As service-oriented architecture (SOA) management players build out their offerings, registry, security and contracts between requestors and providers will be key differentiators, according to Steve Garone, vice president for applications and integration infrastructure software at Ideas International, in Port Chester, N.Y.
For Web services, registries and Universal Description, Discovery and Integration (UDDI), a Web-based distributed directory standard, were considered enabling technologies -- but optional, Garone said. "As people begin to move toward the new architecture, the registry will become more important to implement an SOA and manage it in a secure way."
The notion of SOA and the virtualization of IT resources add an extra dimension to the service discovery process, he said. "You can say the Web service is called this, this is how it's accessed and what server it runs on. But what happens in real time when you're deploying [that service] on different platforms? A registry has to keep track of that, so it becomes even more important."
Vendors have taken different tacks in this area. Platform providers like BEA Systems Inc. and Hewlett-Packard Co. have partnered with Burlington, Mass.-based Systinet Corp., for example, around Systinet's UDDI registry. SOA management software provider AmberPoint Inc. also partners with Systinet, while players such as SOA Software Inc. and Infravio Inc. incorporate their own registries.
Systinet recently announced its plan to expand beyond the registry with an integrated platform, code-named Blizzard, for SOA lifecycle management, contract management and impact management. Systinet also released Systinet Policy Manager in conjunction with Systinet Registry 6.0.
Sun Microsystems Inc. recently announced the Sun Service Registry, which includes an integrated repository. The registry and repository offering supports both UDDI v3 and electronic business using extensible markup language (ebXML) registry 3.0 standards.
There's a fine line between meta data and data, said Miko Matsumura, vice president of marketing at Infravio Inc. in Cupertino, Calif. "There's a strong need for data and meta data to be presented together and integrated. That's why our customers have been emphasizing the need for both sides [the registry and the repository] to interoperate. Sun's registry/repository combination is the most similar approach to us."
Infravio's X-registry platform uses the Java API for XML Registries (JAXR), which is the Java programmatic application programming interface for developing applications on top of standard registries, including UDDI and the ebXML Registry Information Model.
While the registry and repository go hand in hand, Ian Goldsmith, vice president of product marketing at SOA Software, in Santa Monica, Calif., said they should be distinct entities integrated at the user interface. "The repository is where we put policy meta data, WSDL [Web Services Description Language] information and code snippets. The registry would reference all the meta data in the repository," Goldsmith said. He also said ebXML is not a direction SOA Software is moving in. "I think it will be phased out in favor of UDDI."
SOA Software recently released Service Manager version 3.0, which is built around a UDDIv3 registry and features registry-based dashboard functionality.
"There's an enormous value for the developer or architect to search the registry for services, and not only know what the service is and how to connect to it, but how it is performing. There may be five such services that can do a job, but if one is responding faster and has no critical alerts, they're going to use that service."
Goldsmith also agrees that security will be a differentiator. "Security is a qualifier to play in Web services management," he said. This week SOA Software announced XML VPN version 4.3, which adds last-mile security, external service virtualization and support for Web Services Policy Framework (WS-Policy). The XML VPN is available as both software and an appliance. The focus of the product is on "enabling partner access to B2B Web services, and on making security easy and inexpensive," Goldsmith said.
A third differentiator in this area, the notion of a contract between the requestor and provider, is about "treating the relationship as an entity," said Infravio's Matsumura. "You're putting data/meta data into this thing called the delivery contract." Infravio has a patent for Web service delivery contracts, Matsumura said.
He explained that while a policy as a general concept might apply to everyone, there are layers within a policy that reflect the different relationships among entities. For example, customer A might want a different type of authentication than customer B. "Relationships are central to the concept of Web services," Matsumura said.