The Motorola example demonstrates how Web services can work in a controlled environment. But it also shows the technology's biggest weakness: deploying Web services over the Internet remains a challenge. There are areas, most notably security, where there aren't agreed-upon standards. The Internet is a poor platform for today's version of the technology - Web services might have been built to run on the Internet, but the Internet wasn't built to run Web services.

Until the necessary solutions are created and gain widespread adoption - which experts say won't be for another couple of years - CIOs hoping to use Web services must come up with their own security and reliability solutions. Furthermore, while it is fairly easy to convert any existing application into Web services, CIOs must tread carefully - anything they do now will have a big impact on their overall systems architecture in the future. The CIOs we talked to, however, are definitely not avoiding Web services. They are configuring workarounds and, perhaps most telling, keeping their Web services experiments safely in-house for the time being. They're seeing the promise of Web services with small-scale implementations - but they're keeping the present-day reality firmly in mind.

The SecuritySecurity Setup Alles zu Security auf CIO.de

By far the biggest concern among Web services users is security. A recent survey, " Enterprise Development Management Issues 2002 ," by Santa Cruz, Calif.-based market researcher Evans Data found that security and authentication were the number-one hurdles for 48 percent of the 400 IT executives interviewed - more than double that of the runner-up, bandwidth, at 22 percent. Mark Hansen, vice president and CIO of Long Grove, Ill.-based Kemper Insurance, says that security is actually two separate problems: one technical, one business-based. On the technical front, there are no industry-accepted security standards for XML. And even if there were, nobody is sure on the business side of what the contract language would have to be in order to convince CIOs that they could safely use a company that their Web services found on the Internet for important transactions. Who are you going to trust - and how is that trust going to be validated - in the ideal world of Web service talking to Web service?

While it's just a matter of time until standard security protocols emerge, it is enough to give a CIO trying to use Web services a headache. Currently, every XML security protocol on the market is a proprietary vendor offering and therefore not truly open. Hugo Haas, Web services activity lead with the Cambridge, Mass.-based World Wide Web Consortium (W3C), the standards setting group, says that at this point W3C hasn't even finished determining everything an XML security standard would require, let alone deciding on a standard. Until the security issues are cleared up, the one-time transactions that would come from a Web services "yellow pages" (known as universal description, discovery and integration, or UDDI) are only a dream.