Meanwhile, Doug Kaye's book, Loosely Coupled: The Missing Pieces of Web Services, will be available next week (consignments are currently on their way to book warehouses, Doug revealed yesterday). Amazon needs to pull its finger out and get the book back in its listings (it was there a few weeks ago but then disappeared for an unknown reason). In the meantime, you can order from Doug's website or at Barnes & Noble. As I mentioned previously, it's not the official book of the Loosely Coupled site, but I can certainly vouch for its value to anyone who needs to understand the key concepts of web services and SOA without getting bogged down in technospeak.
"I suspect it is a matter of days now until the first issue of Service-Oriented Architecture magazine appears and the hype reaches Def Con 5" writes James Britt. Well, no magazine yet, but already a plethora of websites. Momentum's Jeff Schneider has put together some words on the service oriented enterprise at serviceoriented.org, and of course we're adding to our catalogue of stories, definitions and research here at Loosely Coupled. Talking of research, there's plenty more very helpful guidance available on the websites of analysts like CBDi Forum, Stencil Group and ZapThink.
There are now several books we should add to the site's all-too-brief listing of web services titles. As well as those by the two Dougs mentioned above, there's Web Services Security by Vordel's CTO Mark O'Neill, and Java Web Services Architecture by Java expert James McGovern and co-authors. Both have been recommended to me, and they come with excellent pedigrees.
The bad news for the IT industry is that CIOs have realized they can spend less and achieve more, using web services. Instead of investing in new systems, they want to get more out of the systems they've already got. Here's what they've been saying at InfoWorld's CTO Forum this week:
"When we looked at our core assets, we had lots of services our customers were not using. The problem was [the services] were not flexible and convenient enough," says senior Verizon IT executive Luis Lando.
The really bad news is that they can expose and link those web services without having to invest in expensive new integration systems. They don't even have to buy application servers, according to Cape Clear founder Annrai O'Toole:
"The truth," he tells ZDNet's David Berlind, "is that if you want to take some new or legacy code and turn it into an XML-based service that talks to another XML-based service [aka: a services oriented architecture or SOA], then you don't need a full-blown application server like all these vendors are saying you need."
So let's sum up. CIOs don't plan to buy any new applications, because deploying web services allows them to do more with the applications they've already got. And they don't need to buy any expensive new platforms to do it, they just need to use the standards and tools that are already out there. Where does this leave tech spending? Unless you're a web services specialist, it leaves you wondering where on earth it all disappeared to. And if you are a web services specialist, don't imagine you'll be able to charge a premium everyone else is going to be after a slice of your cake.
posted by Phil Wainewright 9:53 AM (GMT) | comments | link
eWeek gets on its SOAP box
Marring its otherwise excellent coverage of SOAP this week, eWeek laments the omission of security from the specification: "we think security isn't a postscript to be tacked onto the SOAP specification. Security needs to be baked into the heart of the standard so that it can benefit from the W3C's mandatory implementation and compatibility testing."
Readers will no doubt applaud its stance successive surveys have cited security as the main reason why IT people hold back from adopting web services but in its eagerness to pander to popular opinion, eWeek has got it wrong. Baking security into SOAP would be the worst possible thing to do.
Yes, security is important. But specifying a single security methodology at the heart of SOAP would cripple web services. The whole point of SOAP is that it is interoperable across all systems, and the more that gets built into it, the less interoperable it becomes. The best way to ensure universally reliable web services will be to keep security separate from SOAP, so that each web service is free to apply a security level appropriate to its own content, functionality and usage.
The Web Services Interoperability organization (WS-I) has this week recognized the importance of keeping security separate by creating a working group dedicated to interoperability in web services security. A separate group already deals with basic interoperability. (That in itself presents enough challenges as it is, as as ADTmag reports this week in its review of SOAP testing tools: SOAP testing easier said than done).
Enterprises would be better off just getting to grips with web services, rather than clinging to security as an excuse for shying away from them. Don Box, the Microsoft engineer who helped create the original SOAP specification in 1998 (which, if you'll forgive the pun, makes him the original SOAP Box) offered this advice at a conference recently:
"I strongly encourage you not to wait for all of this stuff to settle down. The important stuff has settled down sufficiently that unless you are building the enterprise information bus for your company, we are done. And if you're building that (information bus), wait a few months and that will settle down by the end of the year."
At the same conference, former Systinet CTO Anne Thomas Manes noted that "SSL (Secure Sockets Layer) security standard 'solves 80 percent' of security needs for web services."
posted by Phil Wainewright 1:48 AM (GMT) | comments | link
Tuesday, April 01, 2003
In-house or outsource?
A succinct solution to the conundrum of whether to keep applications in-house or outsource them to external providers comes from Flashline CEO and founder Charles Stack, in an interview published yesterday by ADTmag.com under the headline Do Web services create expenses or assets?.
Stack says that using web services to wrap existing applications extends their life to as much as fifteen years or more, and that therefore some of them should be regarded as core strategic assets rather than short-term expense items. Intriguingly, he rejects the popular term 'software reuse' as "too constricting" to describe the continued exploitation of these long-lived application assets. Those core strategic assets, such as IT infrastructure that forms part of an enterprise's competitive advantage, should be the main focus of investment, he says. Peripheral software items, such as word processing, should be treated as a non-strategic expense. "Reduce cost and expenses, and outsource them, and invest and cultivate things on the asset side," says Stack.
Outsourcing word processing is probably going a bit too far. ASPs have found that it's generally better to leave individual creative activities on the desktop rather than forcing the user to interact with a remote server. But data entry and lookup, collaboration and transactions all naturally live in the network, and thus applications such as email, expense management, conferencing, payment processing (the list goes on) all work well as outsourced services.
With these capabilities increasingly available from third-party service providers, it is becoming frankly absurd for enterprises to talk about 'investing' in their own in-house implementations (and even more so to then expect a 'return' on that 'investment'). These peripheral activities are simply day-to-day expenses, to be performed with the lowest possible outlay. The only activities that it is worth investing in automating are those that deliver core competitive advantage. When you consider how much they have already invested in those core systems, it is a serious indictment of the IT industry that enterprises find themselves surprised when web services unlocks the capability to reuse the existing automation. They have a right to routinely expect it.
posted by Phil Wainewright 2:06 AM (GMT) | comments | link
Assembling on-demand services to automate business, commerce, and the sharing of knowledge