• Uniform implementation of standards. Web services require universal adherence to standards. Early pilots projects have shown, however, that different parties read the standards documents differently. As a result, in February, more than 50 companies (notably absent was Sun) formed the Web Services Interoperability Organization to iron out differences in implementations. This group will be meeting for the first time in March 2002, as this article is published.
• Security. This issue currently dominates the dialogue about Web services. It is unfortunately cast into just one problem: authentication. That is, how does the provider of Web services know the requesting party is entitled to access the services? Microsoft's Passport and Sun's Liberty Alliance are two initiatives that attempt to define authentication mechanisms. But Microsoft's Passport has shown security weaknesses of its own, namely in the form of allowing inappropriate access to personal data that is shipped to the service vendor. The Liberty Alliance, which might be more secure, is less widely deployed at present. Undoubtedly, security standards will need to be formulated. (Read the related article "Software Engineers Put .NET and Enterprise Java Security to the Test".)
• Management. Little attention has yet been paid to the management of services—specifically, on guaranteeing their delivery. For example, if an application relies on Web services to provide weather telemetry or ZIP code look-ups, what happens when the services are not working? By building Web services directly into applications, sites are dependent on the integrity of servers and data at locations over which they can exert no control. Is there a scenario in which a company would have a component of a mission-critical application be dependent on a Web service? Only once redundant providers of services can be instituted. Today, time servers using Simple Network Time Protocol (SNTP) to provide highly accurate time when polled are the only thing that comes close to redundancy in Web services. This time data is frequently used in time stamps and clock synchronization of remote systems. To guarantee reliable access to accurate clocks, there are more than 250 continuously running SNTP servers available for polling. (For more information, see http://www.oneguycoding.com/automachron/).

It is clear that for federated Web services to be widely used, standards must be uniformly implemented, intelligent authentication must be devised, and reliable lookup and access to services provided. Until then, Web services will remain behind the firewall, where standards, authentication, and reliability can be kept under the control of a single site.

Waiting for Delivery on the Promise
Many publications are hailing Web services as the future of computing. Such a remarkable success, however, is far too difficult to predict at this early stage. What is clear is that Microsoft has bet its future on Web services. Sun and the Java community will surely try to blunt the Redmond charge.