XML or Java-Centric Web Services?

> Brilliant stuff, Saish.

>

> The interface problem troubles me a lot. Your

> comment about changes to a POJO or EJB rippling out

> to clients is spot on. But I'm not sure that I want

> to buy everything that the extra complexity of WS-i

> is selling.

>

Another option is ws02. http://wso2.com/. They have some promising and cool toys, but right now, we did not think they were stable enough. Definitely worth checking out though.

> Our org is about to embark on its service oriented

> architecture journey. My fear is that we haven't dug

> deep enough to answer these questions. The choices

> are important and will have long-lasting effects.

>

There are a lot of different takes on SOA, which makes me think it really is not all that new. (How is SOA really different from CORBA anyway?) I like thinking of SOA as two ideas: isolation and ownership. I know reuse is often cited, but given how few times I reuse my own code, reusing a service would seem just as problematic. Isolation so legacy code cannot 'infect' or ripple outside of its owning service. And speaking of which, ownership. Ideally, the service would uniquely own every domain, integration and persistence component, down to a database table/column (admittedly hard to achieve for legacy applications). Then, all calls have to enter the service layer. When you have those two things: isolation and ownership, that to me is SOA.

There was some web site, and I will mangle this quote, but it went something like, "One developer actually did figure out what SOA is, but he died immediately from the Truth."

> Sometimes I think that this is just another effort by

> tool vendors to lock us into their stack and tools.

> It hasn't worked out with Java EE, with OSGi coming

> on board, so now they're moving onto WS-I to lock us

> in.

>

Yepper. At the very least, it is a nice way to sell re-architecting your system to the business side. It is a rare day to get a project like that approved otherwise.

> Great post, as usual. Thanks for taking the time.

> Sincerely, %

Likewise!

- Saish

Saisha at 2007-7-8 22:59:28 >

> Another option is ws02. http://wso2.com/. They have

> some promising and cool toys, but right now, we did

> not think they were stable enough. Definitely worth

> checking out though.

Totally ignorant of this. Thanks for the link.

> There are a lot of different takes on SOA, which

> makes me think it really is not all that new. (How

> is SOA really different from CORBA anyway?)

I've asked myself that every day.

> I like

> thinking of SOA as two ideas: isolation and

> ownership. I know reuse is often cited, but given

> how few times I reuse my own code, reusing a service

> would seem just as problematic. Isolation so legacy

> code cannot 'infect' or ripple outside of its owning

> service. And speaking of which, ownership. Ideally,

> the service would uniquely own every domain,

> integration and persistence component, down to a

> database table/column (admittedly hard to achieve for

> legacy applications). Then, all calls have to enter

> the service layer. When you have those two things:

> isolation and ownership, that to me is SOA.

Yes. This means a non-overlapping universe of data sources in the back. Completely unshared, and only accessible via the service. No worries about inconsistency, because only one service will own that data.

> There was some web site, and I will mangle this

> quote, but it went something like, "One developer

> actually did figure out what SOA is, but he died

> immediately from the Truth."

And ascended to heaven in a flaming chariot. 8)

> Yepper. At the very least, it is a nice way to sell

> re-architecting your system to the business side. It

> is a rare day to get a project like that approved

> otherwise.

I think it's our opportunity to finally get the data mess sorted out, but if we screw it up this time we're really done.

The one benefit of stovepipes is that they ARE isolated - their mess can't affect others. (They also can't communicate in a beneficial way, either.) With SOA they'll all be coupled and connected. I'm scared of this. Our track record isn't good.

Have you read Roy Fielding's dissertation on REST?

http://roy.gbiv.com/pubs/dissertation/top.htm

Could be good stuff. I like the simplicity of it. It'll feel familiar to developers, because they already know HTTP and servlets.

No ESB or Workshop to sell, though.

%

duffymoa at 2007-7-8 22:59:28 >

> One other thing that might impact the choice between

> going XML-centric vs Java-centric, would be if you

> have already a large code base and want to expose (as

> Web services) stuff that you wrote before. In that

> case, it might be better to go Java-centric. OTOH, an

> XML-centric approach is easier to adopt if you

> haven't written any code yet.

>

> One problem with going XML-centrist would be if your

> schema is bound to change often, and schema

> versioning. In effect, you have another type of

> coupling here, between your application and your XML

> structure. If the schema changes, you need to

> re-generate your classes. Reverse-engineering tools

> might ease this issue.

This coupling is what scares me to death.

> Having a set of generated classes from schema might

> help to get started writing code. However most of

> these binding frameworks use JavaBean wrappers that

> are not exactly OO. To me, OO design goes well beyond

> a bunch of get/set methods. This may sound foolishly

> academic.

Not foolishly academic IMO. This is spot on.

