WebServices dot org

WebServices.Org reports from:

InfoWorld's Next Generation Web Services Conference on January 16th in San Francisco
Report 1 - Web Services: A View From James Gosling, Sun Fellow and Designer of Java - Mark Rabkin
Report 2 - Distributed Peer-to-Peer Enterprise Systems and Web Services - Mark Rabkin
Report 3 - Securing Web Services - Mark Rabkin
Report 4 - Web Services: Why They'll Change Your Business Forever - Ellen Boffo, Mark Rabkin
Report 5 - Keynote Address by Eric Rudder, Senior Vice President, Developer and Platform Evangelism, Microsoft - Mark Rabkin, Ellen Boffo
Report 6 - Debate, Web Services: What Flavor Would you Like? - Mark Rabkin, Pavan Rathore, Ellen Boffo
Report 7 - Survey- Which business type will capture the most revenue from web services?

Report 1 - Web Services: A View From James Gosling, Sun Fellow and Designer of Java from Mark Rabkin

James Gosling, Vice President and Fellow from Sun Microsystems gave one of the opening keynotes at the Infoworld Next Generation Web Services Conference on January 16th, 2002 in San Francisco. Mr. Gosling views SOAP as HTML for "silicon based life forms" and fundamentally another form of "RPC". While discussing the advantages of Web services, he noted that what moves across Web services connections is data, "it's not processing" and his opinion of XML is that it is slow and bulky. He did however emphasis the power of XML lies in the fact that it is interoperable and has the ability to make services of "one silicon based life form" available to another "silicon based life form". Mr. Gosling also stated that the real "magic" was in the industry standard schema and that "in reaching beyond the architected connections and embracing the dynamic RPC; it was a good idea in the 70s it's a good idea now".

Gosling views the killer app for Web Services to be "Synergy". He gave an example to expand on this by describing a health care system where no one ever retypes a form or lab result. All hospitals have multiple departments, divisions, labs and specialties quite often there are disparate information systems, which do not communicate. As a patient moves through a hospital system, information is constantly reentered due to the lack of ability of the IT infrastructure to communicate across heterogeneous systems and environments. In Mr. Gosling's vision the objective is to acquire is "a homogenous view of a heterogeneous reality".

While Mr. Gosling is certainly visionary he did not ignore that there are significant gating factors to the widespread adoption of Web Services. These include reliability, security, billing, authentication and identity management. He made comment on the Liberty Alliance/Passport debate, and said that the core issue was simply ..would you rather have multiple vendors of trust or just one vendor of trust. In the latter case Gosling asked "What do you do if you have a problem?".

Picking up on the recent and continuing debate of .NET versus J2EE, Mr. Gosling's commented that .NET is a reaction to J2EE. He commented that Democracies always work slower than dictatorships, and the human society decided a long time which form they preferred. In addition, Mr. Gosling made the point that Sun's security story is strong today whereas Microsoft's leaves something to be desired.

Report 2 - Distributed Peer-to-Peer Enterprise Systems and Web Services from Mark Rabkin

During the Conference there was a breakout session entitled Architecting Peer-to-Peer Distributed Systems. The session was moderated by Tom Yager, East Coast Technical Director of InfoWorld Media Group and he was joined by Bob Lamoreux, Senior Vice President and CTO of WorldStreet and Tom Ngo, CTO, NextPage.

According to both Mr. Lamoreux from Worldstreet and Mr. Ngo Enterprise from NextPage, Peer-to-Peer Systems must have very rich entitlement structures that manage who is able to access and use what information. The point was made that due to the changing nature of corporate environments this must be flexible down to the user level and these systems are not built from the ground up, but are built in conjunction with pre-existing distributed systems.
With that said, Mr. Yager asked "If the security of existing enterprise P2P systems could be trusted?" to which Mr. Lamoreaux responded with the point that "P2P systems are commonplace on the Internet and Wall Street". Mr. Ngo added, "P2P systems typically have very strong security if considered a closed system. As open systems exchange data..the security context becomes transitory". Both speakers implied that P2P with trusted partners is secure in contrast to lesser-known partners.

Mr. Yager raised the question of "What happens when companies use different architectures for their P2P systems?" Mr. Ngo said that P2P standards would be best hammered out by two partners at a time while Mr. Lamoreaux's view was that standards would become vertical and need to plug-in to XML definitions that can enable traffic to take on persona. He gave the example of the XML definition of a publicly traded stock, and commented that if there is an XML definition for Pizza "his traders can order lunch".

