Skip the navigation

Users Cast Wary Eye at Web Services

IT managers are interested but worry about immature standards, lack of skills

By Carol Sliwa
September 2, 2002 12:00 PM ET

Computerworld - Boston
IT professionals on an exploratory mission at last week's XML Web Services One conference here expressed keen interest in testing out new technologies to address some of their most painful application integration headaches.
But their interest was tempered by a variety of concerns, including immature and sometimes overlapping standards, the potential for differing implementations of those standards by vendors and a dearth of skills at some companies to build Web services that use standard Internet technologies such as XML and the Simple Object Access Protocol to link disparate applications.
"My nightmare would be a standards arms race," said Chet Ensign, senior director of architecture and development services in the Newark, N.J., office of LexisNexis Group. "That's what the world does not need."
One ray of hope for attendees such as Ensign was a daylong joint presentation by two of the groups working on key Web services standards - the World Wide Web Consortium and the Organization for the Advancement of Structured Information Standards. But even though the cooperative spirit was encouraging, some users were left with just as many questions as answers.
"It confirmed to me that we're not the only ones who are confused," said Ensign, who gave a user presentation at the forum. "I think everyone outside of the small groups of security specialists who have been working on this problem are confused. We don't yet see a clear story of what the security problems are, the framework for how the security will be provided and how the individual efforts fit together."
Kevin Cronin, chief technical architect at Niteo Partners Inc., a Boston-based services firm that's owned by NEC Corp., said its clients in the financial services industry are confused about the overlap of some of the proposed security standards. And until the issues are resolved, he said, the use of Web services may be limited at the retail banking level.
Advanced security issues such as rights management are of great concern to financial services firms as well as to publishers such as LexisNexis, which manages content from a wide range of sources and must control access to meet its business obligations to its content providers and customers. Ensign said he now sees potential overlap among three standards - Security Assertion Markup Language, Extensible Access Control Markup Language and Extensible Rights Markup Language.
"That's an expensive problem to solve if we have to invent our own solution to every single permissions issue as it comes along," Ensign said. He added that if standards are implemented by vendors in a clear and consistent way, "our customers

Our Commenting Policies