08.28.02

Zelig — The Sequel

Posted in Security, SOA & Web Services, Standards Development at 10:18 pm by Tony Baer

The old adage “Watch out, you may get what you asked for,” could well apply to XML web services. Although the core XML technology is quite simple, getting XML to do anything useful, and getting the world to agree on how to do so, is often proving anything but.

For instance, XML Schema, which is becoming the dominant standard for meta data, is such rocket science that it requires experienced enterprise data architects, to navigate. But in some cases, standards groups have been able to restrain, or at least organize their efforts. SAML, a proposal covering identity, surprisingly has remained fairly compact, digestible, intuitive-and best of all — complementary to WS-Security, an emerging framework covering XML encryption.

Complex or simple, the next issue is what’s supposed to work with which. For instance, will XACML, a proposal covering data access policies, conflict or complement Digital Rights Markup Language, a Xerox submission covering intellectual property rights based on concepts with questionable legal support? How about the screwball comedy emerging over business process languages? OASIS managing work on process language, the Worldwide Web Consortium (W3C) studying a workflow language, while BEA, IBM, and Microsoft are unilaterally throwing in yet another proposal that promises to trump the previous two. The punch line? BEA is playing a steering role in each of the three submissions.

So who’s in charge here anyway?

We were pondering all this while attending a recent security forum staged by two standards groups, the W3C and OASIS. We heard users from aerospace, finance, publishing and public sectors describe how they hope to use web services, and- refreshingly-admit that they aren’t expecting standards groups to legislate all of their needs. Not surprisingly, a subtext of the session became the need for standards bodies to “just say no” to avoid the scope creep that would otherwise distract the market.

The W3C/OASIS meeting was a breath of fresh air, pairing the web establishment and upstart: the W3C, on the moral high ground, and Oasis, with its freewheeling culture (under its charter, it only takes three members to start new initiatives). While W3C and Oasis are by no means the only groups claiming pieces of the action, we hope that their cooperation sets a new tone. The normal script would likely be Oklahoma land rush. Perhaps this time, the film Zelig might be more appropo, given BEA’s board membership in these and other groups.