Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Sorting out the Web services standards bodies

In this column, Preston Gralla clues you in to the standards setting bodies, which are in some ways the most important players in the Web services world.

The Web Services Advisor
(To receive this column in your inbox,
click Edit your Profile and subscribe.)

Continued from Part One

If you've been confused about the multitude of Web services-related standards, you're not alone -- there are an astonishing array of them, covering everything from the most basic plumbing (such as XML, SOAP and UDDI) to security, Web services orchestration and many others. Without these standards, there can be no Web services.

The multitude of standards may not be surprising, but what is surprising is the multitude of standards-setting bodies. For there is no one central body that establishes the standards and specifications that underlie Web services -- instead there are several, and sometimes they war with each other.

Whoever controls Web services standards controls the future of the technology. In this column, under the assumption that you can't tell the players without a scorecard, I'll clue you in to the standards-setting bodies themselves, which are in some ways the most important players in the Web services world.

World Wide Web Consortium (W3C) and OASIS
The W3C (www.w3c.org) is the granddaddy of standards-setting bodies, started in 1994 in the earliest days of the Web. It was started by Web inventor Tim Berners-Lee to develop and oversee Web-based protocols and standards. It handles dozens of them, including the basics such as HTML, HTTP and others.

It also plays a core role in developing and overseeing the basic standards and protocols for Web services "plumbing," including SOAP, XML and WSDL. It has expanded beyond that, however, and also has been involved in overseeing higher-level ones, including Web Services Choreography Description Language.

W3C, by its very nature, takes a slow and deliberative approach to setting standards and protocols. Not uncommonly, it can take from two to three years from the time a draft is recommended until it is finally accepted. There are upsides and downsides to this approach. The upside, of course, is that when the W3C comes out with a standard, the tires have been kicked by enough people for long enough that it's solid. The downside is that in the fast-moving business and online world, two to three years can seem like two to three millennia. E-business in particular can be hurt by this kind of wait for standards; entire sectors of the technology economy can rise and fall in that time.

Enter OASIS (www.oasis-open.org). Many people think of OASIS as a relatively new standards body, but, in fact, it's been around longer than the W3C and was founded in 1993. It's a much more targeted organization than the W3C. Rather than try and set standards for the entire Web, it focuses on developing and adopting e-business standards. Because the future of e-business is in essence the future of Web services, it's become an extremely important standards-setting body. It has been responsible for such stalwarts as UDDI and newer standards such as the ebXML for exchanging electronic business data over the Internet, which many people believe is a far superior alternative to electronic data interchange (EDI).

OASIS tends to move much more quickly than the W3C, but there are those who say that sometimes they perhaps move too quickly. In the words of Ron Schmelzer, senior analyst with the Web services consulting group ZapThink, with OASIS "it's much easier for a spec to come out quickly. That makes it easier to throw something on the wall to see what sticks. So OASIS is good for moving quickly on standards, but the standards can have varying usefulness and quality."

Where, you might wonder, is the line between what OASIS does and what the W3C does? There is none. Although OASIS focuses solely on e-business, there is considerable overlap between the two bodies and sometimes conflict as well. For example, at times they come out with competing standards. In the most notable example, in March the W3C established its WS-Choreography Working Group and a month later, a Web Services Business Process Execution Language (WSBPL) standard was submitted to OASIS.

The Liberty Alliance and Microsoft/IBM
OASIS and the W3C aren't the only organizations in conflict over Web services-related standards. An even bigger war has been raging between the Liberty Alliance and a group headed by Microsoft and IBM. The two groups are squabbling over federated identity -- securely establishing a person's or a service's identity and sharing that identity across domains and enterprises. Doing this may be the most important step in taking advantage of services and applications beyond a domain or firewall, which is the primary promise of Web services.

The Liberty Alliance is composed of a wide group of companies, spearheaded by Sun, and the name of the technology it's pushing is called the Liberty Alliance as well. It claims to be the only open body working on federated identity. On the other hand, a group spearheaded by Microsoft, IBM, BEA and others has put forth the WS-Federation standard to accomplish similar tasks. IBM and Microsoft have been major forces behind the entire Web services push from the beginning. In fact, there is a whole series of standards from IBM and Microsoft that begin with the letters WS: WS-Federation, WS-Trust and WS-Policy in addition to WS-Federation. So they continue to work on these standards, which sometimes overlap with OASIS as well as with the Liberty Alliance.

What does it all mean?
In addition to all these major groups, there are a variety of smaller, more specialized standards bodies as well. For example, the Web Services-Interoperability organization (WS-I) promotes Web services interoperability across platforms, applications and programming languages. It recently came out with the final phase of WS-I Basic Profile, a guideline for Web services interoperability.

One could easily make the argument that having all these various competing organizations is a bad thing; that right now Web services need, more than anything else, standardization and that with so many organizations in the mix, that will never happen.

To a certain extent that's true, but it doesn't tell the whole story. In the grand scheme of things, Web services are still a relatively new technology. There's a Darwinian struggle going on right now between standards and standards bodies and all won't survive. In all early stages of innovation, people try to control the future and that's going on right now. It can be seen as a good thing -- it means that a great deal of thought and creativity are going into thinking about Web services at the moment. The free market has shown before that what doesn't kill you makes you stronger, and so, in all likelihood, having so many standards bodies bodes well, not ill, for the future of the technology.

For related articles and commentary:

About the author

Preston Gralla, a well-known technology expert, is the author of more than 20 books, including How the Internet Works, which has been translated into 14 languages and has sold several hundred thousand copies worldwide. He is an expert on Web services and the author of a major research and white paper for the Software and Information Industry Association on the topic. Gralla was the founding managing editor of PC Week, a founding editor and then editor and editorial director of PC/Computing, and an executive editor for ZDNet and CNet. He has written about technology for more than 15 years for many major magazines and newspapers, including PC Magazine, Computerworld, CIO Magazine, eWeek and its forerunner PC Week, PC/Computing, the Los Angeles Times, USA Today and the Dallas Morning News, among others. He can be reached at preston@gralla.com.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.