veryard projects - innovation for demanding change

Web Services Notes

veryard projects > so > web services
we offer web service issues material links

management briefings

independent advice on tools and methods

Advent of Web Services (versus objects or components) Are web services something entirely new, or are they simply software components in a new (more difficult, more complicated) guise?

Architecture How do you compose large numbers of web services into effective, flexible and manageble applications? How can you use web services to build the component-based business?

Strategy and Process Follow our 10-point web service strategy

Trust In some ways, the use of web services may involve a smaller security risk than the use of third party software components.

Role of Telecoms Do the telecoms companies have a natural advantage in the web services arena? How are they exploiting this advantage?
SOA service oriented architecture
CBSE component-based
software engineering
CBB component-based business
web services (pdf)

Web Services for Business Intelligence

Joined-up Services

Security for SOA


recent material

contact us

veryard projects - innovation for demanding change

What Are Web Services?

veryard projects > cbse > web services > definition

Although there has been a lot of hype about web services, it's a very curious concept.

By analogy, what would you understand by the term "phone service"?

As used by the major vandors, it refers to some computational or informational functionality that is delivered using a client/server model, with message passing over the web.

veryard projects - innovation for demanding change

The Advent of Web Services

veryard projects > cbse > web services > advent

The advent of web services represents an important stage in the transition of software into tradeable commodities.  Component-based software engineering (CBSE) involves a separation of the external services (the "commodity" that provides value to the consumer) from the internal mechanism. Web services takes this separation one step further - so that the mechanism itself is hidden, and the consumer pays for the services rather than the mechanism.

(This is a general destination for technological progress, not merely in software.  Technical goods are gradually refined into disembodied services, provided automatically and invisibly to the consumer. Since the dawn of the modern era, products have been named by what they no longer require - the horseless carriage, wireless telegraphy. On this basis, web services might be thought of as resourceless resources.)

Web services also support the construction of information systems that span multiple companies - the component-based business. Instead of integration over a single enterprise, we can start to think of integration over an entire commuity of interest - such as a complete supply chain, or whole marketplace.

veryard projects - innovation for demanding change

Ten-Point Web Service Strategy

veryard projects > cbse > web services > strategy

1 Understand an enterprise as a network of services. 6 Identify strategic relationships.
2 Determine the shape of the service landscape. more 7 Create stable interfaces to support strategic relationships.
3 Determine the source of value in the service landscape. 8 Negotiate common vocabulary and behaviour.
4 Identify strategic leverage points in the network more 9 Establish trust requirements. more
5 Occupy or triangulate the strategic points. 10 Evolve network towards wholeness and articulation.

Strategic Leverage

Identification Occupation Triangulation
Points of strategic leverage (in a network of services) can be thought of as holes or knots in the fabric.
  • difficulty/ complexity
  • uncertainty / ambiguity
  • discontinuity
Exploit or acquire inhouse capability / capacity.

Protect and defend position

  • tie up scarce resources
  • dominate standard-setting
  • predatory pricing
Force strategic alliances with occupiers.
  • current / potential
Enter joint venture.
  • new / existing

  • veryard projects - innovation for demanding change

    Trust -- Are Web Services More Secure than Software Components?

    veryard projects > cbse > web services > trust

    The shift towards components and web services, and the increased separation between the producer and the
    consumer of a component or service, puts a growing emphasis on questions of trust. If we can’t trust components and
    services from external sources, how can we expect and ensure adequate security in the businesses and systems that
    use these services?

    One important class of security mechanism involves HOW – the way you operate a suspicious software component. One of the main security mechanisms associated with Java is the Sandbox pattern, which provides some level of protection against some types of security violation. From a security point of view, the beauty of web services is that it apparently bypasses all the problems with mobile code. The service provider shouldn’t need to execute any code on your machine at all – the service provider’s machine becomes a Virtual or Remote Sandbox.

    This argument suggests that web services may be intrinsically safer than installed or downloaded software components in terms of crashing or infecting your computer system. A web service has no access to any of your data or other system resources, except what you actually send down the wire, and what is returned – and this data traffic can be monitored, recorded and controlled. A web service can only commit a security violation on your computer system if it is working in concert with some software installed on your system – such as a Trojan. (A combined attack by a rogue web service and a Trojan could be extremely damaging.)

    However, there are other types of security violation where web services may represent a greater risk than installed components. If you’re passing your data to a third party for processing, you have to trust the third-party not to abuse the data. This may include privacy violations, breach of commercial confidentiality, intellectual property or copyright, or whatever. If you’re using a third party supplier to perform some important step of your business process, then the business process itself may be compromised by improper or rogue behavior.

    These effects are impossible to test out – for three reasons. Firstly, rogue behavior is rarely random – and can usually remain concealed during tests. Secondly, the implementation of a web service can be altered by the supplier at any time, without notifying the consumer. Thirdly, the web service itself may use further web services – so even if the primary supplier is not a rogue, he may be unwittingly dependent on a rogue further down the chain.
    CBDi forum This is an extract from an article in the April 2001 issue of Interact.  For the full article, plus relevant patterns and discussion forum. please register at the CBDi Forum website (Silver/Gold membership required for access to articles, but free Bronze membership will give you access to lots of other resources, including the pattern catalog).
    more trust

    veryard projects - innovation for demanding change

    Role of Telecoms in Web Services

    veryard projects > cbse > web services > role of telecoms

    Much of the early research and development in component-based development and distributed objects was funded by the telecommunications industry. The reference model for Open Distributed Processing (RM-ODP), and CORBA were both strongly driven by the telecoms agenda, and some of the champions of software patterns have a telecoms base.

    There is certainly some exciting stuff now going on in the telecoms research labs.  Just take a look at Bell Labs Technical Journal and BT Technical Journal.

    But will telecoms companies be able to exploit this position? Or are we looking at a repetition of the situation Xerox got into - where Xerox PARC became a honeypot, into which everyone in the industry dipped a paw except Xerox itself!

    Some promising products and services are coming out of the telecoms companies.  Several telecoms companies (including Avaya and BT) are building their call centre management and network policy management expertise into fully functional Customer Relationship Management products - but with a quite different flavour to traditional CRM software packages. Syntegra has been implementing a range of networked information systems based on shared services - which it calls COINS (Community of Interest Networked System) - including eGovernment and Product Data Management.

    However, many telecoms companies are struggling to manage large and complex legacies - of equipment, software and people - and will undoubtedly find it hard to roll out these products and services. There are some important technology transfer issues at stake, as well as business strategy,  and it is not at all clear that the telecoms companies will be able to convert their technical advantage into a strategic business advantage.
    Telecoms Companies: Please contact us for strategic consultancy, advice and support.

    Richard Veryard is currently writing a book on web services.  He is a regular contributor to the CBDi Forum, where you can find strategies, patterns and other material on the subject. (Bronze membership of the Forum is free of charge.)

    home page

    contact us

    veryard projects - innovation for demanding change
    in asssociation with 
    CBDi Forum
    This page last updated on July 22nd, 2003
    Copyright © 2001-2003 Veryard Projects Ltd