Nearly two years ago, I was blogging about REST vs. SOAP and suggested that there is room for both of them. Today, the topic is hotter than ever and the question got a wider dimension: should we replace the whole SOAP ecosystem with the dozens of WS-* standards with Web 2.0 alternatives forming around RESTful Web services?
The main accusation of SOAP adversaries is that the standard together with its family of WS-* friends is far too complex. Even for authentication and security alone, you need a whole family of standards like WS-trust, WS-security, SAML, and WS-Interoperability. Especially the latter is kind of a laughing stock, because the standards made for interoperability need an addition, so that they finally became interoperable.
On the other hand, the question is whether the brilliant integration specialists building great products like an enterprise service bus (ESB) or business process management software (BPM) that were mainly responsible for defining and enhancing the WS-* standards could be really so dumb to create a lot of useless and superfluous specifications? I don’t think so. Maybe some of the standards are really more complex than necessary, but surely are needed.
So let’s have a look at the competition from the REST fraction. Of course we have JSON (JavaScript Object Notation) as an alternative for XML-based data exchange. Regarding authentication and authorization, we have OpenID and OAuth, both in their current version 2.0. But at a closer look, they are not really 100% replacements of the WS-* security model. There are several discussions, about how they play together, e.g. at google,pingidentity and idcommons.
So will it all become even more complex thanks to these new Web 2.0 standards, because they have to be supported in addition to the established WS-* standards? Some ESBs like the one from WSO2 are already supporting OAuth. Or will we see a steady growth of “lightweight” alternatives from the Web 2.0 area promising to replace the additional WS-* standards like WS-transaction, WS-policy, WS-inspection, WS-federation, WS-routing, WS-reliable messaging and so on?
Even more, we also have BPEL and BPMN in the SOAP world, and we have Web 2.0 mashups that are currently lacking exactly those standards and solely rely on RSS and XSLT. Maybe that’s the reason that there is only Yahoo pipes as a reasonable mashup editor remaining and all the other approaches like MS popfly have quit their services. Stay tuned for more thoughts on that topic, as I’m having a master student doing his thesis about exactly that stuff.
0 comments:
Post a Comment