> Anyway, one solution would be to go with your

> suggestion to do the XML-binding with aspects

Now you're preaching to the choir. We'd like to have Spring as the basis for all services.

> instead, then you would effectively isolate your OO

> code from XML. You could also provide different

> XML-bindings without changing your code, and keeping

> the class structure you want. I heard JiBX does

> something to that effect.

> As for ESBs, it seems that the architectural choice

> between Java-centric (ServiceMix) and XML-centric

> (Mule) approaches is still there. I'm no ESB expert

> though, and I'm still busy trying to separate the

> reality of the technology from the hype.

I didn't realize the distinction. Sonic appears to be the front runner here (our management likes spending money on licences). I'll have to see which camp it falls into.

Another great post. Thanks, karma-9

%

duffymoa at 2007-7-8 22:59:28 >

It is actually really simple (at least this implementation is). The thing that scares me about aspects is that you in effect have a whole set of code that fires "magically" on method invocations. It is easy to understand with one aspect, but once you have multiple ones, I think you open yourself up to very hard to detect and debug runtime errors. So, I simply opt to use AOP once, as a bridge to a set of chained "aspects". However, the latter are just POJO's using OOP. So, it ends up looking something like this:

EJB Method Invocation

JEE 5 EJB Interceptor (Around Invoke Aspect)

Custom Interceptor enforcing proper ordering of aspect firing

Invoke actual method

End of Aspects and Rejoining of EJB Invocation

The aspects are added to any JEE 5 EJB via annotations. Here are a few:

@Authenticate (AuthenticationPolicy.PASSWORD)

@Authorize (Role="Poobah")

@Validate (Method="checkBalance")

@Orchestrate (ProcessName="transferAccount")

@Audit (AuditPolicy.FULL)

@TransactionAttribute (TransactionType.REQUIRED)

@Session

Then the EJB itself simply delegates the actual work to domain objects. It only needs to define a few annotations (some are opt-in, others are opt-out). Developers now should only have to worry about business or integration logic in the domain.

Here is a snippit of the interceptor (minus the annotation processing which is delegated to another class, and as you can see, I am still working on the async aspect):

@AroundInvoke

public final Object invokeEjb(final InvocationContext ctx)

throws Exception {

// Indicate start of AOP interception

boolean unexpectedExit = false;

String method = ctx.getMethod().toGenericString();

log(this.getClass().getName() + " starting interception of method '" + method + "'");

try {

// Apply pre-invocation audit

if (AOP_AUDIT != null) {

log(ME + " invoking AOP audit on start '" + AOP_AUDIT.getClass().getName() +

"' for method '" + method + "'");

AOP_AUDIT.onStart(ctx);

}

// Apply authentication

if (AOP_AUTHENTICATION != null) {

log(ME + " invoking AOP authentication '" + AOP_AUTHENTICATION.getClass().getName() +

"' for method '" + method + "'");

AOP_AUTHENTICATION.authenticate(ctx);

}

// Apply authorization

if (AOP_AUTHORIZATION != null) {

log(ME + " invoking AOP authorization '" + AOP_AUTHORIZATION.getClass().getName() +

"' for method '" + method + "'");

AOP_AUTHORIZATION.authorize(ctx);

}

// Apply validation

if (AOP_VALIDATION != null) {

log(ME + " invoking AOP validation '" + AOP_VALIDATION.getClass().getName() +

"' for method '" + method + "'");

AOP_VALIDATION.validate(ctx);

}

// If we are processing asynchronously, send the message now, and then continue on to finalize

if (AOP_ASYNCH != null) {

log(ME + " delivering asynch AOP message '" + AOP_AUDIT.getClass().getName() +

"' for method '" + method + "'");

log(ME + " confirmed delivery of AOP message '" + AOP_AUDIT.getClass().getName() +

"' for method '" + method + "'");

}

// Apply business process orchestration (jBPM)

if (AOP_ORCHESTRATION != null) {

log(ME + " invoking AOP orchestration '" + AOP_ORCHESTRATION.getClass().getName() +

"' for method '" + method + "'");

AOP_ORCHESTRATION.process(ctx);

}

// Finally, invoke the method itself

log(ME + " invoking intercepted method '" + method + "'");

Object returnValue = ctx.proceed();

// Apply post-invocation audit

if (AOP_AUDIT != null) {

log(ME + " invoking AOP audit on success '" + AOP_AUDIT.getClass().getName() +

"' for method '" + method + "'");

AOP_AUDIT.onSuccess(ctx, returnValue);

}

// Return the value received by the method

return returnValue;

}

// Handle any errors

catch (Throwable cause) {

if (AOP_AUDIT != null) {

log(ME + " invoking AOP audit on error '" + AOP_AUDIT.getClass().getName() +

"' for method '" + method + "'");

