Stefan Tilkov's Random Stuff

QCon SF: Sanjiva Weerawarana -- WS-* vs. REST: Mashing up the Truth from Facts, Myths and Lies

These are my unedited notes from Sanjiva Weerawarana’s talk “WS-* vs. REST: Mashing up the Truth from Facts, Myths and Lies”.

  • Sanjiva claiming he’s unbiased, and if he’s biased, it’s because I told him to be :-)
  • to be loved and hated for creating WSDL 1.1
  • started Apache SOAP, WSIF

  • co-authored lots of other stuff in the WS-* space

  • history: why were WS created? people were doing XML over HTTP in 1998/1999

  • everyone invented their own way to do security, reliability, transactions, … (e.g. RosettaNet, ebXML)
  • not good from a middleware provider POV, such as IBM
  • looking for a way to do common things

  • cynical view: RPC between Java and .NET

  • WS design rationale:

  • world is not all about HTTP, XML, XML Schema
  • not all interactions are request/response
  • composability of features is key (security, reliability, …, needed, but not al the time)
  • SOAP 1.1 section 5 created because XSD was not yet a standard

  • Biggest criticism of SOAP in 2000: lack of security

  • Question: is the design rationale from 1999 still valid today? Answer: yes, most of them; HTTP not , Relax NG is a lot better than XSD, but bad luck/bad timing; XML is probably no longer questioned

  • Stu: WS were very much centered on XSD. Sanjiva: WSDL is the way it is, including the ability to include COBOL types
  • WS-* is just overhead unless you have something in your SOAP headers (shows SOAP message without headers)
  • Lie: always do SOAP
  • if HTTP(S) + XML is enough for the problem, more power to you
  • Glen: possible advantage: future extensibbility
  • Dan Diephouse: most people are doing this because of WSDL, not of SOAP
  • Lie: you never need SOAP
  • Sure, let’s all go back to 1998
  • REST-* is on its way - ARGH!
  • HTTP-R, anyone?
  • no commonly accepted, a.k.a. interoperable REST model for message signing, non-repudiation, reliable messaging
  • Question: is there an accepted and interoperable standard for WS-RM? A: Yes (with some complaints from the audience)
  • Question: What is the reference platform? Answer: Microsoft - they led the path, not IBM
  • Lie: WS-* is complex
  • reference to Tim Bray’s slide
  • reference to our poster
  • is WS-* really complex?
  • for the middleware implementor - yes quite
  • for the app developer: no
  • WS-* programmers need to understand XML, XML Schema, WSDL and WS-Policy - if they tell you otherwise, find better software
  • WS tool vendors have not given the right software to developers yet, but are getting closer
  • Patrick Logan: the last time I tried this, just the basic stuff didn’t work
  • Sanjiva: most of the problems come from databinding
  • Patrick: it was the simple stuff that didn’t work, that is my definition of complex
  • Sanjiva: let’s talk about this and we’ll sell you some consulting :-)
  • Stu: complexity is because of differences e.g. in document/lit/wrapped vs. other styles, other example: WS-Attachment problems because of one team mis-understanding the MIME spec. Specs are getting better, but they may be to complex
  • analogy: is TCP/IP complex: for the stack implementer, yes - for the app developer: no
  • HTTP has had 15 years to become as solid as it is (myself: exactly! that’s why we should use it)
  • is HTTP complex? yes - see Sam Ruby’s ETech 2005 presentations
  • Patrick: enormous pressure by the vendors on organizations, but products not ready
  • Lie: SOAP is about RPC

  • Reality: 0.9 RPC/HTTP only, 1.1. RPC, not HTTP only, 1.2: messaging format with RPC supported

  • Lie: REST is easy to learn

  • Large list: if you look at all the standards, including lots of the RFCs
  • Stu: WS-* includes all of these
  • Old testament: Roy’s dissertation
  • New testament: RESTFul Web Services book
  • REST is simple
  • not true: increasing abstraction, comparison to UML/MOF (MDA was supposed to rule, and now is dead)
  • Stu: not true,
  • True REST is still an art form
  • Criticising AtomPub took a lot of effort by a lot of really smart people, took 1.5 years - points to Web3S as showing that even they didn’t get it right
  • Are you smart enough to build a RESTful application? he claims he is not
  • are average developers & architects able to design RESTful systems correctly
  • Question: why is everybody implementing WS-*? Answer: because it’s the first time everybody agreed
  • Disagreement from the audience, no it’s the second time - see HTTP. Again: no, it’s the third time: TCP/IP
  • Comment from the audience: Even Flickr couldn’t work without REST (because of caching)
  • Hypermedia as the engine of application state not for normal peoples
  • Microsoft personae: Einsteins, Morts and Elvises
  • Comment from the audience: it’s the phrasing, not the content
  • my claim: if the phrase were “use documents with links” it would capture 80% of it

  • Lots of subtleties - method safety, idempotency, caching, uniform

  • Lie: REST doesn’t need a description language

  • Truth: you need to have tooling, thus you need a description language

  • Stu: the real debate is about whether we should have a generic description language or specific MIME types

  • Lie: content negotiation, the savior

  • reference to Larry Masinter posting from 2006

  • Comment from the audience: if you write a consumer, the story changes

  • Myth: REST programmers eat the payload directly

  • Reality: WS- tools have made programmers lazy
  • Story of Axis2: they wanted to get rid of data binding, but programers didn’t accept it
  • Programmign XML in Java still sucks
  • RESTfulness won’t remove programmers’ urge to look for restfulness
  • other languages have better XML supoprt

  • ES4 will drop E4X?

  • Myth: WSDL is widely accepted and used

  • Reality: See you at QCon 2015

  • Myth: WSDL can’t describe RESTful services

  • Reality: WSDL 2.0 can describe any RESTful service

  • WSDL 2.0 and WADL are basically the same, inverted in thinking

  • Myth: HTTP, the one true protocol

  • Enterprisey: JMS, SMTP, TCP, IIOP, MQSeries

  • Cool: Jabber/XMPP, YahooIM, SIP

  • HTTP’s uniform interface is the greated - untul we need just a tad more

  • WebDAV and DeltaV: a whole bunch more
  • PATCH: just one more to get it right

  • Stu: There’s nothing wrong with having an extensible uniform interface

  • Myth: REST is multiprotocol

  • in reality: was one of those nice in theory, never been done in practice

  • true, very true: as long as you don’t want security

  • Discussion with Pete and Dan: no, not true, client

  • Myth: SOA was a response to REST

  • not true,

  • REST is HOT, WS-* is NOT

  • REST is at the top of the hype curve, WS-*

  • Damned Lie: It’s easy with REST or WS-*

  • Distributed computing is hard, no matter what

  • Sanjiva’s Advice: don’t get caught up in the hype

  • REST and WS-* both have strengths
  • best offer both using tooling, similarly to what POJOs did to J2EE
  • building scalable interoperable systems is still hard
  • The, on the next slide: Naaah. Just switch to Erlang. :-)

I had a lot of disagreements with his statements, but couldn’t have wished for a better talk in this track.