Indeed, most development environments that support Web services provide a mechanism by which developers can load the WSDL (Web Services Definition Language) file of an application providing a Web services interface and automatically generate a client interface, giving the developers more time to focus on adding the appropriate business logic.
The second driver is that Web services can ease business interactions by significantly reducing the time needed to implement and deploy B2B relationships. Assuming your supplier supports a Web services interface, your developer can download the WSDL, generate a client and write the business logic that will integrate the remote system into your business processes. We reviewed Web services platforms and their development environments (see "Serving Up SOAP," page 43) and were pleased to see that such automation is not a pipe dream.
The payoff behind Web services is business agility--the ability to respond quickly and cost-effectively to a changing economic environment. Today, for example, an enterprise may use the same component in any number of applications that perform a business task. If that task changes, it's necessary not only to change that specific component but to redeploy all applications that rely on the component. With Web services in play, however, you may only need to change a single component.
Sounds great. But industry experts agree that security is a major source of angst. "Security is the primary and most immediate roadblock to Web services adoption today," says Ronald Schmelzer, senior analyst with ZapThink, a research firm focused on XML and Web services. "It's not simply because XML is text-based and sent over transparent protocols like HTTP. Common encryption technologies like SSL can solve that problem. The bigger problem is one of authentication and authorization."
This is the crux of the problem: WSDL provides a human-readable pointer into your internal business process and data structures--possibly exposing juicy field-level details such as credit card and authorization numbers and shipping addresses. With a single WSDL file, anyone can see what services you have available and, worse, how to access them. With such information readily available, it's imperative that services are invoked by authorized users only.
Consider, too, your B2B Web services. You don't want just anyone submitting purchase orders or invoices. You need to keep firm control over access and ensure you have a way to audit who has been making use of your Web services.