Last week I described how security is being introduced to the world of Web services. In a way, it is extraordinary that it is only now that a framework has been proposed. After all, Bill Gates is not the only one who is currently obsessed with security: any company that uses computers - whether or not it connects its information systems directly to the Internet - needs to worry.
Proponents of the Web services idea have managed to get away with this trick by cunningly focusing attention on the consumer side. Although security is important for end-users too, there it is typically presented in terms of related issues such as privacy. Heavy-duty encryption and authentication, for example, are not generally required unless credit card transactions are involved .
This rather naive application of Web services mirrors closely the first days of the Internet as a mass medium. In the early and mid-1990s a kind of online innocence prevailed, and users were happy to send all of their information in the open.
Perhaps because of this, the first application of the Internet in business was not e-commerce, since neither the security technologies nor the end-user confidence were present to begin with. Instead, as I described back in September 1995, the key development in the corporate adoption of Internet technologies was the evolution of intranets. These allowed the still rather ill-protected applications to be used within the safety of an internal, segregated system.
But once intranets were widely adopted, and the benefits that flowed from using them as a kind of informational wiring within organisations became clear, it was only natural to try to extend these by linking intranets together across companies to form what were dubbed extranets.
The crucial ingredient that needed to be added to intranets to create extranets was security: regulating who had access to what, typically by establishing the credentials and identity of users. In other words, extranets were possible when precisely those elements offered by the Web services security framework discussed last week were put in place.
The striking similarities between the two situations makes clear why Web services are likely to become important for businesses: they will allow the extranet idea, which has floundered in the wake of the dotcom downturn, to progress and realise its true potential.
Viewed in this way, the Simple Object Access Protocol (Soap) is simply the platform-neutral exchange medium that is obviously indispensable if extranets are to function as bridges between companies with disparate IT approaches. Similarly, the otherwise rather mysterious UDDI (Universal Description, Discovery, and Integration specification) can be seen for what it is: the B2B hub re-invented using open standards such as WSDL (Web Services Definition Language).
Assuming all the Web services standards (including the security framework that is currently only a sketch) come to fruition and are implemented fully and without proprietary kinks, what will emerge is a dynamic and largely automatic marketplace mediated by various specialised kinds of UDDI directories.
If this still seems a little abstract, you might want to take a look at a simple animation that IBM has put together that represents a very small-scale application of Web services ideas to buying electronic components. More than most, IBM seems to have grasped how Web services can be used to create second-generation extranets. It has a good range of documents that explain both the general ideas and its own specific solutions.
Nor is this all marketing hype. IBM has created a complex, real-life extranet for the Norwegian insurance company Storebrand ASA, and provides some interesting technical background to the project, including a frank discussion of the current limitations of Web services technologies.