A point that doesn’t get emphasized enough in the REST/SOAP debates, is the nature of distributed computing on the Internet and how it is inherrently different than elsewhere, such as behind a firewall on a LAN, or within the confines of a single machine.

In Peter Deutsch’s infamous seven (updated to eight by Gosling) fallacies of distributed computing, number six - there is one administrator - is the principle difference between Internet and LAN based distributed computing, and unfortunately, next to no Web services recognize this. They believe that what worked for the Intranet, will work for the Internet.

Having one administrator is roughly what you have behind a firewall, so it isn’t technically a fallacy of all distributed computing, “just” distributed computing on the Internet. What it means is that there exists an out-of-band channel with which evolutionary aspects of the software can be managed. So tasks such as deploying new versions of interfaces can be coordinated with a phone call or an email, and the common understanding that you’re working for the same organization so you have an obligation to work together (and if you don’t feel that way, you should expect to receive a visit from your boss).

On the Internet, not only do parties not share a common administative domain, they don’t, a priori, share any trust relationship whatsoever. So the only communication you can expect with a publisher of a service is through the interface to the service itself. This is a radically different design center than previous distributed architectures such as the OMA have used.

The principle implication of this to Web services, is that on the Internet, practically all forms of distributed computing are coordination problems, requiring that a coordination language be defined that can be used to implement the types of tasks that the parties involved want/need to have implemented. Some of these languages are very specific in scope, whereas others are very general.

In my view, HTTP defines the single most general coordination language ever developed (GET/POST), and while not suitable for absolutely all tasks (like a telnet replacement, for example), it is sufficient for very many, including everything that I’ve seen Web services used for.

Related link: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dngxa/html/unde…

Don Box, one of the founding fathers of Web Services, provides a good overview of Microsoft’s GXA (Global XML Architecture) which is essentially a suite of Web services infrastructure protocols. In my opinion, GXA will probably become the basis for standardized SOAP-based infrastructure protocols through out the industry, not just Microsoft. Recently, WS-Security, which is a part of GXA, was submitted to OASIS. I believe the rest of the protocols will also end up under the auspice of OASIS, which is good, for everyone involved.

Related link: http://www.extrememarkup.com/extreme/2002/schedule.asp

While I’m packing my bags for this week’s O’Reilly Open Source Conference, where I’m chairing the XML track, I’m also looking forward to a very different kind of conference, Extreme Markup Languages in August. OSCON, at least on the XML side, is mostly about how developers can apply XML technologies, while Extreme has a heavy dose of how developers can create XML (and other markup) technologies.

Some of the same people will be at both events, and they’re pretty consistently my key summer conferences, but they’re quite different. OSCON is largely about how to do things with information. Its focus is on programmers and programming, while the focus at Extreme is much on information and information representation.

XML and markup generally are odd beasts in the world of computing. XML is not a programming language. You can’t do anything with XML itself, though you can certainly use XML as a key component in getting things done. Instead of defining things with a focus on particular kinds of manipulation (a good OOP strategy), markup focuses on structuring and labeling things in ways that they can be found and shared by a lot of different applications. There’s much more attention paid to the nature of the underlying information than to what we want to do with that today.

Last year, this conference-filled period was easily my most productive hacking time. I’ll report back on what I manage to accomplish this year.

Do markup and programming have much in common?

Related link: http://radio.weblogs.com/0101679/stories/2002/07/20/restSoap.html

It is quite possible to productively apply both of these supposedly incompatible approaches together. This essay tells you why you should - and how you can.

Related link: http://alistapart.com/stories/usingxml/

J. David Eisenberg, author of SVG Essentials, has an excellent demo of some of the capabilities XML provides to Web developers and others.

