Despite all its flaws, UDDI still continues to considered as key in the adoption of Web services. Richard Karpinski finds a new trend where more vendors are integrating UDDI and LDAP

UDDI has been anything but easy to implement so far. The technology has not been as flexible as many developers would like

As rapidly as some Web services protocols, such as simple object access protocol (SOAP), have taken hold, others, perhaps most notably universal description, discovery and integration (UDDI), have met with less success.

Most experts still believe that UDDI will ultimately play a key role in the adoption of Web services. It is best described by its own white page and yellow page metaphors. At its core, it provides a place for businesses to describe and register and for other companies to discover the Web services interfaces they are making available to the world.

UDDI has been anything but easy to implement so far. The technology has not been as flexible as many developers would like. And participation in public UDDI registries has been low.

But it is still early in the game. Many early UDDI server implementations were solely for proof-of-concept. Also, many early servers were public deployments, while much of the early work with Web services turned out not to be over the public Internet but behind corporate firewalls.

In the end, UDDI is not strictly necessary to do SOAP-based Web services. But if such architectures are to scale, developers need a place to register their services so they can be easily found and consumed. Hence, the technology will not be needed until Web services take firm hold on the enterprise landscape.

UDDI status
Despite its early flaws, UDDI is making progress. Currently, version 2.0 of the specification is by most accounts a major step forward from the initial standard, adding support for so-called multiple entities that made it much easier for businesses to actually map their organisations and workflows to the repository. Market-watchers expect additional steps forward soon with the release of version 3.0 of UDDI.

Yet even more significantly, vendors are beginning to bring UDDI more into the enterprise mainstream. For instance, recently there have been growing amounts of activity around mapping UDDI repositories into lightweight directory access protocol (LDAP) directories, which in their own right have emerged as a key enabling e-business technology.

Key vendors including Sun Microsystems, Novell, and BEA Systems are readying UDDI-on-LDAP solutions, and enterprise research firms such as the Burton Group are calling the convergence an important next step for next generation Web services architectures.

Why the convergence?
“My personal opinion is that the people who developed UDDI were really focused on providing a way to share this information and simply found it easier to implement the early prototypes just sitting on top of a relational database [rather than a directory],” said Winston Bumpus, director of standards for Novell. “We think UDDI is just a perfect application for directories. Directories are really designed for the scalability, reliability and security needed for this kind of activity.”

Not everyone agrees. Major implementations of UDDI today from IBM and Microsoft both run on top of those companies’ respective relational databases. Web services vendor Systinet also delivers a UDDI server-its platform will work with most commercial database platforms.

Instead of integrating LDAP and UDDI, Systinet is mapping the security capabilities of its WASP Web services platform to LDAP so that companies can “specify security information in LDAP and use that to secure a UDDI registry.”

Integrating LDAP and UDDI beyond that is overkill, said Anne Thomas Manes, CTO of Systinet.

Despite such misgivings, there is plenty of effort underway to bring LDAP and UDDI together.

Novell, for instance, has been ramping up its activity in this area. Just recently, it formally joined the UDDI Advisory Group, while in late May it made a submission to the Internet Engineering Task Force (IETF) outlining how to represent UDDI data in an LDAP directory.

Novell is also playing a role in the creation of the Directory Services Markup Language (DSML) v2 standard, which will enable access to a directory through XML protocols like SOAP.

On the product front, Novell recently outlined plans to deliver a UDDI interface to its eDirectory platform, an integration that should appear later this year, Bumpus said.

“The characteristics of UDDI lend it to a solution where you write it a few times and read it many times and you need to have it to be reliable, scalable, and secure,” Bumpus said. “UDDI is the perfection application for the directory technology we have.”

As part of its Sun One Application Server announcement, Sun Microsystems also detailed plans for an LDAP-based UDDI server-dubbed the Sun One Registry Server-slated to be released later this year.

“We believe LDAP is a very scalable approach to implementing a UDDI repository,” said Patrick Dorsey, Sun’s group product manager for Web and application servers. “What you get with UDDI ultimately is a whole bunch of reads that happen very rapidly. LDAP is very scalable to handle that.”

Meanwhile, BEA Systems has adopted a UDDIv2-on-LDAP solution from partners OctetString and Acument Technologies and integrated it into WebLogic Server 7.0.

“I think the main point is that by basing UDDI implementations on LDAP and directory services, we’re going to see quicker implementation by enterprises able to make use of their existing strengths in terms of staff and resources in the directory area,” said Nathan Owen, director of business development for OctetString.

Security issues
Security is already emerging as a key stumbling block for Web services deployments; existing LDAP-based authorisation and access schemes can help jump-start those efforts, Owen said. “We’re going to see a lot more discussion about UDDI security in version three of the spec,” he said, adding that enterprises’ experience in replicating LDAP directories would work well with UDDI repositories as well.

“There are already existing and mature replication technology approaches to globally replicating UDDI data using LDAP in ways that are not yet covered in the spec. Everyone is starting to look at leveraging technology we already have to support Web services.”

Such progress should be comforting to enterprises, which are watching the evolution of Web services standards very closely. Despite the early hurdles UDDI has faced, developers still believe in the technology. According to a poll of developers by Flashline, a provider of software reuse solutions, 55 percent of respondents are currently evaluating internal or external UDDI registries, while 11 percent are already using a UDDI registry to organise access to Web services.

“We found a lot of developers interested in Web services and the promise they have to offer,” said Adam Wallace, VP of research and development for Flashline. “But they also realise if they are going to move forward with a large number of Web services, they need a registry. UDDI is a good choice; it’s an open standard that’s been widely-accepted.”

Couple UDDI’s strengths (widely accepted and standards-based) with LDAP’s advantages (broad enterprise deployment and proven security and scalability features), and Web services may have the repository architecture required to make a major impact on the enterprise.

This article first appeared in Network Magazine