Critical Success Factors for Web Services
Looking to get started with Web services, but not sure which type of project will provide the best payback to your organization? Experts have one key piece of advice: Start small and concentrate on solving just one or two distinct business problems.
"People are focusing on small projects, with very specific business goals, to test the waters," observes Rebecca Wettemann, co-founder and principal analyst at Nucleus Research, a company that performs ROI project analysis for organizations. The most successful Web Services projects, she says, are those that aim to solve a simple problem with a straightforward approach, and which can quickly demonstrate tangible benefits.
Such a Web Services project could be B2B, such as providing inventory data to a handful of business partners. However, most companies are opting to start with internal projects-adding an employee benefits look-up function in a human resources portal, for example, or automating some manual task such as re-inputting data into multiple stovepipe applications-before trying their hand at B2B integration.
The preference for starting out with internal projects relates to the fact that, by and large, Web Services standards are not fully developed to handle many of the issues involved in B2B integration. A significant case in point: security. Web Services messages are XML documents traveling over HTTP, making them much more vulnerable to security breaches. Thus, sending sensitive data via Web Services to external systems usually requires a company to invest in various security safeguards-which adds substantially to the cost of the Web Services project.
"One major reason why you'll get better return on Web Services for internal projects [vs. B2B projects] is that you probably won't need a $50,000-$100,000 PKI tool kit, or other such software for ensuring that a remote host is secured and available," explains Jason Christensen, a principal with Evergreen New Media Business Integration Services. According to Christensen, only very large companies with heterogeneous security architectures across multiple business units are likely to need to implement PKI (Public Key Infrastructure) for Web Services within the enterprise.
For B2B projects, you might also need a content-aware SOAP firewall, suggests Dieter Jenz, president of Jenz & Partner, an analyst and consulting firm based in Germany. "SOAP messages travel through port 80, which causes network administrators a few headaches. Nobody wants some unidentified party from outside to be able to invoke services on the corporate system. Since the outer firewall, at the IP level, can't check SOAP headers and body, one needs to buy a content-aware SOAP firewall, which costs somewhere in the $30,000 to $50,000 range."
Over time, of course, security standards for Web Services will mature, making B2B projects much more feasible. For instance, WS-Security (Web Services Security), a specification proposed last year to OASIS (Organization for the Advancement of Structured Information Standards) by IBM, Microsoft and Verisign, defines a set of SOAP extensions that can be used to implement integrity and confidentiality in Web Services applications. Another OASIS standard underway is the Security Assertions Markup Language (SAML), which enables Web-based security interoperability functions, such as single sign-on, across partner sites. Version 1 of SAML was recently ratified by OASIS.