Web Services: The Next Frontier

Plug-and-Play Interoperability

Web services interoperability is getting better and better. With the WS-I Basic Profile in place, the various service providers have less of an excuse not to be able to share data across platforms. Also, many smaller firms are doing a lucrative business developing Web services adapters for the many platform-specific and proprietary data exchange formats that exist out in the wild.

However, the industry has yet to really push the interoperability envelope. In the future, Web services need to be able to negotiate a shared communication channel so that all an application needs is the proper security credentials to do what it needs to do. This interoperability should not be the responsibility of middleman Web services adapters or even individual applications; Web services messaging should be handled by the operating systems of all of the major enterprise computing platforms. That way, applications can simply call to a system interface on Windows or Solaris, and the system will find the desired service, generate the request messages, handle the trust negotiation, negotiate schema, and get the data. With the system abstracting all of this work into an API, application developers are freed from having to fuss with messaging, and they can focus on what they do best, which is application programming and developing great end user applications.

My Data Anywhere

Earlier I poked a little fun at Microsofts whole .NET My Services experiment back in 2001. Although this ambitious, if overreaching, plan was attempted years too early, I still believe that the Holy Grail of end user Web services is achievable, namely your data, anywhere you need it, at any time, and on any device. Making this happen isnt really a difficult task on a single platform and using a single authentication mechanism. I expect that it wont be too many years before we see a version of Microsoft Windows that lets a user access his data from any computer or device running Windows. Microsoft already has the Passport piece of the puzzle in place; whats needed now is a set of services that enables the computer where I log on to determine where in the cloud my data is residing, either on one of my computers using some peer-to-peer Web services solution or in a storage service hosted by my ISP somewhere in the cloud. Today Microsoft is already working on ways to enable its .NET Alerts to route notification messages to the computer or device where the system believes you can be found online.

Although I can easily imagine these data-anywhere mechanisms already being developed, what takes a little bit more effort is to imagine making them work across disparate platforms. What if I could log on to a Linux machine or an Apple computer and access my personal data in the Internet cloud, or better yet, from my Windows computer or device? While the same messaging and data description protocols could be leveraged in such a heterogeneous interaction, the key piece in this effort must be a trust-based, federated authentication system. What an amazing world it would be if I could log on to a Linux computer by supplying my Passport or home domain credentials, and the Linux system could present those credentials to the appropriate authentication service and retrieve a trust token on the Linux computer. OK, so the security implications of this may be making your skin crawl, but with a trust relationship between the Linux computers authentication service and Passport or my domains authentication service, there is no reason why a secure exchange cannot be established using the full range of Web services security protocols that are emerging.

Cloud Storage

This is a real pie-in-the-sky idea that I really think has some future promise. The concept here is that with the cost of computer hardware constantly decreasing exponentially against processing speed and storage capacity (thank you, Moores law), the price of storage becomes so low that individual units of storage (think servers) become as interchangeable as disks. Thus, we have a kind of RAID (redundant array of inexpensive disks) in the Internet cloud, with redundant data being stored and synchronized among multiple servers using Web services. That way, when data becomes inaccessible at one storage center because of server failure, network failure, or an act of God, an application can simply failover by routing Web service requests to another server at another data center somewhere else in the cloud.