Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Services

Posted by ryuzaki0 on from the wave-of-the-future dept.

Erik Sliman writes "Why are all the IT companies suddenly interested in open standards with web services? An OpenStandards.net article explores the issues surrounding the somewhat vague term."

21 of 222 comments (clear)

  1. It's Like Most Bandwagons... by telstar · · Score: 4, Insightful

    Those that lead have the most to gain, and those that follow stand to lose the most if they don't jump on board...
    The success or failure of the actual concept is secondary to how soon they joined the party.

  2. Becuase of Stupidity of course by Telastyn · · Score: 4, Interesting

    It's becoming more and more common that the "Internet" is just Internet Explorer to most people. So some smart fellow thinks it'd be a grand idea if services could be served this way, to appease the lowest common denominator. PHB's get ahold of it, and wham! off it goes to the media, and in 2-3 years everyone (hopefully) realises what a bad idea it was.

    If you want a unified 'client' for all services, make one, don't kludge everything onto http. Please...

    1. Re:Becuase of Stupidity of course by smagoun · · Score: 5, Insightful

      OTOH, HTTP is pervasive. So are HTTP clients. It's the "write once, run anywhere" model that Sun's been pushing with Java for so many years. You run the app in one place (on your server), and it's accessible to anyone with a computer and a modem. It even works on PDAs, phones, etc with a minimum of effort. I'll be the first to agree that HTTP isn't the best way of doing things for most apps, but the industry has never been about "best". It's about "good enough" and market penetration.

      Designing your own protocol takes time, and implementing it for each OS/hardware combo out there takes even more time. Why bother to do that, when you can leverage a protocol (HTTP) and client software (browsers) that are already everywhere?

      From management's point of view, web services are a no-brainer....

    2. Re:Becuase of Stupidity of course by ethereal · · Score: 5, Insightful

      So, you think you know security, but anything that's tunneled through HTTP/HTTPS is OK with you? You really don't understand security.

      SOAP et al are a mistaken implementation for exactly that reason, in a typical Microsoft fashion: by running everything over HTTP, we can get things working quickly without wondering whether they are secure. Later on, there will be a ton of SOAP security holes and information leaks, but we won't be able to plug the hole properly since we can't cut off HTTP without strangling our businesses. I love innovation without cogitation.

      An absolute godsend to good firewall administrators would be to have specific services on specific ports so that you could easily audit the use of such services separately and have a better handle on what's going in and out of your 'net. You could, for example, inspect SOAP packets for a particular service without having to slow down all traffic through your HTTP proxy. But since you're a lazy bastard, I bet you don't care :)

      --

      Your right to not believe: Americans United for Separation of Church and

  3. How could they not be? by FurryFeet · · Score: 5, Insightful

    In today's world, connectivity is key. You pick up a phone and expect to be able to call any other phone on earth (granted, it may be expensive or hard, but it is possible), no matter if it's in another country, company, if it's a celular or a satelite phone.
    That expectation moves to the Net. If you're going to hire net services, you expect to have a unified system that will allow you to do anything with one interfase, one bill, from anywhere.
    Now, I can only see two posibilities for that to happen. One is Microsoft, but fortunately I see a trend where less companies are willing to empower the BMFH (Bastard Monopoly From Hell). The other is open standards.
    And yes, this is a Good Thing (TM).

  4. That's what happening by wiredog · · Score: 3, Interesting
    Well, sort of. The PHB's are realizing that web browsers aren't the best way to do web services/web applications and are looking for a better one.

    The problem is that everyone has a web browser. Anything that aims to replace it has to get high distribution at low cost. You want all your customers to have whatever client you use. And it has to be based on a standard so that even if the customers client isn't exactly what you have, it's close enough.

    And this is in a world where it can be difficult to get IE and Mozilla to play nicely together.

    --

    Best Slashdot Co
  5. Simply put... by gUmbi · · Score: 3, Informative

    Simply put, Web services is SOAP and UDDI. SOAP is like RPC, UDDI is like LDAP. There is nothing really new here.

    The reason it is becoming popular is:
    A) it uses XML for procedure calls and it has a big-fat standard for type-mapping so it's not tied to a specific language or language-binding.
    B) It can piggy-back on HTTP so it works through firewalls.

    Web Services may have some issues when network/security administrators figure out people will be using RPC through the firewall.

    Jason.

  6. Nobody knew what CORBA was for until the web by mmacdona86 · · Score: 5, Insightful

    Not companies routinely make information available to the Internet, and routinely make use of information that other companies provide. Unfortunately, lots of times this is more difficult than necessary since all the information is formatted in pretty web pages for people to see.

    Web services just means that you are providing the same data in a format for other companies' programs to use. This is an excellent idea, particularly when you can charge for providing the data.

