Financial Firms Upbeat After B2B Web Services Test

Financial services devs have been given some guidelines on how today's web services technology can -- or cannot -- be used for complex and sensitive B2B cash management system integration. Overall, the verdict from some of the most demanding financial firms in the world can be summed up as "OK in some places. Almost more places. Let's stick with it." See why BoA, JPMorgan Chase and others are so optimistic, and what they say still needs to be done.

Tags: Web Services, Technologies, FSTC, FTSC, Standards, Cash Management, Applications,

Developers in the financial services sector have received some guidelines on how web services can -- or cannot -- be used for complex and sensitive B2B cash management system integration. Overall, the verdict might be summed up as :" OK in some places. Almost more places. So let's stick with it."

The Financial Services Technology Consortium (FSTC), a financial research organization made up of banks, financial service firms, universities, government and computer vendors last month disclosed results of their "proof of concept" to develop such a set of web services implementation guides for cash management system integration. In one word, the results were encouraging.

FTSC executive director Zachary Tumin professed optimism and a bullish approach to web services for financial IT professionals, in his prepared statement. "FSTC provided the perfect collaborative setting to tackle the interoperability challenges of bank-to-bank cash management. Our members are pleased with insights from the initial phase of the project and plan to further explore the use of Web services in financial services applications." Tumin said.

Inside the FSTC Web Services Test and Findings
In the 5-month test, aimed at validating the use of Web services technologies for cash management application and data integration for bank-to-bank and bank-to-customer connections. FSTC brought together several of the country's largest financial firms, including Bank of America, JPMorgan Chase, and Wachovia. The test was actually comprised of several subtasks where the state of today's web services standards and technologies were applied to multi-bank reporting services. Aspects of web services ability to provide (a) interoperability, (b) security, and (c) reliability were evaluated.

From the overall test protocol, the FSTC has produced a set of Web services, reference implementation, and next-generation "treasury portal" implementations that are aimed at demonstrating where web services can be used near-term, and where more R&D and standards development is needed.
Some of the key results of this project, FSTC officials said, found that key web services infrastructure capabilities may be a bit more mature than many devs believe.

One notable FSTC finding stated that the FTSC web services "reference implementation" for multi-bank reporting services "can be developed into commercial offerings." The implementation is comprised of (1) a re-usable architecture and (2) a set of technical specifications that...provides a valuable set of baseline Web services and a detailed set of supporting technical and business documentation for planning and developing banking applications in .NET and Java environments.

Despite this encouraging finding, FTSC noted that need for more vendor/user cooperation in developing solutions in three key areas of B2B secure transactions, including:
  1. Technical standards and interoperability for "applications and bank interactions that require end-to-end security and reliability to meet expected service levels,"
  2. Better and standard support for SOAP attachments, and for the transport of non-XML data over SOAP; and
  3. Interoperability at the interface level.
The FTSC also took a swipe at the lack of standard definitions for WSDLs. "Having multiple open source and commercial technologies use a common Web services description language (WSDL) file is problematic as the automatic code generators carry numerous bugs."

While FTSC added that these different "implementations can typically be made to conform with some re-programming of the generated code," it was apparent that the group doesn't think going back and hand-tuning such auto-generated code should be the default Best Practice.

Also, project participants found through this hands-on activity that security, including key management, must be examined and tested carefully in banking applications since security interoperability is very immature in open source code and commercial offerings. XML signature and encryption packages proved difficult to use across heterogeneous technology platforms.

Despite web services' technology shortfalls, the FTSC was optimistic that many of their concerns already have attracted the interest of many vendors, through their participation in multi-lateral efforts of standards committees. Therefore, the FTSC recommended: Financial institutions should remain optimistic about the benefits pledged by these technologies for partner, customer, and enterprise integration, and that the transition to Web services technologies requires a careful examination of the underlying service architecture required to provide manageable, secure, and reliable financial applications."