Web services leaders meshing on standards

Led by Microsoft and IBM, longtime enemies have engaged in extraordinary cooperation to create standards for Web services, underscoring the need to pump life into the industry.

8 min read
Rules: Leaders avert standards battle--for now

By Wylie Wong
Staff Writer, CNET News.com
November 8, 2001, 4:00 a.m. PT

Not long ago, the idea would have been unthinkable: Microsoft and IBM, sworn enemies after their struggle for control of the PC operating system in the early 1990s, laying down their swords and cooperating to create an industry standard for an important new technology.

Yet that's exactly what has happened in the emerging market for Web-based software and services. It is a testament to vastly changing times in the high-tech industry, when longtime rivals are seeking such truces to survive a combination of global economic malaise, dot-com bust and saturation of the PC market.

We have not created multiple standards, but rather we've gone out and supported interoperability. -Philip DesAutels, product manager for XML Web services, Microsoft Although Web services look to some to be simply the latest ploy in an industry that depends on marketing hype, the extraordinary cooperation by Microsoft and IBM, and more recently by Sun Microsystems, may be an indication that the latest trend is more than just "vaporware."

"We have not created multiple standards, but rather we've gone out and supported interoperability," said Philip DesAutels, Microsoft's product manager for XML Web services. "It's safe to assume the goal is to have one standard."

The goal is also the straightest line to profitability, instead of the consumption of time and resources in costly industry infighting over which specifications should be used and who would benefit most from them. The incentive is even more understandable when the stakes are assessed: If the concept of Web services catches on, it could fundamentally change the way companies do business and people use the Internet.

The idea is to sell software as a subscription-based service over the Web instead of through traditional methods such as boxed copies at retail stores. By running software on central Web servers, as opposed to on individual PCs, people can theoretically have access to all manner of applications and services from any computer, cell phone, handheld device or anything else connected to the Internet, with updates made automatically, in real time.

At the heart of this broad vision is a technology known as XML, or Extensible Markup Language, which allows companies to more easily exchange data online. Last year, Microsoft, IBM, Sun, Oracle and others put aside their competitive differences to agree on three Web standards related to XML that serve as the underlying technology for Web services.

"No one is stepping on each other's toes," said Eve Maler, Sun's XML standards architect.

The grand plan is to find an appropriate standards group and sort (the issues) out. We've been working in the background on a number of things. -Bob Sutor, director of e-business standards, IBM With the help of industry standards groups such as the World Wide Web Consortium and Oasis, the companies hope to continue their collaboration in building a second wave of standards for such issues as security and reliability that are crucial to making Web services fly on a global scale.

At this juncture, smaller specialty companies are hoping they can pick up ancillary business left behind by the industry leaders.

"We have 5 to 10 percent of the software stack needed to implement a complete software-as-services strategy," said Gartner analyst Mark Driver. "We have the basic plumbing, but there's no quality of service and security."

A Darwinian winnowing
Not everyone, however, believes the standards peace will last.

Already, software companies and industry groups are building a handful of competing standards to show how Web services work within and between businesses in specific areas, such as credit card checks and shipping. Microsoft and IBM have built competing languages called Xlang and Web Services Flow Language (WSFL), respectively, and industry groups such as Oasis and the Business Process Management Initiative are working on their own standards.

The stated objective is to eventually stitch these technologies together, but at least some in the industry are skeptical that they will work harmoniously.

"Over the course of the next 12 to 24 months, we will see a Darwinian process where some initiatives will cease to exist, and the way it will play itself out is who backs the initiatives," said Norbert Mikula, chief technology strategist for software marker DataChannel. "It will be contentious, but that's OK, because if we all agree, who says we're doing it the right way? By having different approaches, we ultimately learn."

Click here to Play

  IBM sees services as collaborative effort
Bob Sutor, director of e-business standards strategy, IBM
November 8, 2001

Bob Sutor, IBM's director of e-business standards, acknowledges that the issue is complex and likens the challenge to trying to combine the French and Japanese languages. But he remains optimistic.

"The grand plan is to find an appropriate standards group and sort it out," Sutor said. "We've been working in the background on a number of things. You will see something public in terms of standardization by the end of the year."

One of the first major standards for Web services is called Simple Object Access Protocol, or SOAP, a communications technology that solves an age-old problem: It allows businesses to glue together different computing systems that were built with different software programming languages. Sun initially criticized the technology before finally supporting it.

Then Microsoft, IBM and Ariba proposed a standard called Universal Description, Discovery and Integration, or UDDI, that lets businesses register in a Web directory so they can advertise their services and find each other easily.

