While the potential benefits of SOA are clear, like the\n ability to reuse existing assets, the standards picture looks\n anything but settled.Not only did \n Forrester Research count some 115 standards\n floating around SOA and Web services in its most recent study\n on that topic, but also, it found that just confirming which\n vendors support which standards is nearly impossible. Yet CIOs\n must press ahead with SOA projects in order to meet business\n needs. Hong Zhang, director and chief architect of IT\n Architectures and Standards at \n General Motors, has been\n balancing the standards dilemma with ongoing SOA work for\n several years.\n \n Zhang says it\u2019s actually good that there are many\n standards related to SOA. \u201cThis indicates that the\n software industry is moving toward a broad adoption of\n SOA,\u201d he says. \u201cThe challenge is that there is no\n common, consistent architectural framework to guide the\n evolution, integrity and integration across these standards.\n Many of these standards are not yet mature.\u201dHow can CIOs navigate the muddy waters until those standards\n do grow up? Technology executives and industry experts offer\n this advice: Closely monitor the standards scene and try keep\n your options open, but by all means, don\u2019t delay the\n launch of key SOA projects. Several strategies can help you\n avoid getting stuck in a standards pickle.\n\n \n The Standards That Matter\n First off, you can construct just a key list of standards, not\n a comprehensive one, as you do your SOA planning. For instance,\n standards such as SOAP and WSDL have been broadly adopted and\n others, including WS-Security, are ready for wide adoption,\n says Randy Heffner, an analyst at Forrester Research. But other\n specifications needed to build Web services that operate with\n high quality of service\u2014such as standards for management,\n transactions and advanced security\u2014are mature enough only\n for aggressive technology adopters, he says.Of the emerging SOA and Web services standards, Heffner says\n CIOs should focus on the following: SOAP 1.1, WSDL 1.1, WS-I\n Basic Profile 1.0 or 1.1, UDDI 3.0.2, WS-Security 1.0 or 1.1,\n WS-BPEL 2.0, BPMN, WSRP 1.0, XML Schema 1.0, XSLT 1.0, XPath\n 1.0, XQuery 1.0, XML Signature and XML Encryption.CIOs should favor standards-based SOA over native protocols,\n Heffner says, \u201cbut don\u2019t sacrifice needed quality\n of service (QoS) for any given app just to use\n standards.\u201d Where an application must have greater QoS\n than Web services can provide, \u201cdo tactical workarounds\n that stay close to the design models of emerging\n specifications,\u201d he says. Is it necessary for CIOs to\n know which vendors are supporting which standards at this\n point? \u201cNot in a comprehensive way,\u201d Heffner says.\n \u201cBut CIOs that are making a major software infrastructure\n partner choice should get a strong picture of candidate\n vendors\u2019 current and future support for SOA and Web\n services specs.\u201d You need to understand your current\n vendors\u2019 plans as well, he says. Otherwise, you risk\n investing in technology that might not meet the long-term\n business goals of the organization or its SOA strategy.Many organizations will look for temporary\n solutions\u2014say middleware\u2014to overcome a lack of\n mature standards. \u201cFrom the CIO\u2019s perspective\n there\u2019s a lot of pressure to adopt a middleware platform\n to fill in where standards are not there, but in a way that\n doesn\u2019t lock them into it,\u201d says Jim Stogdill, CTO\n at Gestalt LLC, a defense and energy consulting firm that helps\n clients launch SOA projects.But it\u2019s important not to commit too much to one\n middleware vendor, \u201cbecause it will be much more\n disruptive later to swap out,\u201d he says.Stogdill advises organizations to stick with fairly common\n standards such as SOAP and WSDL, \u201cand also look to where\n your line of business application vendors are providing\n services: Then integrate line of business applications via\n those service interfaces using unintrusive middleware.\n\n GM\u2019s Selective Strategy\n For its part, General Motors learned in its early SOA efforts\n to identify which standards were most important to what the\n company was trying to achieve. GM launched its first SOA\n project in 2000, an architecture called Northstar, for its\n global online vehicle showroom services (GM Global BuyPower).\n Northstar\u2019s goal: to establish a global common SOA plan\n flexible enough to support the dynamics of GM\u2019s business,\n Zhang says. To achieve this, GM designed the architecture to\n separate business functions from business process flow (the\n sequence of the business functions to be performed). The\n company also separated the physical locations of business data\n from those of the business functions using the data, and user\n interfaces from the business process flow, business functions,\n and business data, Zhang says.GM successfully deployed the Northstar architecture in more\n than 40 countries in 2001. The architecture helped GM fulfill\n various business needs quickly, such as meeting data location\n regulations, making business process flow changes based on\n business engagement rules and varying the end user\u2019s\n software experience based on culture