Great Expectations

Can Web services live up to the hype?

by / September 3, 2003 0
Some say Web services represent an evolutionary force that will transform electronic government. The argument goes that for the first time, the stuff Web services is built on -- an alphabet soup of interrelated Internet standards -- gives agencies access to information stored in other agencies' siloed systems fairly painlessly.

In theory, Web services means agency A no longer has to ask agency B's staff to crank out code that will allow A to pick certain types of data off B's mainframe. The process is automated through a Web browser and uses XML (extensible markup language), SOAP (simple object access protocol), UDDI (universal description, discovery and integration) and WSDL (Web services description language) to move data from B to A with little human interaction.

In reality, most government agencies approach the promising new technology with cautious optimism. It may sound easy, but several issues must be sorted out before governments make widespread use of Web services.

The newness of Web services has once bitten, twice shy public-sector IT staff a little hesitant. Immature standards also raise concerns about the infrastructure consistency behind Web services wares hawked by vendors.

Finally, observers say another force is at work: the age-old inclination of government agencies to protect their data, and of public employees to protect their livelihoods.


Using Web Services

Stripped to the basics, Web services are a set of technology standards and tools: XML is the language that tags the data exchanged between computers; SOAP defines how the data transfer will take place; WSDL describes services available to computers involved in the data transfer; and UDDI lists available services to computers making the transfer.

Government agencies are just beginning to use Web services to power applications like secure, personalized electronic services to constituents; link legacy mainframes to Web portals; and manage identities of employees who need remote access to information in several back-end systems.

Several years ago, Hillsborough County, Fla., rethought its approach to identity management.

"We realized having a central repository, where security rights and access to things were in a single location, was a good thing," said Bill Kannberg, the county's CTO. "Web services kind of grew into the ability to hit an identity management system. It was a product that was waiting for something like identity management, and identity management was looking for services it could leverage."

Web services helped the county two ways: by replacing its remote access process and making it possible to deliver customized access to applications based on user identity.

In the past, employees' PCs were outfitted with VPN clients and remote access software. That was not necessarily a good value proposition for the county, Kannberg said, because when the VPN software caused problems, county IT staff essentially became after-hours support for remote users. Now remote employees need only a PC with a Web browser to access a public Web site that serves as an employee portal to county applications.

Once the employee's identity is verified, a portal services engine developed by Novell renders a personalized Web site to the employee -- complete with access to applications the employees need to do their jobs. The portal serves users from 37 county agencies.


Next in Line

Kannberg said he's working to deploy other Web services-based projects in the near future.

"We're laying down the next generation of the foundation that came with portal services, and that's to have a central identity management system," he said. "In our case, our human resources information system tells who should be in the system and who shouldn't be in the system. We're using XML on the back end to kick off actions from that central identity management system, so if an employee leaves the county, HR simply removes the employee's name from our identity management system. That change flows automatically to all systems as an instruction to remove the employee's account."

This process saves the county time and money, he said, because instead of devoting staff resources to maintaining user profiles, an XML agent drives the activities by making changes throughout the entire system, including network account, file storage, telephone system and directories, security rights and clearances, and e-mail accounts.

That project should be wrapped up by the end of this year, he said.

Next in line is a project he's calling "XML dash boarding," which will allow managers to check internal progress and compare progress among county departments via a Web browser, according to Kannberg. "Competition is always a great thing," he said.

"We plan to use XML on the back end to touch a database that somebody else holds onto. So we're not infringing on their territory, they give me a normal login to their system. Either using standard XML, if the application speaks that, or a connector if there is no XML native to the application we want to hit, I can get data off their system using a standard login," he said. "They get to be the expert and keep their territory. I get their data, aggregate it and compare it to other things here internally. Management knows exactly how departments are doing against other departments, and how departments' budgets are doing."


Whither Web Services

What Web services will mean to enterprises can be compared to what HTML and URLs meant to the usefulness of the Internet, said Dan Sholler, vice president and service director of META Group's Technology Research Services.

"Instead of just a person talking to a computer, it's now a computer talking to a computer," Sholler said. "The most compelling examples of use of Web services have been in situations where organizations dramatically improve what they do by connecting things that, in the past, were considered hard to connect."

