Application Platform Strategies Blog

Blogger: Anne Thomas Manes

Back in January, shortly after MuleSource and WSO2 announced their RESTful registry products (Mule Galaxy and WSO2 Registry respectively), I issued a call to arms to the vendor community to define some standards that would enable information exchange. I'm glad to report that an effort is beginning. 

Glen Daniels from WSO2  raised the issue again in his blog last week, and Dan Diephouse from MuleSource picked up the baton and offered some basic scoping requirements. Glen responded the next day with some thoughts on open repositories and APP patterns, and Paul Fremantle from WSO2 set up a Google Code Project for it.  Michael Neale from Red Hat (core team member for JBoss Rules and Drools) has joined the project, too.

Blogger: Anne Thomas Manes

Way back in April 2005, Systinet (now a part of HP) announced the Governance Interoperability Framework (GIF), which proposed to define standard formats and practices to enable interoperability among SOA infrastructure ecosystem products (service platforms, mediation systems, and management systems) via UDDI. At the time Systinet recruited about a dozen SOA infrastructure vendors to participate in a partnership  to implement support for GIF in their products. Most of these vendors implemented at least some support for GIF by mid 2006. But the program remained a proprietary partnership. Other registry vendors (e.g., Infravio and SOA Software) were not invited to participate in the program. I was very disappointed with the closed nature of the effort, and I railed repeatedly on Systinet to publish the specs in a public forum.

Now, nearly three years later, HP has finally published the Governance Interoperability Framework Reference specification. I've only given it a quick glance, but it appears to provide enough information to enable other UDDI-compliant registry vendors/users to configure their systems to act as a GIF hub. It also provides enough information for other infrastructure vendors to use GIF to exchange service metadata, policy, and management information.

The publication is not quite as open as I'd like -- you must register with HP and forfeit private information to gain access to the document. But at least it does not require acceptance of a license agreement or signing any type of partnership agreement. And the Copyright Notice is quite benign:

Copyright Notice
Copyright © 2008 Hewlett-Packard Development Company, L.P.
DISCLAIMER OF WARRANTEES. USER ACKNOWLEDGES THAT THE SPECIFICATION MAY HAVE
ERRORS OR DEFECTS AND IS PROVIDED "AS IS." HEWLETT-PACKARD MAKES NO EXPRESS OR
IMPLIED WARRANTIES OF ANY KIND WITH RESPECT TO THE SPECIFICATION, AND
SPECIFICALLY DISCLAIM THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, EVEN IF THAT PURPOSE IS KNOWN TO HEWLETT-PACKARD.
LIMITATION OF LIABILITY. HEWLET-PACKARD SHALL NOT BE RESPONSIBLE FOR ANY LOSS TO ANY THIRDS PARTIES CAUSED BY USING THE SPECIFICATION IN ANY MANNER
WHATSOEVER. HEWLETT-PACKARD SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,
SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER BASED ON CONTRACT,
TORT OR ANY OTHER LEGAL THEORY, ARISING OUT OF ANY USE OF THE SPECIFICATION OR ANY PERFORMANCE OF HEWLETT-PACKARD RELATED TO THIS SPECIFICATION. USER FURTHER ACKNOWLEDGES THAT THE SPECIFICATION IS PROVIDED FOR EVALUATION PURPOSES ONLY, AND USER ASSUMES ALL RISKS ASSOCIATED WITH ITS USE.

GIF defines a model that supports information exchange based on UDDI (v2 or v3, but v3 is recommended to enable subscription capabilities), WS-PolicyAttachment, and WS-Management. It supports information exchange related to service management, policies (constraints, configuration, and capabilities), dependency relationships, consumers and providers, property information, and management metrics. All-in-all, quite a valuable document.

Blogger: Anne Thomas Manes

If you missed the Application Platform Strategies VantagePoint telebriefing this week, you can find a nice summary of the SOA-related aspects of it in this article by Rich Seeley.

Blogger: Anne Thomas Manes

Following closely on the heels of WSO2, MuleSource (the commercial entity behind Mule, the popular open source ESB) has released another RESTful open source registry/repository. This new product, called Galaxy, is a bit more feature complete and mature that the WSO2 repository.

