Quality of Service for Web Services-Demystification, Limitations, and Best Practices
Web Services Accessibility
Accessibility defines whether the Web Service is capable of serving the client's request. High accessibility of Web Services can be achieved by building highly scalable systems.
Building scalable systems are expensive, and this may cause smaller companies to defer this requirement. Also, this becomes an infrastructure issue for companies that deploy Web Services within their enterprise.
- Service pooling
- Load balancing (Scalability)
Web Services Availability
Building fault-tolerant systems for highly available Web Services is expensive. As companies roll out Web Services, the ability to manage this diverse, dynamic, distributed environment will become critical. Questions such as the following arise:
- Has one of my key servers become unavailable?
- Is a system being overly burdened?
- Why are requests taking so long?
- Web Service Management
- Web Service Clustering
Web Services Interoperability
The fundamental goal of interoperability in Web Services is to cross the lines between the development environments used to implement services so that developers using those services don't have to think about which programming language or operating system the services are hosted on.
Most of the Web Services specifications are defined under standards bodies. As these activities are under way, there seems to be a delay in the implementations. Vendors partly implement the specification in their products due to the competitive nature of this market. This results in poor interoperability.
- Key to enabling seamless Web Services interoperability is the ability of one Web Services framework to consume the WSDL documents generated by other frameworks.
- Web Services-Interoperability (WS-I) Profiles.
The Basic Profile defines how a selected set of specified Web Services technologies, such as messaging and discovery, should be used together in an interoperable manner.
Web Services Security
With the increase in the use of Web Services, which are delivered over the public Internet, there is growing concern towards security. Security for Web Services means providing non-repudiation and confidentiality by authorizing the parties involved, encrypting messages, and providing access control. The Web Service provider may apply different approaches and levels of providing security policy depending on the service requestor.
SOAP is a de-facto messaging standard for Web Services; inherently, it does not support many security features. Some of the Web Services-enabled applications also require role-based security features, which expose different functionalities, depending on user credentials. Underlying technologies used by Web Services currently do not support these features.
The security-related issues in Web Service must be dealt with greater vigor, as it will build confidence among users. The following measures can be used while architecting the secure Web Services:
- Use of XML Encryption.
- Use of XML Key Management Specification.
- Use of Private WANs, Web Service Network, and VPNs.
- P3P (Platform for Privacy Preferences) is an emerging standard for specifying privacy preferences for a user while using Web Services.
- Use of security assertions.
ConclusionQoS for Web Services is about bringing business value to service providers by guaranteeing a competitive edge through their ease of adoption and implementation. With these collections of best practices for the design and implementation of Web Services, one can think of Web Services as a perfect replacement for traditional integration problems that are being faced by the enterprises today. We will be analyzing each of these proposed best practices in forthcoming articles.
About the Authors
Rajesh Sumra is a senior software engineer in HP's Wireless Solutions Lab. He has worked with the espeak project for more than a year and was involved in developing UDDI Server functionalities for the HP's UDDI Server. Currently, he is involved with designing and developing a Web Services-based framework for the mobile infrastructure. Rajesh holds a Masters degree in Information Technology from IIIT, Bangalore. He can be reached at firstname.lastname@example.org.
Arulazi D has been designing and building Java-based applications and SDK for more than three years. He was also involved in the API development of UDDI4j project (http://uddi4j.org). He works with Hewlett-Packard (ISO), where he is involved in the development of an open-service framework for mobile infrastructures. He holds a Master of Computer Applications degree from the PSG College of Technology, Coimbatore. He can be reached at email@example.com.
Page 2 of 2