WebServices dot org

There’s no question that SOA and Web services had starring roles across the industry in 2005. There wasn’t a vendor, analyst firm, or trade publication that wasn’t talking about some aspect of service orientation. In 2005, Web services and SOA came roaring to the forefront of many enterprise initiatives.

Most businesses these days seem to have a fundamental grasp of the advantages SOA and Web services can deliver in terms of IT shop productivity and potential enrichment of business partner relationships. However, much of the hard work lies ahead, and building a multi-Web service environment into a well-managed, orchestrated and governed SOA is a huge leap forward.

To get a more balanced and informed perspective on what 2006 will bring to the Web services and SOA market, WebServices.Org asked a number of industry visionaries to take a good, long gaze into the crystal ball and tell us what lies ahead in Web services and SOA over the next 12 months.

Paul Patrick, Chief Architect for SOA/Service Infrastructure, BEA:

We’ll Expect SOA to Deliver More Information, Not Just Data

In 2006, we’re going to see more of an emphasis on information being made available as a service through a number of different parts of the infrastructure. Access to information is going to be one of the critical aspects of SOA that people are beginning to realize they need to tie in. It’s more than moving control messages between two services; it’s about moving from data to information, and putting data in context to better provide the kind of information people need to make the business decisions in an agile way.

We see a growing role for ESBs as well. As people move from pilot to early production phases with their SOAs, an increasingly important role for ESBs will emerge this year.

Paul Lipton, Senior Architect and Strategist, CA:

“Policy” Will be the Overused Buzzword; SOA Will Gain Business Savvy

In 2006, the word "policy" will replace "governance" and "ESB" as the industry's newest, most excessive, and most inappropriately used buzzword. This is an important word, but we may see blurring of the presently clear distinction between governance policies centered on development and its artifacts and the runtime world of management and security that focuses more on decision-making and enforcement.

This may result in misunderstandings between operations and development. Operations currently concentrates on effectively storing policy for all levels of the enterprise in policy servers, optimized for the performance needs of the runtime environment. Development is focused more on repositories based on standards like UDDI as a common store for development artifacts that may describe runtime policies. While these repositories are convenient for administering SOA policy, they are not necessarily well suited to the runtime performance requirements of management and security. Co-existence and planning will be the key to success.

Lastly, from the IT and corporate executive suites, there will be an increasing realization that SOA is more than an IT initiative. Executives will begin to understand that a successful SOA may require some re-engineering of the way that IT and business function together. Furthermore, not all of the changes can be made on the IT side. Large-scale SOA initiatives will often sink or swim based not just on the commitment within IT, but the commitment of important stakeholders within the various lines of business. This will force IT to be a coalition-builder in a way not previously required.

Karl Triebes, CTO, F5 Networks:

The Focus Will Move to the Network

Web services are growing, and are going to grow quickly over the next couple of years. Along with that growth, we’re going to see a need to support these services within the network, versus within more standard applications as we do today. As a result, a lot of people will be moving toward authentication capability using SAML, and having a means of inserting the SAML assertions, and supporting that with back-end applications.

In the near term, we’re going to concentrate on the firewall security aspects, and in the long term, transactional capabilities – especially as more and more different back-end databases or applications try to talk to each other.

Miko Matsumura, Vice President of Marketing, Infravio:

It’s About Governance, Governance, Governance

The year 2005 was a strong year for pilot projects in SOA--and moving beyond point-to-point Web services requires a catalog of services. In 2005 many implementers chose UDDI registry as a starting point for these SOA pilots. However, one big lesson learned in 2005 – the hard way – by many would-be SOA implementers is the need for registry repository.

UDDI-only solutions clearly fell short in this respect, and the industry is increasingly understanding that an integrated policy repository is needed, as well as robust governance functions in the form of governance rules and processes, fine grained access control, a robust SOA information model, and a way of applying policy depending on the identity context.