AOP_AUDIT.onError(ctx, cause);

}

// Handle the error normally but we must manually re-throw an AbstractException

unexpectedExit = (cause instanceof AbstractException == false);

ErrorHandler.getInstance().process(cause);

if (cause instanceof AbstractException) {

throw (AbstractException) cause;

}

// This line should never fire. ErrorHandler will re-throw any other exception encountered

throw new UnexpectedError(ME + " received a totally unexpected error that the " +

"ErrorHandler should have previously thrown!!!", cause);

}

// Indicate completion of the method

finally {

if (AOP_AUDIT != null) {

log(ME + " invoking AOP audit on finalize '" + AOP_AUDIT.getClass().getName() +

"' for method '" + method + "'");

AOP_AUDIT.onFinalize(ctx);

}

if (unexpectedExit) {

LOG.warn(this.getClass().getName() + " UNEXPECTEDLY finished interception of method '" +

method + "'");

}

else {

log(this.getClass().getName() + " finished interception of method '" +

method + "'");

}

}

}

The key part is the @AroundInvoke annotation, which enables the EJB3 interceptor (well, there is another class annotation not present, but trivial). The other key part is you only have one object like this and at the service layer.

There is obviously a decent amount of code to provide each of these aspects, but again, they are written as OOP POJO's.

- Saish

Saisha at 2007-7-8 22:59:28 >

> One other thing that might impact the choice between

> going XML-centric vs Java-centric, would be if you

> have already a large code base and want to expose (as

> Web services) stuff that you wrote before. In that

> case, it might be better to go Java-centric. OTOH, an

> XML-centric approach is easier to adopt if you

> haven't written any code yet.

>

Definitely a fair point. However, I think you also have to include all legacy systems in your enterprise in this analysis. The more heterogenous the environment, the more you will be pushed to take the XML-centric approach.

> One problem with going XML-centrist would be if your

> schema is bound to change often, and schema

> versioning. In effect, you have another type of

> coupling here, between your application and your XML

> structure. If the schema changes, you need to

> re-generate your classes. Reverse-engineering tools

> might ease this issue.

>

Right, but I think that's the nature of the beast. The service is a contract, however it is exposed. If something changes underneath, modification of the service could be required as well, whether a schema, Servlet or EJB.

> Having a set of generated classes from schema might

> help to get started writing code. However most of

> these binding frameworks use JavaBean wrappers that

> are not exactly OO. To me, OO design goes well beyond

> a bunch of get/set methods. This may sound foolishly

> academic.

>

I 100% agree. I have seen these called both 'boundaries' and 'component models'. A big push, IMO, has been 'programming by default', where frameworks code for the majority of cases leaving you to choose whether you want the default behavior or finer grained control. With most component models and boundaries, you are forced by the technology to make compromises. Examples are the HTTP-OO boundary, Relational-OO boundary, Web Service-OO boundary, etc. If you can find a programming by default solution (in this case java-centric JSR 181 or something similar), go for it. The last thing I think we all want is another component model ala Struts with a lot of boilerplate code. That in my opinion is one of the real disadvantage of the XML-centric solutions.

> Anyway, one solution would be to go with your

> suggestion to do the XML-binding with aspects

> instead, then you would effectively isolate your OO

> code from XML. You could also provide different

> XML-bindings without changing your code, and keeping

> the class structure you want. I heard JiBX does

> something to that effect.

>

I have not quite taken it that far, but I think it is a great idea and will check out JiBX. I am just trying to use aspects to simplify the coding of a service (again, programming by default).

> As for ESBs, it seems that the architectural choice

> between Java-centric (ServiceMix) and XML-centric

> (Mule) approaches is still there. I'm no ESB expert

> though, and I'm still busy trying to separate the

> reality of the technology from the hype.

One thing the ESB's do seem to offer nicely is versioning of services. Whether they are primarily written as schemas or POJO's or EJB's, I think true SOA will have to elegantly handle different simultaneous versions of a given service (according to some deprecation, support or sunset policy, whatever that might be). It gets even more complicated when you add BPM. What happens when a long-lived process (say on the order of weeks) has a service contract change?

Great points Karma!

- Saish

Saisha at 2007-7-8 22:59:28 >

I 100% agree Dubwai. We are going the schema-centric route. You can map to WSDL (we do this with XSLT) and then over to POJO's (via XMLBeans or JAXB). You still need to link the XML component model with your service endpoint, but that's the game we have opted to play.

I wish there was better tooling to manage a schema source tree ala a Java one.

- Saish

Saisha at 2007-7-8 22:59:28 >

> I 100% agree Dubwai. We are going the schema-centric

> route. You can map to WSDL (we do this with XSLT)

> and then over to POJO's (via XMLBeans or JAXB). You

> still need to link the XML component model with your

> service endpoint, but that's the game we have opted

> to play.

