Enabling Government Web Services
Phil Windley reports that Govtech had to define the term "Web Services" in an article about Rhode Island's usage of REST-style Web Services. He says "When your audience is government technologists and you feel obligated to describe what a Web service is in 2005, you know you're in trouble" (he used bold-face type to emphasise the point).
I think there are two sides to this problem.
The first issue has always been the overly-generic name "Web Services". For example, if you use Register.com to register a domain name, you see the following banner:
When you phone the toll-free number on that Register.com page, do you think you're connected to someone who'll give you advice on whether to use REST or SOAP, or whether to use document-literal or RPC? Nope.
The other issue is the fact that many definitions of Web Services, such as the W3C definition, specify that SOAP must be used. The Govttalk article makes it clear that these are REST-style Web Services, that are not "invoked" using SOAP. So, a broad definition was used in the article.
So, I think it's fine to define "Web Services" in articles like this.
So, what about the Web Services security angle here? Well, as Phil Windley says, the Rhode Island Web Services are all about disseminating public information, quote: "GovTracker provides RESTful access to public information in Rhode Island". This is information that is public but has hitherto been unavailable. There isn't a requirement for authentication or even, strictly speaking, for confidentiality either. After all, the information is public.
Much of the recent explosion of REST-style Web Services (and I would include RSS in that) are for public information. But, most of the answers to the question "how can you make money out of RSS and REST" are answered by suggesting the disseminate of premium information to closed-user groups who pay for the information (the answer "embed advertisments in the RSS feeds" doesn't seem to be working). This kind of gated access requires security - to control who accesses the information, to keep an audit log, to keep the data confidential. The applications funded by funds like this will need security.
Vordel, for one, provides security for both REST-style and SOAP-style Web Services. I've written about this here: http://radio.weblogs.com/0111797/2005/03/14.html . Doing "XML firewall" functionality is only part of the problem when such a huge amount of Web Services are not invoked using XML.
2:56:28 PM 
|
