Not only did Forrester Research count some 115 standards floating around SOA and Web services in its most recent study on that topic, but also, it found that just confirming which vendors support which standards is nearly impossible. Yet CIOs must press ahead with SOA projects in order to meet business needs. Hong Zhang, director and chief architect of IT Architectures and Standards at General Motors, has been balancing the standards dilemma with ongoing SOA work for several years.

Zhang says it’s actually good that there are many standards related to SOA. “This indicates that the software industry is moving toward a broad adoption of SOA,” he says. “The challenge is that there is no common, consistent architectural framework to guide the evolution, integrity and integration across these standards. Many of these standards are not yet mature.”

How can CIOs navigate the muddy waters until those standards do grow up? Technology executives and industry experts offer this advice: Closely monitor the standards scene and try keep your options open, but by all means, don’t delay the launch of key SOA projects. Several strategies can help you avoid getting stuck in a standards pickle.

The Standards That Matter
First off, you can construct just a key list of standards, not a comprehensive one, as you do your SOA planning. For instance, standards such as SOAP and WSDL have been broadly adopted and others, including WS-Security, are ready for wide adoption, says Randy Heffner, an analyst at Forrester Research. But other specifications needed to build Web services that operate with high quality of service—such as standards for management, transactions and advanced security—are mature enough only for aggressive technology adopters, he says.

Of the emerging SOA and Web services standards, Heffner says CIOs should focus on the following: SOAP 1.1, WSDL 1.1, WS-I Basic Profile 1.0 or 1.1, UDDI 3.0.2, WS-Security 1.0 or 1.1, WS-BPEL 2.0, BPMN, WSRP 1.0, XML Schema 1.0, XSLT 1.0, XPath 1.0, XQuery 1.0, XML Signature and XML Encryption.

CIOs should favor standards-based SOA over native protocols, Heffner says, “but don’t sacrifice needed quality of service (QoS) for any given app just to use standards.” Where an application must have greater QoS than Web services can provide, “do tactical workarounds that stay close to the design models of emerging specifications,” he says. Is it necessary for CIOs to know which vendors are supporting which standards at this point? “Not in a comprehensive way,” Heffner says. “But CIOs that are making a major software infrastructure partner choice should get a strong picture of candidate vendors’ current and future support for SOA and Web services specs.” You need to understand your current vendors’ plans as well, he says. Otherwise, you risk investing in technology that might not meet the long-term business goals of the organization or its SOA strategy.