Just to reiterate, I would strongly recommend using JAXB to create schemas for your classes and not the other way around. There are two reasons:

1. w3C schema, DTD and RELAX NG all have much richer data structures than can be declared in Java (without executable logic.)

2. When you generate classes from the schema, you have completed the real task: binding the data to your 'real' Objects. This will either have to be done manually in reams of brittle code or you will be pulling your hair out trying to massage JAXB into doing the right thing.

If you generate the schema from your class you get simple transparent bindings to your class. And not to knock on JAXB or Castor's binding work but it's vastly easier to transform one XML into another using a XML specific language like XSL. A lot of tools have visual editors that greatly increase developer efficiency while maintaining standalone hand-editable code. If XML is a screw, XSL is a power-driver and Java is the broad side of a hatchet.

dubwaia at 2007-7-8 22:59:28 >

> This to me seems an argument in favor, rather than

> against, using schema-centric.

Maybe I misunderstand your meaning here but this isn't an argument for or against schema centric webservice design. It's really just that the common approaches to XML -> Object binding are very flawed in my opinion. Instead of trying to create a new XML based binding language, tools like JAXB should just be using XSL to bind to a canonical schema for the target (or source) class. But in lieu of that, we can do this ourselves.

I don't think we should be automatically generating Java code (except perhaps as scaffolding) from WebServices. My perspective may be somewhat unique because I experience being the middle-man in a complex B2B web of relationships. We had no choice but to support many different specifications for the same services. Some of these were vastly different in structure (even between versions of the same spec) but represented the same high-level serivce. Our leadership kept insisting we were going to try and get everyone on the same spec but it was never going to happen. By not dealing with this issue and decoupling the format of the messages from the logic that supported them, we had many problems including massive duplication of effort and all the problems stemming trom that. The attempts to do this had used standard JAXB class generation and were brittle and extremely code intensive. Think 10 levels of nested if A != null { if A.B != null { if A.B.C != null ... and no effective way to write resuable utilities across services and often even within them. Some of these issues could be resolved in newer verisons by converting to DOM but then why bother with JAXB?

dubwaia at 2007-7-21 16:46:52 >

> > Yes, but this is only true because the approach is

> > incorrect, IMO.

>

> IMO too. Still, this is the main approach that I

> encounter when I look at legacy code in Web services.

Yeah, it's common. It's probably because there aren't any well known tools that put you on the right path, at least none that I know of.

> > The approach I adamantly recommend is that, if you

> > are defining the service, create your contract

> first

> > without writing a line of Java.

>

> From the little that I know of Spring Web

> services (basically limited to this

> [url=http://www.infoq.com/articles/arjen-poutsma-sprin

> g-ws]interview on InfoQ[/url]), their approach is

> similar: start by writing a service contract, then

> write the Java classes as an implementation detail.

If you read those articles on the first page, the author makes it very clear that the contract is the most crucial part of the web-service. The implementation is pretty unimportant other than that it works and even that can be resolved. If you screw the contract up, there's little you can do to remedy the situation.

What scares we is that so many people want to make the web-services contract an artifact of their code. This to me completely misses the point. Web-services aren't just a fancy way to do RPC. A service is a lot more than that.

dubwaia at 2007-7-21 16:46:52 >

If you don't comply with WS-I BP 1.0 you're heading for trouble unless you know you control all clients for the web service now and into the future.

We ran into a major customer who couldn't (despite months of trying) get our web services (which are XML based but have some WS-I violations due to legacy issues brought on by our WS stack).

We're now going to have to build a special access library around our WS layer for them, effectively proxying their requests to our web services through a special service layer deployed on their systems.

Hardly what you expect of web services, which are supposed to require no special software installation client side except their own WS client stack which can be pretty much anything as long as it's compliant.

We'd love to upgrade our stack to something more modern but because of backwards compatibility issues with customer products accessing the WS layer that's impossible (literally thousands of people depend for their everyday work on that stack, it's not feasible to deploy new software to them all just because we want to change something).

jwentinga at 2007-7-21 16:46:52 >

Sometimes I think that people complicate too much. This stuff about web services is so big, and the more you digg, the more you realise that there is no right way to do it.

Everyday we see new patterns appearing, new frameworks everybody is talking about, and so many specifications to follow.

I know its not a good way of doing thing, but sometimes I don't really follow the rules.... I was until last week working in a project:

ernstandedgar.dyndns.org

in which we needed to have a set of webservices that could listen to request from the mobile phone as well as from the web app, in the beginning we were keen to use SOAP with anotations, but we ended up using normal servlets....

The cost to send for eg a single id using soap from the mobile phone was just to costy, what I big envelop....

