Standards lie at the heart of the service-oriented architecture movement. Without them, the entire loosely coupled model falls apart.
In 2005 much of the progress made in Web services standards revolved around getting SOA off drawing boards and ready for enterprise-level work.
The OASIS standards organization closed out the year with a bang, accepting six proposed Web services specifications into two different working groups. One group is looking to tackle Web services transactions, hoping to create everything from multi-phase supply chain transactions to distributed online shopping carts.
The second OASIS group was set up to tackle Web services security. Though the WS-Security has been ratified and been widely supported in vendor offerings, it can't share credentials across multiple domains or secure complex transactions. In fact, it's entirely possible that more sophisticated Web services standards are what's needed to jump-start security metadata adoption.
"You can find WS-Security in all SOA products, but almost no one's using it," said Burton Group Inc. vice president and research director Anne Thomas Manes. "It's amazing how few people are using it."
Not included with the three security specifications in that OASIS group was WS-Federation, leaving SAML 2.0 as the lone ratified offering for federated security. SAML enjoyed a strong year with a host of big-name vendors, demonstrating they can share interoperable SAML identities.
Proponents of the Web Services Distributed Management specification, WSDM, also sought to demonstrate the interoperability of that standard. In addition, the Apache Software Foundation formed an open source implementation project around WSDM and two other management specifications, intending to meet the monitoring and troubleshooting challenges provided by SOA.
According to Manes, Business Process Execution Language, BPEL, is another standard that has gotten a lot of vendor support, but hasn't yet found its way into heavy rotation inside of IT shops. However, it did find an eager early adopter in the U.S. Navy.
In an effort to remove confusion over two different Web services standards for reliable messaging, OASIS folded the two into a single committee.
One of the Web services standards old guard, the UDDI registry, had lagged behind SOAP and WSDL in terms of usage, but much of that changed in early in 2005 when the latest UDDI specification added support for multiple registries, digital signatures and a new subscription application program interface that opened up registries for support from Web services management products.
Models and blueprints
Standards work in 2005 also began to focus on the thorny issue of how to use all these standards in a consistent fashion when a realization hit the industry that potential users might feel like they're swimming in alphabet soup.
OASIS got the ball rolling with an effort to create some standard nomenclature for SOA and its various components. Then it formed a group looking to build blueprints for SOA adopters.
Apache stepped up in August to form the Synapse mediation project, which aims to provide transformation and routing between disparate Web services.
IBM, BEA Systems Inc. SAP AG, Oracle Corp., Iona Technologies Inc., Sybase Inc. and Xcalia S.A. teamed up in late November to get behind a new SOA programming model. It marked a new step in the standards arena where a group of sizable vendors simply agreed to work together instead of seeking out neutral body approval.
Zapthink LLC analyst Ron Schmelzer viewed that decision as a significant development, saying that customers have ceded standards work to vendors, which have the resources to develop and test emerging standards. In particular, he noted the relative silence in 2005 from the user-run WS-I standards body.
"I think that WS-I is dead," he said. "They did nothing over the last year."
For years now vendors have been building support for standards into the products even before the standards got accepted into a standards body. Customer demand has been well ahead of the deliberate nature of the standards approval process.
"With this [SOA programming model] announcement, the vendors didn't even bother to involve a standards body," he said. "They basically said they'll submit pieces of it if they see a good match. It seems like customers prefer to get their standards convergence from the vendors."
The JBI shake up
In February, Sun Microsystems Inc. engineer Ron Ten-Hove previewed the Java Business Integration specification. JBI was designed as a plug-in framework that created an integration and implementation point for Web services.
It was approved in June, but with notable abstentions of IBM and BEA Systems, which categorized it as too Java-centric and too immature to support SOA.
BEA chief technology officer Mark Carges said JBI suffered from an attempt to innovate inside a standards body.
Sun distinguished engineer Mark Hapner argued that the criticism of JBI was overblown and misplaced, overlooking how useful it can be. Hapner was not alone in his praise for JBI and by the end of the year numerous JBI projects were under way.
How well those projects and the specification fare remains to be seen in 2006.