Monday, January 25, 2010

Define the standards FIRST

One of the bits that often surprises, no infact not suprises it stuns me, is the amazing way that people don't define the standards they are going to use for their project, programme or SOA effort right at the start. This means the business, requirements and technical standards.

Starting with the business architecture that means picking your approach to defining the business services. Now you could use my approach or something else but what ever you do it needs to be consistent across the project and across the enterprise if you are doing a broader transformation programme.

On requirements its about structuring those requirements against the business architecture and having a consistent way of matching the requirements against the services and capabilities so you don't get duplication.

These elements are about people processes and documentation and they really aren't hard to set up and its very important that you do this so your documentation is in a consistent format that flows through to delivery and operations.

The final area are the technical standards and this is the area where there really is the least excuse. Saying "but its REST" and claiming that everything will be dynamic is a cop-out and it really just means you are lazy. So in the REST world what you need to do is
  1. Agree how you are going to publish the specifications to the resources, how will you say what a "GET" does and what a "POST" does
  2. Create some exemplar "services"/resources with the level of documentation required for people to use them
  3. Agree a process around Mocking/Proxying to enable people to test and verifying their solutions without waiting for the final solution
  4. Agree the test process against the resources and how you will verify that they meet the fixed requirements of the system at that point in time
This last one is important. Some muppet tried to tell me last year that as it was REST that the resource was correct as it was in itself it was the specification of what it should do and the test harnesses should dynamically discover only what the REST implementation already did. This was muppetry of the highest order and after forcing the individual to ingest a copy of the business requirements document we agreed that the current solution didn't match the business requirements no matter how dynamically it failed to do so.

So with REST there are things that you have to do as a project and programme and they take time and experience and you might get them wrong and need them updating. If you've chosen to go Web Services however and you haven't documented your standards then to be frank you really shouldn't be working in IT.

So in Web Service world it really is easy. First off do you want to play safe and solid or do you need lots of call-backs in your Web Services. If you are willing to cope without callbacks then you start off with the easy ones
  1. WS-I Basic Profile 1.1
  2. WSDL 1.1
  3. SOAP 1.1
Now if you want call-backs its into WSDL 2.0 and there are technical advantages to that but you can get hit by some really gnarly XML marshalling and header clashes that exist when going between non-WS-I compliant platforms. You could choose to define your own local version of WS-I compliance based around WSDL 2.0 but most of the time you are better off investing in some decent design and simple approaches like having standard matched schemas for certain process elements and passing the calling service name which can then be resolved via a registry to determine the right call-back service.

Next up you need to decide if you are going WS-* and if so what do you want
  1. WS-Security - which version, which spec
  2. WS-RM - which version, which spec
  3. WS-TX - your kidding right?
For each of these elements it is really important to say which specification you are going to use as some products claim they support a specification but either support an old version or, more impressively, support a version of the standard from before it was even submitted to a standards organisation.

The other pieces is to agree on your standard transport mechanism being HTTP. Seriously its 2010 and its about time that people stopped muttering "performance" and proposing an alternative solution of messaging. If you have real performance issues then go tailored and go binary but 99.999% of the time this would be pointless and you are better off using HTTP/S.

You can define all of these standards before you start a programme and on the technical side there really is little excuse in the REST world and zero excuse in the WS-* world not to do this.

Technorati Tags: ,


Mark Little said...

Good article, but you really need to get over your hangups on WS-TX my friend ;-) Show me another way that we can achieve interoperability with heterogeneous transaction system and you may have a point. And yes, it is something we get asked for a lot.

Steve Jones said...

I know lots of people ASK for distributed transactions but the question is whether they should do. I've had situations where people have asked for that and then we've designed around it giving better performance and reliability and decreasing the logical and transactional coupling.

Partha Sengupta said...

Should we leave the topic of WS-SecurityPolicy at the this stage?