Computer Associates International Inc., the software and services giant that made headlines last year with its bitter proxy fight involving investor Sam Wyly, has spent much of 2002 working on Web services. Even though CA doesn't have its own application server, it's still aiming to be a major player in Web services delivery, management and security. Don Leclair, CA's technology strategist in the office of the CTO and the company's top Web services guru, told SearchWebServices.com about the company's strategy, its WS-I work and why Web services may be more dangerous than people think.
|CA's Don Leclair|
Leclair: It's an enterprise-caliber application development
SearchWebServices.com: Are you satisfying your existing customers or do you see unfulfilled Java development needs in the mainframe/Unix markets?
Leclair: If you look at what's happening with Web services, [our customers] are interested in using them behind the firewall for integration and to connect to business partners. Usually you want to connect people to your mission-critical applications, and a lot of those were built with Gen. It makes sense for us to help people use Java and Web services to interface [with] what's in those applications.
SearchWebServices.com: About six months ago at CA World you released CleverPath Portal 4.0 with Web services support. Can you crystallize for me why it's important to include Web services capabilities in portals?
Leclair: I think for a lot of people the basic concept of Web services is that they're enabling computers to talk to each other, but people are discovering when you create a Web service, you can create a reusable component that can be applied and used in many different ways. There's a lot of activity around business-enabling the enterprise. We deliver the capability to take any Web service and make it accessible to humans. So you can take any Web service, [publish] it to a portal and access it on your desktop machine, but you can also access it from wireless devices. The portal gives you a vehicle where you can access all your information and documents.
SearchWebServices.com: Can you give me an example?
Leclair: CA has a lot of clients, and we have a lot of people serving them. We have a customer look-up Web service, where [our representatives] use a customer's site number -- basically our customer number -- to get their address, telephone and other info. We made function a Web service and deployed that as a portlet, so [our representatives] can do that from their desktops.
SearchWebServices.com: What kind of work are you doing with .NET, and what's your take on Java/.NET interoperability?
Leclair: Today, we have written Web services and tested them both from the .NET and Java perspective. There are minor details you have to watch for, but [Web services] seem to deliver interoperability as far as I've seen, and it will get better with organizations like the WS-I to make sure that's the case.
We expect both to be successful, and most of our clients will use both Java and .NET. When I talk to clients who say they're going to be a pure J2EE shop, they really know that's not the case. Any kind of large Java company, for example, is eventually going to have a merger or an acquisition or something that causes it to bring in .NET in some fashion. But if you're just moderately careful, it's not a problem, and I think it'll get easier.
SearchWebServices.com: What do you mean by "moderately careful?"
Leclair: Everybody has little extensions and things you can do with little data types that aren't formally a part of the standards. But as long as you are careful to stay within what will be formally defined in the interoperability standards, then you won't have a problem.
SearchWebServices.com: Are Web services more dangerous than most people think?
Leclair: The exposure that you have with Web services is that they are designed to go across the Internet using the same connection that a browser uses. What does that mean? If you don't take prudent steps to secure the environment, you can give unauthorized users inside or outside [the firewall] the ability to use those Web services in potentially damaging ways. But one could argue that that's no different from any other application an enterprise runs. So I think to some extent there's potential for a slight overreaction. I think that if you're going to use Web services outside your firewall, you have to make sure you've secured them like any enterprise-critical application.
SearchWebServices.com: Computer Associates is a member of the Web Services Interoperability Organization. What is CA's WS-I agenda?
Leclair: We think Web services are very important. For Web services to really deliver what everybody would like them to do in terms of connections inside and across businesses, you need to be able to guarantee interoperability. We are contributing to help make sure the standards that come from OASIS and the W3C are truly interoperable. We're most invested in the Test Materials and Tools Development Working Group that will automatically verify that the Web services you build are standards-compliant.
SearchWebServices.com: Can you explain that working group in a little more detail?
Leclair: I look at it as where the rubber meets the road. It's where you go from talking about abstract standards to delivering an easy-to-use tool. Any company producing a Web service will be able to just run it through this tool and get a direct confirmation that it's interoperable and will work across multiple platforms.
Leclair: We have the annual face-to-face meeting in Miami [from Nov. 5 to Nov. 7], and we have some internal test versions of the tools that we're going through right now, and that's going well. We think we can do a public beta reasonably soon, hopefully in the next month or so.
SearchWebServices.com: Finally, how do you think the long-term impact of Web services will compare with today's hype?
Leclair: I think in some ways it's too early to tell. My suspicion is that it will require a broader set of business-level standards on how to make systems work together. Standards move from the bottom up, and the ones we have -- SOAP, WSDL, and UDDI -- are excellent standards that work in every environment. Things like choreography, flow and aggregation will make bigger, more interesting Web services, but the area where we have a lot of fragmentation or missing standards is in representing business objects. It seems trivial, but those are big problems and I don't think we have solved that on a broad enough scale to have success. So if you want to have truly interoperable Web services across industries, then there's a lot of work that has to happen and we've only begun in that area.