I don’t mean to disparage the work that engineers do every day. But many would admit, with rare exception, they take scientists’ fundamental research and use it to extend the capabilities of established technologies. Where those engineers direct their efforts largely depends on the politics that drive the widespread adoption of standards such as SCSI, Ethernet…or Web services protocols.
A happy confluence of technology and politics has convinced me that this year will be the year when Web services begins to reach critical mass as a low-cost alternative to proprietary middleware. The biggest knocks on Web services have always been security and performance. The two are closely related: Web services communications are text-based, which makes them fat, and they’re human-readable streams that poke through firewalls, which makes them a huge security risk. Compression can take care of the fat, but that takes CPU horsepower. So does security – from good old SSL to the forthcoming matrix of XML encryption and authentication standards percolating through Web services standards committees.
Lucky for us MIPS just keep getting cheaper. And with IT budgets starting to loosen, relatively light hardware upgrades should be enough to support networks fast and safe enough for Web services to flourish.
Web services adoption is also already happening in unexpected ways. Salesforce.com Inc., for example, has been begun irritating Siebel Systems Inc. to the point where Siebel was forced to offer its own service (and buy a Salesforce competitor, UpShot Corp.). And Salesforce’s success stems in part from removing the biggest objections to application service providers: integration and customization. And it did that mainly by building Salesforce.com on a Web services platform.
Web services security is also rapidly maturing. As XML documents start shooting this way and that inside and outside the firewall, the edge of the enterprise will get blurrier. All over the network, XML firewalls will need to sniff for trouble (intentional or otherwise) and protect the application layer. Several vendors, including Forum Systems Inc. and Reactivity Inc., have taken an appliance approach to XML security, offering boxes that act as firewalls and boost performance at the same time. Reactivity’s latest model even bakes in a draft version of WS-Security 1.0, a standard that virtually all Web services leaders have accepted.
Much work on such security specs remains, of course, particularly on the horrifically complex problem of authentication and authorization. And there’s no getting around the hard labour of developing XML data definitions for integration – which Web services does very little to ease. Where existing middleware or EDI solutions work, nobody will fix them with Web services. But for new integration projects, Web services is already becoming one of the first solutions IT considers.
This is nothing less than the start of what Scott Dietzen, CTO of BEA Systems Inc., calls the Web 2.0, where the Web becomes a universal, standards-based integration platform. Web 1.0 (HTTP, TCP/IP and HTML) is the core of enterprise infrastructure. Now, industry politicians have completed another important part of their job and agreed on the basic groundwork for the next phase. Better yet, we even have the horsepower to handle it.