As companies of all types rush to adopt service-oriented architecture (SOA) and build applications based on Web services, the growth of the extensible markup language (XML) market in the enterprise sector is undeniable. Both SOA and Web services use XML as a foundation technology, despite the fact that XML is a verbose, processing-intensive, open-ended, and insecure language.

Where there is SOA, there also is a need for middleware that supports the communications and security of those communications, not only between the Web services that make up the SOA but also between Web services implemented in one enterprise’s SOA and those implemented in another's. This SOA/Web services/XML deployment infrastructure can be thought of as equivalent to enterprise service bus (ESB) technology, although dedicated to Web services and with added security features, such as XML threat protection.

Since telcos are enterprises, they are not immune to the SOA trend. Indeed, Verizon Communications Inc. (NYSE: VZ)'s service delivery platform (SDP), iobi, was one of the earliest to use an SOA, while AT&T Inc. (NYSE: T), BCE Inc. (Bell Canada) (NYSE/Toronto: BCE), and BT Group plc (NYSE: BT; London: BTA) are also investing in SOA frameworks. SOA and Web services are the integration mechanism of choice for vendors from Accenture to Nokia Corp. (NYSE: NOK) to integrate products within SDP frameworks and next-gen operations support systems (OSSs).

The most advanced and software development-savvy of these operators intend to create their next-gen services within an SOA context, encouraged by the likes of IBM Corp. (NYSE: IBM), Microsoft Corp. (Nasdaq: MSFT), and Oracle Corp. (Nasdaq: ORCL), which want to drive XML as far as possible into the telco service layer and to flush out telco-specific service-creation technology.

Where this market really gets interesting from a telco point of view – as the current edition of Light Reading's Services Software Insider shows – is at the intersection of the SOA deployment infrastructure with the network and the implementation of "XML networking." The XML processing required in an SOA deployment infrastructure is so heavy that response times are dismal if it occurs in the application server. Nor does it make sense for individual application servers to replicate middleware functions that would be much better separated out and executed at a single point on all XML transactions.

Where better to put the middleware needed to inspect and process XML messages between Web services in a SOA than on dedicated hardware sitting in the network, since the network will be transporting the messages back and forth? By tapping into the network, Web services can also take advantage of the acceleration properties of both the dedicated hardware and the network: XML messages can travel at wirespeed rather than at enterprise software speed.

Carriers are beginning to ask themselves if there is a business case for building support for SOA deployment infrastructure into their networks so that they can sell such infrastructure capabilities as a value-added service to enterprise customers. They also are wondering whether this infrastructure should be deployed in data centers at the edge – as an extension, perhaps, of their own internal SOA infrastructure developments – or whether it should be more ubiquitously implemented across next-generation IP Multi-Protocol Label Switching (MPLS) networks.

One clear trend is emerging: the XML security aspects of the SOA infrastructure will be embedded into service provider networks, and sooner rather than later. As their customers embrace SOA and Web services, it makes sense for carriers that already provide IP security infrastructure services, such as managed IP firewalls, virus scanning, and intrusion detection, to offer the same kinds of services at the XML message level. XML networking vendors are busy forming the alliances that will yield the right tools.

In early June, Reactivity Inc. announced that it will offer as an original equipment manufacturer (OEM) its "commodity" threat defense, schema validation, parser attack, and attack signature detection technology to a range of network equipment vendors so that they can enable their products with XML security. Forum Systems Inc. has integrated its XML firewall technology with the Unified Threat Management platform of Crossbeam Systems Inc. , and is aiming this at the telco sector. Interestingly, Cisco Systems Inc. (Nasdaq: CSCO) and Telecom Italia (TIM) Sparkle recently announced their collaboration on a secure network to protect TI Sparkle’s customers from IP-based denial-of-service attacks. Since Cisco is a key player in the XML networking market, it would be a relatively easy move for TI Sparkle’s network to protect customers from XML-based denial-of-service threats in the not-too-distant future.

XML networking is an intriguing new market. With IBM, Intel Corp. (Nasdaq: INTC), and Reactivity promising further announcements this year and rumors that Alcatel (NYSE: ALA; Paris: CGEP:PA) and Juniper Networks Inc. (NYSE: JNPR) have programs underway in this area, it certainly will be a sector to watch.

— Caroline Chappell, Analyst, Light Reading's Services Software Insider

Service Delivery and XML: The Path to Carrier SOA, a 28-page report in PDF format, is available as part of an annual subscription (12 monthly issues) to Light Reading's Services Software Insider, priced at $1,350. Individual reports are available for $900.