Eisenberg starts off with a tough question:

“Isn’t it inefficient to have to type all those tags…? What good is this? It looks nice, but what can I do with this document? How can I put this in a web page or use it with other programs? Wouldn’t it be easier to just use HTML or a database/word processor/fill-in-the-blank?“

In answering it, he manages to show off RELAX NG (for validation), CSS (for annotated styles), XSLT (for transformative styles), HTML (for showing the contents in older browsers), SVG (for interactive graphics), and XSL-FO (to produce a PDF for print).

It’s an excellent demonstration, and creatively applies technologies most commonly thought of as “document-oriented” to an XML document whose contents are largely “data”, bridging a common divide in the XML world. To top it off, he explores the challenge it presented him:

“You don’t have to be an expert at Relax NG, XSLT, XSL Formatting Objects, or SVG to do this. I don’t use any of these techonlogies on a daily basis. I just know enough about each of them to get things to work. In this case, my philosophy was ‘the first way you think of that works is the right way.’… This is not to say that there is no learning involved here; you will need to spend some time on that. You don’t need to spend a lifetime on it, though. It is definitely possible to learn enough about these technologies to put them to effective use in a short time.“

He doesn’t even get into programmatic access to the data (through SAX or DOM for instance), but he’s already shown off a wide range of immediately useful techniques. XML may finally be ready for the Web.

Is this kind of flexibility useful to your work?

Related link: http://associates.amazon.com/exec/panama/associates/join/developer/resources.htm…

From their documentation

Amazon.com Web Services offers developers the choice of XML/HTTP or SOAP to access information in our catalog and databases. Which method should you use? Mostly, it depends on what you are the most comfortable with. There is significant industry debate over which Web Services method is the “best”; at Amazon.com, we decided to take a neutral approach and offer access via both methods.

Apparently they tested the same source code with both Sun’s JAX PAK and Apache Axis; and they have a Perl client using SOAP::Lite. As with Google, It looks like Amazon.com has done their homework, providing examples of the protocol as it goes across the wire, machine readable metadata in the form of WSDL, and testing with a number of cross platform implementations.

First, let’s get the announcement out of the way; UDDI v3 was announced earlier this week. Now on to the shot-taking …

If you recall, Paul Prescod used UDDI as a guinea pig when he demonstrated how REST was a superior approach to a SOAP/RPC based solution. He did a wonderful job at describing how the generic HTTP GET was superior to a bunch of get_* methods. But I’m interested in criticizing UDDI not for this reason, but for merely existing.

The whole idea of any kind of any form of centralized registry (except DNS, which gets special consideration for the time-being) is an anathema to Web architecture, which is radically decentralized. If UDDI had followed Paul’s advice, and used URIs to identify the entries in their registry, they would quickly have discovered that anybody could, in effect, become a registry merely by putting these URIs in a web page someplace. Because that’s what’s really going on, on the Web; each web page is a mini registry, which includes references (hyperlinks) to other pages that can describe anything, including all the things that UDDI describes.

The secret sauce behind this profound, but apparently under-appreciated architectural feature, is the joined-at-the-hip relationship between a URI and the HTTP GET method. You can invoke GET on any HTTP URI (well, any URI actually, but that subject is best left for another time), and that knowledge turns a simple “label” (the URI) into a means to navigate between things. UDDI, by not using HTTP URIs (v3 uses URNs), in effect creates a centralization-dependancy for resolving those URI.

I think few people, even many Web services proponents, would disagree that UDDI probably doesn’t have much of a future. Hopefully this little blurb, and Paul’s article, can explain some of the technical reasons for why that might be the case.

Disclaimer; Joel Munter, “Mr. UDDI”, bought me pastries in Paris. I may have been too nice to UDDI as a result. 8-)

Related link: http://lists.w3.org/Archives/Public/www-patentpolicy-comment/2002Jul/0000.html

The W3C’s Susan Lesch reports that “three participants and the Chair” circulated “a new RAND exception proposal”.