He cited a recent Web services project between Southwest Airlines and Dollar Rent a Car as an example. Southwest linked its Web site for flight reservations to Dollar's Web site, so a consumer purchasing an airline ticket could also rent a car at the same time.

"The interesting thing about this is the whole project, from conception to completion, took six weeks," he said. "The Southwest site is a CORBA-based system, and Dollar's reservation system was some god-awful legacy VAX thing. It wasn't like this was a no-brainer where they were taking things that were all the same and just getting them to talk to each other. The last time I checked, Dollar estimated they were getting $1 million a month worth of business out of this project.

"The technology itself is kind of cool, but that's not the point," he continued. "The point is this kind of connectability -- this ability to put things together that you just sort of assumed were not able to be put together."

Though this ability has everybody excited, the existence of a set of tools that promise universal connectivity means IT professionals must think about representing information in a way that makes it consumable by other agencies, Sholler said. In the past, many agencies worried only about representing information in a way that matched their own internal decision-making processes.

Another issue is the potential strain on legacy systems created by automated Web services that swap information back and forth. Speeding up these information transactions could mean service problems if a receiving system wasn't built to handle the faster pace of information, he said, and new linkages between information systems could create load problems.

If a state wanted to verify that a hunter who applied for a deer license was also a registered gun owner, the state can do so. There is, however, a value proposition to consider, because new inquiry processes can cause trouble when agencies suddenly have the ability to perform cross-checks that haven't been performed before.

"In the past, when you applied for a deer hunting license, you got a deer hunting license, and when you applied for a gun license, you got a gun license -- they weren't related," he said. "Now, there's going to be a bazillion more queries to that firearms' license database than before. Connecting things can create new load, but the reason it's new is because you're putting a new step in the process. One of the things you have to figure out is, 'What's the value of having that new step, and is it worth my while beefing up my system to handle that load?'"


Practical Magic

Fairfax County Public Schools (FCPS) is the 12th largest school district in the country, and operates 240 schools and education centers. Ted Davis, director of knowledge asset management, works with a technology infrastructure consisting of more than 65,000 desktop workstations, 700 servers and more than 30 enterprise applications running the school system's operations.

Davis said FCPS is using Web services to free 45 separate information systems from the trap of spaghetti architecture.

"We have lots of information systems, and these information systems provide lots of capabilities to our customers, but they also leave lots of gaps between them," Davis said. "This is a role where we see Web services helping us a lot. We have tremendous sources of information captured in these systems, and if you're not using those system interfaces to get to it, you may be missing an opportunity.

"By creating a simple Web application, you can use a Web service to go out to these systems and pull information together -- without having to build a large application."

FCPS rolled out a summer school information system in April that pulls data from FCPS' student information, library, transportation and special education systems. The summer school system has been performing well, he said, though the discovery of an early problem gave FCPS a chance to use Web services on the fly.

"We missed a requirement and needed a quick solution," Davis said, noting that schools must be aware of when their students register for summer school.

"We didn't plan for every principal in our school system to have access to the summer school system, and we had to figure out how to get that information to them," he said. "The system actually had a report in it that has the registration information, but to get to it, you have to know how to use the system. We were looking at printing the reports and sending them to principals on a daily or weekly basis, which would be a tedious process. One of my staff had the bright idea of making it available on the Web."

Using Web services, FCPS put together a simple Web application that allows principals to authenticate against FCPS' active directory, then invokes a Web service that sends principals a report of all their students who registered for summer school.

"The principals can check it any time they want, and find out which students have registered. They can take the action they need to make sure the students in need of extra help get registered," he said. "The principals loved it. It required no training and it's real-time information."

For the future, Davis said his staff is experimenting with Microsoft Office XP as a smart client and teaming the suite of applications with Web services.

"You could, in an Excel spreadsheet, invoke a Web service. That would allow us to use Excel spreadsheets as a medium, much like you use a Web browser, for delivering services," he said. "I could see our customers liking that because many of them are proficient with Excel spreadsheets."

A simple example of this, Davis said, is a service that returned a list of students and addresses to be used in a mail merge to send information to parents.

"A more complex example would be a spreadsheet that assisted schools with staffing estimates," he said. "Staffing is based on formulas with data that could be derived from back-end systems via Web services."