SOA governance will be big in 2006. Organizations will increasingly realize that the most significant constraints facing their successful rollouts are not technological, but organizational, political, social, and regulatory. This is a function of two great rivers intersecting in SOA—the flow of bits across the wire and the flow of dollars across the spreadsheet. As organizations get real with SOA, the governance issues will move to the fore.

Forethought is needed to manage policies and provide governance of services, people, processes and assets involved in a business initiative. However, the market is filled with lots of jargon and vendor claims, and implementers need to understand the use cases and requirements or they could get burned. Opportunities are numerous--SOA is transforming IT and is rapidly being connected to revenue-bearing projects. Watch for the early majority to begin realizing ROI from the deployment of business services to external partners.

Inge Cheng, Marketing Programs Manager, Layer 7 Technologies

It’s Still Early for SOA; But So Far, So Good

While SOA is top of mind among many IT organizations, most end-users are still early in their deployment cycles. That means most implementations are happening at a project level; not enterprise level. Nevertheless, vendors that are able to speak to first-order deployment problems like monitoring, security, performance, service lifecycle management are finding early acceptance and opportunities in the marketplace.

Some of the larger enterprise struggling with making information flow more efficiently across diverse business units and system have now bought off on the idea of SOA as a way of rationalizing how business processes get architected and provisioned across these heterogeneous environments. These early adopters are now trying to understand how to implement enterprise-scale SOA. This will introduce questions of how services can be governed consistently across application and organizational silos. For these early adopter end-users, SOA security, federation and policy governance will be top of mind creating new opportunities for vendors.

We’ll see Microsoft launch their next iteration of .NET with its dependence on XML and WS-*, which will cement the service centric model for building business process fundamentally alter how applications get built and integrated.

Tim Ewald, Web Services Architect and Co-Founder, Mindreef:

Finally, Support for WS-*

In 2006, we'll finally see shipments of mainstream toolkits that support the core set of WS-* protocols. This will make them de facto standards even before OASIS and W3C complete their work on these specifications. However, architects and developers using these toolkits will be confused over which features are proprietary and which are interoperable. They will figure it all out after some false starts, but it will cost them time and money. Most of their focus will be on leveraging WS-Security in new and innovative ways, although HTTPS will still be the dominant security model for most systems.

SOA will continue to have a variety of different meanings to different people. Some will tire of it and attempt to introduce a new term that describes the process of building flexible, agile, business-focused IT infrastructure--currently underway by numerous organizations. But that won't make much difference for people in the trenches, who will continue building systems using Web services because they have proven to be effective.

Wayne Ariola, Vice President Corporate Development, Parasoft:

This Year’s Challenge is Building Trust in Reusable Components

Reusing business components via SOA inherently increases risk. Not only is the concept of reuse in jeopardy if internal entities do not trust the publisher of the service, but also external entities can reject leveraging the service if they feel that their business process could be at risk by using the service.

Some industries – automotive in particular – have learned how to create visible quality processes in order to instill trust in reused products. Promoting and instilling trust in reused business components in a SOA model must be approached in the same manner as the certification of pre-owned cars in the auto industry: a visible quality process must be in place in order to trust the reusable assets. Similar to the certification programs of used cars, inspection points of business components must be established, executed, and measured before designing or exploring a SOA project. Such a process must be clearly defined, objective, reliable, and repeatable in order to promote trust in the business components that are to be reused either internally or externally.

Whether exposing information internally or externally, the business must ensure that each part of its system is reliable, and that all of these parts interact flawlessly and securely. Visible quality metrics will be necessary to promote internal adoption and reuse, as well as to promote business continuity by providing enough metrics to assure and promote trust with external partners. Ultimately, the organization must have trust that the business components they choose to leverage are secure, reliable and compliant.

Andrew Nash, CTO, Reactivity

There’s Real Money Now Going into SOA Projects

There’s general acceptance that SOA and Web services is the right way to build not only architectures, but also business-level solutions. You can see a lot of business applications being driven by line of business, with real revenues attached to them, which are actually making use of Web services and SOA really effectively. I find that exciting, because that means that there’s real money behind these things. And people are actually getting some real returns and real validation on what’s going on, as opposed to the large-scale, build-it-and-they’ll-come architectures.

