Monday, September 20, 2004

More debate about the WS-* stack.

The recent flood of blog postings about the viability of the WS-* stack specifications has mostly stemmed from Microsoft's recently published whitepaper An Introduction to the Web Services Architecture and Its Specifications. I've read the paper now, and generally think it's a very good overview of the MS/IBM Web Services Architecture, however there are a few points I feel I need to raise.

1) This is the MS/IBM camps Architecture, and therefore this whitepaper must be read within that context. There are open standards, from W3C, OASIS, IEFT etc, talked about in there, but also there are a lot of specifications that have not been/are no where near submission to a standards body.

I think it is a missed opportunity for Microsft not to have made this more clear. If they had they may have managed to control the resulting debate to being about why these specifications are important and how best we, as a community of developers, can bring them about.

Worst yet, they present specifications here that have direct competition from open standards, for example the MS/IBM WS-ReliableMessaging which is basically the same as the OASIS WS-Reliabillity specification.

That said, read in this context this whitepaper is a great introductory article to the state of one Web Services Architecture and will set you thinking about a more general one.

2) After reading some of the follow on posts, for example "More WS-* specs, more questions about architectural viability" I can understand some of the problems people are having with this. Of course people are not going to see reason for all these specifications if they are not now, or probably never will be, interested in using them. However I don't agree with the following.

"Tim Bray's point about Amazon, eBay, etc. not needing the WS-* stuff to get their job done is well taken, but it's also quite clear that these were built from the ground up to work with the Web, whereas the fertile ground for WS-* are the enterprise systems that were not designed with the web in mind."

Amazon, eBay and the rest are at the vangard of such large Web Services implementations. I am sure they will have long term strategies which they are not sharing. But the services they have exposed so far are not critical services. Amazon does not come off too bas if an associates site fails to load a page, and they are not yet allowing seemless purchasing from associates. For this to happen specifications such as WS-Secutiry are essential. One of the Reliability specifications/standards will also be required if they are to puch the purchasing services this far out.

This is only the start, large corporate associates would probably wich to implement something like WS-SecureConversation to save the repeated single shot security problems with just having WS-Security.

Of course Amazon, eBay and the like have been happy with only SOAP and WSDL, because that's all they had, but I wouldn't be surprise to see them picking up on other standards and doing some interesting things with them. To address the second point in the quote, yes they were designed for the web, and yes enterprise systems will need some of these specifications, however I would be willing to bet that Amazon see their systems as "enterprise".

Also are we going to throw out all the ideas and experience from these "enterprise" systems? Currently most of the Web Service implementations out there are simple point-to-point systems, there are few, that I know of, compelex networks of services with many intermediaries and compound services which go on to trigger many more. These types of system will required the more advanced WS-* stack specifications. So let's start getting them ready now.

No comments: