Microservices Expo Authors: Elizabeth White, Liz McMillan, Pat Romanski, Mehdi Daoudi, Steve Wilson

Related Topics: Microservices Expo

Microservices Expo: Article

Web Services Standards Update

Web Services Standards Update

Web services has the potential to solve some of the most difficult technology and integration problems that have plagued IT departments for decades. Isolated systems, redundant code, extended development cycles, and vendor dependence have essentially been accepted as inherent side effects of enterprise computing. If Web services is to alleviate these problems, a complete, broadly accepted set of standards must be realized.

In an earlier article (WSJ, Vol. 2, issue 1), I provided a broad look at the Web services standards landscape. At the time, XML and SOAP had reached fairly widespread acceptance and there was great optimism about the flurry of activity in other critical areas, such as service description and discovery. In this article we'll look at what changes have taken place in the major standards organizations. Then we'll take a peek at how far existing standards have progressed and what new standards have emerged over the past six months.

Standards Organizations
One of the keys to the success of developing and promoting acceptance of a standard is the organization defining the standard. Standards organizations have a huge responsibility to not only create and foster standards but also to manage their processes in order to quickly and efficiently release these standards. In addition, they have a broader responsibility to work together to deliver a unified, complementary set of standards rather than introduce specifications that create standards fragmentation and jeopardize interoperability. The work of these organizations will have a broad impact on vendor compliance and customer acceptance. Let's take a look at the leading standards organizations that define the Web services landscape today.

The World Wide Web Consortium (W3C)
The W3C is the premier Web services standards organization. Created in October 1994, the W3C is working to develop a set of technologies in order to bring Web services to its full potential. A new development within the W3C is the creation of the Web Services Activity, which consists primarily of three working groups focused on Web services:

The Web Services Architecture Group
This working group is responsible for identifying, designing, and documenting a coherent architecture for Web services. This group is scheduled to have a working draft architecture document available by June of this year.

The XML Protocol Working Group
This working group is chartered with creating a layered system of protocols (primarily XML and SOAP). The goal of these protocols is to meet the needs of applications with simple interfaces and be extensible in order to provide the security, scalability, and robustness required for more complex application interfaces. Their public schedule called for their work to be done as of April of this year, which has come and gone.

The Web Services Description Working Group
This working group is tasked with defining a standardized way to define Web services interfaces. It will review the scope of the WSDL 1.1 specification as part of the interface component design task. In fact, the group is chartered with making only agreed-upon improvements to the WSDL 1.1 specification, rather than arbitrary changes. They are scheduled to have a draft document in June of this year.

This group is a welcome and necessary addition. The W3C has been under criticism for the lack of movement of the WSDL specification and specifically for not having a working group assigned to this area.

Organization for the Advancement of Structured Information Systems
OASIS is a nonprofit consortium founded in 1993 and dedicated to the promotion of open specifications for the interchange of structured data. OASIS is driving several key Web services standards in the areas of security, transactions, and interactive Web services, in addition to sponsoring the ebXML specifications.

Interactive Web services is a relatively new area driven, at least in part, by the portal industry. Interactive Web services typically involve a person interacting with a Web service in some capacity. OASIS has two working groups actively working in this area, WSIA and WSRP.

Web Services for Interactive Applications
WSIA is chartered with creating an XML- and Web services-centric component model for interactive Web applications. This group is driven, at least in part, by the predecessor specification WSXL (Web Services Experience Language) and earlier work by Epicentric and divine. The two main goals of WSIA are to:

  • Enable businesses to distribute Web applications through multiple revenue channels
  • Enable new services or applications to be created by leveraging existing applications across the Web.
Web Services for Remote Portals
WSRP is defining an XML and Web services standard that will allow the plug-and-play of visual, user-facing Web services with portals or other intermediary Web applications. It is focused on improving content delivery via portlets by using a common set of APIs.

Both of these groups are early in their work and neither had generated a draft specification as of the writing of this article.

A group of companies identified on the www.uddi.org Web site is developing a set of open specifications for a service registry. Their goal is to create a platform-independent, open framework for describing services, discovering businesses, and integrating business services using the Internet. At some point, hopefully in the near future, this work will most likely be incorporated into the work of the W3C.

