BorCon experts say security issues stall Web Services

ANAHEIM, Calif. — When it comes to the house Web services has built, the only consensus is the running water works.

“”The plumbing is there,”” said Simon Thornhill, vice-president and general manager of Borland‘s RAD business unit,

at a roundtable in Anaheim, Calif., on Tuesday. “”The capability is there for developers, (but) there’s a lot more that has to be built.””

Web services are a hot topic at BorCon ’02, the 13th annual Borland developers’ conference.

What is agreed upon is that the basic foundation of Web services through standards such as Simple Object Access Protocol (SOAP), Universal Description, Discovery and Integration (UDDI), and Web Services Description Language (WSDL), coupled with XML, are there, and that many enterprises are using Web services to integrate internal applications.

One piece that has not materialized is a security standard, which is currently being hashed out by large Web services players such as Microsoft Corp. and IBM Corp.

As recently as two years ago, Tony de la Lama, vice-president of Borland’s Java business unit said neither Sun Microsystems or Borland had a Web services strategy as it pertained to Java. “”It wasn’t a pain point for our customers,”” he said. “”Sun was behind the eight ball, too.”” However, early last year, Borland realized that customers using JBuilder, the company’s Java development platform, needed to start experimenting with Web services. Now Java 2 Enterprise Edition is the main focus of Borland’s JBuilder customers (all of Borland’s development platforms are now Web-enabled, including the latest release of JBuilder, just released here Monday) and he said Sun has come back strong on the standards front.

One thing Java has had since the beginning is inherent security, de la Lama said. “”The security model (for Web services) is still a major stumbling block.””

One question that been raised frequently since Web services became the buzz word du jour is whether it was a solution in search of a problem, said Ted Shelton, senior vice-president of business development and chief strategy officer at Borland.

Thornhill said he sees Web services being at the top of the list for enterprises, but by a different name: internal enterprise application integration.

“”We have a good base for Web services today,”” said Michael Swindell, director of RAD product management for Borland. “”It works very well for application integration.””

What hasn’t really materialized, Swindell said, are Web services for business-to-business or software as a service models. Issues such as non-repudiation for transactions have yet to be addressed. “”These are standards that are in the works.””

John Meyer, an analyst with Cambridge, Mass.-based Giga Information Group, said 2002 will be the year where enterprises use Web services within their four corporate walls, but that until issues of security are addressed, many large organizations are reluctant to extend mission critical processes beyond their enterprise. “”The benefit is there,”” said Meyer. “”We don’t see a ton of adoption.””

De la Lama noted that security can be bolted on to existing standards on a case by case basis if need be, but Meyer said that without security, enterprises might as well go back to EDI, since they would likely have to reengineer Web services once again when the security specs are finalized.

Tom Murphy, analyst with Stamford, Conn.-based Meta Group, also agreed that right now Web services are mostly useful for application integration. Many organizations are still using running mainframes for critical processes for example. “”We can’t really reengineer them,”” he said, “”so we extend them.””

Besides the hashing out of standards, what is also needed is a strong business case for using Web services that can be taken to the C-level executive because it is the business users that are holding the purse strings.

Meyer said that a recent survey by Giga of 200 CIOs in the U.S. found it was on their list to understand what Web services meant for their organization and their financial impact would be.

Comment: [email protected]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Gary Hilson
Gary Hilson
Gary Hilson is a Toronto-based freelance writer who has written thousands of words for print and pixel in publications across North America. His areas of interest and expertise include software, enterprise and networking technology, memory systems, green energy, sustainable transportation, and research and education. His articles have been published by EE Times, SolarEnergy.Net, Network Computing, InformationWeek, Computing Canada, Computer Dealer News, Toronto Business Times and the Ottawa Citizen, among others.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.