The technical work at the WS-I until now has focused on its "basic profile," a series of guidelines, sample applications and tools to test product compatibility. The basic profile has been in draft form since last fall and is expected to be completed by the second quarter this year. It addresses the first Web services standards written, including XML document definitions, Simple Object Access Protocol (SOAP), Web services Description Language (WSDL), and Universal Description, Discovery and Integration of Web services (UDDI). In taking on the hot-button issue of security, the WS-I has its work cut out for it. Matching numerous overlapping proposals for security standards to a huge number of business usage scenarios makes for a complex undertaking. For example, a Web service for accessing customer information internally may not have the same stringent security demands as a Web service that transmits sensitive data on customer accounts between financial institutions over the Internet. The WS-I intends to give corporations guidance on how to use security effectively with Web services in different business situations and clarify any ambiguities in the security specifications for IT providers. The WS-I is not a typical standards organisation because it doesn't design the base level specifications for Web services products. Still, as past experience shows, it's clearly not immune to the political wrangling present in most multicompany collaboration efforts. WS-I members are already campaigning for a seat on the WS-I's board of directors in an effort to exert more influence on the future direction of Web services. Last week, Web services start-up Cape Clear Software said it would run for election to the WS-I board of directors in March in an effort to promote "transparency and accountability." Cape Clear noted that the great majority of the WS-I's 160 members are small to medium-sized Web services companies but that the smallest company on the board has an annual revenue approaching $1bn. Cape Clear said it is concerned that large companies in the WS-I will be tempted to steer Web services standards to favor their entrenched businesses and products. "Smaller companies have much less of an agenda, and an ability to keep the others honest," said Cape Clear chief executive Annrai O'Toole. "We'd like to prevent the (WS-I) from becoming a cartel moving the technology to suit a cozy few." WebMethods, which is a medium-sized integration software maker, also plans to run for the board. The WS-I's Glover contends that the group is not simply rubber-stamping the dictates of its largest members. Glover points to the fact that the largest vendors have had to rework and delay releases of their Web services wares to hew to the WS-I's basic profile. Sun, for example, had to rework the crucial 1.4 update to its Java 2 Enterprise Edition (J2EE) to comply with the WS-I's basic profile. Sun released the Web services-ready Java specification after a three-month delay. Despite such inconvenience and potential lost revenue, however, the first "deliverables" from the WS-I have garnered the hoped-for industry support. However, the WS-I faces the vexing issue of enforcement, particularly as it steps up the pace of its recommendations this year. Being members of a voluntary organisation, companies are not legally bound to follow the WS-I's lead. "Frankly, that's a question that the board grapples with," admits the WS-I's Glover. "Right now we're expecting the community to pretty much police themselves." The WS-I is toying with the idea of a logo programme. The model would be self-certification: after IT companies follow the WS-I's implementation guidelines and run the appropriate tests, they could certify themselves, affix the WS-I logo to their products and make their claims publicly available. The WS-I is also looking beyond security and discussing the creation of committees to consider Web services standards around reliability and business workflow. The trick, say industry observers, is making sure the WS-I addresses real-world implementation issues and doesn't overcomplicate Web services standards. With future IT industry growth hinging in large part on interoperable and secure Web services, the WS-I faces a crucial proving period. The next year will show whether the WS-I will be remembered as a worthwhile experiment at standards consolidation or another standards initiative that falls short of expectations. "Once the WS-I starts diving into the meat of things, like security, messaging, reliability and transactions, the question becomes whether it will get the support of vendors -- and will they have the compliance schemes," said Ron Schmelzer, an analyst at ZapThink. "That remains to be seen. And in order for it to work, it can't be a political process."
What standards will drive the next wave of Web-based services, and how will they interact? Check out the latest developments on .Net, Java, Liberty Alliance, Passport and other technologies at ZDNet UK's Web Services News Section, including analysis, case studies and management issues.
Let the editors know what you think in the Mailroom.
