Web Services: A Fit for EAI: Part 2, Page 2
Challenges for Web Services
Because Web Services Technology is in its infancy, it is yet to be matured to solve complete real-life, end-to-end EAI problems. This is a technology that is going further in its development at a great pace. Following are some of the limitations of Web Services, which are being worked upon by various forums and organizations of IT.
At present, Web Services lack a mechanism to provide robust Security (support for authentication, authorization, and encryption) and Transactional capability. To address this issue, standards are being worked out in the industry; some are listed here:
|BizTalk||Microsoft||For security and guaranteed message delivery|
|XAML (Transaction Authority Markup Language)||IBM, HP, Oracle, and Sun Microsystems||Endows Web Services with transactional properties|
|Biz Transaction Protocol (BTP)1||OASIS (Organization for the Advancement of Structured Information Standards)||supported by BEA, HP, and Sun Microsystems|
|SAML2 (Security Assertion Markup Language)||OASIS|
|XKMS (XML Key Management Specification)||Based on PKI (Public Key Infrastructure)|
Web Services provide only functional-level integration and the need is arising to give User Interface-based integration to the enterprise applications. The Web Services User Interface (WSUI) standard has already been announced in June 2001 to provide this functionality. This standard is in progress.
We are approaching an Internet-oriented world. Businesses have started showing their presence on the Web long ago. Additionally, with IPv6, the efforts are being done to accommodate an immense number of computer systems and devices on the Internet. This is the time for the businesses to share information not just with their concerned services (in-house and partners solutions) but also with unknown, already developed, and remotely hosted software applications present on the Internet.
Web Services technology is the key to the enterprise applications integration. It promises a bright future of applications integration on the Web. The essence is to register, discover, and invoke the software components dynamically on the Web and reuse the logical entities floating on the Web. Because they are platform independent, legacy systems and various heterogeneous enterprise applications can share information with significant flexibility, in a way supported by standards rather than proprietary systems.
Enterprises should implement Web Services first in their internal integration business scenarios, which are non-transactional in nature. This is vital for the enterprises to first understand the Web Service approach and its feasibility. Additionally, enterprises have to adapt themselves to the new Service Oriented World paradigm where aggregation of remotely hosted applications, running on heterogeneous platforms, is getting more cost-effective, productive, and efficient by the use of Web Services.
White Papers are posted at the following locations:
About the Author
Manoj Seth is a senior software engineer at Hewlett Packard, India. He is a Post Graduate from the Indian Institute of Information Technology, Bangalore.
Manoj has been involved in designing and developing J2EE based solutions over various platforms in the domains of Financial/Banking and Middleware for more than two years. He has good exposure to Web Services and their emerging standards in development/deployment and management space. He can be contacted at email@example.com.
The author would like to acknowledge the contributions of Srinivas Varadarajan, Ashish Chitkara, Latha Bhashyam, Pankaj Kothari, Ravi Trivedi, Shyam Bijadi, and Jainendra Kumar at Hewlett-Packard, India for their insightful comments and reviews.
1 BTP—This protocol brings transactions to the world of Web services, while preserving the ability to incorporate traditional distributed transaction managers and to coordinate standard resource managers such as relational DBMS, transactional queuing/messaging products, and transactional connectors.
2SAML is an XML security standard for exchanging authentication and authorization information.