The Business Process Management Initiative (BPMI) is a group formed to define a standard way to model business processes. Its goal is to promote and develop the use of Business Process Management (BPM) through the establishment of standards for process design, deployment, execution, maintenance, and optimization.

Currently this area is fairly fluid, with Microsoft, BEA, Sun, and OASIS all active in this space. IBM, which authored the Web Services Flow Language (WSFL) specification, is also a member of BPMI.org.

Web Services Interoperability Organization
WS-I is a relatively new organization committed to promoting interoperability among Web services. The group was formed in early February in an effort to create testing tools and standard documentation to enable competing vendors to ensure compatibility between Web services regardless of vendor or implementation. The documentation is planned to include a set of Web services profiles to assist organizations with the adoption of and support for key Web services standards. The WS-I has set a third-quarter release time for the first set of industry recommendations and example applications.

The WS-I hasn't evolved without its share of controversy. First, there is the noticeable absence of Sun from the WS-I list of members. Sun, feeling scorned for not being invited as a founder, has decided to distance itself from the WS-I at least for now.

There is additional concern that the WS-I will infringe on other organizations, specifically the W3C. I, for one, hope that the WS-I at least nudges the W3C to start cranking up their standards engine a couple more notches.

Specifications and Standards
XML, SOAP, and WSDL compose the current base standards for Web services. These specifications are widely accepted, and companies are implementing solutions based on these standards today. However, there is somewhat of a dilemma here. Vendors need time to provide implementations of these standards and get companies to accept and utilize the them in their enterprise. At the same time there are critical pieces that are missing or in need of enhancement. Balancing these aspects is a key challenge facing the standards organizations. These standards have been essentially idle lately as XML, SOAP, and WSDL have not undergone any published updates this year.

Service Description
The area of service description has been quiet recently. WSDL, while not yet a W3C Recommendation, is nonetheless in wide use. However, there has been one new specification proposed, the Web Services Endpoint Language, and with Microsoft and IBM behind it, it does merit consideration.

Web Services Endpoint Language
WSEL is an XML format for the description of nonoperational characteristics of service endpoints, like sequencing of operations, quality-of-service, cost, or security properties. These characteristics are necessary for composing Web services into larger business processes. This is a relatively new specification (developed primarily by IBM), which has made little progress since its announcement.

Service Discovery and Registration
An XML registry is an enabling infrastructure for building, deploying, and discovering Web services. The preeminent specifications for XML registries are the ebXML Registry and Repository standard and the UDDI specification. One new specification in this area is the Web Services Inspection Language jointly developed by Microsoft and IBM.

ebXML Registry and Repository
The ebXML Registry and Repository provides for both the storing and sharing of information. This is different from UDDI, which doesn't support the storing of documents. ebXML Registry and Repository version 2.0 was approved in January of this year.

UDDI is an industry specification for description and discovery of Web services. UDDI is itself a SOAP/XML Web service designed for use by developer tools and applications. UDDI is currently in version 2.0. There is a version 3.0 in progress and security will likely figure prominently in this version. Version 3.0 is intended to be the final version before the UDDI community submits the XML business registry specification to a standards body, probably the W3C, for approval.

Web Services Inspection Language
WSIL is a new specification that defines the ability to inspect a site for available services. WSIL will enable developers to easily browse Web servers for XML Web services. While this may seem orthogonal to the aforementioned UDDI, WS-Inspection complements UDDI by enabling the discovery of available services on Web sites unlisted in the UDDI registries, which defines most Web sites offering Web services today.

Security is a crucial piece of Web services architecture that has been intentionally lacking from early specification efforts such as SOAP, WSDL, and UDDI. Security is frequently cited by companies as the most critical piece missing from the Web services story and has been an area of high activity so far this year.

The W3C is developing a set of security specifications that are crucial to public acceptance of Web services. These include XML Signature, a standard for digital signatures that is now a Recommendation; XML Encryption (a Candidate Recommendation), a set of standards for encrypting and decrypting XML documents and data; and XML Key Management (a Working Draft), which enables retrieval of key information from a Web service.