Like the WSO2 repository, Galaxy treats each piece of information captured in the repository as an identified resource--i.e., a resource with a URI--which can be accessed and manipulated using the traditional HTTP verbs. The repository also supports remote access and notifications using the Atom Syndication Format (Atom) and the Atom Publishing Protocol (AtomPub).

Also like the WSO2 repository, Galaxy does not conform to the prevailing registry standard, UDDI, and therefore presents a bit of a challenge to organizations looking to use a registry to enable information exchange among heterogeneous SOA infrastructure components. Galaxy provides deep runtime integration with Mule and with the Apache CXF service platform, but connecting it with other ESBs and platforms (e.g., WebSphere, AquaLogic, Microsoft WCF) and with other management and mediation systems (e.g., XML gateways and SOA management systems) is left as an exercise for the implementor. REST makes that exercise relatively straight forward, but work is required.

At this point, three vendors provide fully RESTful repositories: MuleSource, WSO2, and HP Systinet. The IBM WSRR product also supports RESTful access to some of the entities in its repository. HP and IBM both support automatic synchronization between their repositories and a UDDI registry. The folks at MuleSource tell me that a similar synchronization feature is potentially on their roadmap, depending on customer demand.

Unfortunately, all four RESTful repositories use proprietary data models. It would be very helpful if these vendors got together to try and bang out some standards.

Blogger: Anne Thomas Manes

Open source SOA infrastructure vendor, WSO2, released a 0.1 version of a new open source RESTful SOA registry and repository. Paul Fremantle, WSO2's VP of Technical Sales, described the impetus and rational of this registry in a recent blog post.

Unlike UDDI-based registries, the WSO2 Registry treats each piece of information captured in the registry as an identified resource--i.e., a resource with a URI--which can be accessed and manipulated using the traditional HTTP verbs. The registry also supports remote access and notifications using the Atom Syndication Format (Atom) and the Atom Publishing Protocol (AtomPub).

The basic idea behind a REST registry and repository is a good one. It's simple, lightweight, easily accessible, and searchable. The major concern I have is that runtime systems typically need a bit more structure to enable information exchange among heterogeneous SOA infrastructure components. At the very least, we need a standard (but extensible) data model that specifies what type of information can be obtained from the registry, what the format of each type is, and the required or optional relationships that exist among registry entities. Without a standard data model, this registry will be just another vendor-specific proprietary registry.

The OASIS UDDI-spec technical committee has been talking about closing its doors, so no additional standardization effort is likely come from that quarter. If anyone is going to develop a RESTful registry/repository standard, it will be a brand new effort, and that's likely to take 5+ years to produce a standard.

Blogger: Lyn Robison

I've been doing some thinking about our clients' mixed success in implementing Enterprise Architecture programs. Some companies do EA well, some are not doing it well, and a few have given up and are no longer doing EA at all.

The reality is that it is EA is compulsory for large enterprises. EA is a vital IT function, but is hard to do.

There is a cost to not doing EA, or not doing EA right. Every large enterprise that has an ineffective EA program and every large enterprise that says, "Oh well, EA doesn't work so we aren't going to do it" pays a significant cost for that dysfunction.

Relative to their competitors, companies that make EA work:

• Have higher profitability
• Experience a faster time to market for products
• Get more value from their IT investments
• Have better access to shared customer data
• Have lower risk of mission-critical systems failures
• Have higher senior management satisfaction with IT
• Have lower IT costs

Companies that don't do EA or that can't make EA work:

• Fritter away their technology investments on local projects that don’t support the enterprise’s objectives
• Try to cut waste from their IT budgets but cannot figure out how to increase the value they get from IT

(The source for this information is a survey conducted by the authors of a book from the Harvard Business School Press.)

EA is hard to do, but finding ways to make it work is vital. I have been advising our clients to make sure their EA program is doing more than merely producing artifacts that will end up in a binder on a shelf somewhere. An EA program needs to be spearheading enterprise-wide IT initiatives, such as application portfolio management, SOA governance, and identity management, that provide demonstrable value to the enterprise. Those enterprise-wide IT initiatives (on which you can find an abundance of guidance from Burton Group) should be leading the enterprise to the desired future state.