Web services, but don’t necessarily want to write all of the individual SOAP messages and deal with that. It is a high-level API inside that you can either code to as a Java API, or there is a Web services interface in there as well,” said Kelvin Lawrence, a distinguished engineer and chief technologist for IBM’s dynamic e-business technologies.

The toolkit also contains the Web Services Description Language Explorer, a browser-based tools capable of generating an automatic user interface for helping users examine a WSDL document in order to understand, discover, and invoke available Web services.

“This is a visual viewer that can be quite useful if you are not a WSDL schema expert but you still want to look at a WSDL document. It will show you visually what the Web service description is and how it works. It takes away from you the responsibility of being an expert in schema or WSDL,” Lawrence said.

IBM has included Web services management capabilities in the new version by providing a JMX (Java Management Extensions)-based systems management interface. A JMX M-Bean server that can track Web services statistics is built into the application server’s Java Virtual Machine, which allows Web services statistics to be tracked across all installed Web applications.