In a previous article (Web Services Journal, Vol. 3, issue 7), we looked at business process management (BPM) driven by Web services and the opportunity it presents for new types of business solutions. The potential impact of Web services and BPM is great, but as companies look to harness that power, they must identify and overcome numerous challenges.

We can separate these into technical challenges and service portfolio challenges. The top three technical challenges are:
1.  Lack of security controls at the protocol level
A fundamental prerequisite for business process integration is the definition of a "trusted environment." For example, given an activity within a process flow, only a limited number of roles are identified as "allowed to execute." That means that the system should be able to correctly identify the user attempting to perform an activity (authentication) and ascertain that he or she has valid access rights to do so (authorization). This is true whether the user is a person or a computer system (e.g., Web service). We want to guarantee the integrity and confidentiality of any message exchanged, keeping an audit trail of who did what and when. The SOAP, WSDL, and UDDI protocols are inherently unsecure and have not addressed these basic requirements. A BPM solution that accepts a SOAP message with instructions for executing a task has no direct knowledge of who initiated the request or the corresponding authorization level. These services must be provided by the enterprise architecture.

Organizations like OASIS and WS-I are defining security extensions to SOAP. These standards, however, need to converge and gain industry-wide adoption before a "trusted environment" can be created outside the firewall.

2. Lack of transaction management capabilities
Current mainstream Web services standards do not provide a mechanism for handling synchronization across multiple enterprise applications. For example, transactions cannot be committed or rolled back as atomic units if they span multiple services. OASIS Business Transaction Protocol and Web Services Coordination+Transaction are examples of standards that are slowly gaining traction. Still, they need to converge and be widely adopted to allow the creation of low-cost, true-enterprise integration solutions.

3. Lack of a universal data definition
Web services rely on XML Schemas for standardizing data formats. Despite some industry-specific efforts, there are no universal standards for canonical representation of data. Companies therefore create their own data formats (for example, DTD/XSD) to exchange data via Web services. This precludes true B2B integration, as the formats from different companies require shared understanding and translation, making it expensive to deploy and maintain.

While custom vendor products exist that repair the lack of security, transaction management, and agreed-upon data semantics, architecture can be thought out to converge toward solidifying standards. The second set of issues that companies must address often appears once infrastructure technology solutions are solved. These are more long-term issues and can be classified as services portfolio challenges.

The three main services portfolio challenges are:
1. Unstructured Proliferation of Services
Different frameworks, tools, and coding standards are currently proliferating in business. Applications are wrapped and exposed for explorating the Web services potential rather than for business purposes. Most of these services will not, however, be inserted into BPM and therefore will not be particularly useful for exploiting business value. In general, if Web services proliferate without a management framework, the services they offer will in turn end up being overly complex, low performing, and unmanageable.

2. Lack of Architectural Layering of Services
Web services and BPM favor, but do not guarantee, an appropriate level of abstraction, which is essential in architecting a service-oriented architecture (SOA). Structuring process models and services along separate client, presentation, business, integration, and resource levels of abstraction requires more up-front planning and longer implementation. It is, however, the only assurance that repeatable and lasting solutions are the results of those efforts.

3. Lack of Business Prioritization
Web services solutions tend to be developed in a silo, which is usually in an application or departmental context. The same is sometimes true for BPM applications, which focus on a functional "hub" such as CRM. The preferred approach is to prioritize Web services-enabled BPM solutions as part of the overall enterprise IT portfolio.

Identifying and overcoming challenges is the first leg on the Web services BPM journey. A clear roadmap will be necessary to successfully reach the desired destination.

Author Bios
Alejandro Danylyszyn is a senior manager in Deloitte Consulting's. He has worked for over 15 years as a consultant to large high-technology manufacturers, telecommunications carriers, and financial services companies in the areas of strategy, operations/process improvement, and solution design/implementation, with a focus on systems integration, enterprise portals and Web services. Alejandro holds a masters in software engineering from Carnegie Mellon University. adanylyszyn@dc.com.

Cesare Rotondo is a senior manager in Deloitte Consulting. His expertise is in applying IT for business results and in managing large implementation projects around Real Time business integration and customer integration solutions. His IT focus is around the enterprise software infrastructure, particularly EAI, B2Bi, enterprise portals, BPM, Web services, and J2EE. Cesare holds an MBA from INSEAD. crotundo@dc.com.