At the InfoWorld SOA Executive Forum on Thursday, members of a panel on services and contracts did not hold back their criticism of what Web Services and SOAs need to scale beyond the four walls of a single enterprise.
Panelists included David Linthicum, CTO at Grand Central, Miko Matsumura, vice president of marketing at Infravio, Rick Gaccia, senior director of product management at Oracle, and Wendell Lansford, a senior vice president at Systinet Software.
Miko Matsumura of Infravio said the issue of provisioning services is a major hurdle and more work is needed to automate a process that in some cases is now handled by users filling out a form in a Word document.
Rick Gaccia at Oracle agreed, adding that companies are struggling with how to put details of the Web service into a directory.
"You need to know what the schema is and how the lifecycle is managed,"
Wendell Lansford at Systinet said. He added that companies start out without a game plan when what is really needed is a series of deployment best practices.
"They need check points and control procedures to go from a pilot project to a production model," Lansford said.
In order to scale out an SOA, users need to figure out how services will be assimilated into different environments, added David Linthicum of Grand Central.
"How do you mediate different protocols, semantics, and security," Linthicum asked. He added that there is no directory standard, which is another problem.
"We need a standard directory everyone can agree on to make provisioning against all the SOA platforms out there easy," Linthicum said.
As far as automating SLAs between producers and consumers of Web services, all the panelists agreed it is likely to remain a manual or person-to-person procedure that is done offline and then incorporated into the Web service.
Linthicum said the process is laboriously slow, involving legal departments and many business meetings between providers and customers.
"As services become more standard we need automated agreements but nothing like that exists today," Linthicum said.
Matsumura added that people still like to do business on a personal level and this becomes the gating factor in deploying an SOA with partners. Matsumura pointed out that the biggest barrier to linking portals, for example, is not technology but the legal agreements.
"It has nothing to do with technology," Matsumura said.
Yet another point of contention with SOAs is the inability to monitor SLAs in an SOA as compared to monitoring a service on the Web.
"There"s no visual way to monitor an SOA," said Linthicum. He pointed out that SOAs have hundreds or thousands of touch points where it might be failing as one application is bound to another.
One Grand Central customer, Linthicum noted, came up with a unique solution. Instead of monitoring the service it offers to its customers, this company monitors the services they consume.
"They know what they promised and so they make sure their partners meet their agreements," Linthicum said.
The panel discussion concluded with all the panelists agreeing that the biggest shortcoming in SOAs is around security, authentication, and authorization.
Gaccia pointed out that there is no easy approach to token exchange if one company uses SAML and another company uses a different security protocol.
Linthicum took it one step further.
"Two SAML versions don"t even communicate. You need a middleware layer to deal with it," Linthicum added.
Panelists called it a huge mess that needs to be solved.
"This is the biggest exposure in SOAs," Linthicum said.
All the panelists, representing companies deploying services related to SOAs, nodded in agreement.