Security Assertion Markup Language
OASIS is developing an XML-based security standard for exchanging authentication and authorization information. The Security Assertion Markup Language (SAML) currently has a great deal of momentum, and there are several implementations available in a number of products including those from Netegrity and Systinet.

Once again industry giants IBM and Microsoft have taken the initiative in driving Web services standards, this time in the area of security. WS-Security was a joint announcement by Microsoft, VeriSign, and IBM. WS-Security defines a set of SOAP extensions and describes how to exchange secure and signed messages in a Web-services environment. Microsoft has stated that this work will be delivered to a standards organization, but no specifics were provided. In addition, Microsoft and IBM announced plans to deliver other security specifications. In particular, six specifications have been identified.

WS-Policy, WS-Trust, and WS-Privacy
The first three specifications address security policies: WS-Policy will define how to express the capabilities and constraints of security policies; WS-Trust will describe the model for establishing both direct and brokered trust relationships (including third parties and intermediaries); and WS-Privacy will define how Web services state and implement privacy practices.

WS-Secure Conversation, WS-Federation, and WS-Authorization
The last three specifications involve the sending and receiving of messages between Web services. WS-Secure Conversation will describe how to manage and authenticate message exchanges between parties, including security context exchange and establishing and deriving session keys; WS-Federation will describe how to manage and broker trust relationships in a heterogeneous federated environment, including support for federated identities; and WS-Authorization will define how Web services manage authorization data and policies.

Resource Provisioning
Resource provisioning is software that enterprises can use to centralize and manage the process of supplying - or provisioning - users with access to corporate systems and data. The challenge of resource provisioning only becomes more complex when you consider emerging B2B scenarios, in which a user might come into a system from outside the firewall. Even more complex are emerging Web services architectures, where not only users but also other bits of code may need access to corporate systems as part of a composite application.

Service Provisioning Markup Language
Emerging to address this problem of distributed provisioning is the OASIS standards group, which last year convened a new Provisioning Services Technical Committee. The group is defining an XML-based framework for exchanging user, resource, and service-provisioning information, dubbed Service Provisioning Markup Language (SPML). A major goal of the group is to define the way provisioning works in a Web services environment.

Data Access
Quick and easy access to data is essential to Web services integration efforts. Database vendors are continuing to evolve their products based on standards such as XML Schema, XML, XSLT, and XPath. Two areas that have been getting increased interest are the XML Query and SQLX specifications.

XML Query
XML Query or XQuery is a W3C specification that provides a vendor-independent method for query and retrieval of XML data. A key component of XML Query is XPath, another W3C specification. The data model that XQuery uses is based on that of XPath and defines each XML document as a tree of nodes. XML Query has been moving through the W3C rather slowly. There have been a total of eight working drafts delivered to date, but the main document was last issued in December of last year.

SQLX defines SQL mappings to XML, as well as mappings from XML to SQL. The intent is to integrate XML and SQL and to make the SQL language capable of handling XML data and making XML extensions, or XPath expressions, part of the SQL language. SQLX is sometimes also referred to as SQL/XML.

This has been a relatively quick tour of the standards landscape. The good news is that the base Web services standards are generally agreed upon and significant work is happening in the area of security, which has been high on everyone's list of concerns. The concern is that most of the early work was accomplished during a period when there was a comparatively small core of companies driving the specifications. This is certainly not the case anymore, and many of the big players will not be content to follow only Microsoft's and IBM's lead in the Web services space.

Noticeably missing from this article were new developments in other areas such as transactions and business process management. It's not to say that work isn't occurring in these and other areas, but it hasn't led to new public specifications. For now, beyond the core, established standards of XML and SOAP, Web services is somewhat of a mixture of unofficial standards, such as WSDL and UDDI, and vendor-specific implementations of prominent specifications such as SAML, WSFL, XLang, and ebXML.

