It’s worth noting that a number of standards said to be “vendor-driven” are primarily of interest to vendors. For example,
another architect interviewed for this story was hands-on with WS-Security but unaware that WS-Trust plays a role in his implementation.
Why? The WS-Trust protocol is spoken only between his security broker, VordelDirector, and his identity provider, Entrust.
The messages exchanged between his company and its Web services partner have nothing to do with WS-Trust, says Mark O’Neill,
CTO of Vordel. “We and Entrust chose to use it because it’s a spec that we don’t have to work out ourselves,” he says. The
WS-Security protocol used by the service end points and the WS-Trust protocol used by infrastructure components are “solving
completely different problems -- it just so happens that both involve specs that begin with WS."
Along with security, reliable messaging is a key PGP concern. With various flavors of message-oriented middleware in play,
along with multiple versions of some of these (such as JMS), the company values the Network Director RM’s capability of hiding
the differences. Although that product’s support for WS-ReliableMessaging is not immediately relevant, PGP is evaluating Indigo,
which natively supports the standard. “Blue Titan in concert with Indigo will make RM [reliable messaging] really, really
easy to do,” Brodbeck says.
To the short list of important standards such as WS-Security and WS-ReliableMessaging, Brodbeck adds RSS, the wildly popular
format for Weblog syndication. That PGP would regard this variant of WS-Lite as strategic may surprise you, but if you think
about how collaboration and knowledge management drive the top line in an organization such as Pfizer, it shouldn’t. What
PGP envisions, however, is not your garden-variety blogging software. “We have to recontextualize RSS for the enterprise,”
says Richard Lynn, PGP’s vice president of global applications and architecture.
PGP’s requirements include virtualizing RSS feeds so that they’re independent of hard-coded addresses, aggregating them for
specific business functions and securing them using the same kinds of declarative policies that govern existing Web services.
According to Frank Martinez, founder and CEO of Blue Titan, a forthcoming release of Network Director will address these requirements,
building on the product’s capability of wrapping WS-Heavy infrastructure around WS-Lite protocols.
Heavy, Lite, or Just Right?
When you regard the WS-* stack as a whole, you have to conclude that the critics are right: It really is a monster. Taming
it will require, in part, a unifying conceptual framework. That’s a point that Gannon, Khan, and Subramaniam each make in
different ways. Gannon points to a series of blueprints and reference models published by OASIS. These documents aim to help
architects understand how the various WS-* specs, which are designed as modular building blocks, combine to solve specific
problems. For Ohio State’s Khan, it’s not just about blueprints. He needs a toolkit that tames the complexity and thinks Indigo
will be that toolkit.
RouteOne’s Subramaniam hopes that a recent initiative called JBI (Java Business Integration) will be a unifying force in the
Java world. What’s hard about Web services, he says, “is that you have to see the whole picture -- WSDL, and then SOAP, and
relevant parts of WS-Security, and BPEL.” He’s anxious for vendors such as SeeBeyond, which was recently bought by Sun Microsystems,
and webMethods to embrace JBI. “When you can see how it all fits together in the big picture of JBI, a very nice infrastructure
emerges,” he says.
Of course, toolkits and frameworks are double-edged swords. Even when wire protocols are standard and open, you can get locked
in to proprietary abstractions layered on top of those protocols. That’s why pragmatic architects and developers who don’t
yet need advanced WS-* features tend to focus on the basics: SOAP and WSDL. “If you need some kind of envelope, why wouldn’t
you use SOAP?” Subramaniam asks. “And if you need to describe your interfaces precisely, why wouldn’t you use WSDL?” Frank
Grossman, co-founder of Mindreef, says that most of the customers who use his company’s SOAPscope diagnostic suite have adopted
this strategy, which he adroitly labels “WS-JustRight."
For Grossman and others, WS-JustRight means using SOAP and WSDL to strike a balance between formal contracts and agile interoperability,
while laying a foundation for future use of more advanced SOA features. PGP’s Brodbeck agrees that WSDL is the key enabler
of reusable business transactions and processes. He also extends the definition of WS-JustRight, however, to include enterprise-enabled
RSS as the key enabler of reusable content.
For many practitioners, WS-JustRight now includes aspects of WS-Security, too. For a few, it includes reliable messaging,
transactions, routing, and policies related to these features. The definition will evolve over time, but the only one that
really matters now is the one that’s just right for you.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
