You are in the: Small Business Computing Channelarrow View Sites +
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |  »Close
Enter a word for a definition... ...or choose a computer category.

   Term of the Day
   New Terms
   New Links
   Quick Reference
   Did You Know?
   Tech Support
   Webopedia Jobs
   About Us
   Link to Us

talk to us
   Submit a URL
   Suggest a Term
   Report an Error
Internet Lists
Internet News
Internet Resources
Linux/Open Source
Personal Technology
Small Business
Windows Technology
xSP Resources
Corporate Info
Tech Jobs
E-mail Offers
  Be a Commerce Partner

Understanding Web Services

Over the last couple of years, Web services have expanded to become more popular with application developers — and for good reason. Web services technology represents an important way for businesses to communicate with each other and with clients as well. Unlike traditional client/server models, such as a Web server or Web page system, Web services do not provide the user with a GUI. Instead, Web services share business logic, data and processes through a programmatic interface across a network. The applications interface with each other, not with the users. Developers can then add the Web service to a GUI (such as a Web page or an executable program) to offer specific functionality to users. 

Web services' distributed computing model allows application-to-application communication. For example, one purchase-and-ordering application could communicate to an inventory application that specific items need to be reordered. Because of this level of application integration, Web services have grown in popularity and are beginning to improve business processes. In fact, some even call Web services the next evolution of the Web.

Web Services Technology
Web services are built on several technologies that work in conjunction with emerging standards to ensure security and manageability, and to make certain that Web services can be combined to work independent of a vendor. The term Web service describes a standardized way of integrating Web-based applications using the XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone.

Key Terms To Understanding Web Services

Web Services
The term Web services describes a standardized way of integrating Web-based applications...

electronic commerce
Often referred to as simply e-commerce, business that is conducted over the Internet using any of the applications that rely on the Internet.

More Web Services Related


Short for Extensible Markup Language, a specification developed by the W3C. XML is a pared-down version of SGML, designed especially for Web documents. It allows designers to create their own customized tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.

Short for Simple Object Access Protocol, a lightweight XML-based messaging protocol used to encode the information in Web service request and response messages before sending them over a network. SOAP messages are independent of any operating system or protocol and may be transported using a variety of Internet protocols, including SMTP, MIME, and HTTP.

Short for Web Services Description Language, an XML-formatted language used to describe a Web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is an integral part of UDDI, an XML-based worldwide business registry. WSDL is the language that UDDI uses. WSDL was developed jointly by Microsoft and IBM.

Short for Universal Description, Discovery and Integration. It is a Web-based distributed directory that enables businesses to list themselves on the Internet and discover each other, similar to a traditional phone book's yellow and white pages.

XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services available and UDDI is used for listing what services are available. Used primarily as a means for businesses to communicate with each other and with clients, Web services allow organizations to communicate data without intimate knowledge of each other's IT systems behind the firewall.

Security has become a hot topic for Web services. Because it is based on program-to-program interactions as opposed to human-to-program interaction, it is important for Web service security to address topics such as access control, authentication, data integrity and privacy. Today the most common security scheme is SSL (
Secure Sockets Layer), but when it comes to Web services there are limitations with SSL. The Web service technology has been moving towards different XML-based security schemes for Web services. Some of the XML-based securities include the following:

XML digital signature
The XML Signature specification is a joint effort of W3C and IETF. XML Signatures provide integrity, message authentication and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.

XML Encryption
W3C's XML Encryption specification addresses the issue of data confidentiality using encryption techniques. Encrypted data is wrapped inside XML tags defined by the XML Encryption specification.

XKMS (XML Key Management Specification)
The XML Key Management Specification (XKMS) comprises two parts ׫ the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). The X-KISS specification defines a protocol for a Trust service that resolves public key information contained in XML-SIGelements. The X-KISS protocol allows a client of such a service to delegate part or all of the tasks required to process elements. The X-KRSS specification defines a protocol for a web service that accepts registration of public key information. Once registered, the public key may be used in conjunction with other web services including X-KISS.

SAML (Secure Assertion Markup Language)
SAML is an XML-based framework for communicating user authentication, entitlement and attribute information. As its name suggests, SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application. The OASIS Security Services Technical Committee is in charge of defining, enhancing, and maintaining the specifications that define SAML.

WS-Security (Web Services Security)
Security Assertion Markup Language (SAML) from OASIS provides a means for partner applications to share user authentication and authorization information. This is essentially the single sign-on (SSO) feature being offered by all major vendors in their e-commerce products. In the absence of any standard protocol on sharing authentication information, vendors normally use cookies in HTTP communication to implement SSO. With the advent of SAML, this same data can be wrapped inside XML in a standard way, so that cookies are not needed and interoperable SSO can be achieved.

ebXML Message Service
The OASIS ebXML Message Service defines the message enveloping and header document schema used to transfer ebXML messages over a communications protocol such as HTTP or SMTP and the behavior of software sending and receiving ebXML messages.

You can read more about the standards for XML-based security for Web services in our related links section.

Who Is Using Web Services? (adapted from
Perhaps the best example of the growth of Web services is eBay. The online auction king has been aggressively developing its Web services platform by extending application programming interfaces that essentially turn its Web site into a platform.

