Key Web services protocol gets help

Key Web services protocol gets help

A protocol described as one of the four pillars of Web services might finally be ready to live up to its grandiose billing and signal the start of the next phase of corporate adoption for the emerging technology

A protocol described as one of the four pillars of Web services might finally be ready to live up to its grandiose billing and signal the start of the next phase of corporate adoption for the emerging technology. The Universal Discovery, Description and Integration (UDDI) protocol has been the ugly stepchild to XML, Simple Object Access Protocol (SOAP) and Web Services Description Language (WSDL), which have all gained favor as Web services have been tested and adopted by leading-edge corporations.

Originally billed as a public directory of Web services to find and connect to Web services components that live on a network or the Internet, UDDI has failed to meet that promise mostly because of issues related to securing data and access.

A public UDDI directory called UDDI Business Registry maintained by Microsoft Corp., IBM Corp., SAP AG and NTT Communications Corp. is not much more than a conceptual model.

However, with the expected release in the fall of Version 3 of the UDDI specification, which was turned over to the Organization for the Advancement of Structured Information Standards (OASIS) last fall, the protocol is getting the security and policy controls that might lift its acceptance among Web services adopters. Version 3 is seen as the key for creating private, semiprivate and public UDDI registries that could be integrated at various levels.

Version 3 also positions UDDI to become the linchpin for the next wave of Web services, which ties together multiple Web services into composite applications.

"Version 3 is a major advance toward being able to trust the data in the registry and know that it is valid," says Tom Bellwood, co-chair of the OASIS UDDI technical committee.

UDDI's role will be as a registry of Web services that live on the network. As multiple Web services are connected to form composite applications, such as an ordering system consisting of multiple Web services, UDDI would be the hub that holds together that association of Web services.

The concept is similar to the Domain Name Service on the Internet where Web site addresses such as remain fixed entries in the DNS registry, while the location or IP address of the site can be changed.

The UDDI registry is a locator service that allows Web services to be linked on the fly and change locations on the network without breaking the composite application. The registry provides flexibility so application components can be "loosely coupled" and readily reused instead of hard-wired together and rigid. UDDI also can find downed Web services components and point to where a composite application is broken.

"People are still trying to learn how to use Web services correctly," says Ron Schmelzer, an analyst with research firm ZapThink. "Replacing proprietary interfaces with standard Web services interfaces in point-to-point connections is not that interesting. You have to change your environment to a service-oriented architecture, and to do that you need UDDI as a discovery component. Version 3 is the first workable version to support that role."

In a service-oriented architecture (SOA) application components live as services on the network and can be assembled in infinite combinations. SOA was first introduced with Distributed Component Object Model and the Common Object Request Broker Architecture.

The importance of SOA components is on the rise as Web services adopters evolve from simple point-to-point integration of legacy applications using Web services interfaces to more sophisticated integration of multiple native Web services applications.

"When we started to build more-complex Web services applications we quickly found we needed things such as monitoring, caching, orchestration and a registry," says Carroll Pleasant, associate technologies analyst for Eastman Chemical.

The Kingsport, Tenn., company has built an application called Management Scorecard that pulls together 23 Web services that provide such information such as financial, manufacturing and regulatory data into a single application for executives. Scorecard's components are held together using a UDDI registry.

"We've built a pretty good understanding of how to develop around Web services and we've appointed an architecture team to find out how to build an SOA at Eastman," Pleasant says. "We know that a registry is key in that it knows where everything is and it gives you location transparency."

Eastman can query the registry for access to a Web service instead of trying to hard-code connections between 23 Web services. Pleasant is evaluating UDDI Version 3 to make that task easier and more secure.

Security and privacy issues have dogged UDDI since its inception, relegating its use to behind corporate firewalls.

Companies such as Fujitsu, IBM, Microsoft and Novell offer UDDI registries, and other UDDI implementations will likely show up in products such as application servers or integration brokers.

Version 3 has created a new security model based on a set of user-configured policies. The specification also supports the XML Digital Signatures standard, which ensures the source and integrity of data.

The forthcoming version will include dozens of policies for operations such as access control, replication, subscription, delegation, data transfer rights and UDDI keys, which are unique identifiers attached to each entry.

"Policy is tied into security in that all security in (Version 3) is expressed as policies," says UDDI committee co-chair Bellwood. "The incorporation of signed data will help registries evolve, especially public registries."

Version 3 also will support a multiregistry environment where private corporate directories can share select data with semiprivate directories, such as that of any industry hub, and with public registries that can be used as root authorities to control the assignment of UDDI keys.

The new specification also will have new search parameters, such as search for exact matches. A new subscription API lets users be notified of any changes to a specific registry entry and copy that change between registries.Version 3 also will introduce a new information model.

Bellwood says UDDI Version 3 is what the core group of Web services specifications has been waiting for to be complete. He credits other Web services specifications, such as WS-Security and the Security Assertion Markup Language, as keys to its development. He says more specifications such as reliable messaging will make UDDI a more secure and reliable protocol for all UDDI registry deployments.

"UDDI is the glue that ties together the whole Web services idea of loosely coupled applications," says Ted Haeger, director of product management for Novell's eDirectory and Nsure UDDI server. "If you can't locate a Web service, you can't use it." -- Network World (US)

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments