Web services riddled with problems

As the hype surrounding Web services swirls ever faster, industry analysts are switching from explaining what Web services are to spelling out the pitfalls and shortcomings of the technology.

“Web services are by no means an end-all solution to anything,” says Bernhard Borges, managing director of the advanced technology group at PricewaterhouseCoopers LLP. “It’s not one solution for one problem.”

Borges says there is plenty of effort today around building Web services – they will be front and centre at Microsoft Corp.’s annual Tech Ed conference earlier this month – but he says there isn’t enough attention being paid to the “mortar around the brick to build the house.”

Experts warn that expectations should be kept in check.

“People tend to overestimate the impact of a technology in its first two to three years, and underestimate it about five years out,” say Phil Bronner, a principal with Novak Biddle Venture Partners LP.

IT executives are starting to test Web services internally as an integration technology, but Bronner and others say the grand Web services vision of dynamic discovery and integration of corporate systems and intelligent applications over the Internet is largely hype.

Web services technology is based on a collection of XML-centered protocols such as Simple Object Access Protocol (SOAP) and Web Services Description Language (WSDL). Definitions of Web services range from dynamic XML-based applications that can be located and executed over the Internet, to simple interfaces for integrating unlike systems.

“Right now there is a set of issues to solve,” Bronner says. “The first is security, then you look at quality of service and the completion of a given process between partners.”

A recent IDC report says Web services represent a new approach to an old problem: getting systems to talk to one another.

“But the glorified view of the Web services approach is a futuristic model that is a ways out and may never happen,” says Rob Hailstone, an IDC analyst.

Borges says even the underpinnings of Web services, such as SOAP and WSDL, raise questions about incompatibilities.

“We’ve agreed to use electricity, but we have not decided if we’re using a two-prong plug or a three-prong,” he says. “Just being compliant with the SOAP specification doesn’t mean that my SOAP client will work with your SOAP client.”

That fact is born out by the recently formed Web Services Interoperability Organization, which is developing a set of guidelines for creating compatible implementations of the base Web services protocols.

Despite the promise of Web services, Borges says the age-old problems of distributed computing still exist, such as data mapping, transactional integrity, trust and security.

Some of those problems mean Web services won’t become an inexpensive alternative to Enterprise Application Integration (EAI) technology. Borges says SOAP adapters in the near term won’t replace “fat” EAI adapters that link data and handle business logic.

“You still have to map all the data and develop metadata tags. You have to run the business logic on an app server and that can present throughput issues,” he says.

IDC’s Hailstone says that companies will have to build large, clearly defined Web services components, or run the risk of overwhelming current infrastructures.

“The use of too many small Web services components will create a performance problem when you consider authentication issues, managing transactions and business-process modeling,” he says.

Outside the firewall, problems intensify.

The vision of dynamic discovery of Web services is a model riddled with questions, foremost being the dynamic discovery of partners and their services through a Web services Yellow Pages directory called Universal Description, Discovery and Integration.

“The complexity of building a Web service that looks in a directory to find a function and use it, that is possible, but I still have to negotiate costs, service-level agreements, contracts, and to do all that in an automated sense is beyond the technology now,” Hailstone says.

Trust also is a major issue, especially without a standard, single sign-on authentication system.

“We still don’t have a security framework, the Liberty Alliance doesn’t yet have a blueprint and Microsoft’s Passport is not widely accepted,” Borges says.

Despite the limitations, experts say Web services are here to stay.

“If the grand model fails, that does not mean Web services have failed,” Hailstone says. “There is too much invested by the large vendors for Web services to fail.”