Mr. Yager asked "Does P2P force changes on EAI plans?" Mr. Ngo answered that "No one is replacing Application Servers with P2P applications. P2P is sitting on top of EAI. P2P is providing data to be consumed by humans. EAI provides consumables to machines". Mr. Lamoreaux said with regards to P2P "The end user is the ultimate destination and source" and he also emphasized the fact that P2P Systems cannot operate serially, they must be asynchronous.
Mr. Yager queried "Is P2P by nature more accessible to internal IT or should companies plan on using consultants to implement?" Mr. Ngo said "P2P contrasts with Client/Server in that P2P eliminates server and distributes server functionality to the client". He also stated that P2P projects are completed in weeks and months as opposed to months and years for Client/Server projects. Mr. Lamoreux stated that the three basic questions in evaluating the use of consultants are:

1. How much do you know about the new technology?
2. How much do you know about development?
3. How much do you want to do?

Mr. Yager asked "Is P2P systems is something companies can do now or is it 2-4 years from now?" Mr. Ngo answered that companies are implementing P2P today but it will be 3-4 years before P2P will be commonplace. Mr. Lamoreaux said "Today, it is build on top of bearshare or wait for vendors to work out standards. It will be 2+ years before P2P is common". Mr. Lamoreaux and Mr. Ngo both agreed that the more heterogeneous your environment the more attractive P2P would be. There was little mention of Web Services during the session.

Report 3 - Securing Web Services from Mark Rabkin

On January 17th, a memo from Bill Gates was leaked stating that one of Microsoft's primary goals is to make computer systems "as available, reliable and secure as electricity, water services and telephony". Coming only days after the first security concerns over .Net (there was talk of the first .Net virus which has been rigorouslydisputed by Microsoft) this session on Security had an extra edge. The session was moderated by Chad Dickerson, CTO of InfoWorld Media Group. He was joined by Mark Beadles, Chief Architect, SmartPipes; Doug Cavit, CIO McAfee.com, Eduardo B. Fernandez, Professor of Computer Science at Florida Atlantic University and Ted Shelton, Chief Strategy Officer of Borland Software.

Mr. Beadles commented on the potential of Web Services to blur the lines between intranets, extranets and the public domain thereby exposing interfaces that have not been previously exposed. More interfaces mean more potential security vulnerabilities, and Mr. Cavit suggested that we could see denial of service attacks on Web Services, just as we seem them today targeting particular web sites. Dr. Fernandez commented that the process of evaluating the security of any system is to look at each layer of the stack and that web services add 3-4 layers to the stack. Thereby, making securing of such systems that much more difficult. Mr. Beadles also made the general comment that it is easy to ignore security during development and it is far more difficult and costly to retrofit security after an application or system is built. At this point the discussion on Security was rather downbeat.

Mr. Dickerson, the moderator, made an attempt to find some positives from the panel and asked if there are any areas where web services enhance security. Mr. Cavit noted that if web services represent a way to produce reusable secure code then this would be a great benefit. Ted Shelton commented that for the consumer or small business web services offer a proxy for an IT department. However, the consensus overall was that web services represent a challenge to the security of Enterprise environments. Dr. Fernandez did not see how widespread use of Web Services could add security as there is no way to know whether a particular Web Service contains a Trojan horse or malicious code.

The panel was in general agreement that another issue that needs to be resolved is that data resides across multiple devices in multiple forms and how are errors resolved and how do rollbacks occur. Until the issue of authentication can be resolved the security issue will remain one of the primary roadblocks to web services adoption going beyond use with previously known and trusted partners. Mr. Beadles felt that Kerberos was built with security in mind and is a standard the industry including Microsoft is converging towards. For more information on Kerberos and Passport see this article - http://webservices.org/article.php?sid=370.

Report 4 - Web Services: Why They'll Change Your Business Forever from Ellen Boffo, Mark Rabkin

This session was focused on the ways that business might change by employing Web services. The members of the panel included Michael Vizard of InfoWorld Media Group, Marc Benioff founder of Salesforce.com, John Blair CEO of Kenamea, John Kunze CEO of Plumtree Software, Rob Perry a Sr. Research Analyst of the Yankee Group and Anthony Scott CTO of GM. In the initial round of questions, Mr.Vizard asked the panel to provide examples in which businesses will be transformed by the adoption of Web services. Several panelists described streamlined business processes already being utilized at a number of companies.

Mr. Kunze of Plumtree Software explained how Pratt & Whitney, a world leader in design manufacture and support of aircraft engines, is now able to provide mechanics with real-time data on engines undergoing reconditioning at remote facilities. With the adoption of Web services, Pratt & Whitney corporate office quickly and easily receives progress reports and statistics from remote vendors contracted to perform engine reconditioning. The data is analyzed for quality assurance and accounting purposes, and transferred to the field mechanics. Rather than trying to estimate project completion on aircraft engine repair, the easy availability of the data has allowed engine mechanics to provide more accurate estimates and to ensure the quality of the aircraft engines being reinstalled.

