While much of the rhetoric surrounding Web Services has focused on the ability for organizations to expose parts of their business on the Internet, Web Services are increasingly being used within the enterprise to develop application components that can be integrated with disparate and heterogeneous systems. In particular, Web Services are providing a way to "front-end" legacy applications, as well as allowing applications developed for competing platforms such as Java 2 Enterprise Edition (J2EE) and .NET to talk to each other.
The Web Services paradigm creates interoperability by reusing the existing Web infrastructure. This approach also simplifies the development and deployment of Web Services, making them an ideal platform for rapid integration.
Web Services are based on the principle of using XML messaging over standard Web protocols such as HTTP. This provides a lightweight communication mechanism with which any programming language, middleware or platform can participate, making interoperability easier to achieve. A key idea in the Web Services strategy is reuse existing infrastructure and protocols wherever possible.
While Web Services provide a platform for developing reusable distributed components, for business applications, it is imperative that this platform allow transactions to be conducted securely. The notion of security encompasses a number of goals including:
- Confidentiality and integrity of information exchanged
- Authentication of users and services
- Authorization to control and protect access to resources
Achieving these goals requires not only that the Web Services protocols provide mechanisms to authenticate and encrypt data, but also that different Web Services infrastructures can interoperate with each other.
If your users are using Windows desktops and authenticating to Active Directory, then using a Kerberos solution based around the Windows Integrated Authentication mechanism is an obvious choice. It provides a Single Sign-On environment that requires the user to enter their password only once at desktop login, and provides an authentication and delegation mechanism which is both secure and flexible. In addition, by using Active Directory it is also possible to have a common authorization environment using Active Directory groups, as well as supporting scalable and flexible authentication across multiple security domains by using the cross-realm and cross-forest trust features of Kerberos. Lastly, using Windows Integrated Authentication can be supported using .NET Web Service clients and servers natively, and with J2EE by using Vintela Single Sign-On for Java for Web Services extensions - without changing a line of code, or adding any new infrastructure elements.
Web Services provides a powerful paradigm for developing a new class of applications that integrate a range of services to deliver rich and valuable applications. A key success of this paradigm is the focus on reusing the existing Web infrastructure to promote a high level of interoperability and reuse amongst components.
By taking the same approach to achieve security and Single Sign-On, you can also reap the benefits of your existing infrastructure. Regardless of whether you are developing applications in J2EE on Unix servers or Microsoft .NET, it is possible to support a rich set of security functionality by reusing your existing infrastructure. This can be done without changing existing code, by simply changing the way applications are deployed.