Web Services - Providing IDMS, SQL Server, DB2, ADSO, Java, C#, CSP, and COBOL migration, conversion, and modernization services.

Web Services
by
Don Estes

Enterprise Wide Issues

We have discussed the primary issues that differ for mainframe and non-mainframe platforms. But, there are some issues that are enterprise wide: taxonomies of classification, XML data tag methodology, processing capacity, and security are perhaps the most important.

In the "Yellow pages" of the UDDI repository, each Web Service needs to be classified according to some scheme, preferably one that will be used by most businesses in your sector of the economy. Ideally, this should be a standard taxonomy that would make opening up to the entire Internet only an issue of publishing in a public directory and allowing access from the Internet. At this time, proposed taxonomies have a long way to go before we can consider them standard. The practical strategy would be to constantly refer to what others are doing in the way of recommended standards for your industry, but to develop your own until such time as the taxonomy is sufficiently developed that you can convert to standard usage.

Deriving an XML data tag methodology will be in many ways similar to the taxonomy problem, but here things are farther along. There are industry wide "dialects" of XML, in which data tags, their associated data elements, and their structure are clearly defined. To the extent that one can adopt one of these dialects, it is a good idea to do so. However, two problems remain. First, the standards continue to evolve, so that you should plan a mechanism to keep your XML data documents in concert with the evolving standards. Second, you will have to extend the dialect to cover data elements unique to your enterprise that are not part of the standard. This issue can be resolved in many cases by using XSL transformations to map between various XML dialects.

Security may be the most vexing issue of all. Many sites with legacy mainframe applications also have security systems of such long-standing history that they have not been reviewed from the point of view of modern security concerns. Despite complex systems of passwords and permissions, most legacy systems are protected mostly by the fact that they are not integrated well with the rest of the enterprise, much less the Internet, and are used by people who understand their limitations and quirks. The heritage client server systems may not be much better in this regard.

In fact, the biggest worry should be well-meaning employees and other users who simply misunderstand what these Web Services can and can't do because their scope and operating context may not be clearly explained. Regardless, providing Web Services to new users within the enterprise as well as partners over an extranet should trigger a full-scale review of all security. This should cover, at a minimum, the purpose and effectiveness of access control systems and of security breach detection mechanisms in place to provide early warning of problems. In addition, the bugs and design inadequacies of applications that could impact system integrity should be reviewed. Finally, initial consideration could be given to the security implications of providing some degree of access to the Internet, whether directly or indirectly, even if not contemplated for the near future.