The auction site's developer section gives soup-to-nuts information about deploying its eBay API. "With the eBay API, you communicate directly with the eBay database in XML format. By using the API, your application can provide a custom interface, functionality and specialized operations not otherwise afforded by the eBay interface." Since 1999, eBay has offered APIs and now offers more than 100 Web services calls available to developers to build applications that can connect to those services. They include pricing information, buy-it-now features, and payment options through its PayPal subsidiary.  The growth and use of APIs across the Web illustrate how rapidly Web services are spreading, even as technical issues such as security and authentication are worked out by standards bodies.

Online retailing giant is another example. Companies such as Microsoft and Sun Microsystems have been helping developers build and deploy Web Services and clients for close to four years now. Sun's J2EE platform, for example, is where developers build on the building blocks in order to access's selling platform.

For more examples of Web services being used today, be sure to read the InternetNews Developer's story, "Web Services Now and When".

Emerging Trends in Web Services — Mash-ups and Web 2.0
New in 2005 is a breed of Web-based applications called mash-ups. Mash-ups mix at least two different services from disparate, and even competing, Web sites. A mash-up, for example, could overlay traffic data from one source on the Internet over maps from Yahoo, Microsoft, Google or any content provider. This capability to mix and match data and applications from multiple sources into one dynamic entity is considered by many to represent the promise of the Web service standard.

WikiMap is just one of many examples of a mash-up. This "Find Cheap Gas" Web sites uses a Google Maps powered interface, to offer information tailored to suit specific needs of a consumer. WikiMap is just one of many examples of a mash-up. This "Find Cheap Gas" Web sites uses a Google Maps powered interface to offer information tailored to suit specific needs of a consumer. With so many businesses and software companies building services on top of platforms, many expect to see the World Wide Web of today (called Web 1.0) transform into a full-fledged computing platform serving Web applications. The term being used to refer to the World Wide Web as a platform is Web 2.0, where the term refers to the "next version" of the World Wide Web. The difference between Web 1.0 and Web 2.0 can really be defined by Web application services.

Did You Know...
Where Web 1.0 offers Doubleclick and personal Web sites, Web 2.0 provides us with Google AdSense and blogs.

Vangie 'Aurora' Beal
Last updated: October 07, 2005

Related Links

Internet News Article - Web Services Now and When
One of the most significant changes in the software industry has been the arrival of Web services, a truly distributed computing model in which applications "talk" to one another.

Web Services Without Warranties
Embedding web services from the likes of Amazon and eBay into enterprise applications is a leap of faith. But despite a lack of service guarantees and a raft of inconsistencies between different providers, growing numbers of enterprise developers are taking the plunge.

Solving the Web Services Identity Crisis
What is the real issue in web services security? When techies talk about it, they're typically talking about intruders intercepting trusted XML messages and substituting malicious code. Business people, who take this kind of wire-level security for granted, are more concerned about tracking the identities and activities of users who log on legitimately.

SSL: Your Key to E-commerce Security  
The e-commerce business is all about making money and then finding ways to make more money. Of course, it's hard to make (more) money, when consumers don't feel safe executing a transaction on your Web site. That's where SSL (Secure Socket Layer) comes into play. Understanding how SSL affects e-commerce business can also potentially help you to unlock (more) money from your customers.

Sun Developer network - SOA/Web Services
Learn more about service-oriented architecture (SOA) and web services. Sun Developer Network has put together a wide variety of content about SOA and web services, including articles, tips, white papers, code samples, and more to help you easily find what you need.

XML-Signature Syntax and Processing
This document specifies XML digital signature processing rules and syntax. XML Signatures provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.

XML Encryption Syntax and Processing
This document specifies a process for encrypting data and representing the result in XML. The data may be arbitrary data, including an XML document, an XML element, or XML element content. The result of encrypting data is an XML Encryption element which contains or references the cipher data.

XML Key Management Specification (XKMS)
This document specifies protocols for distributing and registering public keys, suitable for use in conjunction with the proposed standard for XML Signature [XML-SIG] developed by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) and an anticipated companion standard for XML encryption.

OASIS Security Services (SAML) TC
Defining and maintaining a standard, XML-based framework for creating and exchanging security information between online partners.

Message Service Specification - Version 2.0 (PDF)
This document specifies an ebXML Message Specification for the eBusiness community.

Webservices Mashup Resources
O'Reilly Etech has a listing of some APIs (official and otherwise) with resources.

What Is Web 2.0
The concept of "Web 2.0" began with a conference brainstorming session between O'Reilly and MediaLive International. Dale Dougherty, web pioneer and O'Reilly VP, noted that far from having "crashed", the web was more important than ever, with exciting new applications and sites popping up with surprising regularity. What's more, the companies that had survived the collapse seemed to have some things in common. Could it be that the dot-com collapse marked some kind of turning point for the web, such that a call to action such as "Web 2.0" might make sense?


Do you have an interesting piece of computer-related trivia that you would like us to explore?
Tell us about it.

JupiterWeb networks:

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
Jupiterimages, JupiterWeb and JupiterResearch

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | Shopping | E-mail Offers