SOAP author says enough specs already

SANTA CLARA, CALIFORNIA -- A Microsoft engineer had harsh words this week for vendors contributing to the plethora of Web services specifications, and advised developers to read less of them and get on with writing applications.

"Specs are like bodily orifices: Everybody has them and they all have certain unique characteristics. But just writing a spec means nothing. If you write a spec that no one implements, did it ever really specify anything?" Don Box, an architect in Microsoft's .Net software group, asked developers at the XML Web Services One conference here.

Box was one of the authors of the original SOAP (Simple Object Access Protocol) specification in 1998. He acknowledged having contributed to the "cacophony" of Web services specifications and said he plans to write less.

A "terrible, terrible thing" has happened in the past two years, he told developers here. The software industry has become so fixated on new specifications that it has lost sight of the fundamental goal: using XML to link software applications together. While some new specs that have been proposed are important and useful, others are too complex and still others will probably never be used, including some from Microsoft, he said.

XML (Extensible Markup Language), a technology at the heart of Web services, is by now "pretty stable," Box said, and "the Holy Trinity" of Web services -- meaning SOAP, WSDL (Web Services Description Language) and UDDI (Universal Description, Discovery and Integration) -- are complete enough for most developers to use.

Other specifications are being hammered out to address security, management, orchestration and other aspects of Web services, but he urged developers not to wait for the results.

"I strongly encourage you not to wait for all of this stuff to settle down. The important stuff has settled down sufficiently that unless you are building the enterprise information bus for your company, we are done. And if you're building that (information bus), wait a few months and that will settle down by the end of the year," he said.

His four tips for developers: Read fewer specifications, write more applications, write less code by using tools that generate code automatically, and remember that humans matter, so if you must write a specification, make it legible.

Anne Thomas Manes, an analyst with The Burton Group Corp., agreed in part. Service providers like Google Inc. and Kinko's Inc. have already deployed Web services that allow customers hook up to their computer systems, she noted, while Merrill Lynch & Co. Inc. is using Web services to link applications internally in place of IBM Corp.'s MQ Series messaging software, she said.

Upcoming specifications like WS-Security, being hammered out by Microsoft, IBM and Verisign Inc., will be useful for some, but in the meantime the existing SSL (Secure Sockets Layer) security standard "solves 80 percent" of security needs for Web services, she said.

Bob Sutor, IBM's director of Web services technology, touched on the standards issue here earlier in the day.

"This has got to be the year we stop talking about SOAP and WSDL and start talking a lot more about what a business can accomplish with Web services," he said.

Some specifications have been proposed for competitive reasons as much as because they solve any pressing need, Microsoft's Box suggested. "What matters is software, not specs written by vendors just to position yourself against five other vendors," he said.

Box joined Microsoft early last year to help develop its .Net Web services architecture and has a reputation as a lively speaker. At the 2001 TechEd show in Barcelona he led a discussion on SOAP while sitting in a bathtub.

On Monday, to show that solidarity exists at least among developers, he coaxed an IBM software engineer on stage and made him pose for a picture while he kissed him on the cheek.

The XML Web Services conference ends Thursday. Information is at http://www.xmlconference.com/