Infrastructure Requirements for Business-class Web Services

A Position Paper for the W3C Workshop on Web Services
11-12 April 2001, San Jose CA - USA

Jason Douglas
Grand Central Networks, Inc.


Today, the Web is comprised of an immense and robust ecology of sites. This incredible scale and diversity was made possible by the foundation of open standards set forth by the W3C and others (HTTP, HTML, etc.). However, even with this dynamic and flexible framework, the addition of specialized standards such as SSL and third-party services such as certificate authorities were required to provide the kind of security and integrity necessary for business to be conducted over the Web.

As we embark on this next generation of the Internet, web services, we believe a similar ecology will evolve. Again, a solid foundation is being laid with the SOAP, UDDI, and WSDL standards. But if web services are to avoid being relegated to the world of anonymous content services and become the standard model for application-to-application interaction over the Internet, the business-class issues of security, transaction, logging and management must be addressed.



During the growth of the consumer Internet, the goal of site publishers was often to attract traffic from countless, anonymous users. As business migrates to web services, however, a very different goal emerges - securely managing interactions with known and authenticated entities and protecting business data from unknown or untrusted parties. As the ecology grows, the corporation's ability to efficiently manage potentially thousands of trust relationships becomes essential.


Businesses who have attempted mission-critical transactions over the open Internet have found life difficult. As it stands today, the open Internet does not provide the reliability, stability and integrity required for business transactions. Despite recent advances, private VANs and frame-relay connections remain popular. In order for businesses to become attracted to Web services, these inadequacies must be overcome. Much as Federal Express provides guaranteed package delivery and non-repudiation in the real world, third parties should emerge to provide such guarantees for web services.


In addition to these transactional integrity features, both producers and consumers of web services are going to require authoritative metrics by which they can track, monitor and report on the interactions between web services. If web services publishers wish to charge for use of their services, the ability to measure with certainty when and by whom a web service was consumed becomes especially important. Also, in complex interactions that may involve many services that are each operated by different organizations, it becomes impossible for authoritative tracking to be done by each of the services themselves as they no longer have visibility into the entire live of the message.


To date, much of the development work in web services has been experimental or exploratory in nature. As the web services ecology grows in both diversity and scale, however, publishers will require the ability to manage how their web services are consumed and consumers will require the ability to manage and orchestrate their interactions with web services.

Grand Central Networks is eager to work with the W3C and its member organizations to make sure that a robust ecology of providers emerges to address these requirements.