June 14, 2002 10:15 AM PDT
Sun plays catch up with Web services
Senior Sun executives have issued an edict to internal programmers to quickly create a software "framework" that addresses what they see as potential security weaknesses in existing Web services standards, a source familiar with the plan said.
Sun has begun sharing details of the framework with potential partners and is working as quickly as possible to have an announcement ready by late summer or early fall, sources said.
The company has already quietly published one new standard for streamlining Web services, and is beginning work on a security specification intended to make Web services less vulnerable to computer attacks, sources said. Some of the work mirrors existing specifications introduced by Microsoft and IBM, analysts said.
"Sun is trying to match them tit for tat and to help keep themselves in the mindshare of people thinking of Web services," said Gartner analyst Daryl Plummer.
On Wednesday, Sun is also expected to announce improvements to its Sun Open Network Environment (Sun ONE) application server and other software plans.
A Sun representative declined to comment on the Web services work. "Right now, it would be a rumor, and we don't comment on rumor or speculation," said Sun spokesman Russ Castronovo.
Representatives from Microsoft were not available for comment. An IBM representative said the company is forging ahead on its own previously announced plans.
While the renewed focus on Web services by Sun could result in technology that's urgently needed by big companies, the move escalates the showdown between rival camps, and could derail the much-hyped Web services push, already beset by industry squabbling. Web services promise to make linking internal computer systems, and systems residing in multiple companies, far easier than current methods.
"Sun needs to come up with an understanding with Microsoft and IBM, so they're not constantly competing on standards," said analyst Shawn Willett, of Current Analysis.
Sun tries again
Sun's previous attempts at defining a Web services strategy have been characterized by a series of fits and starts. While Microsoft has been the most vocal technology maker in the Web services arena, largely defining the playing field for its competitors, analysts have criticized Sun for being late to announce a Web services strategy. Sun executives have admitted that the company has been slow to stake its claim in the Web services area.
It hasn't always been this way. Sun starred in the first phase the Internet's growth, selling powerful networked server computers while Microsoft and IBM played more peripheral roles. But the two came back fighting with Web services, and now Sun is trying to reclaim the initiative.
Sun has been battling Microsoft and IBM on Web services almost from the start. Microsoft, along with IBM, co-founded the Web Services Interoperability Organization (WS-I), which aims to promote Web services by ensuring that software from technology makers is compatible. More than 100 companies have joined, but Sun has declined an invitation to join as a contributing member, campaigning instead for more influential "founding board member" status so it can help set the group's agenda.
During the Microsoft antitrust trial, evidence surfaced in written testimony that Chairman Bill Gates and other Microsoft executives attempted to steer the direction of the WS-I away from Sun.
Meanwhile, Microsoft and IBM have forged ahead. Just last week, Microsoft said it is building additional Web services security software in the hope of reassuring big companies now assessing the technology for future projects.
Meanwhile, IBM continues to revamp its tools and application server software to form a more cohesive package for Web services development.
The partner principle
In its latest Web services effort, Sun hopes to enlist other companies as backers. That technique has proven successful in the Sun-spawned Liberty Alliance Project to counter Microsoft's Passport authentication service.
Sun plans to eventually submit its Web services work to a standards body such as the Organization for the Advancement of Structured Information Standards, or OASIS, a consortium developing electronic business standards, or the World Wide Web Consortium, which also administers standards work from Microsoft and IBM.
Sun's new specification for streamlining Web services is being developed in partnership with BEA Systems, SAP and Intalio. The specification, called the Web Services Choreography Interface, or WSCI, is a mechanism for describing what messages are sent among computers as a particular Web service is processed.
The choreography standard mirrors similar work already underway. Microsoft and IBM have built competing languages called Xlang and Web Services Flow Language (WSFL), respectively, and industry groups such as OASIS and the Business Process Management Initiative (BPMI) are working on their own standards. Sun's WSCI partnership might dovetail with the BPMI work, though, since its partner Intalio is BPMI's founder.
Sun also plans to devise a security specification for Web services. The security work might at first blush seem to tread on the toes of the WS-Security initiative, one of several created by Microsoft and IBM. But that initiative is concerned more about security in the sense of encrypted communications and transactions, whereas Sun's appears to involve security in the sense of computers that can't be breached by attackers.
But questions remain about how the specifications will coexist. "The question is how will WS-Security and Sun work together? This is another example of fragmentation if they're not going to work together and are just competing," said Gartner's Plummer.
Security has surfaced as one of the most critical areas of Web services. Larry Kittelberger, chief information officer for Honeywell, said his company is evaluating Web services, with security among the biggest concerns.
Kittleberger said Honeywell, a conglomerate that makes everything from aerospace and aircraft parts to fire detectors, is working to digitize its businesses.
"If I'm going to put 90 percent of our corporate processes online I want better security," he said. "That standard has got to get hooked up."
Specifically, Kittelberger said he would like a security architecture that allows "detective" security. "I want it so hackers don't know if they've fallen into a soft area or a trap," he said. "It has to be more than just a big fence."
News.com's Wylie Wong, Larry Dignan and Mike Ricciuti contributed to this report