Davis said he used Excel that way, but it was not easy. "Creating the Web service was easy; invoking it was not quite there yet," he said. "XP has probably changed since then, but it didn't have a built-in capability to invoke a Web service that had security in it. To make that Web service work, I had to turn off the security. Once I turned off the security, it worked just fine."


Behind the Portal

Georgia has been testing Web services on its Georgia.gov portal since the portal opened in July 2002, said Gina Tiedemann, director of GeorgiaNet, which manages the Georgia.gov portal.

"We are actively adding state agencies, and we're in the process of adding local governments," she said. "After this fiscal year, we will be ready to offer portal services to them, if they so choose, and depending on the needs of municipalities."

Web services carry the load behind the scenes, allowing GeorgiaNet staff to expose the functionality of legacy systems to public Web sites as a SOAP service, said Jan Sorensen, principal software developer for GeorgiaNet.

For instance, the state's online driver's license renewal application communicates with the Department of Motor Vehicle Safety (DMVS) mainframe via SOAP. A connector toolkit was used to expose functions performed by the DMVS mainframe as a Web Service. So when citizens renew a driver's license, the DMVS mainframe is queried to make sure those citizens are allowed to renew their licenses online.

The state also uses SOAP to authorize credit card payments submitted to the state's payment engine, Sorensen said. Exposing credit card authorization as a Web Service will allow the state to centralize payment processing.

As more services become available on the portal, agencies will use the same software components to perform shared functions. Accepting payments online with a credit card is one example, he said.

Many agencies need to accept credit card payments online. Instead of agencies negotiating individual agreements with financial services companies and operating separate payment processing applications, Georgia can have one agreement and one application covering the entire state, he said. As the volume of transactions increases, processing fees charged by the bank decrease.

Shifting to Web services hasn't been completely painless, however. Georgia encountered some hurdles as old systems were used in new ways.

"We brought down a mainframe," Sorensen said, noting that legacy systems usually must undergo some preparation to handle the additional queries. "That's definitely a problem because those systems aren't designed to have that kind of load. Instead of batch processes, we have citizens hitting the same processes or same services."

Georgia has since addressed the load issue, Sorensen added.

Tiedemann said the state caught many potential problems early, partly because the pilot, by design, lasted so long.

"It was a tough pilot," she said. "We're trying all different kinds of new technologies integrated together into our stack. We had a lot of partners in this and one integration partner with all these different products in a stack -- and also trying to not only integrate the stack, but also to integrate applications in it with mainframe back ends all at once."

The state essentially is building a completely new architecture from the ground up, Tiedemann said -- an architecture that stresses interoperability.

Sorensen said there was a lot of hype surrounding Web services. "To some degree, there is still a lot of hype," he said. "But at this point, it does the job. As long as the different vendors don't start changing the protocols so they're not compatible with each other, it has a chance of surviving. Yes, there are some problems with Web services -- guarantee of delivery and security -- and it's still evolving, but for us, it works very well."


Hurdles to Jump

Though Web services clearly have begun demonstrating their value, use of Web services remains in its early phases. Perhaps the newness of the technologies has people hesitant, but there are other reasons too.

Choosing among the flavors of Web services sold by a variety of vendors has caused some difficulties for governments, said Hillsborough County's Kannberg, while another issue hits a bit closer to home.

"If you have an organization that's not doing anything, it's because they're entrenched internally or there's another reason they can't get into it. Maybe their management is afraid of Web services," he said. "The organizations with management issues become entrenched, and they don't want to change. They pooh-pooh Web services and say things like, 'It's not standardized. We don't know what the platform is going to be.' Or they have an entrenched legacy development group. I see that over and over again. They don't want to give it up, because Web services move faster than developers can develop."

Kannberg said he spoke to one West Coast agency spending thousands of hours to teach its developers Java -- because management said training must happen before Web services can be tied to the agency's public Web site -- despite the existence of rapid development tools that automatically write Java code.

"Web services comes along and it's changing all the rules," he said. "The good organizations move on it. Jump in feet first. You're going to get wet. You're going to make mistakes. It's going to be rough. You're going to hate it. And then it will become good. It was tough, and we got through it. The payoff has been astronomical, and it has been worth every minute of stress."
Shane Peterson Associate Editor