By all indications, 2003 will be the “Year of the Web services,” as major Internet sites start to expose data as Web services, software developers shore up Web services tools, and standards committees turn up the heat.

It’s time to begin planning how to implement early technology tests starting next year. The first step is evaluating key events and ramifications and then laying a road map to begin the planning process.

Early Internet adoption begins
So far, the hype of Web services has significantly overshadowed the reality. The original vision was for Web services to allow companies to create huge “objects in the sky” that companies could integrate into their core business processes—Distributor A could use the inventory system for Manufacturer B by connecting to that exposed system using Web services standards.

As companies began exploring this model, the security and reliability issues became more difficult and expensive to overcome than the benefits were worth. So Web services moved inside the firewall where companies could control security and reliability issues and get the benefits of Web services as an Enterprise Application Integration (EAI) tool.

But a couple of visible Internet companies have begun testing the “object in the sky” model again–-notably Amazon and Google. Last April, Amazon released a non-SOAP implementation of a catalog Web service. It allowed queries of the entire Amazon catalog with results returned in an XML file. In mid-July, it released version 1.0 of its XML query interface that is now SOAP compliant.

I’ve already begun to see creative uses of the interface. For example, many technical sites now include a list of books that cover the topic being discussed on a particular page of their site along with, of course, links to Amazon where they can buy the book.

And Amazon isn’t the only major company implementing a public SOAP interface. The top online search site,, has also implemented a SOAP interface to its search engine. Now you can place context-sensitive search links on a Web page based on content entered by a user or keywords lifted from the Web page. The Google SOAP interface makes it trivial to add advanced Internet search functions to any Web page.

New tools continue to emerge
The Linux community will get a real boost from Borland’s release of its Kylix version 3.0. It’s now fully compliant with SOAP standards, allowing it to easily create or consume Web services hosted on the Linux operating system. Perhaps even more importantly, Kylix 3.0 adds support for C++ in addition to its native Delphi support. I believe that C++ development on Linux will benefit significantly from having a commercial sponsor behind it.

Kylix allows developers to create Web services using Linux and Apache that will adhere to published SOAP specifications. It also includes utilities that give Apache some application server capabilities, as well as database middleware to make it easier for Linux developers to access back-end databases. Kylix fills a large niche between the homegrown, downloaded development environment and the high-end WebSphere/Linux environment from IBM. It also demonstrates that momentum is building around Linux as a viable platform to build and deploy Web services.

Security standards are imminent
Of course, no significant deployment of Web services will take place until security and reliability standards are agreed upon and integrated into development tools, operating systems, and application servers.

The work on security standards development moved one step closer recently when the Organization for the Advancement of Structured Information Standards (OASIS) formed a technical committee to review the WS-Security specification championed by IBM, Microsoft, and other members of the Web Services Interoperability (WS-I) group. OASIS also has a working group focusing on the development of Security Assertion Markup Language (SAML), designed to standardize the definition of credentials used to pass between Web services. With these two key specifications being reviewed under the OASIS umbrella, I expect for many of the Web services security issues to be resolved by early 2003. Development toolsets and operating systems from Microsoft, IBM, and Sun will be revved up in early 2003 to reflect these changes, making it possible to deploy secure Web services by next summer.

Begin your planning now
Given that the first real opportunity to deploy secure, externally accessible Web services isn’t until next summer, what can you do now to get ready? First, follow the lead of companies like Amazon and Google by figuring out what corporate data you should be making available as public, read-only data. For example, if your company has product information, support data, or other information that’s of use to your customers, figure out how to allow them to access the data programmatically rather than having to slog through your Web site to find it.

Second, begin piloting a secure Web services application with key customers or partners using existing Internet technology like SSL or certificates to secure the connection. The information you learn from going through the process will prepare you to ask the right questions when it comes down to integrating new security standards from OASIS when they’re finally released.

Third, have someone on your team start research now on the standards development process for Web services. This same person should be responsible for tracking vendor participation and implementation of the standards.

By getting involved now, you’ll be able to make an intelligent choice about which development tools and platforms you can use to deploy your first truly interactive, secure, and reliable Web services by the end of 2003. The companies who make early investments in this technology will be the ones who benefit the most from its adoption.

At some point in the future, the number of Web services connections you maintain will be in direct proportion to the revenue you’re able to generate. The earlier you start enabling those connections, the more likely you are to be able to generate more.