Part two of our look at emerging SOA standards for 2007 covers WS-Policy, which has been in the W3C process since April. Part one covered the current status of Service Component Architecture (SCA) and Service Data Objects (SDO) as the specifications move toward maturity and inclusion in a standards process in the coming year.
WS-Policy is the missing link in SOA, according Toufic Boubez, CTO for Layer 7 Technologies Inc., and the good news is that by the end of 2007 it may not be missing anymore.
Boubez, who is one of the editors working to move WS-Policy through the adoption procedures in W3C, says he has never seen a standards body process work more effectively and efficiently. The members of the W3C working group are driven to complete their task as soon as possible because they share a belief that the policy standard is the missing link in SOA, he said.
Asir Vedamuthu, technical diplomat for Microsoft, echoed that sentiment.
"I think people understand how critical this is and that we need it now," he said.
The Web services governance specification supported by rival vendors IBM and Microsoft was accepted into the W3C process this past April. The first working draft of WS-Policy 1.5 was published in July and final working drafts were published in November.
The current schedule published by the W3C calls for Candidate Recommendation drafts to be published in March 2007 and Proposed Recommendation drafts to be published in July 2007. The W3C Recommendations would be published in August 2007. If approved by W3C member voters, WS-Policy, which floated around as a vendor specification for three years before W3C took it on, would finally become an official standard.
Members of the W3C Web Services Policy Working Group are meeting weekly to achieve that goal, Boubez said, and he is confident they will make it.
"Everybody is working very hard because its recognized that policy is the missing link to make things work interoperably in SOA," he said. "It will provide a framework for different entities that participate in an SOA, whether it's a service or a service consumer, or an intermediary, will have a framework to exchange their constraints and their capabilities."
Boubez offers an example of how it will work in a security for SOA.
"If you're writing services and you're building an SOA, the only interoperable things are the service APIs through WSDL and the service message through SOAP," he explained. "If you want to write any kind of security for credentials, confidentiality requirements or privacy requirements, there's no way for those systems to interoperate without programmers sitting down and talking to each other and then writing that in code. What WS-Policy gives you is a framework for all these things to be automated."
He said it will work somewhat like the way Secure Socket Layers (SSL) works between the Web browser and the server to resolve security issues.
Once the WS-Policy framework becomes the standard, he believes 2007 will mark the year SOA begins to achieve its promise.