29 January 2007

Take a REST from the SOA standards insanity

Every day it seems, I become more RESTful. As I look out over the ever increasing morass that are the SOA / web service standards, emanating from a plethora of standards bodies, consortia and vendor alliances I often wonder, when the complexity mavens will cease complexity expansion. Unlike global warming, this complexity is man-made.

Having worked in and continue to work in SOA, EAI, JavaEE, CORBA and other distributed solutions and technologies for many years, thre is one thing these all have in common: All have suffered from design-by-political-committee aspects and/or complexity which limited their usage and market growth potential. What has the IT industry learned from these efforts?

Well, I learned and experienced and still live in this morass filled enterprise SOA world. Unlike some, after I learn and experience, I like to improve, I like to simplifiy what I have learned and experienced, so I thought: how may one make sense of all of these past attempts, from all these growing numbers of standards and technologies for web computing for business, government, science and more? How may one separate the necessary from the unnecessary? How can one do SOA in a simplified manner? What are the basic elements required to enable SOA, b2b, m2m, s2s, c2b, c2c, etc., in a scalable, fault-tolerant, manageable manner with dynamic discovery, production and consumption? What is a viable, basic, simple model? One doesn't have to look too hard to see examples of a simple successful model for SOA web services, but one needs to know the real / actual from the mere usurpers of the term who often live in marketing... the simplification? Web 2.0.

I won't provide definitions for SOA, Web 2.0, REST, etc., those are all over the web. What I want to do is look at where SOA/Web Services emerged and where REST / Web 2.0 emerged, just a comparison that I hope will show the utter futility of one approach that is destined for limited success like many of its enterprise predecessors until it collapses under its own weight and complexity vs. the simple, lightweight alternatives that are providing value now, at much lower cost of ownership, and continue to grow their value proposition exponentially! This is just a stream of thought. You will notice that I am a firmly convinced proponent of REST and Web 2.0 approaches, though I still work in a world dominated by SOA web services and the never-ending standards explosion, so here I vent:

Let's start by abstracting and describing the basic problem model. First, let's divide the web world into two roles: Consumers and Produers. Next we'll divide this world into two perspective or approach camps: Simple and Complex. For each role, either perspective or a combination, may be used. This combination is happening on rare occassions, invariably though the complexity takes over.

Consumers and Producers

The web world is divided into producers and consumers, though these roles may be, and are often, dynamic and reversible, depending on the context, i.e., a producer may also consume and a consumer may produce information in a given interaction. For example, when one uses a search engine one enters search criteria which is consumed by the search engine, which produces results to the requester (the original consumer) who consumes the response.The search engine consumed the request however the search engine may use the original search request and subsequent selections to do more than simply create a search response, it is, in effect, consuming the request which will assist its production / servicing of future requests. By providing value to consumers, the service provider also receives value from those who consume its services.

Producers produce content or information that some consumers may want to consume. So producers need to decide what they want to produce and how to let potential consumers find and consume what they produce. Producers typically produce information with a goal that their information be consumed so they must find a way for potential consumers to consume the information they produce.

As a producer, or service provider, I need to let potential consumers find me, to learn about what information I produce and what I require in order to produce the information. For example, if a producer offers to provide a stock quote, it should tell potential consumers that fact, as well as what consumers must do to get a quote and what that quote response will look like in form, content... Provide a valid stock symbol perhaps, a currency and maybe a stock exchange? What are the defaults and acceptable values? Does the Consumer get back a dollar amount? Are these delayed or real-time quotes? Are there charges or disclaimers, etc....

Consumers need to be able to find producers that produce the information that they are interested in consuming, understand the requirements for consuming a producer service, expectations and the terms and conditions of use, etc. and the format(s) for the request and response supported, required and offered by the producer.

So far this is simple, there are plenty of web sites that provide static and/or dynamic content, aggregator web sites, web services that provide content / information and mashups that combine and consume the products of multiple producers to provide a new whole...then the complexity can start in, if one is so disposed to allow it.

Sometimes the interactions between consumers and producers have formal definitions, possibly one or more alternatives. For example, a producer may provide a URI to which one may simply send an HTTP GET, or have a description that describes how to format an HTTP POST request or maybe it is an RSS or ATOM feed at this URI, maybe its more formalized....you may have a set of parameters and values, or an XML document described by XSD and/or where you need to authenticate via HTTPS or maybe its a SOAP endpoint whose address is defined using a WS-Addressing endpoint reference, whose operations and requirements are described in WSDL, according to WS-RF or WS-Transfer or both via WS-Resource Transfer (are you with me on the growing complexity?!) with a formalized SLA defined by some other standards, with transactions defined by other standards, with parameters and formats defined by several schemas and namespaces and resources and .... and.... and...Whew!

Now, I'm all for consistency and clearly defined descriptions, definitions, formats, etc. but at some point all this complexity adds up: adds cost, reduces performance, increases error potential, becomes more difficult to use, etc. all of which overshadows the whole reason why a consumer may have wanted to consume the producer's product in the first place....to get something of value done. That value may be profit, learning, etc., but it is useful work. If I have to put a dollar in and my ROI is twenty cents, why would I do that? That's like making charitable contributions to the Red Cross where much of what you donate goes to pay top executives, not to the people who actually need it, you know the one's you're making the donation to help!

So, why work so hard and get back less value than you put in? If you go down the standards-based SOA web service path...well, there you are and there goes your ROI!

