- From: Newcomer, Eric <Eric.Newcomer@iona.com>
- Date: Sun, 2 Mar 2003 12:01:26 -0500
- To: "Baker, Mark" <distobj@acm.org>, "Champion, Mike" <Mike.Champion@SoftwareAG-USA.com>
- Cc: <www-ws-arch@w3.org>
>> Email is not the Web. Web services is not the Web, either, and we should stop arguing about whether it is or not. Linear adoption of SOAP is in line with its purpose, which is very different from the Web, meaning this (and the REST of these arguments) is based on apples-to-oranges comparisons. Of course SOAP has different adoption rates than the Web. SOAP is not the Web, it's another, different use of the Web infrastructure. Sure, we can argue about whether or not it makes sense to use the Web infrastructure for something different than its original purpose, but that's a lot like arguing that the Internet shouldn't be used for voice traffic. And by the way (as long as I'm at it), how and when are we going to get the W3C to stop working on the Semantic Web and take some leadership in Web services? Or maybe the message here is that the W3C only wants to work on the Web and not on Web services? Are we going to get our act together on this or become marginalized? Eric -----Original Message----- From: Baker, Mark Sent: Sunday, March 02, 2003 12:07 AM To: Champion, Mike Cc: www-ws-arch@w3.org Subject: Re: Visibility (was Re: Introducing the Service Oriented Architec tural style, and it's constraints and properties. On Sat, Mar 01, 2003 at 07:56:58PM -0500, Champion, Mike wrote: > And GET http://www.quotes-be-us.com/ibm is opaque to JMS implementations. Of course. Most things are invisible to a vanilla (i.e. without any prior knowledge of any application semantic) JMS implementation, because JMS provides an abstraction to OSI layer 6 protocols like BEEP or SOAP or IIOP. It does not abstract application protocols. If it's used to do so (which it is, of course 8-), then that means HTTP is being used as a layer 6 protocol too, not the layer 7 protocol that it is. > That's why SOAP exists to allow SOAP intermediaries to work the same across > protocol bindings. They tunnel over HTTP, FTP, SMTP, JMS impelementation, > MQ and other proprietary stuff with equal oblivion. I'm aware that this is the common view, as you're aware of my opinion that this use of SOAP has no future. FWIW, you can track the adoption of this use of SOAP here; http://www.markbaker.ca/2002/04/WebServicesGrowth/ As you can see, SOAP's growth over the Internet has been approximately linear. A far cry from the Web's growth, which can be seen here; http://www.mit.edu/people/mkgray/net/web-growth-summary.html There may be other reasons for this, but I have a good technical one that suffices to explain it; integration complexity is too high due to each service having a different interface than the next. > Huh? The SOAP paradigm gives a single framework -- XML, headers, > intermediaries -- that provides a place to put semantically meaningful > information in the content of a message that is equally meaningful > irrespective of the transport layers it exploits, tunnels, or whatever. The > use case is precisely the fact that it is hard to map semantically important > information from one protocol-specific form to another, so putting the > semantics in the content rather than relying on "bridging" the protocols > makes lots of sense. It is hard, but not impossible. And the good news is, there aren't very many application protocols. The downside of avoiding this hard work by just treating all these application protocols as transport protocols, is that it disregards the very reasons that these protocols became successful in the first place, as well as the useful architectural properties that their associated architectural styles exhibit. Different application protocol exist because there are different applications. Email is not the Web. The Web is not Usenet. Usenet is not IRC. IRC is not FTP. And they differ not just in their connectionless/connection, stateless/stateful, asynch/sync nature, they differ because they have different methods that are appropriate to those applications; uniform operations for hypermedia, file/directory-specific operations for FTP, chat channel specific operations for IRC, etc.. > Let's take this down a few levels of abstraction and just talk about > personal opinions on best practice. I think I've made my opinions pretty clear in many discussions here and elsewhere. We're miles apart, obviously. > So, back to "visibility." I think we have a pretty good outline of the > costs, benefits, and tradeoffs pertaining to visibility in different > scenarios. Is that true? Does the WG understand the costs? You've made it clear that you disagree with the problems I've described with Web services and firewalls. These are real problems that real developers have already felt, and will continue to feel. Surely the architecture document should provide some guidance on this? This, btw, is why I was chasing Dave as hard as I was; so that if it was recognized that visibility was reduced with Web services, even in "single protocol mode" <cough/), that there would be little choice except to say something about it. I would ideally like to see something like this said; "When it is desirable for a service to be used over the Internet, serious consideration should be given to using the REST architectural style, or other architectural styles which have greater visibility than WSA/SOA (such as those styles used by Internet email, FTP, IRC, etc..). This recommendation is being made because visibility is important to a firewall's ability to do its job, and firewall adminstrators may choose not to pass messages whose semantics are not as visible as they would like them to be." > It's quite clear that in the typical Web environment of today, > when security / reliability requirements are not terribly onerous, the > services under consideration involve moving information representations > around, and mature firewall technology is in place, then most of what you > say about HTTP and visibility is true and desireable. Ratchet up the > security/reliability requirements and put some complexity on the back-end, > however, and it's clear that the Web as we know it is not a great platform > for web sevices without the kind of help that the SOAP-based specs offer. > All that "visiblity" becomes a liability (as Roger has helped us understand > from the IT perspective). The data-in-URI issue has very little, if anything, to do with visibility. The only downsides of even 100% visibility, AFAIK, are that messages are typically large, and that data formats are standardized rather than optimized for the particular app. > The SOAP framework and the numerous standards and > proposals that work within it really do add value for the people working in > these areas. There are costs, of course -- XML/SOAP/WS-Security-aware > firewalls are clearly going to be more expensive in dollars and resource > requirements than vanilla HTTP-aware firewalls are. This is neither a Good > Thing nor a Bad Thing, just one more tradeoff that Web services architects > are going to have to take into consideration. Time will tell, I suppose. MB -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Web architecture consulting, technical reports, evaluation & analysis
Received on Sunday, 2 March 2003 12:02:04 UTC