mark nottingham

The WS-Empire Strikes Back... feebly

Friday, 4 July 2008

Web Services

Here’s a gem on a little-used mailing list:

As most of you know, over the last several years fairly good progress has been made on standardizing Web services. Many Web services specifications have, in fact, been standardized in W3C (i.e. SOAP 1.2, WSDL 2.0, WS-Addressing, WS-Policy, etc). There is still some work to be done.

Accessing data about a resource through Web services is an area of the Web services architecture that has yet to be fully realized. Some good work has already been done to date, however, some pieces of the overall puzzle are still waiting to be completely standardized.

[…]

We believe that four specifications, in particular, work together to provide mechanisms for accessing and manipulating the XML representation of a resource as well as any metadata associated with that resource. The four specifications are:

To this end, we recommend that the W3C create a new Working Group (with the suggested name of ” Web Services Resource Access Working Group”) to standardize the four specification mentioned above.

Right… So they need a protocol to access resources on the Web (this is Web services, after all…). Quite a puzzle indeed; what to do? This certainly isn’t possible on an Enterprise scale today.

My first concern was that Big Vendors and the W3C are still trying to replace HTTP with SOAP, but then I realised that there’s a far greater risk (because it’s more probable that it’ll actually happen); if they charter this group, they’re risking waking Mark Baker from his well-deserved hibernation. The fools!


9 Comments

anonymous said:

“Big Vendors and the W3C are still trying to replace HTTP with SOAP”

Did you mean HTML? Many, if not most, web services run as SOAP over HTTP.

Saturday, July 5 2008 at 3:13 AM

andy said:

well said mark! The architecture astronauts are on the charge again… take cover!

Saturday, July 5 2008 at 9:44 AM

stu said:

from what I understand, the whole point of this is

  1. to standardize the specs that WS-Management relies on (which is a DMTF standard – but the underlying specifications aren’t actually standards!).

  2. to unify the WS-Resource framework with WS-Management so that IBM’s WSDM is interoperable with WS-Man … maybe this will mean the 8 people who’ve used WS-RF in a grid (e.g. globus) context can move away from WS-ResourceProperties too.

In the IT management & monitoring (m&m) space this is necessary because (egads) most windows management & monitoring is supposed to be based on WS-Man … while much of IBM’s is based on WSDM…. what a mess.

what’s concerning is that these frameworks aren’t just about IT management, they’re general purpose resource manipulation frameworks. which brings us back to the “HTTP over SOAP over HTTP” observation…

Sunday, July 6 2008 at 4:28 AM

rich salz said:

I’m missing something; if I want to know the security policy (XACML, let’s say) at a particular URL how do I do that? Use Accept: text/xacml+xml ? It’s not a protocol to access resources per se, but rather metadata about resources. I think content-negotiation can be made to do this, is that what you mean?

Tuesday, July 8 2008 at 4:37 AM

Arien said:

“if I want to know the security policy (XACML, let’s say) at a particular URL how do I do that?”

Using OPTIONS?

Tuesday, July 8 2008 at 8:40 AM

Ulf said:

if I want to know the security policy (XACML, let’s say) at a particular URL how do I do that?

Using OPTIONS?

What if I’m not using HTTP as the transport?

I agree that the WS-* stack is too big and unwieldy already, though. To that end, it’s interesting that the companies putting forward these specs all have tools and/or services on offer.

Wednesday, July 9 2008 at 6:49 AM

Arien said:

if I want to know the security policy (XACML, let’s say) at a particular URL how do I do that?

Using OPTIONS?

What if I’m not using HTTP as the transport?

I took the question to mean “how would I obtain the security policy at a particular URL using HTTP?” (because of the mentioned Accept header and the topic of the post). And that’s how I’d do it.

If you’ve got WS-* on top of whatever protocol you’re using as a transport, you’ll have to solve it somewhere in WS-*. In the case of HTTP, that’s the result of treating HTTP as a transport. And we’re back to the topic of the post…

Wednesday, July 9 2008 at 9:17 AM

rich salz said:

I really want to know what Mark was thinking of when he wrote his penultimate paragraph. Unless I’m misreading the sarcasm there.

Thursday, July 10 2008 at 7:01 AM