If you want more consumers to consume your produced products, you need to provide access as easily and cheaply as possible... so that it is consumable by more consumers. it goes without saying that your information product must be accurate, correct, precise and valid! If your producer is not easy to use then someone else will provide a product that is better, cheaper, faster and/or easier and get used by more consumers....if a consumer needs a CS PhD to use your producer, to consume your content, well there are fewer CS PhD's out there than entrepreneurs, high school students, Moms, Dads, Little League teams, and small businesses and other types of information consumers...you need to make it easier for anyone/everyone...so 3 simple rules

Rule #1: Simple is Better than Comlex. Always.
Rule #2: Simple does not imply less rigor, just less work i.e., work smarter not harder.
Rule #3: If its getting more difficult or complex you are probably doing something wrong (or you have a CS degree and just can't help yourself. I have a CS degree and I often need to remind myself of these rules!)

Perspectives: Simplicity vs. Complexity

Survey the Web. Look at all the most successful information producer / consumer / mashups out there and see what they are using, what their technologies are, where the information they consume comes from and the form of the produced/consumed information. Now, look at what enterprise IT shops are doing, just do a search on jobs for “web services, SOA, architect, enterprise” or look at IT job posting for the Fortune 1000 companies...better yet go read some specs at oasis now put these specs to good use in a simple, easy to use (produce/consume) solution.

What you will find are the two basic camp mentioned before, that I call: 1) the simplicity camp and 2) the complexity camp.

First, I'll describe the complexity camp: Many in the complexity camp work in enterpriise IT. The complexity camp is exemplified by / are big companies with big IT budgets and staff that do much processing over the Web, both internally within their organization and externally with customers, partners and suppliers. They have a lot of legacy systems made up of all those prior technology efforts that linger on, seemingly forever...there is never time to do more than keep them on life support so they in turn continue to provide a source of complexity that grows over time. The complexity camp likes standards. It likes standards so much, that it wants lots of 'em. Closed, old, new, contradictory, overlapping, vague, constrainging and open standards. All these standards then require complex products that are used to create solutions using all these myriad standards. Many of these standards have alternatives from other standards bodies that do some of the same and some different things, so you need people on staff to help you navigate all the different standards, their status and their future direction and to provide coordination of all these standards, etc. Once you have that figured out, you'll need to add your own corporate, division and area standards and interpretations, maybe some SixSigma or other fifth element processes and procedures, and of course more staff to oversee this too. Next, you'll need to have some heavyweight tools to develop solutions using all these standards too. Yes, there are some open source tools and technologies you can use, but to be most efficient you'll probably need to buy some commercial tools too, and these will cost you time and money, maybe small money, maybe big money...it all depends...on what you want to do, and how, and why and how frequently, and other factors. Then of course, you'll need weeks of education to learn how to use those tools. Finally, you are prepared to develop your customer solution. What were those requirements again? So the complexity camp is often found in traditional, enterprise IT staffed with the alchemists of the BS in CS variety where: Complexity is enterprise IT's rationale of existence; just business as usual.

Ask any CEO or business executive if they would be interested in reducing the overhead, costs, size, etc. and/or improve the responsiveness, ROI and effectiveness of IT. Care to guess what their answer may be? And so many people in IT wonder why IT is being outsourced and off shored? Hello! Hello? Anybody home?

Like so many human organizations, that become self-fulfilling and self-sustaining, carrying on the work, form and vestiges of the past long after it ceases to be required... non-profits to cure incurable diseases, civil rights organizations that now advocate for preferential treatment rather than actual equality, etc., Not all, but many IT shops are like this too. Most enterprise CIO's and IT shops are like dinosaurs that haven't realized they are extinct! Case in point, what enterprise IT shop has had to deal with the growth rates and capaciaty expansion experienced by inventors / practitioners of Web 2.0 concepts such as Google, YouTube and MySpace? Few if any! Nor could their IT shops assimliate such growth / speed if they had to! They would collapse! Case Closed.

I make no attempt to hide where my sympathies are, just look at the reality of the Web today, who are the players, the movers, the shakers and the leaders? Web 2.0 companies! The Simplicity Camp is the only realistic, practical and pragmatic way to go if you want to provide viable solutions in a cost effective manner.

The Simplicity Camp

Tim O'Reily initially defined Web 2.0 and many others have adopted and expanded the concept, much is being written about it and more importantly, much is being done with it now, today!

Driven initially by constraints (money, time, other resources, etc.), the simplicity camp looked for alternative ways to approach the problem of web computing, doing more with less. Tried and true technologies of the Web such as HTTP, HTML then XML*, XHTML, etc., low/no cost such as open source software stacks such as LAMP, MAMP, SAMP or even WIMP, then more open source emerged that could assist the simplicity camp, simple more efficient technologies and approaches often based on the tried and true technologies of the Web: HTTP, URI, XML, Namespaces --> and a seminal dissertation by Roy Fielding ---> REST and with the advent of WEB 2.0 a new, more simple way was defined.

The emergence of complementary technologies such as RSS/Atom, Wiki's and AJAX, and producer services available from some big companies in a simple, consumable format i.e., one did not need to have a CS degree and arcane alchemic knowledge of SOA web services, i.e., SOAP, WSDL, UDDI, and more WS-* specs, standards in order to consume these offered services from Google, Amazon, Yahoo and many other well-known industry giants. In fact, more consumers consume information from producers using plain old HTTP GET/POST, REST and/or Web 2.0 than via the standards based, enterprise SOA Web Services. Recently, I heard Google was "sunsetting" = phasing out, its SOAP API for search in favor of an AJAX API (AJAX is a cornerstone Web 2.0 technology which has been so successful that commercial and open source vendors of web services based SOA products have added it to their products! Wonder what that really says?! )

While the standards morass around web services based SOA plods along meandering down its many political paths, the REST / Web 2.0 proponents are providing simple, elegant solutions that enable the web for all to consume, produce and more.

If you're in an entrprise IT department doing SOA and Web Services, and "Enterprise" and/or "Architect" is in your title, you need to have a look around outside your walled garden.

Which camp are you in?