    This was always the idea behind CORBA, but I think people didn't get it because since both ends of the communication were to be programs, it was too abstract. Now that people do these kinds of information exchanges everyday with web servers and browsers, it's much clearer what the point was all along.

    Web services takes the CORBA idea and adds the web momentum. You leverage the communication infrastructure built for the web. SOAP is a hell of a lot less efficient than IIOP, though.

  7. They're not by Anonymous+Brave+Guy · · Score: 3, Insightful
    Why are all the IT companies suddenly interested in open standards with web services?

    They're not. The only people actually interested in "Web Services" are those who make large-scale business apps, those who are in niches where the technology might help, and those who thrive on marketing buzzwords. The remaining 90% or so of the IT world frankly couldn't give a funny line.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  8. CORBA is too heavy & EJB is too RMI/IIOP depen by sleight · · Score: 5, Insightful

    Before I begin, I want to make clear that I'm an XML skeptic. To me, XML is nothing more than formatted text -- utterly devoid of value until two or more parties agree on a shared vocabulary (in the form of a DTD or Schema).

    To be simple, CORBA is too entirely too complex. Until recently, even Orbix's (the lead vendor of the pack) offerings have been extremely "flexible" with their degree of compliance to the CORBA spec; Orbix 2.x had CORBA 1.x and 2.x features side by side without any clear delineation of which feature was compliant with which spec.

    EJB is respectable if you're a CORBA or RMI shop.

    Now, let's be realistic. HTTP is already there. It works. Sure, it's not stateful but, historically, people have been kluging statefulness in using cookies for years. XML isn't necessarily ideal but, if you want to be programming language indepent then you have to choose some sort of format. Why not formatted plain text? Sure, it's a little wasteful on the bandwidth but it's flexable.

    To the above mix, we just add UDDI in place of a JNDI or CosNaming and away you go.

    Sounds nice in principle but I have yet to see it in practice. ;)

  9. Microsoft blames hype for .net woes by terrymr · · Score: 3, Interesting

    Microsoft is blaming industry hype for the general lack of consumer interest in .net services. Their decision to delay the launch of My Services was apparently because of some kind of consumer backlash against over-hyped web services. read the register article

  10. Shameless Self-Promotion by cybermage · · Score: 5, Interesting

    Hey Erik, nice ad:

    Organization:
    Joshua Branch
    Erik Sliman
    1449 Larchmont Ave., Dn
    Lakewood, OH 44107
    US
    Phone: 216 228-7361
    Email: erik(at)joshuabranch.org

    Registrar Name: Register.com
    Registrar Whois: whois.register.com
    Registrar Homepage: http://www.register.com

    Domain Name: OPENSTANDARDS.NET

    Created on: Fri, Dec 17, 1999
    Expires on: Sun, Dec 17, 2006
    Record last updated on: Wed, Mar 06, 2002

    Administrative Contact:
    Joshua Branch
    Erik Sliman
    1449 Larchmont Ave., Dn
    Lakewood, OH 44107
    US
    Phone: 216 228-7361
    Email: erik(at)joshuabranch.org

    Technical Contact, Zone Contact:
    Register.Com
    Domain Registrar
    575 8th Avenue - 11th Floor
    New York, NY 10018
    US
    Phone: 902-749-2701
    Fax: 902-749-5429
    Email: domain-registrar(at)register.com

    Domain servers in listed order:

    DNS13.REGISTER.COM 209.67.50.208
    DNS14.REGISTER.COM 209.67.50.209

    --
    Some people have a way with words, and some people, um, thingy.
    1. Re:Shameless Self-Promotion by cybermage · · Score: 3, Interesting

      Why do a WHOIS? Erik's name is on the byline.

      OpenStandards was /.ed at the time. Also, I think there's are degrees of shamelessness. It's one thing to submit a story you've found someplace and think others might like. It's a bit shameless to submit a story about an article you wrote that another site posted. It's the epitamy of shameless to submit a story you wrote that is posted on a site you own.

      I posted the whois information so that everyone could see just how little research /. needed to do to know that the submitted story was just an Ad.

      --
      Some people have a way with words, and some people, um, thingy.
  11. Re:Marketing Hype = More $$$ by rylos · · Score: 4, Interesting

    I agree that the hype is heavy for Web Services. However, I do see benefits for using Web Services.

    Making Web Services work in a useful way sometimes takes some creativity. Take Google as an example. With the recent release of the Google API, I was able to use PHP and SOAP to access their search results. One of the methods offered through the service is spell checking. By integrating this spell checking with my company's internal search engine, I now have the ability to make search term suggestions to users. This functionality would be very difficult to provide if it had to be created from scratch.

