Web services best practices

I want to do best practices now, not later. What functions should be done by the app server? What functions should be performed by dedicated Web service infrastructure? Does a Web service infrastructure exist?
The app server is the right place to implement:

  • Business logic
  • The inner layer of a multi-layer security scheme (typically basic authentication and access control based on abstract roles)
  • A generic Web service interface that can be reused.

    The Web service infrastructure is the right place to implement:

  • Common policies that cut across multiple Web services
  • Monitoring and audit trail creation for regulatory compliance
  • Service level monitoring and response policies for failure to hit service levels
  • The outer layers of a multi-layer security scheme (i.e. malicious attack scanning, mapping of specific requestors to abstract roles)
  • A requestor specific virtual service (known as a Service View) that maps the generic interface into the interface needed by that specific group of requestors. Service views will vary interface elements such as transport used (HTTP vs. MQ vs. TIBCO); standards level supported (for SOAP, WSDL, etc.); security standards/mechanisms (which authentication authority is used, are the messages WS-Security compliant or not); XML document schemas; etc. etc.
  • This was first published in July 2004

    Dig Deeper on SOA governance



    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.



    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: