There’s a great rant in what looked like a great talk from rock stars Don and Chris, which Ben transcribed:

“It turns out a lot of the headache people have with Web Services or WS-* is tied to XSD. XSD is more flawed than most technologies that roam the earth. I was on the committee that created it, and that was back when I made my money explaining complicated technologies to people for money, and man, I could hear the cash registers ringing in my ears.”

“Now my job is making things simple, which is unfortunate since I’m stuck with XSD.”

“XSD was a standard-committee driven piece of ####ing crap.”

Amen, and thanks to the likes of you we’re saddled with the horror of schema. Instead of just moaning, maybe you could put some bums on seats over here.

Technorati Tags: databinding, Schema, XML

When creating a new resource, I happen to prefer POST over PUT because:

• POST the server chooses the new URI, returning it as a Location header.
• PUT the client chooses the new URI, which requires uniqueness such as the horrid GUID.

I also prefer POST for UPDATE, but only because PUT isn’t currently well supported by clients and is blocked by many corporate poxy-proxies.

Other people disagree, but the most convincing reason to change my preference is explained by an optimistic Paul.

Technorati Tags: REST

In one of the best bits of one of my favorite films, a gaggle of back office boys are presented with a bag of unlikely looking parts and told “we have too much CO₂, this is all we have to work with”. The result isn’t pretty, but it’s good enough. So it is with the Web, when there’s a problem, the geeks come up with an answer which doesn’t involve launching yet another rocket:

Quick, we need more bandwidth!

Bury more fiber? Um, DSL, different coloured lasers?

We’re running out of IP addresses, and need security

Roll out IPv6! Er, what about NAT, and there’s this TLS thing?

I want animation, GUIs!

Flash, Applets! Er, did you know you can call HTTP asynchronously from Javascript?

We need Single-Sign-On!

You can do that with a little redirection and hashing - OpenID?

You can’t use certificates inside a browser!

You can’t?

The Web is for people and I want Web Services!

Er, Why?

And so it continues. The story of the Web is “good enough”.

Technorati Tags: REST, WebServices

So there’s now an API to Yahoo! Mail, which we understand for historical reasons is very simple, minimal SOAP and WSDL, but:

Not all languages that support SOAP are compatible with the Yahoo! Mail Web Service, but all languages that support JSON-RPC are.

If the reason you’re using WS-* is interoperability with tools, then it could be time to rethink that new legacy you’re building.

Technorati Tags: SOAP, WebServices

Hey, flickr, I want to put some, if not all of my photos into the public domain. Why can’t I do that via Creative Commons licensing?

Technorati Tags: flickr, creative commons

I liked and mostly agreed with prefer following links over URI construction, well at least for creating resources - a POST to a factory is much better than letting anyone build their own URI and PUT a new resource. However I don’t think there’s any harm in letting people template and guess URIs when it comes to GET, after all that’s how HTML forms work. Following links is fine, in particular when accompanied by context such as an XML element name, a Microformat rel or a RDF arc, but you don’t need to encounter a link to find a location on Google maps. You see URIs are opaque, except when they aren’t.

Technorati Tags: REST, webarch

The great Robbie and Nigel are on Channel 9 talking about the BT Web21C SDK. Watch it!.

Technorati Tags: Web21C

Slides from today’s talk at QCon. 5.8 Megabytes of bandwidth wasting fluff in a PDF.

Technorati Tags: Qcon, REST, Web Services

Something has gone a bit wonkey-donkey with my comments system. Works fine if you’re logged in, but otherwise you see a page truncated halfway down. I’ll try and fettle it. Meantime I’m still getting around 5790 spams a day. It’s possible those two issues are somehow related.

Back from the W3C Workshop on the Web of Services for Enterprise Computing and I’m only just starting to begin to digest what happened. Here are my take-away themes:

Interoperability, Interoperability, Interoperability:

Hugo, presenting on behalf of Yahoo! and others made a better fist highlighting BT’s main pain points than I did: WS-* is attractive to developers, but doesn’t interoperate. Fix that. In particular fix databinding. Better support for WS-Security (WSS) would be nice, in particular surrounding authentication, but for the most part WS-* has gone striving off into la-la-land. YAGNI.

Uniform Interfaces:

Mark Baker must feel quite despondent that people still don’t get the power and benefits of the uniform interface after six years of trying everything apart from “how to make friends and influence people” ;). He missed a trick not showing his classic protocol independence diagram. Support and new arguments from the likes of Nick Gall and Pete Lacey helped people begin to appreciate POX simply isn’t good enough, however I’d include myself in those people who still don’t really grok what “hypermedia as the engine of application state” means to a developer writing code to buy stocks, but suspect that there is something profound to learn here. That is to say that this remains either an impedance to most people demanding REST services, or possibly the tipping point in their understanding. Mark Nottingham hinted he was working on a demonstration programming model and I for one can’t wait to see that!

