Tim Ewald has a good new post that touches points on the WS-* standarization process. Two things I liked:

"While progress on standardizing WS-* continues, it doesn't seem possible that it would be complete by the time major vendors ship support (only WS-Security has completed the process and from the looks of things WS-Addressing is going to take a while)."

Ouch. Allow me to ask two really, really, stupid questions here:

  • Is WS-Security support in the tools really in a usable state? While I've used WSE 2.0 succesfully to encrypt and sign documents (nice), it seems to always force the WS-Addressing headers down your throat. Since WS-Addressing isn't anywhere close to ready, just how problematic is this, and, is there a way around it? (My point here being that even if the basic WS-Security standard is there, if the tools don't make it easy to use it on it's own, interoperability might suffer)
  • Does anyone actually care about SOAP 1.2 and friends? I mean... by the time tool support gets out there (at least for the platforms I care about), just how much trouble is it going to give us when so many services will be out there in SOAP 1.1? Let me ask this another way: By that time, what reason would you have to prefer to create a new service based on soap v1.2 versus one in v1.2?

As I said, stupid, stupid questions. Feel free to laugh, but please answer after you get up from the floor :)

The second part I liked about about Tim post was this:

"But like many pragmatists, I don't care about standards nearly as much as I care about software that offers the features I want. That said, I don't know whether I want a lot of the features that vendors are offering. I keep wondering whether WS-* will repeat the process of COM+ and J2EE, where people invested a lot of time and money only to discover that the basic technology - SOAP, WSDL - was all they really needed. Certainly with Amazon and EBay making money hand-over-fist using basic Web services (or even XML over HTTP), it's hard to argue that you need all of WS-* to successfully reach a business goal."

Interesting way of putting it. My personal (very personal) POV is that the WS-* stack seems, well, way bloated, full of things that, well, most people don't care about. In all honesty, I think sometimes much of what's in the WS-* stack is not there because someone will actually use it, but just because it makes people feel all nice warm inside that it is there just in case. Now, that's not necessarily all that bad... I've had clients plenty of times asking about those kind of things before and feeling relieved it is there.... even though they've never would use it anyway because they have no clue... ohh well :)

WS-Security? Sure, I care about that. Routing in WS-Addressing? Way cool; have yet to need it in a real world application myself, though. Intermediary support in soap/ws-addressing/ws-security? Hell yeah, I can dream all kind of cool scenarios for this; no client I've worked with would ever pay for such an infrastructure, though, but who cares? See where I'm going yet? (And yes, my needs on this are probably far more modest than what many of you guys might need... So I'm hoping someone out there actually needs all of this stuff)

(BTW, is it just me, or is anyone else reminded of WebDAV when looking at WS-Transfer?)

Yes, I know... lots of rants, can't help it :) Way too much stuff around, but not much clue where it all seems to be going :)

Tomas Restrepo

Software developer located in Colombia.