I know I am not that experient when It comes to working with webservices, but from what I am getting, there is no right path... it all depends on the project...

Great posts out there people ;)

MeTitus

Me_Titusa at 2007-7-21 16:46:52 >

LOL...

Now we have this Rest framework, what will we have in two weeks time.. probably a new lot of frameworks. Frameworks won't stop comming. I am not a fan of .net, but at least when working with web services, the choice is not that much... I think that one of the problems Java will face in the future is the amout of diferent frameworks that will exist. Its good when he have a couple of tools to turn to, but when it gets to the current stage is bad... I just think that is all becoming to confusing. So many protocols, so many frameworks, I could never imagine XML would do all of this...

I am just going to strict to normal post/get, perhaps I will also use Annotations, very straight forward and its not dependent on any xml scheme... good ;)

MeTitus

Message was edited by:

Me_Titus

Me_Titusa at 2007-7-21 16:46:52 >

> IMO, CORBA was actually OO-based SOA (with

> IDL-defined interfaces ).

>

I would agree with that. So, we have traded OO-based SOA for hierarchy-based SOA (e.g. XML)? :^)

> I know lots of people who would have a problem with

> that, if their main motivation about going SOA is the

> reuse of services.

>

I agree with that as well. I will be the first to admit to this sin: reuse is difficult. It is not so much that reuse cannot save time, it is the difficulty in both documenting what is available and also taking the time to search what has been documented. I am not sure how SOA solves this any more than OO solves it. You are simply dealing with larger 'building blocks' than objects, IMO.

I do think widespread adoption of BPM in an organization can help to change that, but there are a whole host of new issues that are brought up (versioning, long-lived transactions, etc.)

> And since there are hundreds of definitions of SOA

> (each more or less correct in its own context),

> here's mine, for what it's worth:

>

> SOA is an architecture based on services, where a

> service is a (usually distributed) resource that is

> accessed in accordance with its interface. Therefore,

> how the service is implemented (Java, C++, etc...) is

> irrelevant to the client of the service.

>

> That's it. Wonderfully simple and practically useless.

Definitely not useless. I would agree with your definition. I would just add ownership and isolation. Legacy code exists, and we need some way to have SOA leverage it.

- Saish

Saisha at 2007-7-21 16:46:52 >

> Ran a little search, and found

> [url=http://webservices.sys-con.com/read/136190.htm]on

> e article[/url] where that author lists and explains

> those principles which are:

>

>* services are loosely coupled

Hard to disagree with.

> * services share a formal contract

Between each other or each? The latter seems the only possible interpretation.

>* services abstract underlying logic

Nothing to disagree with.

> * services are composable

Nothing to disagree with

>* services are reusable

Nothing to disagree with (though see caveat on reusability in previous posts)

> * services are autonomous

I am not sure what is being said. Is this an expansion on loose coupling?

>* services are stateless

Yes, that is the prescription, but linking a service to BPM or orchestration in general will introduce state, so my guess is this stricture will be relaxed.

> * services are discoverable

If discoverable internally (e.g., for documentation purposes), then I have nothing to disagree with. If discoverable externally, I have yet to find a company doing so. If they are doing so, I will whack them on the head and ask why.

BTW, please take the above in the spirit it was intended, just to spark some thoughts. When I re-read my responses, most indicate I have nothing to disagree with. I have developed an instinctive fear of ideas I cannot disagree with. It normally means the ideas are not saying much.

For example, "Services allow faster, more efficient, more reusable, language independent development." All well and good, but have I said much?

- Saish

Saisha at 2007-7-21 16:46:57 >

> > * services are autonomous

>

> I am not sure what is being said. Is this an

> expansion on loose coupling?

This is a good example. From his artcile on autonomy and statelessness:

"For services to provide reliable, predictable performance they must exercise a significant degree of control over their underlying resources. Autonomy represents this measure and this principle emphasizes the need for individual services to possess high levels of individual autonomy."

I take this to say in part that services should not depend on each other, which is, to be honest, not something I had really been thinking. I don't think this is an obvious conclusion nor is it one that you here much about.

dubwaia at 2007-7-21 16:46:57 >

From Erl's definition of "pure" autonomy (which I take to be normative):

Pure autonomy The underlying logic is under complete control and ownership of the service. This is typically the case when the logic is built from the ground up in support of the service.

Again, vocabulary can be an issue, but referring back to my original assertions of what differentiates SOA, that quote, to me, *is* ownership and isolation.

- Saish

Saisha at 2007-7-21 16:46:57 >

> From Erl's definition of "pure" autonomy (which I

> take to be normative):

>

> Pure autonomy The underlying logic is under

> complete control and ownership of the service. This

> is typically the case when the logic is built from

> the ground up in support of the service.