In another scenario, Mr. Scott of General Motors described some of the capabilities of OnStar that may be possible with the power and flexibility of Web services. Imagine being involved in a serious auto accident. OnStar can currently determine your location for medical and rescue teams. But with the potential features of OnStar being fully realized, it would also provide the rescue teams with important medical information such as allergies or serious health conditions. This lifesaving information, available when and where needed, means timely accurate emergency care even before you get to the hospital.

With Kenamea, according to Mr. Blair, the Financial Services community now has the ability to perform real-time secure portfolio management transactions through the deployment of Web services, which previously required multiple applications and transactions.

The panelists agreed that applications like these illustrate the point that Web are not merely a concept for the future services, an as-yet unrealized promise, but that companies are currently experiencing the benefits of quick deployment and streamlined processes. Web services are indeed real. When the audience was asked to cast their votes on whether they believed that Web services will be the platform of choice for the next generation of development, the overall consensus was positive. The tally indicated 40% of the respondents believed "absolutely", and 38% indicated "hopefully". While 21% said "possibly", only 1% believed "not likely".

In closing remarks, Mr. Benioff of salesforce.com shared his ideas for the future, which he referred to as a radical idea. He described a flexible, always-available Web infrastructure providing an almost endless number of functions and processes. In his analogy, end-users would employ a myriad of appliance-like devices to complete their tasks by simply "plugging" them into the nearest outlet - much like a utility. Mr. Scott added one more futuristic glimpse when he commented that some of the most forward-thinking concepts at GM include fuel-cell powered autos being used to supply the energy needs of homes. If you follow this logic to the next conclusion, would the Web utility of the future, powered by your mini-van, be far behind?

Report 5 - Keynote Address by Eric Rudder, Senior Vice President, Developer and Platform Evangelism, Microsoft from Ellen Boffo, Mark Rabkin

Eric Rudder is the new head of the Developer and Platform Evangelism Group at Microsoft. Eric began with a description of Web Services as being based on open standards, not bound to any platform and relies on a protocol and format-based contract. Microsoft views the benefits of Web services as enabling best of breed business integration, providing a resilient and scalable platform and enabling freedom of choice in transports and encoding protocols.

Mr. Rudder stated that Visual Studio.NET is being viewed as one of the most successful product launches at Microsoft. During the beta phase, there were over 2.5 million participants in the beta program. In an attempt to provide a fully supported development and deployment environment during beta, Microsoft also provided facilities similar to an ASP model called ASP.NET. This program provided over 6000 'Go Live' licenses for Visual Studio.NET. According to Mr. Rudder, this product opens the door to a new era in application development and deployment. In the next generation of application development, new applications will span the client, servers and services. The application will, itself, become a Web service to other businesses, opening countless possibilities for deployment.

Moving from the overview of a client-centric product, Mr. Rudder turned to an explanation of a server-centric product, Biz Talk. Biz Talk is focused on Business Process Integration. It enables modeling of the process and subsequently binds the process to the service. He also provided an overview of the family of .NET services to familiarize attendees with Web services that are already available from Microsoft, which can be incorporated into existing applications and/or services. An interesting statistic is that Passport currently supports some 200 million accounts with 3.5 billion authentications per month.

After an overview of Microsoft's Web services offerings, Mr. Rudder shared his view of what might be next for Web services. First, there will be a framework evolution; there will be standardization of protocols, the services will become more modular and more extensible. Then the capabilities will extend beyond the baseline standards that are in place today, providing more enhanced security, reliability, improved messaging monitoring and metering.

Because of recent highly publicized security issues relating to Microsoft's Windows XP, and because security could be considered a significant obstacle to wide adoption of Web services, Mr. Rudder commented on Microsoft's commitment to security. In a significant initiative, Microsoft has engaged the services of Foundstone, a leading security consulting and auditing organization, providing consulting services to, among others, Department of Defense and many of the Big5 firms.

Report 6 - Debate, Web Services: What Flavor Would you Like? from Ellen Boffo, Mark Rabkin, pavan rathore

In this session, the debate focused on the competing architectures of JAVA and .NET. With the current challenges of incomplete standards, unresolved security issues and limited developer support, will companies need both solutions; and will they be interoperable?

The panel included Michael Vizard of InfoWorld Media Group, Steve Benfield CTO of SilverStream, Marge Breya VP Sun ONE, Charles Fitzgerald General Manager of .Net Platform Strategy Group at Microsoft, Hugh Grant CTO of Cape Clear Software, Steve Holbrook Web Services Technology Evangelist at IBM, Thomas Kurian VP Oracle 9i application Server Division, David Nielsen founder of Persistent Web and Andy Roberts CTO of Bowstreet. Mr. Vizard opened the session by soliciting the thoughts of the entire panel regarding the relative merits of Java and XML. He asked if their companies would ultimately standardize on one platform or the other.

