Web paradigm arises as alternative to SOA
After recently surveying early adopters of service-oriented architecture (SOA), Ann Thomas Manes, an analyst with Midvale, Utah- based Burton Group , concluded that the technology approach was stuck in a holding pattern.
“It has become clear to me that SOA is not working in most organizations,” she writes in her blog, adding that most SOA-enabled companies “have yet to demonstrate how all this infrastructure yields any business value.”
SOA is an architectural pattern that many thought would deliver on the promise originally associated with enterprise application integration (EAI), yet enabling the kind of business agility that EAI could never support.
All major enterprise platform providers—IBM, BEA, Microsoft, Oracle, and SAP—are backing SOAP messaging, WSDL service descriptions, and WS-Security for specifying the kinds of tokens used for transmitting authorizations, all of which has fueled hope that Web services would deliver on the promise of SOA.
But according to a recent annual survey out of Cambridge, Mass.-based Forrester Research , enterprise adoption has been a mixed bag. By last year, two-thirds of companies said they were adopting, or planned to adopt, SOA. Yet when it came to anything beyond early pilots and workgroup projects, barely 25 percent reported commitment to implementing SOA as standard enterprise practice.
SOA in a black box
A backlash has emerged against the complexity of SOA. When it comes to standards, at least 80 have been approved—or are in the pipeline to be approved—by standards bodies such as OASIS and the W3C. With such a wealth of standards, it’s easy to spot overlapping specifications, such as SAML and WS-Federation, which cover federated identity and are supported by different—and in some cases overlapping—groups of vendors.
Another hurdle is the requirements for building properly formed SOAP messages—i.e., where the headers are structured with the right syntax to comply with the standards.
Not surprisingly, given the complexity of forming SOAP messages, the vendor community decided it was necessary to set up WS-Interoperability (WS-I) to devise a series of tests that would verify that Web services messages could be exchanged between different vendor platforms. Just these kinds of electronic handshakes have challenged EDI trading networks for years.
In response to these and similar challenges, a vocal community has begun promoting alternatives that either hide the Web service technology under the hood, or revert to basic Web technologies.
Data services provider StrikeIron , for example, is offering a hosted marketplace for data services such as Dun & Bradstreet business credit checks, U.S. Patriot Act compliance, global address correction, email address validation, sales and use tax retrieval, and in-depth corporate profile information for customers or business partners.
While implemented as Web services, StrikeIron eliminates the need for customers to re-architect their existing systems. Instead, they either add an application programming interface (API) that accepts incoming data, or install a Microsoft Excel plug-in to feed the data to internal spreadsheets.
“We are aiming at businesses that can’t afford a few million dollars to build an SOA platform,” explains StrikeIron CEO David Linthicum.
Manufacturing enterprise vendor Infor has taken a similar black-box approach for integrating its applications.
“Customers aren’t coming to us specifically for SOA,” explains Jeremy Suratt, Infor senior product marketing manager. Instead, Infor’s approach dispenses with Web services standards like SOAP, a message format; and BPEL, a protocol for orchestrating or chaining multiple Web services into a workflow or process. Infor uses an event-driven architecture that involves requests using REST, a simpler alternative to SOAP where relatively basic service requests, similar to database queries, are submitted via HTTP to specific Web addresses corresponding to the service provider. Using REST, services are treated as resources.
Amazon has taken a similar approach, exposing its compute and e-commerce backbone using relatively simple REST-based services. Starting with core services such as billing and account management, payment services, retail fulfillment, simple database queries, and message queuing, a growing third-party solution provider ecosystem is offering more ambitious on-demand applications ranging from groupware and basic sales force automation to ERP and CRM.
Acknowledging the success of back-to-basics approaches like Amazon Web Services, Stamford, Conn.-based Gartner Group Analyst Nick Gall coined the term Web-Oriented Architecture (WOA), which refers to the use of common Web technologies to support interactions that mimic SOA. In essence, it applies the same Web technologies that people use for manually interacting with Web sites to establish more automated connections.
