The last few days have seen the approval of a couple of specifications; one is long over due and the other perhaps a little ahead of its time (the best time for a specification to be approved). On Friday the W3C announced the completion of the WSDL 2.0 specification.
Today, W3C has finalized a Web services description language with full support of the primary protocol for the Web, HTTP, and the most frequently implemented Web services protocol, SOAP. Web Services Description Language (WSDL) 2.0 incorporates both the improvements for WSDL 1.1 found in the WS-I Basic Profile, and builds in inheritance, import functions, improved description of faults and errors, and full HTTP and SOAP support.
In the press release, John Marsh admits that “It's been a long time in development”. Given that the submission of WSDL 1.1 was one of the original WS-* specifications, we have certainly been waiting a while for it to be standardised. In that time the use of WSDL 1.1 has become widespread. A number of specifications have had to be written based on WSDL 1.1. These will now need to be revised in order to get the full benefit of WSDL 2.0. In particular WS-BPEL 2.0 and JAX-WS 2.0. So already we need WS-BPEL 2.1 and JAX-WS 2.1.
The other specification is WS-SecurityPolicy 1.2 which was approved recently as a standard by oasis. In some ways WS-Security and its related specifications such as WS-SecurityPolicy are ahead of their time. Most people deploying Web services today are only thinking about point-to-point security solutions and as a result are using HTTPS. WS-Security is one of a number of specifications that are delivering on the transport independence promise originally made by SOAP. It enables a whole host of security scenarios which are well understood by the security community, but are only starting to be required by businesses.
Imagine sending your credit card details to an online shop in such a way that only the credit card company could access them. Alternatively, imagine end-to-end encryption that provides a business with guarantees that sensitive customer data will not be inadvertently stored in log files as it passes through their systems. These and many other scenarios are enabled by WS-Security. You could say that as long as Web services are simple point-to-point systems, WS-Security is a solution in search of a problem. As Web Services deployments move beyond the point-to-point scenarios, the use of WS-Security will gradually replace HTTPS.
0 comments:
Post a Comment