Web services is here for the foreseeable future. Let's hope that the standards process will proceed in an efficient manner and continue to produce great standards and that the vendors will abide by these standards and provide great implementations. There is still a great deal of work to be done but the potential payoff is huge.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

@MicroservicesExpo Stories
In his session at @DevOpsSummit at 20th Cloud Expo, Kelly Looney, director of DevOps consulting for Skytap, showed how an incremental approach to introducing containers into complex, distributed applications results in modernization with less risk and more reward. He also shared the story of how Skytap used Docker to get out of the business of managing infrastructure, and into the business of delivering innovation and business value. Attendees learned how up-front planning allows for a clean sep...
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
"At the keynote this morning we spoke about the value proposition of Nutanix, of having a DevOps culture and a mindset, and the business outcomes of achieving agility and scale, which everybody here is trying to accomplish," noted Mark Lavi, DevOps Solution Architect at Nutanix, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
We have already established the importance of APIs in today’s digital world (read about it here). With APIs playing such an important role in keeping us connected, it’s necessary to maintain the API’s performance as well as availability. There are multiple aspects to consider when monitoring APIs, from integration to performance issues, therefore a general monitoring strategy that only accounts for up-time is not ideal.
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
When you focus on a journey from up-close, you look at your own technical and cultural history and how you changed it for the benefit of the customer. This was our starting point: too many integration issues, 13 SWP days and very long cycles. It was evident that in this fast-paced industry we could no longer afford this reality. We needed something that would take us beyond reducing the development lifecycles, CI and Agile methodologies. We made a fundamental difference, even changed our culture...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that’s no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, will explore how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He wi...
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...
These days, change is the only constant. In order to adapt and thrive in an ever-advancing and sometimes chaotic workforce, companies must leverage intelligent tools to streamline operations. While we're only at the dawn of machine intelligence, using a workflow manager will benefit your company in both the short and long term. Think: reduced errors, improved efficiency and more empowered employees-and that's just the start. Here are five other reasons workflow automation is leading a revolution...
We have Continuous Integration and we have Continuous Deployment, but what’s continuous across all of what we do is people. Even when tasks are automated, someone wrote the automation. So, Jayne Groll evangelizes about Continuous Everyone. Jayne is the CEO of the DevOps Institute and the author of Agile Service Management Guide. She talked about Continuous Everyone at the 2016 All Day DevOps conference. She describes it as "about people, culture, and collaboration mapped into your value streams....
Cloud adoption is often driven by a desire to increase efficiency, boost agility and save money. All too often, however, the reality involves unpredictable cost spikes and lack of oversight due to resource limitations. In his session at 20th Cloud Expo, Joe Kinsella, CTO and Founder of CloudHealth Technologies, tackled the question: “How do you build a fully optimized cloud?” He will examine: Why TCO is critical to achieving cloud success – and why attendees should be thinking holistically ab...
Docker is on a roll. In the last few years, this container management service has become immensely popular in development, especially given the great fit with agile-based projects and continuous delivery. In this article, I want to take a brief look at how you can use Docker to accelerate and streamline the software development lifecycle (SDLC) process.
We define Hybrid IT as a management approach in which organizations create a workload-centric and value-driven integrated technology stack that may include legacy infrastructure, web-scale architectures, private cloud implementations along with public cloud platforms ranging from Infrastructure-as-a-Service to Software-as-a-Service.
Did you know that you can develop for mainframes in Java? Or that the testing and deployment can be automated across mobile to mainframe? In his session and demo at @DevOpsSummit at 21st Cloud Expo, Dana Boudreau, a Senior Director at CA Technologies, will discuss how increasingly teams are developing with agile methodologies, using modern development environments, and automating testing and deployments, mobile to mainframe.
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single-threaded, you can effectively identify hot spots in your serverless code. In his session at @DevOpsSummit at 21st Cloud Expo, Dave Martin, Product owner at CA Technologies, will give a live demonstration and code walkthrough, showing how ...
There are several reasons why businesses migrate their operations to the cloud. Scalability and price are among the most important factors determining this transition. Unlike legacy systems, cloud based businesses can scale on demand. The database and applications in the cloud are not rendered simply from one server located in your headquarters, but is instead distributed across several servers across the world. Such CDNs also bring about greater control in times of uncertainty. A database hack ...
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down APIs. The four fundamental pillars of API Security - SSL, Identity, Content Validation and deployment architecture - are discussed in detail below.