Category 2: Building Your Own la Carte, Point Product Web Services Applications

Up to now we have been discussing highly integrated Web services application servers. They have been hardware/ software/services-based (from IBM, Sun, and HP), or they have been software-based (Microsoft) or software/services-based (BEA and IONA).

Businesses that buy these application server environments need to consider that they are paying a premium for the integration work performed by the provider. In other words, they pay for the work done by the vendor to integrate and quality-assure that the various software components work well together.

On the other hand, there are many point (individual) products that can be used to assemble Web services applications. A business using this point product approach does not end up paying a premium to a vendor for integration work. It is likely, however, that the business will end up doing some integration work itself (which has the effect of adding to the cost of a project anyway). So the business ends up doing a delicate balancing act weighing the costs of buying a highly integrated (and expensive) complete application server environment against the costs of building one's own application server environment (and having to perform some application integration work between various point products).

This section describes some of the individual point products that can be used to build Web services applications.

Example 1: Point Product Tools and Utilities

There are literally hundreds of products that can be purchased to help build XML-based applications. These applications can then be made to communicate with other applications using Web services protocols and registries. The application development tools and utilities in the following list can be used to help build applications that use Java, C#, or other programming languages, which can then use Web services for program-to-program communications.

  • Borland Delphi, C++ Builder, Progress Webspeed

  • Oracle JBuilder, JDeveloper

  • OpenROAD (Open Rapid Object Application Development)

  • Magic eDeveloper

  • Computer Associates' Jasmine

  • Usoft's Bridge Server

  • SAS Institute's SAS/Connect

  • Compuware's Track Record

  • IONA OrbixWeb for Java (we have seen that IONA provides a full application server environment, but it is also a provider of individual tools for point product application development)

  • IBM offers a complete application server environment with WebSphere as well as individual tools for building Java-based applications with its WebSphere Studio programming products

  • Macromedia's ColdFusion

  • CodeWarrior for Linux

  • Microsoft C-language development environments, plus Basic, Java, and other languages (like IBM and IONA, Microsoft makes full-fledged application server environments as well as language, business process management, and other point products)

  • Sun Java (language, application server support)

  • Oracle Java (language, application server support)

Forum Systems

Market Positioning

Forum Systems is a great example of a point product solution that can be used in an a la carte manner to help build a Web services environment. As noted earlier in this book, security is a major concern with today's state-of-the-art Web services standards. Although security standards are evolving at the W3C, few enterprises are likely to use Web services to run mission-critical applications if security shortcomings are not addressed. This is where a point product solution such as the one offered by Forum Systems comes into play.

Forum Systems offers an XML "appliance" (a hardware/software combination) that is specifically designed to provide security for XML content sent over the Internet between business partners. The company contends that most of today's enterprise security solutions focus on securing data in motion over the Internet or through virtual private networks (VPNs). In other words, today's enterprises emphasize the purchase and installation of network firewalls, intrusion detection systems, and virus control software, and the use of data encryption techniques to secure data in flight.

Further, Forum Systems claims that few enterprises have taken the proper precautions to protect sensitive stored data (data at rest) either at the enterprise site or at their business partners' sites. And few have taken action to authenticate the sources of requests for data and content (as well as to structure authorization rights for certain users).

In short, for the most part, enterprise security measures have been designed to protect content and data at the network level and within certain containable domains. Forum Systems looks to use security standards and methodologies that protect content (documents, data, numbers stored in databases, transaction sets) that has been received via a network or stored on a local or business partner's remote server.

Product Positioning

Forum System's collaborative content security appliance enables enterprises looking to deploy Web services solutions to:

  1. protect content confidentiality;

  2. authenticate where content has originated and validate its origin and

  3. provide only authorized users with access to certain types of content;

  4. ensure the integrity of data and content that has been sent between communicating entities; and

  5. provide nonrepudiation (a record that shows what transpired and who/what initiated it)

  6. deploy content-based routing (a key technology in determining how content is handled based on enterprise policies). The identity of each transaction is detected and an intelligence layer can then be applied to determine how each transaction is secured, prioritized, and routed. The applications of content-based routing can be service-level agreements, quality of services, prioritizing transactions, and so on.

In other words, Forum Systems' appliance allows enterprises to protect content beyond the network level. It includes functionality to authenticate the sources of requests for data or content; to ensure data integrity, to provide nonrepudiation logging; and to handle the ever-increasing XML security checking and routing workload between collaborating enterprises (see Figure 10-1).

Figure 10-1. Forum System's Collaborative Content Security Architecture.

Source: Forum Systems, February 2002. Used by Permission.

graphics/10fig01.gif

In addition, an efficient collaborative content security system weighs the effect of adding these features and functions on the overall performance of existing networks and application servers. The Forum Systems appliance is positioned to help offload application servers from having to run additional security software as well as having to process and route thousands of XML files between various servers and applications.

Competitive Positioning

Should an enterprise wish to purchase security software that provides digital signature authentication, data integrity checking, content-based routing, et al., it is available from companies such as Entrust, RSA, IBM, Verisign, and many others. The disadvantage of this approach is that an enterprise would load this software on existing application servers, thus increasing their workload and potentially requiring a systems upgrade to handle increased security processing and content routing.

If, instead, an enterprise were to use an appliance approach, issues related to collaborative content security processing and increased workload processing would be offloaded from the server to the appliance thus realizing certain performance benefits at the application server level. Forum Systems, and more recently McAfee and a few other companies, represent the first wave of vendors to bring such security appliances to market.

Summary Observations

As discussed earlier in this book, Web services standards must be enhanced to address shortcomings related to secure content handling. Without enhanced security, many enterprises will not use Web services-based applications in mission-critical situations. Forum Systems provides a solution to securing content in flight or at rest that can peacefully coexist in an Web services application environment. And Forum System's XML security appliance also is a great example of how Information Systems managers can use point product solutions to build their own Web services environments.

Example 2: Using Open Source to Build Web Services Applications

We have discussed some of the many application development tools and utilities that can be used to build XML-based Web services applications. But where can the software that is needed (UDDI, SOAP, WSDL) be obtained? One example is an open-source Apache server.

What is Open Source?

Software that is open source is developed on a cooperative, collaborative basis by software developers worldwide. The resulting code is usually made available for public consumption as well as for use by organizations in commercially available products.

How can you access Web services protocols through Apache?

Start by going to www.apache.org. At this site you will find a listing of the various Apache projects underway, including the Apache XML project. This project contains various modules for XML application development and Web services application deployment.

In particular, within the Apache XML project is a module called the Apache SOAP project:

The Apache Soap project is an implementation of the draft W3C protocol by the same name. It is based on, and supersedes, the IBM SOAP4J implementation.

From the draft W3C specification: SOAP is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses.

Source: http://www.Apache.org. Used by Permission.

The code needed to build SOAP applications is readily available and free to download from this site. This approach represents another way to build Web services applications using the a la carte approach.

Note: Another open-source application server environment is offered by the W3C under the trademarked name "Jigsaw." Go to www.W3C.org for further details.



Web Services Explained. Solutions and Applications for the Real World
Web Services Explained, Solutions and Applications for the Real World
ISBN: 0130479632
EAN: 2147483647
Year: 2002
Pages: 115
Authors: Joe Clabby

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net