Feeds

Time to balance WS-* and REST

Relative needs

SANS - Survey on application security programs

The argument rages on, with the REST advocates mostly talking loudest. Here, for instance, are ringing condemnations of WS-* from an IBM employee and a Microsoft employee. It's positively alarming to see how closely they agree. Just for balance, here's Steve Vinoski's take. He's a practical distributed systems architect, an expert in CORBA and most other types of middleware, and quite impartial. But perhaps we should give the last word to Sanjiva Weerawarana, an ex-IBMer who now seems inclined to call down "a plague on both your houses". He's right, of course: WS-* and REST both have their strengths and weaknesses, and neither is perfect for everything.

When confused by too much detail, it pays to go back to first principles. First of all, we should ask ourselves, what are web services exactly? Sad to say, the honest answer is that no one knows - or, at least, not everyone agrees. Some definitions stress the use of XML, while others insist on SOAP or WSDL. Some implementations directly support CICS, Java EE or grids, while others are deliberately lightweight and easy to use.

The next question is whether web services should be designed to fit in as painlessly as possible with existing object-oriented applications and frameworks, or to work as efficiently and cleanly as possible across existing networks? The two objectives are hard to reconcile, if not actually incompatible. Then perhaps we should ask how much it should cost to use web services? Should it be free, as originally envisaged, or should it require the purchase of complicated, expensive proprietary tools and middleware?

Without answering these questions, it is impossible to choose between WS-*, XML/HTTP, REST, and other technical approaches. Even distributed object systems like CORBA, COM+, and RMI work well in certain particular types of application - for instance, those running on fast, reliable networks within a single administration and security domain. They lie at one end of the spectrum, with REST at the far end and WS-* in the middle. REST is particularly suitable for very large networks with huge numbers of clients and servers, where clients may also be servers and vice versa, and where it is convenient to model all operations as reads and writes directed to individual URIs. As for WS-*, its sweet spot lies in systems bigger than those that use distributed objects, and whose networks are further flung, slower, less reliable, and possibly divided between different administrative domains.

Don't expect conclusive answers to this many sided debate any time soon. When it comes to web-scale distributed systems, we simply don't know enough yet about what works and what doesn't. Besides, web services are still a solution in search of new problems. That's always harder than trying to solve a known set of requirements.®

Tom Welsh is a senior consultant with Cutter Consortium's Enterprise Architecture advisory service. Tom has been following OMG and its specifications since 1992.

Top three mobile application threats

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.