Lately, there have been some real projects with real money behind them. You can’t help but get excited about the fact that we are definitely may be just beginning to touch building the majority phase of this kind of marketplace. People are starting to construct large-scale systems, and we’re starting to move away from the simple integration with point-to-point connections using maybe two or three Web services. We’re starting to move into more significant kinds of deployments.

I’m not going to say that 2006 is the year where it will all happen. Rather, this is the start of a long-term, steadily increasing use of SOA.

One of the biggest challenges we have right at the moment is, as we’re starting to build these bigger systems, we’re only just starting to understand from an operational perspective, what are the kinds of controls, dials, knobs, switches you actually need to have in an SOA in order to make sense of it, and also be able to control it. But we’re starting to get a lot more practical knowledge about how you actually build one of these an operate them. So the thing I would most like to see in 2006 is a much stronger set of management and policy capabilities that are shared across vendors.

To be able to do that, we have to have some well-agreed semantics of the kinds of things we want to manage. We’re just starting to understand those; we have some tools like WS-Policy and WS-SecurityPolicy, which are good starting points, but really just broad frameworks that don’t define the semantics. This is going to take a while. I’m hoping this year we’ll begin to see some significant progress in this area.

Cory Isaacson, President, Rogue Wave Software:

Service Component Architecture Will Gain Ground in 2006

The most important trend for 2006 will be the evolution and support for the newly announced Service Component Architecture (SCA) specification. SCA is the most comprehensive spec yet for determining how disparate IT vendors can deliver interoperability across their products, while allowing far greater flexibility to the professional developer.

As we expected, the adoption of SOA started to ramp up during 2005, and this trend will no doubt accelerate in 2006. One of the main questions companies will be asking as they start to adopt this technology is, what does SOA mean to their organization and how should it be applied? Many companies will use SOA as simply another "integration" technology. Although this holds promise, and is relatively easy to do, those organizations that concentrate on integration alone will be missing out on many of the benefits that SOA can provide. Companies that understand the full implications of SOA, as an agile software development methodology, will find new ways in 2006 to implement systems that change the way they do business.

As SOA adoption accelerates, the volume and size of transactions will increase accordingly. Since very little (if any) business information is actually stored natively as XML, the "conversion cost" and associated performance penalties of typical Web services implementations will become significant barriers to successful execution. This will spur adoption of two types of technologies: faster methods of generating, processing and assimilating XML (hardware or software-based), and methods of efficiently using non-XML data in SOA systems, such as Service Data Objects, that preserve native data formats while exposing an "XML-like" API to the end developer. The combination of these volume pressures and the peaking of raw CPU processing power will also drive the need for parallel processing in as a mainstay of critical SOA systems.

Bob Brauer, CEO and Co-Founder of StrikeIron:

In 2006, External Services Will Emerge

Up until now, much of the SOA focus has been on providing back-end plumbing, governance, ESBs and services management infrastructure. In 2006, we will begin shifting to actual solution building and application deployment on top of the SOA. As these applications are deployed throughout enterprises, the spending in these areas will clearly increase. This helps account for the recent M&A flurry that has been heating up this space.

Another key trend is that once the infrastructure of the SOA is in place within many organizations, there will be a shift to reaching out to additional external services outside the enterprise. Bringing an external service into the SOA will be theoretically as simple as incorporating one from another part of the organization. IT will quickly realize the decreased costs and reduced complexity associated with the leveraging pre-built components and services, speeding developing and taking advantage of investments that have already been made.

The challenge, of course, will be in the area of trusting external Web services that leverage existing internal SOA investments, and ensuring that they will always be available without the outages that have plagued on-demand vendors recently. Discovering those external services that make sense to incorporate into the SOA will also not be easy, and why it makes more and more sense for sources of these reusable services components to continue to mature and exist on the Web.