CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Tech Industry

Commentary: Waiting for secure Web services

Web Services Distributed Management must wait for secure Web services standards before it will become an important part of future environments.

Commentary: Waiting for secure Web services
By Forrester Research
Special to CNET News.com
September 19, 2003, 12:50 AM PT

Randy Heffner, Analyst

Web Services Distributed Management must wait for secure Web services standards before it will become an important part of future environments.

Defining how to associate manageability interfaces with individual Web services bolsters the foundation for highly dynamic and configurable environments. However, the migration to Web services maturity will first go through more modest management scenarios. For now, IT shops should manage Web services using the same tools and processes they use for their current application platform environment, handling Web services "from the inside" as application components such as Java servlets or Microsoft's ASP.Net.

From this base, architects can develop an understanding of the needs and priorities for management features specific to Web services, particularly around dynamic configuration. This will build readiness for using environments enabled with Web Services Distributed Management(WSDM) when they are available.

From the standpoint of competition for the definition of Web services standards, OASIS's WSDM effort is in a better position than some other proposals because that's where activity for defining management has consolidated. W3C is a possible place for WSDM competition to arise, but this is unlikely because the WSDM drafts make explicit reference to the management requirements defined in W3C's Web Services Architecture work and major authors of W3C's architecture are participating with definition of WSDM--Hewlett-Packard, IBM and BEA, to name a few.

Delays in the full implementation of WSDM are likely because of security. For secure management, WSDM relies on the yet-to-be-completed secure Web services standards. These are necessary to provide for secure interoperable communication between any manager software and a diverse collection of Web services endpoints. In the meantime, early WSDM implementations will use tactical approaches to secure management, limiting interoperability.

For users, delays in the full usefulness of WSDM will have little impact for two reasons: Web services implementations are not yet dynamic enough to need WSDM's full functionality and current management capabilities can pass the "good enough" test. WSDM's biggest value comes when Web services achieves a much greater level of industry standardization and maturity, whereby it becomes practical to unleash highly dynamic and configurable Web services scenarios.

At this time, most Web services are released in very static configurations. As a result, for now, most people will find they can achieve adequate manageability using the management structure around their Web services platform. For example, one of the interfaces contemplated by WSDM is Web service execution statistics. But, since a Java or Microsoft Web service is typically implemented using standard components from those environments such as Java servlets or Microsoft's ASP.Net, respectively, the existing platforms can provide these statistics today without waiting for WSDM.


News.com story

Development of a Web services management
standard continues to move forward as IBM and
Computer Associates submit a spec to OASIS.


It is the same for many other aspects of management that are visible from inside the execution platform (as opposed to access via Web services from outside the execution platform).

One of the most interesting possibilities for future Web services usage inherent in WSDM is the ability to have stronger version control over the connection between a Web services provider and consumer. However, this would require that version management also pervade other Web services specifications that control invocation of a Web service, and this has yet to occur.

Thus, only those firms pursuing early adoption of highly dynamic Web services need to have WSDM on their radar screens at this time. For the next couple of years, most firms will find adequate management capability in their current environments. Most should simply focus on the basics of good application service level management, at the same time collecting requirements as they arise for management functions that are either specific to Web services or best accessed via Web services.

© 2003, Forrester Research, Inc. All rights reserved. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.