Mr. Fitzgerald of Microsoft used an example to illustrate the power and flexibility of the .NET platform. In the example, Southwest Airlines created a partnership with Dollar Rent a Car to link Southwest's online reservation system to Dollar's reservation system and provide a seamless website for their customers. The application was deployed in a very short time and within the first weekend of operation, Dollar received over 150,000 incremental transactions to the online reservations system. The partnership is expected to yield approximately $10 million in revenue for Dollar. This was developed and deployed with .NET beta products, further illustrating that the product is already robust enough to support this level of integration and transaction volume.
Mr. Holbrook commented that IBM's commitment to Java would continue. But he added that IBM has always supported the concept of a heterogeneous environment, citing IBM's own product line as an example. Therefore, IBM plans to embrace .NET but considers JAVA as the primary development platform.

Oracle has deployed thousands of customers using Web services, according to Mr. Kurian. Oracle has used a strategy of employing the appropriate platform for the situation and customer. One initiative that Mr. Kurian is interested in promoting is to ensure that platforms like JAVA and .NET share not only a standard protocol but also share the semantics of the applications.
Mr. Benfield added that SilverStream sells products that run on what he calls "the O.S. of the Internet", which he believes is J2EE, implying that .NET is not their platform of choice.

When the audience was asked to cast its vote on what was the biggest obstacle to widespread acceptance of Web services, the results indicated that an overwhelming 51% felt it was security, while 30% of the respondents felt that it was immature standards. The remaining respondents weighed in with 15% for interoperability, 3% for latency and the final 1% for scalability. Clearly, this response demonstrates that there is belief that many of the existing challenges will be resolved, but security is a top priority concern.

Mark Hapner, J2EE Lead Architect, Sun Microsystems said that the key is interoperability. The entire Java Community is based on this ideology. All the vendors implement the specifications developed by Sun along with other leading vendors and the result is highly interoperable systems. Users are not locked with any vendor and systems are built on open standards.

Charles Fitzgerald from the .Net Platform Strategy group says that .Net technology has made it easier to develop and deploy Web services by building a lot of tools around the platform. The fundamental aspect of Microsoft.NET is language-independence and language-interoperability. A single vendor solution is usually more reliable and less error-prone than a bridged solution of more than one vendor. .NET supports development in any language that Microsoft's tools support. Since source code is translated in MSIL. The .NET framework includes CLR (Common Language Runtime), which is analogous to JRE and interprets and translates MSIL into a native executable.

.NET platform is designed to leverage proven security standards like Kerberos, X.509, PKI, XML Signature and Encryption etc. On the other hand, J2EE also has specified security standards to be used in their specifications. Steve Benfield, CTO, Silver Stream says that Security is not really important issue since all the organizations are currently trying to implement web services in their internal projects.

David Nelson, President of Persistent Web says that a company should select a Web services development environment depending upon their requirements, skill sets of their employees and the existing platform. If existing applications are running in Microsoft platform and company has experts in that platform, then it makes sense to invest in .NET platform.

Report 7 - Survey - Which business type will capture the most revenue from web services?

The following polls about Web Services were taken at InfoWorld's NextGen Web Services Conference from January 16th - 17th using the Narragansett live polling system. Read on to see if you belong to the majority or are a contrarian with regards to you views of Web Services.
Which business type will capture the most revenue from web services?

1. Carriers and Telcos 8%
2. Infrastructure 38%
3. System Integrators and Consultants 39%
4. Hardware Companies 6%
5. Boutique Application Developers 8%
Web services will cause the following?
1. Massive Consolidation 21%
2. Winner-takes-all 6%
3. Large ecology of providers and ISVs 49%
4. Increased In-house development 24%
What do you expect of Web Services?
1. Will create next bubble 9%
2. Create opportunity to work with
wireless, P2P, PDAs and other devices 10%
3. Will make company's marketing cool 8%
Again
4. Enable business functions to be faster
At lower cost 63%
What is the biggest obstacle to widespread adoption of Web Services?
1. Immature Standards 30%
2. Security 51%
3. Latency 3%
4. Interoperability 15%
5. Scalability 1%
Web Services platform next generation business model on Internet
will _________ occur?
1. Absolutely 39%
2. Hopefully 31%
3. Possibly 28%
4. Not Likely 2%
What will be the ultimate authentication platform on the Internet?
1. Passport 7%
2. Passport + Liberty Alliance 32%
3. None of the Above 61%
Where will web services be most effective in your organization?
1. B2B e-commerce 43%
2. B2C e-commerce 3%
3. CRM 12%
4. Supply Chain Management 30%
5. Not Sure 11%