>

> Again, vocabulary can be an issue, but referring back

> to my original assertions of what differentiates SOA,

> that quote, to me, *is* ownership and isolation.

>

> - Saish

You almost seem to be saying that you don't agree with it because you agree with it so much ; )

dubwaia at 2007-7-21 16:46:57 >

> When you say that it i hard to argue against them,

> are you saying you agree with them or that they are

> stated in such a way that there is no way to argue

> against them?

>

Exactly. I think most serious decisions involve trade-offs and compromises. But you never hear anything like that in discussions of SOA. It appears to be a pure, universal good in terms of architecture, the way it is marketed. Whenever I hear something that sounds too good to be true, it usually is.

> Maybe I need to give an example of why I think these

> are useful because I agree with you that at least in

> general, these are not concepts that are shocking and

> surprising. My personal belief is that SOA is

> evolutionary and not revolutionary, if you'll forgive

> the cliche. CORBA is an technology that could be

> used to implement SOA. I believe that EDI can be

> used to implement SOA. SOA is more general, like OO.

> SOA and OO also have parallels but I think that the

> Object concept doesn't translate well to SOA. I

> think it goes back to the "7 (or 8?) myths of the

> network".

>

I totally agree that SOA could be realized via CORBA and that SOA and OO are strikingly similar. Look at the aspects common to both: modularity, reusability, loose coupling, autonomy, etc. IMO, services are conceptually like "larger" objects. They simply represent a unit of organization. A cynic might respond that OO was supposed to solve most of these problems a few decades ago, and it has not. Software complexity is continuing to grow to the point where developers without tooling will have a hard time coping.The solution? Create a larger unit of organization to keep track of. Now, you "think" in services and "build" in objects.

> But here's what I mean. I have a boss at work that

> has decided that SOA is the way to go but nobody

> really knows what that means. He's convinced that

> every query should be set up as a service. Really,

> everything is supposed to be a service. When I look

> at these articles, it makes me feel more confident in

> my beliefs that this doesn't make sense. Not just

> because he's saying what I think, but because he's

> articulating what I've learned from personal

> experience in a way that I can not and pointing out

> subtleties that aren't obvious (at least not to me.)

>

Sorry, I got confused. You do agree with your boss about SOA or not? (There is one sentence where you indicate it does not make sense and then then next where you agree with your boss).

But you are 100% right, no one really knows what SOA is. That's another reason that my spidey sense gets triggered. The best, practical take from what I have read is:

- Stateless (though BPM will change this)

- Autonomous (ownership and isolation in my mind)

- Loose Coupling

- Primary organizational unit of architecture

To those I would add that services should provide cross-cutting concerns or aspects such as authentication, authorization, validation, auditing, logging, error handling, transaction management, etc. (whether realized as AOP or OOP).

However, all of the above could easily be copy-pasted into a discussion of EJB-oriented architecture seven years ago. What does SOA add other than using XML/WSDL/WS?

> Maybe I'm making too much of it but I think it's

> light-years away from stuff like this:

> http://webservices.sys-con.com/read/233612.htm

That's an interesting take. In all honesty, I use Web 2.0 but have yet to develop anything (other than simple Ajax for business purposes) that leverages it. Really, I do not think they are at cross-purposes. SOA really speaks to the M in MVC whereas Web 2.0 could easily fill VC. If you move web state out of our SOA architecture (to remain stateless) and perhaps provide optimized protocols (e.g., do not invoke a web service from Ajax) for a richer client experience, one could have the best of both worlds. Granted, digesting SOA is hard enough without also trying to get Web 2.0 in there.

- Saish

Saisha at 2007-7-21 16:46:57 >

> Well, maybe at least we could agree to what SOA is

> NOT:

>

> - A technology

> - A product

> - A computing platform

> - Revolutionary

>

To that, I would add 'a panacea'. :^)

> And maybe also to what SOA is not entirely:

>

> - Pure marketing-****

>

> I prefer my own useless definition of SOA, (being

> naturally and understandably biased towards my own

> opinions), but I have to admit that Erl's writings on

> SOA are not just bull. Nothing really astonishing in

> his points, but gives you a general view of the

> concept that has its own usefulness.

> At least it would give me some simple material for a

> PowerPoint presentation for (an often confused)

> upper-management.

>

I would buy that, a synopsis rather than a prescription.

> Specially since some of us have the chance (or

> misfortune) to be invited by the CIO every time a

> (big) vendor comes in trying to sell us his

> Marchitecture on SOA/ESB. The amount of bull appears

> to be more or less proportionate to the level of

> sophistication of their presentation diagrams. The

> nicer the graphics, The more bs they seem to convey.

>

>

> Maybe there is a "law"somewhere that states that.

Murphy's.