Specifically, instead of using a SOAP envelope, a plain-old XML message—often abbreviated as “POX”—is sent with a request to a URI, an information resource that is represented as a Web address, or URL. And in place of a UDDI Web services registry, a common Web search engine is used to find URIs, or resources, that satisfy a REST service request.
|A Web-oriented architecture (WOA) applies Web technologies to provide basic service-oriented architecture capabilities.|
One company that has taken WOA to heart is SnapLogic , a start-up founded by veterans of Informatica. SnapLogic is unveiling its own data services marketplace, promoted as “Really Simple Integration.”
Based on a simple open-source Apache Tomcat Web server, customers connect with data services, each of which is assigned separate URIs. In turn, if an organization seeks to personalize access by individual or role, it can do so by granting users access only to specific URIs.
Access control is enforced, not by any kind of Web services authentication or federated identity standard, but by the internal directory or access control systems. And because the metadata is indexed using standard HTML, it is searchable by Google or any other Web search engine.
“Data is everywhere, but it is hard to use. It’s all in silos, where you need programming expertise to get at it,” says SnapLogic CEO Chris Marino. “The emergence of Web 2.0 showed the need to go back to basic Web technologies to make data accessible.”
Glossary of terms
Application programming interface (API) : a source code interface that an operating system, library, or service provides to support requests made by computer programs.
eXtensible Markup Language (XML) : a general-purpose specification for creating custom markup languages. XML is classified as an extensible language because it allows users to define their own elements. Its primary purpose is to facilitate sharing of structured data across information systems—particularly via the Internet—and is used to encode documents and serialize data.
Hypertext Transfer Protocol (HTTP) : a communications protocol for the transfer of information on intranets and the World Wide Web. Its original purpose was to provide a way to publish and retrieve hypertext pages over the Internet.
HTML : an initialism of HyperText Markup Language, HTML is the predominant markup language for Web pages. It provides a means to describe the structure of text-based information in a document—by denoting certain text as links, headings, paragraphs, lists, and so on—and to supplement that text with interactive forms, embedded images, and other objects.
Organization for the Advancement of Structured Information Standards (OASIS) : a global consortium that drives the development, convergence, and adoption of e-business and Web service standards. Members of the consortium decide how and what work is undertaken through an open, democratic process.
Representational state transfer (REST) : a style of software architecture for distributing hypermedia systems such as the World Wide Web. The term was introduced by one of the authors of the HTTP specification.
Security Assertion Markup Language (SAML) : an XML standard for exchanging authentication and authorization data between security domains—i.e., between an identity provider (a producer of assertions); and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.
Service-oriented architecture (SOA) : a computer systems architectural style for creating and using business processes, packaged as services, throughout their life cycle. SOA also defines and provisions the IT infrastructure to allow different applications to exchange data and participate in business processes. These functions are loosely coupled with the operating systems and programming languages underlying the applications.
Simple Object Access Protocol (SOAP) : an exchange mechanism for moving XML-based messages over computer networks, normally using HTTP/HTTPS. SOAP forms the foundation layer of the Web services protocol stack, delivering a basic messaging framework upon which abstract layers can be built.
Web Services Description Language (WSDL) : an XML-based language that provides a model for describing Web services.
Web Services Business Process Execution Language (WS-BPEL) : an OASIS Standard language for specifying business process behavior based on Web services. Processes in WS-BPEL export and import functionality by using Web service interfaces exclusively.
WS-Federation : an Identity Federation specification developed by BEA Systems, BMC Software, CA, IBM, Layer 7 Technologies, Microsoft, and VeriSign. Part of the larger Web Services Security framework, WS-Federation defines mechanisms for allowing disparate security realms to broker information on identities, identity attributes, and authentication.
The World Wide Web Consortium (W3C) : the main international standards organization for the World Wide Web. It is a consortium where member organizations maintain full-time staff for the purpose of working in the development of standards.