Mirroring the latest application development buzz, standards body OASIS is spending a lot of time these days building Web services specifications that address specific business processes or infrastructure needs, rather than building all-encompassing standards.
More than 14 OASIS technical committees are tackling specifications for composite applications, distributed management, business process execution, security, reliable messaging and more, said president and CEO Patrick Gannon.
"In the past, especially if you look at CORBA, and standards like that, there was this big architectural effort to create this huge standard where everything is tied together by one major standard," Gannon said. "What we're seeing the last three or four years is the need to create small specifications that can interoperate."
Gannon said industry groups and vendors participating in OASIS committees are keen on collaborating with other technical committees to connect specifications according to market-driven business needs.
For example, specifications like the WS-CAF (Common Applications Framework) address the basic tenets of application integration and SOA, while others like the recently ratified Asynchronous Service Access Protocol (ASAP) and WS-BPEL (Business Process Execution Language) dig deep into enabling Web services.
"What some industry groups are looking at is the ability to use the value of Web services to create more interactive types of composite applications," Gannon said. "What you're going to have is the ability to create small application components: individual services and service-oriented architecture. Transactions won't be built around a document, but individual pieces of services that may come from the same company or different companies. You want to be able to combine them together to do an order process, or an e-commerce transaction."
Gannon said OASIS is championing the advancement of these infrastructure standards around security, transactions, messaging and management while co-operating on implementation standards that cross industries.
Underpinning all of that is a set of mature security standards like WS-Security that give CIOs a the necessary confidence and comfort to deploy Web services internally and across the firewall to business partners, suppliers and customers.
"Businesses before they deploy Web services have to have a secure environment. But the good news is that there's no waiting for a secure environment. The standards are there," Gannon said. "Users are saying they're going to implement Web services once there's a clear path. Vendors going off into different directions – that's just going to freeze the market."
With WS-Security and other specifications like SAML, AVDL, XACML and others widely adopted by vendors into their products, OASIS currently has several more security specs before its technical committees. Profiles are being defined for digital signatures, PKI, Web application security and digital rights management, Gannon said.
"The collaboration happening from specific industries and cross-industries is going to drive adoption," Gannon said. "It's not just about testing. It's about making sure the business processes can be deployed making use of the variety of different standards."