- Saish

Saisha at 2007-7-21 16:46:57 >

> Well, maybe at least we could agree to what SOA is

> NOT:

>

> - A technology

> - A product

> - A computing platform

> - Revolutionary

Yes and it's also not 'the solution for every problem'.

> And maybe also to what SOA is not entirely:

>

> - Pure marketing-****

Depends on who's talking/writing about it.

> I prefer my own useless definition of SOA, (being

> naturally and understandably biased towards my own

> opinions), but I have to admit that Erl's writings on

> SOA are not just bull. Nothing really astonishing in

> his points, but gives you a general view of the

> concept that has its own usefulness.

I'm not sure why you think it's useless. I think you are saying that because it doesn't tweak your paradigm. The power is within you, my friend. Use the force.

> At least it would give me some simple material for a

> PowerPoint presentation for (an often confused)

> upper-management.

Exactly. This, to me is the value of SOA. Because it's so hot it gives peons like me a chance to explain how we can address the issues we face and not just buy more stuff.

dubwaia at 2007-7-21 16:47:02 >

> That's probably also why I find Erl's writings

> useful. By outlining those principles in more

> details, it helps people better understand what SOA

> is, what SOA is not (and hence what's not SOA).

I agree completely. SOA doesn't enlighten people like you me and Saish a whole lot but that doesn't mean it's not elighening anyone. Like you said, it's a good way to provide more guidance to the confused. My experience is that having something written (and published) to show someone is often more convincing than good logical arguments. I think this is a tragedy but it's my life. Personally I think this is because most people can't differentiate between a strong logical argument and rhetorical BS. The coming American presidential election will demonstrate this abundantly, I'm sure.

dubwaia at 2007-7-21 16:47:02 >

>

> That's probably also why I find Erl's writings

> useful. By outlining those principles in more

> details, it helps people better understand what SOA

> is, what SOA is not (and hence what's not SOA).

I think I would find these sorts of high level conceptual principles much more meaningful if I ever worked for or even was aware of an organisation that was able to maintain a consistent planning system (with controlled evolution) for even several years.

Every company I have ever worked for or that I have even interviewed with works solely on a system that looks like the following.

1. Month One. ARRGGHHH! Everyone run to the right NOW!!!!!

2. Month Two. ARRGGHH! Everyone drop everything and run to the left NOW!!

3. Month Three STOP! STOP! Eveyone look at the newest conceptual model and rethink the entire process because it is entirely out of control!

4. Next day....go back to step 1 and repeat....

Of course some innovative companies modify the above schedule by attempting to reduce the steps above to either two week or even one week schedules. And then have their developers congradulate themselves on managing that.

jschella at 2007-7-21 16:47:02 >

>

> These systems illustrate what happens when there is a

> serious disconnect between business and technical

> management, and where non-technical project managers

> are responsible for IT-driven projects and

> deliverables.

>

> A couple of things need to happen to change this to

> eliminate these systems. First, the CIO needs to be

> included in all decisions including, new product

> development. All projects related to anything with a

> software delivery should have a project manager with

> an IT/Technical background. A Project Management

> certification from the BirdBrain Institute does not

> cut it any more :o)

>

> Second, proper training on what a service oriented

> architecture is, is a truly fundamental requirement.

> Project managers and Business Development managers

> that get all their knowledge about SOA from ?oogle

> search results can't really make good decisions about

> building SOA architectures or applications.

>

> These changes need to come from the top (i.e. CIO and

> a CFO that understands how things work). It is not

> about old-style linear management, it is more like

> circular development and proper leadership at the

> top. Leadership and managment are two separate, but

> related concepts.

>

> Not all managers are leaders, and not all leaders are

> managers.

There are connections described there that do not and need not exist.

It has been proven that top down (management) driven process control is much more likely to succeed and to actually have visible improvement than bottom up.

All methodologies are impacted by that.

Project management is meaningless unless the process supports task management and schedule management and there is an understanding of the difference. The process must provide a way for those to be used rather than merely providing a tracking tool (tracking demonstrates nothing but that 'deliverables' are always late.)

All aspects of a business can be impacted postively by managing process control. Sales can be just as chaotic as software developement or it can be very rigorously controlled at the same time that software developement is chaotic. Technical profenciency does not decrease chaos, nor in my experience, is it any more likely to lead to a less chaotic environment. So one can't blame business leaders versus technical leaders for a failure to implement this. Actually technically trained individuals are more to blame because they are more likely (at least a little bit) to know that alternatives exist and should be capable of proving the benifits to the business but fail to even try. And at least some times the most profficient technically are the most likely to actively and passively fight the imposition of any process control.

I should note that even the "serious" efforts I have seen toward process control have evolved into little more that pushing paper excercises and at one place the rank and file didn't consider it anything but that. It indicates a failure to educate in the benefits of process control itself.