The W3C Patent Policy Working Group had appeared to lean in the direction of Royalty Free more recently, after an explosion of controversy (1 2 3 4)

The proposal suggests that the W3C countenance royalty-bearing RAND work:

When non-royalty-free IPR is discovered in a W3C Working Group, a Patent Advisory Group (PAG) might have a number of possible outcomes. The proposal suggests that the Working Group’s specification could be split in two. “Core” work to be licensed royalty-free would be produced as a W3C Recommendation. “Extensions” that may require royalties could be done at W3C or by another standards organization.

It is, of course, important to note that “The group did not appear to universally accept the proposal.” A followup message from Dan Kegel suggests that:

You are aware you’re treading on very dangerous ground here, I’m sure.
Care to identify the three participants who are eager to
introduce extensions that require royalty payments?

The proposed policy seems custom-made for some dark visions of the Web Services Interoperability Organization (WS-I.org) and its leading members, though it also proposes to let the W3C itself embrace patents and the royalties they bring, so long as they aren’t “core”.

Business as usual?

I believe that distributed systems that work at Internet scale are extraordinarily difficult to build; much more difficult than is commonly believed, even amoungst those who know that it’s difficult. I believe that there are very few people on this planet who have the expertise necessary to architect such a system. Of course, the Web isn’t the only example, but it’s a great one because of what it can do (as compared to, say, email or FTP, which are limited in their capabilities).

So when the “next big thing” comes along, and it’s not developed by people who I know get how difficult it is, I’m naturally skeptical.

I’ll try not to offend anybody with my posts, but since my job is to be critical of others’ work, and people invariably put a lot of themselves into their work, this is going to be hard to achieve. But please know that it is not my intent to criticize any person or group of people, only to critique technology.

Related link: http://www.lightlink.com/babbages/

Last Wednesday, I went to a volunteer organization in an old factory and bought four used and untested Macintoshes - a mix of 68030s and early PowerPC systems for $28. Then my brother brought me an old PowerBook 140 and a Classic II, and I found a used IBM WorkPad z50 cheap. All of these computers are old, but they’re still useful.

Three of the four computers I bought are for a friend’s collection, but he uses them on a regular basis. I’ll be using the Centris 660AV I bought for a birdfeeder webcam, something I’ve been working on but never finished. For some reason, the computers are never near the birdfeeders, but for $7 I can put one right there. The AV ports may let us do something with a better video camera if we ever get around to it.

We’ll see what I come up with for the PowerBook, which needs a new battery, and the Classic II, which sometimes comes up with a screen full of random pixels.

The other nice find is the IBM WorkPad z50, which is a genuinely delightful design despite using Windows CE. Apparently IBM dropped this business, setting off a fire sale, but it’s a sweet little system. I’m still figuring out how to set it up for Ethernet, but the CompactFlash card works nicely, the keyboard and TrackPoint are great, and the batteries last a long long time. Hopefully I’ll be able to get PersonalJava running on it. Even if I can’t, I expect this to become my portable writing machine. At three pounds, it puts my eight-pound ThinkPad to shame, and it’s small enough to use in coach class.

While I realize that the rapid upgrade-and-abandon cycle has made a lot of money for the technology industry, I’m not so sure it’s all been a good thing. 30 MHz machines may seem like distant memories, but they can get an enormous amount done at a remarkably reasonable cost.

Anyone else finding new uses for old computers? Or know of places that give them new life?

Related link: http://www.internetweek.com/story/INW20020703S0001

Last week it was announced that WS-Security, the security standard championed by IBM, Microsoft, and Verisign, was submitted to OASIS and that Sun Microsystems will join the effort. Although WS-Security is not complete, this announcement increases confidence that a single Web services security standard is possible. With the proliferation of Web services standards I’ve become concerned about the future of interoperability in Web services. Right now there are competing standards for Web service transactions, orchestration, directory services, etc. The news about WS-Security gives hope to the idea that market pressures will force vendors to work together to create a single set of standards for Web services.