Building for the past:

My position on behalf of BT was essentially the Enterprise is changing rapidly, at the heart of which is deperimiterisation. It makes no sense to build closed systems for internal consumption, or become bogged down in discussions of 1980s technologies and ideas. But I suspect that was lost on many. It seems like many still want to enshrine old systems in standards. One such proposal cropped up in a paper claiming to be “Poisson” (stochastic, more like :) presented and voiced several times during the meeting, demanded the “establishment of bindings for FTP”. Given the venue, I assumed that must be a SOAP 1.2 binding, and a description in WSDL 2.0, but that wasn’t at all clear. Over the years I’ve built a number of libraries for production systems around FTP, FTAM and other file transfer protocols for messaging, for document processing, retail systems and telcoms, the last one transferred 90 gigabytes of BT’s billing data each night between 80 different applications. RFC 959 was my bible, Jon Postel and Joyce Reynolds loomed large in my prayers, but in each case the requirements and resulting application protocols used were wildly different. How you’d begin to generalise and standardise such a thing without widespread interest beats the heck out of me. Say such a thing did reach W3C Recommendation in a few years time they’d still have to wait for it to be implemented, apply it to their systems and roll it out to customers. Meanwhile they could have written a few lines of PHP, exposed the service as HTTP and benefitted from widespread support as well as better integrity and compression.

Context and State:

I was rather prickly after sitting through Kurt’s presentation of Mark’s paper on how WS-Context is more Web friendly than WS-Addressing and the assumption we all knew and cared about problem they were trying to solve. It was only when Dave Orchard mentioned the forthcoming TAG finding on application state that the penny dropped. I think we missed a trick not discussing this topic more, as it is the perceived requirement for explicitly passing context and maintaining state beyond the URI which differentiates many “enterprise” requirements from bog-standard Web applications. In my experience, state carried outside of the URI and the contents usually falls into the premature optimization bag but YMMV.

The Elephant not in the Room

It’s funny, but it took until halfway through the second day before Microsoft got more than a passing mention, and that was in a ping-pong between vendors regarding lack of participation in the Databinding Working Group. I can imagine Microsoft saying “we don’t need to go to a W3C workshop to talk to our customers” but it did rather come across as a case of “they can’t hear you” and what’s more, they don’t care.

Theory over Practice:

Much as I liked the TAG’s position paper, I think I’d use it as an example of how many people still think around the art of the possible with the specifications, rather than what is possible with state of the art implementations. WS-* as she is specified is very different to WS-* as she is practiced. In particular Postel’s Law trumps all - hint: try using the “required” attribute in your WSDLs. It’s one thing to articulate an architecture based around concepts such as HTTP GET of SOAP or SOAP headers which can be ordered, quite another to build working interoperable systems based upon it.

Past the point of no return:

More than once we heard the “we’ve sold this technology to our board, you’d better make it work” plea, something I’ve been guilty of using myself in the past when banging the table for more testing at the WS-I. But here and now it seems quite inappropriate. I can’t help but conclude WS-* has lost the sunk cost dilemma, with a series of seemingly good decisions leading to a bad outcome. As a result we shouldn’t all fall into the sunk cost fallacy asking for new features to polish this clart: “we’ve bet the farm on your three legged nag, let’s bet more because it MUST win”.

Other highlights included The Hartford’s articulation of Newton’s 3rd law and the innovator’s dilemma (cool!), David Booth on uniform data models (great problem statement, but the RDF world still scares me silly), WADL love from all sides, and Jonathan’s gentle articulation on how to improve the quality of what we have.

Ken and Eric did a splendid job of allowing discussion over the course of the two days, but we had too many, too long, presentations. I could (and should have) presented for 10 minutes instead of 20. As a result I felt the wrap up was rushed and unsatisfactory. I wanted to leave with clear table of options for ways forward with votes for, against and “send people”, but instead we ended up with a long laundry list and not enough time to prune and process it before being given only two votes. But that’s a very minor quibble, really. Whilst things weren’t conclusive, they never could be with such a broad subject area, I felt a lot of the right people were in the room, and a lot of points raised to help both camps move forward.

So What’s the W3C to make of all this? Simple:

1. Please don’t form Working Groups for any other WS-* specifications, especially those which challenge Web architecture.
2. Make the stuff you have interoperate, a single WS-Core Working Group should help this.
3. The Web and Web services are radically different beasts. Let’s make that clearer and think about helping people just use the Web for exposing services.

Which was in essence, my position on behalf of BT. Maybe it was I who wasn’t listening ;-)

Finally, if you want an insight as to what it’s like to be a member of the WS-* standards circus, and think about how this is all going to shake out, then I recommend reading Bob Freund’s magnificent late entry paper Current haphazard tessellation amongst standardization bodies is harmful, confusing and employs too many lawyers.

There are a few shaky photos on my disappointing new camera up on my flickr stream, if you have any, consider tagging them with WSEC and adding them to the photo pool.

Technorati Tags: WSEC, w3c, Web Services