And when process control is effectively used it allows time for training in technical areas. It is a lot easier to travel to a seminar or schedule a class when one can effectively plan something for something two months from now rather than doing it anyways and hoping that half the trainees are pulled out to fight yet another fire.

jschella at 2007-7-21 16:47:02 >

> These systems illustrate what happens when there is a

> serious disconnect between business and technical

> management, and where non-technical project managers

> are responsible for IT-driven projects and

> deliverables.

I found the worst kind of manager to be somewhere in the middle, i.e. the one with just enough technical knowledge to screw things up.

karma-9a at 2007-7-21 16:47:02 >

> Every company I have ever worked for or that I have

> even interviewed with works solely on a system that

> looks like the following.

> 1. Month One. ARRGGHHH! Everyone run to the right

> NOW!!!!!

> 2. Month Two. ARRGGHH! Everyone drop everything and

> run to the left NOW!!

> 3. Month Three STOP! STOP! Eveyone look at the newest

> conceptual model and rethink the entire process

> because it is entirely out of control!

> 4. Next day....go back to step 1 and repeat....

Hilarious stuff. Really. I want to print it out and put it on the wall at work.

I've been beaten down into despair because of this. At my last job I was beaten so bad I almost shriveled up and turned into a mushroom.

But then I got laid off. My position was off-shored and it was one of the best things that ever happened to me. I decided then I wasn't going to sit back and let a bunch of mrns get me fired again.

dubwaia at 2007-7-21 16:47:02 >

>

> Hilarious stuff. Really. I want to print it out and

> put it on the wall at work.

>

> I've been beaten down into despair because of this.

> At my last job I was beaten so bad I almost

> shriveled up and turned into a mushroom.

>

> But then I got laid off. My position was off-shored

> and it was one of the best things that ever happened

> to me. I decided then I wasn't going to sit back and

> let a bunch of mrns get me fired again.

I just gave up. It started when a company I was out was bought out by another and we were told that a significant reason for that was because our process was better than theirs. Something like a month after that the process control committee (which I was a very active member of) was disbanded because, I was told, that that stuff would just 'confuse' the software developers at the other company.

I quit. I figured I would just go work for a company that was doing process control.

After interviewing over a number of years I realized that all companies did one of the following...

1. They have no idea what process control is and when I try to explain it they fixate on source control when I mention it and claim that they do that. (Actually one company didn't even have source control.)

2. The developers, individually (not a group) are allowed to do that if they want.

3. The developers as a group are trying that and real soon now they are going to put together some coding standards to enforce it. And they try to review at least 10% of code all the time but sometimes they don't make that (wink, wink, nudge, nudge.)

jschella at 2007-7-21 16:47:02 >

> Another option, along similar but slightly different

> lines, is to encourage competition between

> development groups. For example, in one company,

> there was a very large 'main' development group and a

> much smaller team assigned to a specific business

> unit. If the smaller group can move more rapidly

> than the larger team (which it should be able to do,

> even with the same quality of developers), the

> competition it engenders can be beneficial to the

> company.

I actually worked (briefly) in a well-known financial company where that kind of competition was taking place. To the point that PMs were trying to steal each other's best developers by all means necessary. The work environment that the intense competition created was not ideal for the developers (hence not for the company as a whole), because of the tension and instability it created, added to the usual pressure to get a product out by due date.

Maybe you have a point, in general. But interesting ideas can have unintended and surprising "side-effects" when implemented.

karma-9a at 2007-7-21 16:47:06 >

> Back to the Web Services subject, here's an

> interesting and kind of funny blog post about SOAP

> and WS-* stuff :

> [url=http://wanderingbarque.com/nonintersecting/2006/1

> 1/15/the-s-stands-for-simple/]S stands for

> Simple[/url].

That is right on the mark. So much so that it is scary. As far as I am concerned, SOAP is an unecessary complication.

dubwaia at 2007-7-21 16:47:06 >

I actually worked (briefly) in a well-known financial company where that kind of competition was taking place. To the point that PMs were trying to steal each other's best developers by all means necessary. The work environment that the intense competition created was not ideal for the developers (hence not for the company as a whole), because of the tension and instability it created, added to the usual pressure to get a product out by due date.

Maybe you have a point, in general. But interesting ideas can have unintended and surprising "side-effects" when implemented.

Fair enough. Though in this specific instance, there was always a cohesive group that generated the competition. They would be 'loaned' to a given project, but only half-time. Yes, there are plenty of ways the system can be gamed or corrupted, but I just wanted to point out another possibility.

I do agree with JSchell that top-down works best, but I believe that is normally because you implicitly or explicitly have buy-in from upper management at that point.

- Saish

Saisha at 2007-7-21 16:47:06 >