Finally, Microsoft and IBM merged competing standards that allow businesses to describe what a Web service does. The combined standard, called Web Services Description Language, or WSDL, would be used by businesses to find each other on a UDDI directory.

Security standards
Rival software and security companies, such as RSA Security, Entrust and VeriSign, are working on XML-based encryption and digital-signature standards through the W3C. Microsoft and VeriSign also have worked together to create XKMS, or the XML Key Management Specification--technology intended to help programmers easily add digital signatures and data encryption to their e-commerce applications.

The Oasis group, meanwhile, is creating a standard called SAML, or Security Assertion Markup Language, that will authenticate people to make sure they are in fact who they say they are.

There are areas that need to be taken to the next level. You now have the basic nouns and verbs, and you want to do meaningful things around them, like sentences and paragraphs and stories. -Peter O'Kelly, project manager, Macromedia For reliability, Sutor said IBM has proposed a new version of HTTP (Hypertext Transfer Protocol), which is the set of rules for exchanging text, images, sound and video over the Web. A new proposal called HTTP-R is designed to ensure that a message for a $1 million order is received--and that it's received just once, not 10 times.

IBM also expects to propose a standard next year that will help businesses monitor and manage Web services. The company is considering something called Web Services Endpoint Language, or WSEL, that would allow Web services to describe their features, such as whether they can perform a credit check within 5 seconds.

Last month, Microsoft previewed a new thrust to make Web services built using its .Net tools more secure and attractive to businesses. The new specifications are part of an initiative called the Global XML Web Services Architecture. The company also previewed four new related specifications that it will submit to standards bodies after a review period.

Microsoft did not specify how long the review period will be or which standards body will handle the submission, but XML, SOAP and other Web services specifications are W3C standards. Microsoft said the architecture adheres to a plan it outlined with IBM this spring at a W3C workshop.

The four specifications cover security, licenses, routing and referrals, and all are built on XML and SOAP. The WS-Security specification outlines how to use existing W3C guidelines called XML Signature and XML Encryption. Together with WS-License, they outline how existing digital credentials can be associated with SOAP messages, according to Microsoft. The WS-Routing specification, formerly known as SOAP-RP, describes how to place address information in messages using SOAP and allows SOAP-based messages to arrive at multiple destinations along a path. WS-Referral allows the dynamic routing of messages between networked systems using SOAP.

Last week, Microsoft and IBM released another potential Web services standard, called WS-Inspection, that allow businesses to directly find each other's services over the Internet. The new technology is meant to complement the aforementioned UDDI standard. While UDDI acts like a "yellow pages," through which businesses can find a list of companies that cater to their needs, WS-Inspection is for businesses that already know which companies they want to work with and how to contact them but want to see what Web services they offer.

Some companies have already begun using existing low-level XML standards to build Web services into their business operations.

Scandinavian Airlines System, for example, has built a Web service that allows people with cell phones and personal digital assistants to access its Web site to buy airplane tickets or check their flight status. More complex uses would connect the companies' business operations with computing systems used by their partners and suppliers for requests such as purchase orders and inventory updates.

Because such operations are so complicated, Macromedia Project Manager Peter O'Kelly compares the industry's XML standards effort to the creation of rules for the English language, something that allows people to interact and communicate in a common way.

"We have an embarrassment of riches with so many organizations involved. But there are areas that need to be taken to the next level," said O'Kelly, formerly an analyst with the Patricia Seybold Group. "You now have the basic nouns and verbs, and you want to do meaningful things around them, like sentences and paragraphs and stories."

Now the companies just need to turn their talk into action. 


Defining the standards
The real hallmark of any IT trend is the alphabet soup it dishes out, and Web services offer up a rich helping. The following is a quick guide to the protocols, languages and other ingredients:

XML (Extensible Markup Language): Language used to exchange data between computers over the Internet.

SOAP (Simple Object Access Protocol): Describes how Web services communicate over the Internet.

WSDL (Web Services Description Language): Describes Web services and how to access them.

UDDI (Universal Description, Discovery and Integration): Lets businesses register, advertise and find Web services in a directory.

Xlang (pronounced "slang"): Microsoft specification for XML-based language to describe business processes.

WSFL (Web Services Flow Language): IBM's specification for describing how Web services work together to complete a business process.

XKMS (XML Key Management Specification): Developed by Microsoft and VeriSign, it allows digital signatures and encryption in Web services programs.

SAML (Security Assertion Markup Language): Security and authentication spec created by the Organization for the Advancement of Structured Information Standards (OASIS) group.

WSEL (Web Services Endpoint Language): IBM-developed spec allows Web services to describe their features.

HTTP-R (Hypertext Transfer Protocol-Reliability): Protocol proposed by IBM to ensure that messages sent across the Internet reach their intended targets.