Download (direct link):
Liberty Alliance Project
summer of 2002, and these specifications include protocols that use XML Encryption, XML Signature, and SAML.
Where Security Is Today
Currently, security is a major hole in Web services, but the good news is that standards organizations and vendors, realizing the promise of these services, are frantically working on this problem. At this writing, XML Encryption, XML Signature, and SAML seem to hold the most promise from a standards perspective; these standards have been developed for quite a while, and software products are beginning to support their usage. At the same time, WS-Security and the Liberty Alliance Project are embracing some of these core standards and marrying them with SOAP-based Web services. Much of the growth, development, and future of Web services security is happening with WS-Security and the Liberty Alliance camps, and technologists should keep an eye on their progress.
Because of the changes occurring in these security drafts related to Web services, much emphasis today is being placed on EAI in internal deployments of Web services. Many organizations are exposing their internal applications as Web services to allow interoperability within their enterprise, rather than opening them up to external B2B applications that may make them vulnerable to security risks. Organizations and programs that need to focus on the security of Web services have been early adopters of SAML, XML Encryption, and XML Signature with Web services, and have been presenting their solutions, findings, and lessons learned to groups and standards bodies.2
What's Next for Web Services?
As Web services evolve, there is great potential in two major areas: grid computing and semantics. This section briefly discusses these two areas.
Grid-Enabled Web Services
Grid computing is a technology concept that can achieve flexible, secure, and coordinated resource sharing among dynamic collections of individuals, institutions, and resources.3 One popular analogy of grid computing is the electric
2Kevin T. Smith, "Solutions for Web Services Security: Lessons Learned in a Department of Defense Program," Web Services for the Integrated Enterprise-OMG's Second Workshop on Web Services, Modeling, Architectures, Infrastructures and Standards, April 2003, http://www.omg .org/news/meetings/webservices2003usa/.
3Foster, Kesselman, Tuecke, "The Anatomy of the Grid: Enabling Scalable Virtual Organizations," International J. Supercomputer Applications 15, no.3, (2001).
Understanding Web Services
utility grid, which makes power available in our homes and businesses. A user connects to this system with a power outlet, without having to know where the power is coming from and without scheduling an appointment to receive power at any given instant. The power amount that the user requires is automatically provided, the power meter records the power consumed by the user, and the user is charged for the power that is used. In a grid-computing environment, a user or application can connect to a computational grid with a simple interface (a Web portal or client application) and obtain resources without having to know where the resources are. Like the electricity grid, these resources are provided automatically.
A computational grid is a collection of distributed systems that can perform operations. Each individual system may have limitations, but when hundreds, thousands, or millions of systems work together in a distributed environment, much computing power can be unleashed. In a Web services environment, such a concept brings more distributed power to the network. If you want an online production system based on Web services that serves millions of customers, you will need load balancing and fault tolerance on a massive scale. The marriage of grid computing to Web services may bring stability in such a dynamic environment. When a Web service shuts down, the network grid should be able to route a request to a substitute Web service. Web services could use a distributed number of machines for processing power. Distributing Web services can create large groups of collaborating Web services that could solve problems on a massive scale.
Work being done by the Globus Project (http://www.globus.org/) will allow grids to offer computing resources as Web services to open up the next phase of distributed computing. Globus will add tools to its Open Grid Services Architecture (OGSA) that deliver integration with Web services technologies. Vendors such as Sun, IBM, and The Mind Electric will be implementing grid-enabled Web services as products.
A Semantic Web of Web Services
The Semantic Web and Web services go hand in hand. XML, a self-describing language, is not enough. WSDL, a language that describes the SOAP interfaces to Web services, is not enough. Automated support is needed in dealing with numerous specialized data formats. In the next 10 years, we will see semantics to describe problems and business processes in specialized domains. Ontologies will be this key enabling concept for the Semantic Web, interweaving human understanding of symbols with machine processibility.4