differences in individual\n countries, Zhang says.Since the company also uses SOA in other consumer-focused\n online services, including GM OnStar services, it plans to\n develop an enterprisewide strategy and governance program for\n broad deployment of SOA internally and with external partners,\n Zhang says. As part of the planning for GM\u2019s\n next-generation SOA implementation, he\u2019s evaluating the\n latest enabling standards and technologies.For GM today, the most important specs are those that help\n standardize the interfaces among services across the\n well-defined service layers (presentation, business process and\n so on) The next most important are those that help standardize\n the implementation of the services within each of the service\n layers.As part of developing its enterprisewide SOA strategy, the\n company is identifying the SOA standards around which of its\n needs are mature, which should be monitored and which are\n mandatory. Among these, GM is looking at WS-I Basic Profile 1.1\n for enterprisewide interoperability. After this, the company\n will be able to make a well-informed decision about which\n vendors and products to use in its broad rollout of SOA.Another SOA adopter, TD Banknorth, has taken a strategy of\n prioritizing standards adopted by vendors recognized as market\n leaders in the SOA space (for example, webMethods) and\n standards recognized by several key standards organizations.\n The banking company is using a service-based architecture as a\n framework for the development of Web services for application\n integration, according to CIO and executive VP John Petrey. TD\n Banknorth initially used SOA in 2004 when it deployed\n webMethods\u2019 Fabric software suite to use a Web service to\n simplify the process of completing customer address\n changes.The Web service, being implemented now, allows TD\n Banknorth\u2019s call center agents or branch employees to\n make changes in address, then automatically have those changes\n take effect in each of the customer\u2019s accounts with the\n bank. Today TD Banknorth is planning other SOA projects, one\n involving a small-business loan origination service and another\n for the company\u2019s online banking system.\u201cThe primary benefit of SOA we realize is significant\n reuse of services across the integration solution space,\u201d\n Petrey says. That\u2019s resulting in a substantial reduction\n in service development time and the creation of higher-quality\n services that require less debugging and testing, he says.To date, TD Banknorth has adopted basic standards around Web\n services, including XSD, SOAP and WSDL, Petrey says.\n \u201cGoing forward, the most important standards will be\n related to WS-I, like policy, reliability and security, and, to\n a lesser degree, addressing,\u201d he says.The bank works \u201conly with standards adopted by vendors\n recognized as market leaders in the SOA space\u2026and\n regarded as sufficiently mature\u201d by industry research\n firms such as Gartner, Petrey says. \u201cThe standards we\n adopt are recognized by multiple standards organizations like\n W3C and WS-I,\u201d he adds.TD Banknorth queried companies that had adopted standards\n such as WS-Security and SAML, \u201cand found that most were\n struggling,\u201d Petrey says. \u201cThe standards supposedly\n were ready for adoption over a year earlier, yet no one was\n really using the standards the way they were designed or\n marketed. We were unable to find a success story.\u201dAmong the lessons the bank has learned in its foray into\n SOA: Build an architecture in a way that promotes a modular,\n flexible and incremental deployment, \u201cwith placeholders\n for those standards to be adopted as subsequent functionality\n requires,\u201d Petrey says.\n\n Mastering Middleware\n At smaller organizations, some CIOs are forging ahead with SOA\n without a major emphasis on standards. The John F. Kennedy\n Center for the Performing Arts in Washington, D.C., is a\n midsize organization that uses a lot of commercial software\n products, some of which are moving toward SOA, says Alan\n Levine, the CIO.For example, the center\u2019s enterprise resource planning\n vendor, Lawson, is moving to a services architecture. The\n Kennedy Center\u2019s customer relationship management\n platform, Tessitura\u2014an industry-specific application\n developed by Impressario, a wholly owned subsidiary of the\n Metropolitan Opera\u2014also is moving toward SOA.Levine says he\u2019s taking steps to implement SOA without\n being overly concerned about standards. \u201cWe focus on\n creating the \u2018glue\u2019 that allows the SOA\n capabilities of the different commercial systems to fit\n together.\u201dTo that end, the center is developing middle-tier solutions\n in-house, Levine says.\u201cOur focus is rather than trying to choose a standard,\n it\u2019s knowing what to do to get the back ends to\n interoperate,\u201d Levine says. Of course, middleware\n strategies depend on your organization\u2019s size and\n existing systems. Overall, keep your eyes on the prize: a\n nimble IT organization. As GM\u2019s Zhang puts it, the\n ultimate goal of using SOA is \u201cto establish a flexible\n information systems and services environment that can quickly\n realign\u201d as business needs change.Bob Violino is a freelance writer.