    Web Services will NOT work for all things and in all situations, but they WILL work for some things and in some situations. Creativity is the key.

  12. SOAP != HTTP (necessarily) by oops · · Score: 3, Informative

    There's a common assumption that SOAP is only transported via HTTP.

    From the Apache SOAP faq

    The writers of the SOAP 1.1 protocol [http://www.w3.org/TR/SOAP/] note that: 'SOAP can potentially be used in combination with a variety of other protocols; however, the only bindings defined in this document describe how to use SOAP in combination with HTTP and HTTP Extension Framework'.

    eg. you can transport SOAP via SMTP.

  13. It WILL happen by Ars-Fartsica · · Score: 4, Insightful
    The web will at some point be home to more metadata than html. The web at some point will traffic more bots and agents than documents.

    Its silly to presume the web will remain only as a document archive with rudimentary data exchange facilities.

    This is the first step to really exposing APIs over the network in a truly heterogenous fashion. It will take time, there will be major failures, and there will be a lot of hype, but it will happen.

  14. Re:Web Services is Hype by Ars-Fartsica · · Score: 4, Insightful
    It doesn't offer anything new that couldn't be done with rpc.

    No one is claiming that it isn't rpc, but it is an agreed-upon open standard for rpc across public networks using simple transport protocols. No one else is doing this, and CORBA is web services so don't offer that up as a reply.

  15. FYI: SOAP is not transport/port specific by e2d2 · · Score: 3, Informative

    FYI: SOAP can be used on ports other than just 80 and used by transport protocols other than HTTP/HTTPS such as SMTP, FTP, Jabber, and BEEP:

    http://www.pocketsoap.com/specs/smtpbinding/
    ht tp://beepcore.org/beepcore/beep-soap.jsp
    http://x ml.apache.org/axis/
    http://mailman.jabber.org/pip ermail/rpc-jig/2001-O ctober/000016.html

    Just a few links but you can search www.google.com and get an idea of what SOAP really entails.

  16. Re:Web Services = Inherently Insecure by Dasein · · Score: 3, Insightful

    I'm tired of this crap. Let's put the shoe on the other foot. If you were going to accomplish the same task (letting customers access an API publish by your company) how would you do it?

    Here are the choices as I see it:

    1) Use CORBA. You have to bust a whole in the firewall. I don't know about you, but I would much rather trust an HTTP server than most CORBA Orbs I've seen. Grab the source to one and start poking. Look at the marshalling code in particular. There's also no provision for encryption in the IIOP standards, big problems for any NAT equipment, the list just goes on and on.

    2) Use DCOM -- Yech

    3) Use a custom protocol. Sorry but most programmers mess up network programming pretty bad not gonna trust this one.

    4) Use EDI -- if you are seriously considering this one, get out a baseball bat, bash youself in the head, rinse, lather, repeat until it's all better.

    5) Build a private network. This is expensive and troublesome. Using HTTPS with authentication is probably a better solutions.

    This crap about web services being inherently insecure is usually based on running web services over port 80 or 443. If you really want to, you can run it over any port you like. HTTP communication endpoints are specified using essentially URLs, so http://www.example.org:8325/myservice. Uses port 8325. Now you can firewall all you want.

    Other people think that web servers are getting exploited all the time so you shouldn't use them. IIS aside, most of the popular web servers have become more secure as a result of the attacks. I don't know of a single ORB or custom protocol implementation that's withstood the trypes of attacks that web servers have. So I feel more comfortable putting something out there that's been battle tested.

    I think I've covered most of the options. If you have others that you think are better, I'm certainly open to hearing them. Just remember, not letting users have access to the APIs is not an option.

    --
    You are not a beautiful or unique snowflake -- but you could be if you got off your ass.
  17. stupidest argument ever by mikemulvaney · · Score: 3, Informative

    You don't have to run SOAP services on port 80. If you need to protect them with a firewall, then you should probably run them on some other port.

    SOAP isn't any different from CGI. I'm posting this message in a web browser, and it is going to port 80. The horror! If slashdot ran a SOAP service, you could write other clients to do the same thing. Instead of posting to 'postcomment.pl?subject=stupidest+argument+ever&co ntent=...' or whatever, it would encode that stuff in XML and send it to a SOAP proxy.

    That's all SOAP is. You can just relax about the use of HTTP. I don't understand why people see something like this, and immediately react with hysterics.

    -Mike

  18. Congratulations by CoreyG · · Score: 3, Informative

    Your understanding of XML, "...XML is nothing more than formatted text -- utterly devoid of value until two or more parties agree on a shared vocabulary (in the form of a DTD or Schema" is exactly what XML is defined to be. See? Point #2 is probably the most appropriate here.