Besides the technology concerns of building Web services, several issues are related to the creation, management, security, and development of Web services.
When deploying a Web service for use by applications, it is not necessarily good enough to specify just the Web service interface and location . If the Web service takes longer to execute than the caller expects, the service will still fail. The specification for the amount of time it takes the service to return a result is part of the service's quality of service (QoS) specification. The QoS specification also contains some of the following information (Mani and Nagarajan 2002):
Availability: Availability is the quality aspect of whether the Web service is present or ready for immediate use. Availability represents the probability that a service is available. Larger values represent that the service is always ready to use while smaller values indicate unpredictability of whether the service will be available at a particular time. Also associated with availability is time-to-repair (TTR). TTR represents the time it takes to repair a service that has failed. Ideally smaller values of TTR are desirable.
Accessibility: Accessibility is the quality aspect of a service that represents the degree it is capable of serving a Web service request. It may be expressed as a probability measure denoting the success rate or chance of a successful service instantiation at a point in time. There could be situations when a Web service is available but not accessible. High accessibility of Web services ca be achieved by building highly scalable systems. Scalability refers to the abililty to consistently serve the requests despite variations in the volume of requests.
Integrity: Integrity is the quality aspect of how the Web service maintains the correctness of the interaction in respect to the source. Proper execution of Web service transactions will provide the correctness of interaction. A transaction refers to a sequence of activities to be treated as a single unit of work. All the activities have to be completed to make the transaction successful. When a transaction does not complete, all the changes made are rolled back.
Performance: Performance is the quality aspect of Web service, which is measured in terms of throughput and latency. Higher throughput and lower latency values represent good performance of a Web service. Throughput represents the number of Web service requests served at a given time period. Latency is the round-trip time between sending a request and receiving the response.
Reliability: Reliability is the quality aspect of a Web service that represents the degree of being capable of maintaining the service and service quality. The number of failures per month or year represents a measure of reliability of a Web service. In another sense, reliability refers to the assured and ordered delvery for messages being sent and received by service requestors and service providers.
Regulatory: Regulatory is the quality aspect of the Web service in conformance with the rules, the law, compliance with standards, and the established service level agreement. Web services use a lot of standards such as SOAP, UDDI, and WSDL. Strict adherence to correct versions of standards (for example, SOAP version 1.2) by service providers is necessary for proper invocation of Web services by service requestors.
Security: Security is the quality aspect of the Web service of providing confidentiality and nonrepudiation by authenticating the parties involved, encrypting messages, and providing access control. Security has added importance because Web service invocation occurs over the public Internet. The service provider can have different approaches and levels of providing security depending on the service requestor.
These are also called the service's nonfunctional aspects. Web services do not currently have a way to specifiy QoS parameters. The UDDI registry is the logical place to store this information; however, the fact that the registry is not capable of doing so is one of the inadequacies of the current UDDI specification (Tarak 2002). Even without direct UDDI support, a known service consumer and a service producer should agree on a service level agreement (SLA) for the services provided.
An organization that implements Web services must be concerned with the management of their services. A service will require changes from time to time. The messages a service accepts, the routing of messages from one service to another, and the usage of the service will change over time. Tools for managing these changes involve
Monitoring the execution of Web services
Chargeback of Web service usage
Metering service usage
Evolution of Web services from machine to machine
Management of Web services versioning
Transformation of messages
These capabilities involve both reporting and changing the configuration parameters for a service. The reporting capabilities are necessary to find out what applications are using the service at a given point in time. Reporting also involves monitoring service usage over a period of time. This is necessary to understand the growing or shrinking demand on the service for capacity planning and to provide information about service utilization so that users can be charged accordingly.
When the requirements of the service change, such as a new argument, the configuration parameters for the service must also change. A flexible service allows a service administrator to update its behavior by changing configuration parameters and not by changing program code.
Service management is an important aspect to Web services. The Web services an organization develops should also consider the effort required to manage those services once they are placed into production.
The security requirements for a service vary. Security standards are still emerging for services that must be secure over an Internet connection. The issues involved with securing Web services include
Authenticating that users or applications are who they say they are
Authorizing users or applications for access to the service
Making sure that the data is not intercepted
These issues are solved by providing mechanisms for creating digital signatures that validate that service consumers are who they say they are. In addition, the set of credentials or claims service consumers present service providers are necessary for them to obtain authorization. Finally, the transport itself must use encryption to ensure that messages cannot be intercepted and read by an unauthorized third party.
These are only some of the issues involved with security. The task of securing Web services is difficult. The details of the current and future means of doing so are vast. For complete coverage of this topic, please refer to Chapter 15.
Organizations that create services must be concerned with the tools and techniques they use to develop those services. An organization that develops services must choose the set of frameworks, integrated development environments, XML editors, and other tools that enable the creation of high-quality services quickly. In addition, implementation of each service an organization creates should follow a common architecture, which enhances the service's maintainability and reusability. A common service architecture can also provide common management features for all services that plug into a management toolset for administrators. Common tools and architecture are essential components to addressing the issues related to developing Web services.