The Business of Web Services

Despite the heavy marketing blitz by Web services providers … or maybe because of it … corporate America doesn’t seem quite ready (or even prepared) for the many applications and processes the technology will bring to the table. While the interest level in corporate IT rooms across the country are at all-time highs, many managers are still determining what framework, platform and service best suits their organization.

The marketing hype is one of three challenges developers, corporate IT managers and Web services providers will need to address before the promise of the new technology is realized. In addition to overcoming hype, Web service providers and standards bodies like the Worldwide Web Consortium are going to need to resolve questions like interoperability and security.

Fred Hoch, eBusiness division director for the Software & Information Industry Association, said a blizzard of standards, frameworks and platforms has created confusion, making decision-makers wary of any new Web service.

“The hypes of the past few years have forced corporations to be skeptical of any new technology, so thereby you put a lag in the development of new Web services because people are so skeptical,” he said.

Hoch believes industry-wide adoption will come in the next three years, as companies build up a level of trust in the technology. Like others, he thinks businesses will first use Web services to integrate systems internally (on what was formerly thought of as the “intranet”) before any business processes are rolled out beyond the firewall.

He’s not surprised by the skepticism in the IT world, which he said is slowing down an inevitable process: putting the workplace on the Internet in a manner that is so streamlined, so free-flowing that it is revolutionary.

As such, the most obvious opportunity for businesses to immediately capitalize on (aside from selling the various developer platforms and tools like Microsoft, Sun Microsystems or other software vendors) is the systems integrator. And one company that has jumped in head-first is webMethods , of Fairfax, VA. Scott Opitz, vice president of strategic planning, expects commercial interest in the industry to explode, once companies get past the hyperbole and conflicting information.

“This has really been an overnight phenomenon,” he said. “The interest level right now is high, (though) most are in the fact-finding stage. Customers are pretty wise to the conflicting messages they’re hearing.”

“The reality is that there’s no magic,” Opitz continued. “Companies have
to find what’s most effective for their business and what requirements work
for them.”

As for standalone entities in the business of selling software components via web services, though, right now that revolution is on hold. And even staunch advocates predict that business model is a long ways away with companies and providers only now addressing how to make revenues from Web services.

“I think that’s the question we have to answer soon,” Hoch said. “We’re at
such an early stage with Web services as a model, it’s really unclear.”

For the time being, individual software components (no matter what the “killer app”) serve no good until adoption of the platform occurs industrywide. Even then, components are viewed more as a luxury item compared with the mission-critical task of systems integration.

So what’s holding back other viable business models? See Page 2.

Entrepreneurs are hopeful that sooner or later the industry dynamics will shift to allow web services to overcome the difficulties in putting together a business model and some have already started to prepare themselves. Companies like Santra in Vancouver, B.C. and Salcentral of the U.K. have already launched value-added services for Web Services.

Software companies will eventually send their software application to the Web services registry, the universal description, discovery and integration (UDDI), which acts as a sort of Yellow Pages of applications. An business looking for a Web services tool will then search through the UDDI for the services it wants.

Santra has created a service, called iON, that monitors and measures the performance of web services found on the UDDI. There are currently about 430 web services on Santra’s iON system. “As more developers get into the market, they’ll be able to see this is the way to go. The database can be centrally stored and integration with different systems is a cinch,” said Robert Chartier, vice president of technology at Santra.

Salcentra takes its UDDI value-added service one step further. Co-founder Mike Clark refers to his service as a web services marketplace that not only monitors downtime but also brokers web services. “For a developer of web services, he can go there and promote it. For the user, he can go there and buy,” Clark explained.

Both Clark and Chartier get their listings by spidering the UDDI, creating relatively low barriers-to-entry for another player to jump into the market with a superior offering. But through his own research, Clark has discovered an open door: UDDI doesn’t police its listings of web services.

“48% of the production UDDI registry has links that are unusable. These pointers contain missing, broken or inaccurate information,” Clark wrote recently in an online trade publication.

But exactly how does that software developer make money from customers who pick
up the application for their business? Do they charge by the month, per
customer or something else entirely? What does that software company do
when another, much larger software company, signs on as a reseller
affiliate and bundles that application with their own package of applications?

“The business models have not been completely worked out yet, though the
promise is so amazing that the business models will have to come about (to
accommodate it),” Hoch said. “We’ve now got to take it to the next step
and put those standards to use, we’ve got to get everyone on the same page,
we’ve got to create the business models that’ll make Web services a
reality. It’s not there yet.”

What about security? See Page 3.

Clearly, no business model will ever be completely fleshed out until online security
across the board is addressed.

As more and more Web services come online, more and more information will
pass across networks at risk from any number of mishaps, from data loss to
break-ins by malicious hackers.

Organizations like the W3C and companies ranging from Microsoft Corp and Sun Microsystems are working together
to develop security standards to use in Web services.

While standards bodies meet and deliberate, capitalism delivers. Several
companies around the country have come up with security solutions of their
own to address growing security concerns like authentication.

One of them is Systinet, a Cambridge, MA, company catering to the
development crowd with software products that help in the design and
implementation of Web services.

According to Anne Thomas Manes, Systinet chief technology officer, security
is the number one issue affecting Web service development today. The
common practice of using secure socket layer (SSL) technology, she said,
won’t work with Web services technology that accesses many different systems.

“One of the problems you have with SSL is that it doesn’t allow you to
distinguish between the different services that you talk to on the server,
because it goes through a single point for authentication,” she said. “It
doesn’t allow you to authenticate with a specific service.”

Manes answer was to develop a security product based on a security standard
approved by the Internet Engineering Task Force (IETF), called the generic
security services application program interface (GSS-API). With it, she
said, it allows the server to delegate security credentials to specific
services.

Systinet’s version of GSS-API is currently sitting on the docket of one of
the standards bodies, the Liberty Alliance (which supports the Java framework).

But tools that enhance Web service security are only one facet of the
security issue. While partly the responsibility of software developers and
providers, businesses also need to take a proactive approach to securing
its networks from breaches of other sorts.

So far, corporate America is failing in that department, according to
security experts, the result of IT managers who don’t secure their network
assets (servers, operating systems, work stations, etc.).

“Here’s the deal with IT managers, while the media and corporate managers
all talk about the need for security and ‘best business practices,’ IT
managers are driven by the bottom line,” one security consultant
noted. “They hire under-skilled employees and don’t train them, then the
managers over-task those employees.”

Many of the highly-publicized domain name service (DNS) attacks reported
last year
were the result of servers not using the latest security
upgrades or keeping default security values. Many believe simple
preventative measures
by IT departments would have reduced gaps in the
network.

Interoperability is another issue that needs to be hashed out among the
various Web services providers.

So far, the various companies driving the standards committees (Microsoft,
Sun, IBM , Oracle and Hewlett-Packard
) are playing nice as they hammer out standards the entire
Web services community can adhere to, but how long remains a question.

Businesses go with the name they trust, or with the company they’ve been
using all along. The market position each of the five Web service
proponents share encompasses much of the computer world today in the U.S.
and abroad.

The initial success of the technology will depend largely on the five Web
services companies willingness to allow information to be passed from one
business to another using different platforms.

— Prepared by Jim Wagner and Robert Liu with contributions from Thor Olavsrud.

This is the second part of a series. Tomorrow, we will examine the unique role that Microsoft plays as a platform vendor and software provider.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web