Introduction

As we embark on this next generation of the Internet, web services, we believe a similar ecology will evolve. Again, a solid foundation is being laid with the SOAP, UDDI, and WSDL standards. But if web services are to avoid being relegated to the world of anonymous content services and become the standard model for application-to-application interaction over the Internet, the business-class issues of security, transaction, logging and management must be addressed.

Requirements

During the growth of the consumer Internet, the goal of site publishers was often to attract traffic from countless, anonymous users. As business migrates to web services, however, a very different goal emerges - securely managing interactions with known and authenticated entities and protecting business data from unknown or untrusted parties. As the ecology grows, the corporation's ability to efficiently manage potentially thousands of trust relationships becomes essential.

• Identity and Authentication. Consumers and publishers of Web services must be certain that the parties with which they interact are authenticated and that the information exchanged stays private. Therefore, a unified security model must exist to verify identities and authenticate consumers and publishers.
• Trust Management. As corporations grow to rely on Web services and begin to externalize business APIs, a greater level of security management is required. In many conceivable scenarios, third parties will begin to operate on behalf of other entities. Additionally, as interactions become more complex and involve numerous Web services, the ability to manage complicated multi-tiered trust relationships becomes paramount. We believe that any unified security framework for Web services must empower consumers and publishers to manage detailed trust relationships.

Businesses who have attempted mission-critical transactions over the open Internet have found life difficult. As it stands today, the open Internet does not provide the reliability, stability and integrity required for business transactions. Despite recent advances, private VANs and frame-relay connections remain popular. In order for businesses to become attracted to Web services, these inadequacies must be overcome. Much as Federal Express provides guaranteed package delivery and non-repudiation in the real world, third parties should emerge to provide such guarantees for web services.

• Guaranteed Delivery. Organizations must be comfortable that messages sent will be delivered in order to build important systems using Web services.
• Non-Repudiation. An independent third party must testify to the successful delivery of messages between parties and Web services.
• Only-Once Delivery. Messages must be delivered once, and only once.

In addition to these transactional integrity features, both producers and consumers of web services are going to require authoritative metrics by which they can track, monitor and report on the interactions between web services. If web services publishers wish to charge for use of their services, the ability to measure with certainty when and by whom a web service was consumed becomes especially important. Also, in complex interactions that may involve many services that are each operated by different organizations, it becomes impossible for authoritative tracking to be done by each of the services themselves as they no longer have visibility into the entire live of the message.

• Tracking. Real-time knowledge of the current state of a message or request. This ability increases in importance when data is being exchanged between web services asynchronously.
• Monitoring. Continuous visibility into performance metrics and notifications of any irregularities.
• Reporting. Ability to summarize and analyze interaction histories.

To date, much of the development work in web services has been experimental or exploratory in nature. As the web services ecology grows in both diversity and scale, however, publishers will require the ability to manage how their web services are consumed and consumers will require the ability to manage and orchestrate their interactions with web services.

• Access management. The ability for publishers to control access to their web services based on windows of availability and trust relationships.
• Performance management. The ability for publishers to differentiate the quality of service offered to various consumers based on service-level agreements. This requires both the ability to prioritize the processing of requests based on the knowledge of the type of request, who is making it, and the urgency behind it.
• Context management. For complex processes involving multiple parties, web services will require the current interaction context to be carried forward to each participating service, just as the STDIN, STDOUT, and STDERR buffers carry the context forward between applications piped together on the UNIX command line.