- From: Burdett, David <david.burdett@commerceone.com>
- Date: Tue, 4 Mar 2003 08:43:19 -0800
- To: Mark Baker <distobj@acm.org>, "Champion, Mike" <Mike.Champion@SoftwareAG-USA.com>
- Cc: www-ws-arch@w3.org
- Message-ID: <C1E0143CD365A445A4417083BF6F42CC079B13F3@C1plenaexm07.commerceone.com>
Mark's statement that "The only downsides of even 100% visibility, AFAIK, are that messages are typically large, and that data formats are standardized rather than optimized for the particular app" reminded me of just how big messages can get when they are used for eBusiness. Here are two use cases: AEROSPACE For legal reasons, when an aeroplane is sold, the Invoice must be accompanied by a line by line parts breakdown including serial numbers. Given that there can be millions of parts in a commercial aeroplane, the estimated maximum message size can be up to 2GB. TELECOMMUNICATIONS Perhaps there aren't enough aeroplanes sold to make it worthwhile developing an approach to just meet their needs, so how about this example from the telecomms industry ... A major telecommunications company wants to provide an itemised Invoice detailing each call for a company with hundreds of locations. Sometimes there can be 100k+ line items. As each line is approximately 90 characters long (including tags), messages sizes can be easily over 10Mb or more. Typically, the way to handle this is to have a "utility protocol" to break up the message into smaller chunks prior to sending and then re-assemble at the far end. Do we want to include this type of requirement in our thinking? Also how well would this sort of problem be handled by a REST approach, without any additional work? David -----Original Message----- From: Mark Baker [mailto:distobj@acm.org] Sent: Saturday, March 01, 2003 9:07 PM To: Champion, Mike Cc: www-ws-arch@w3.org Subject: Re: Visibility (was Re: Introducing the Service Oriented Architec tural style, and it's constraints and properties. On Sat, Mar 01, 2003 at 07:56:58PM -0500, Champion, Mike wrote: > And GET http://www.quotes-be-us.com/ibm is opaque to JMS implementations. Of course. Most things are invisible to a vanilla (i.e. without any prior knowledge of any application semantic) JMS implementation, because JMS provides an abstraction to OSI layer 6 protocols like BEEP or SOAP or IIOP. It does not abstract application protocols. If it's used to do so (which it is, of course 8-), then that means HTTP is being used as a layer 6 protocol too, not the layer 7 protocol that it is. > That's why SOAP exists to allow SOAP intermediaries to work the same across > protocol bindings. They tunnel over HTTP, FTP, SMTP, JMS impelementation, > MQ and other proprietary stuff with equal oblivion. I'm aware that this is the common view, as you're aware of my opinion that this use of SOAP has no future. FWIW, you can track the adoption of this use of SOAP here; http://www.markbaker.ca/2002/04/WebServicesGrowth/ As you can see, SOAP's growth over the Internet has been approximately linear. A far cry from the Web's growth, which can be seen here; http://www.mit.edu/people/mkgray/net/web-growth-summary.html There may be other reasons for this, but I have a good technical one that suffices to explain it; integration complexity is too high due to each service having a different interface than the next. > Huh? The SOAP paradigm gives a single framework -- XML, headers, > intermediaries -- that provides a place to put semantically meaningful > information in the content of a message that is equally meaningful > irrespective of the transport layers it exploits, tunnels, or whatever. The > use case is precisely the fact that it is hard to map semantically important > information from one protocol-specific form to another, so putting the > semantics in the content rather than relying on "bridging" the protocols > makes lots of sense. It is hard, but not impossible. And the good news is, there aren't very many application protocols. The downside of avoiding this hard work by just treating all these application protocols as transport protocols, is that it disregards the very reasons that these protocols became successful in the first place, as well as the useful architectural properties that their associated architectural styles exhibit. Different application protocol exist because there are different applications. Email is not the Web. The Web is not Usenet. Usenet is not IRC. IRC is not FTP. And they differ not just in their connectionless/connection, stateless/stateful, asynch/sync nature, they differ because they have different methods that are appropriate to those applications; uniform operations for hypermedia, file/directory-specific operations for FTP, chat channel specific operations for IRC, etc.. > Let's take this down a few levels of abstraction and just talk about > personal opinions on best practice. I think I've made my opinions pretty clear in many discussions here and elsewhere. We're miles apart, obviously. > So, back to "visibility." I think we have a pretty good outline of the > costs, benefits, and tradeoffs pertaining to visibility in different > scenarios. Is that true? Does the WG understand the costs? You've made it clear that you disagree with the problems I've described with Web services and firewalls. These are real problems that real developers have already felt, and will continue to feel. Surely the architecture document should provide some guidance on this? This, btw, is why I was chasing Dave as hard as I was; so that if it was recognized that visibility was reduced with Web services, even in "single protocol mode" <cough/), that there would be little choice except to say something about it. I would ideally like to see something like this said; "When it is desirable for a service to be used over the Internet, serious consideration should be given to using the REST architectural style, or other architectural styles which have greater visibility than WSA/SOA (such as those styles used by Internet email, FTP, IRC, etc..). This recommendation is being made because visibility is important to a firewall's ability to do its job, and firewall adminstrators may choose not to pass messages whose semantics are not as visible as they would like them to be." > It's quite clear that in the typical Web environment of today, > when security / reliability requirements are not terribly onerous, the > services under consideration involve moving information representations > around, and mature firewall technology is in place, then most of what you > say about HTTP and visibility is true and desireable. Ratchet up the > security/reliability requirements and put some complexity on the back-end, > however, and it's clear that the Web as we know it is not a great platform > for web sevices without the kind of help that the SOAP-based specs offer. > All that "visiblity" becomes a liability (as Roger has helped us understand > from the IT perspective). The data-in-URI issue has very little, if anything, to do with visibility. The only downsides of even 100% visibility, AFAIK, are that messages are typically large, and that data formats are standardized rather than optimized for the particular app. > The SOAP framework and the numerous standards and > proposals that work within it really do add value for the people working in > these areas. There are costs, of course -- XML/SOAP/WS-Security-aware > firewalls are clearly going to be more expensive in dollars and resource > requirements than vanilla HTTP-aware firewalls are. This is neither a Good > Thing nor a Bad Thing, just one more tradeoff that Web services architects > are going to have to take into consideration. Time will tell, I suppose. MB -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Web architecture consulting, technical reports, evaluation & analysis
Received on Tuesday, 4 March 2003 11:43:52 UTC