Application Platform Strategies Blog

Blogger: Anne Thomas Manes

Back in January, shortly after MuleSource and WSO2 announced their RESTful registry products (Mule Galaxy and WSO2 Registry respectively), I issued a call to arms to the vendor community to define some standards that would enable information exchange. I'm glad to report that an effort is beginning. 

Glen Daniels from WSO2  raised the issue again in his blog last week, and Dan Diephouse from MuleSource picked up the baton and offered some basic scoping requirements. Glen responded the next day with some thoughts on open repositories and APP patterns, and Paul Fremantle from WSO2 set up a Google Code Project for it.  Michael Neale from Red Hat (core team member for JBoss Rules and Drools) has joined the project, too.

Blogger: Anne Thomas Manes

Way back in April 2005, Systinet (now a part of HP) announced the Governance Interoperability Framework (GIF), which proposed to define standard formats and practices to enable interoperability among SOA infrastructure ecosystem products (service platforms, mediation systems, and management systems) via UDDI. At the time Systinet recruited about a dozen SOA infrastructure vendors to participate in a partnership  to implement support for GIF in their products. Most of these vendors implemented at least some support for GIF by mid 2006. But the program remained a proprietary partnership. Other registry vendors (e.g., Infravio and SOA Software) were not invited to participate in the program. I was very disappointed with the closed nature of the effort, and I railed repeatedly on Systinet to publish the specs in a public forum.

Now, nearly three years later, HP has finally published the Governance Interoperability Framework Reference specification. I've only given it a quick glance, but it appears to provide enough information to enable other UDDI-compliant registry vendors/users to configure their systems to act as a GIF hub. It also provides enough information for other infrastructure vendors to use GIF to exchange service metadata, policy, and management information.

The publication is not quite as open as I'd like -- you must register with HP and forfeit private information to gain access to the document. But at least it does not require acceptance of a license agreement or signing any type of partnership agreement. And the Copyright Notice is quite benign:

Copyright Notice
Copyright © 2008 Hewlett-Packard Development Company, L.P.
DISCLAIMER OF WARRANTEES. USER ACKNOWLEDGES THAT THE SPECIFICATION MAY HAVE
ERRORS OR DEFECTS AND IS PROVIDED "AS IS." HEWLETT-PACKARD MAKES NO EXPRESS OR
IMPLIED WARRANTIES OF ANY KIND WITH RESPECT TO THE SPECIFICATION, AND
SPECIFICALLY DISCLAIM THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, EVEN IF THAT PURPOSE IS KNOWN TO HEWLETT-PACKARD.
LIMITATION OF LIABILITY. HEWLET-PACKARD SHALL NOT BE RESPONSIBLE FOR ANY LOSS TO ANY THIRDS PARTIES CAUSED BY USING THE SPECIFICATION IN ANY MANNER
WHATSOEVER. HEWLETT-PACKARD SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,
SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER BASED ON CONTRACT,
TORT OR ANY OTHER LEGAL THEORY, ARISING OUT OF ANY USE OF THE SPECIFICATION OR ANY PERFORMANCE OF HEWLETT-PACKARD RELATED TO THIS SPECIFICATION. USER FURTHER ACKNOWLEDGES THAT THE SPECIFICATION IS PROVIDED FOR EVALUATION PURPOSES ONLY, AND USER ASSUMES ALL RISKS ASSOCIATED WITH ITS USE.

GIF defines a model that supports information exchange based on UDDI (v2 or v3, but v3 is recommended to enable subscription capabilities), WS-PolicyAttachment, and WS-Management. It supports information exchange related to service management, policies (constraints, configuration, and capabilities), dependency relationships, consumers and providers, property information, and management metrics. All-in-all, quite a valuable document.

Blogger: Anne Thomas Manes

Open source SOA infrastructure vendor, WSO2, released a 0.1 version of a new open source RESTful SOA registry and repository. Paul Fremantle, WSO2's VP of Technical Sales, described the impetus and rational of this registry in a recent blog post.

Unlike UDDI-based registries, the WSO2 Registry treats each piece of information captured in the registry as an identified resource--i.e., a resource with a URI--which can be accessed and manipulated using the traditional HTTP verbs. The registry also supports remote access and notifications using the Atom Syndication Format (Atom) and the Atom Publishing Protocol (AtomPub).

The basic idea behind a REST registry and repository is a good one. It's simple, lightweight, easily accessible, and searchable. The major concern I have is that runtime systems typically need a bit more structure to enable information exchange among heterogeneous SOA infrastructure components. At the very least, we need a standard (but extensible) data model that specifies what type of information can be obtained from the registry, what the format of each type is, and the required or optional relationships that exist among registry entities. Without a standard data model, this registry will be just another vendor-specific proprietary registry.

The OASIS UDDI-spec technical committee has been talking about closing its doors, so no additional standardization effort is likely come from that quarter. If anyone is going to develop a RESTful registry/repository standard, it will be a brand new effort, and that's likely to take 5+ years to produce a standard.

Blogger: Anne Thomas Manes

It appears that the "IBM vs UDDI" story is still getting some air play. Joe McKendrick, in the ZDNet SOA blog, writes, "IBM acknowledges bypassing UDDI; calls for new SOA registry standard".

According to Joe, IBM representatives say that UDDI was originally designed only to support the needs for web services discovery (not true), and that modern SOA efforts are not limited to web services. Specifically, they say that UDDI does not support role-based access control to service information, lifecycle management, and comprehensive search. Therefore the industry needs a new registry standard.

I especially love the last sentence in Joe's blog:

"The IBM reps quoted in the article could not predict what a new registry standard would or should look like, but said vendors should take their time in sorting things out."

Brilliant move on IBM's part!

Disrupt the market with FUD for the next 5 years while IBM produces a new standard that just so happens to correspond exactly with WSRR.  (It's a bit reminiscent of SCA and IBM WebSphere Process Server, actually.)

HP/Systinet, SOA Software, Software AG, and webMethods/Infravio have managed to implement very reasonable SOA governance solutions based on UDDI. Yes -- they extended UDDI, but the products are still UDDI-compliant, and they enable standards-based information exchange. And they do in fact support role-based access control to service information, lifecycle management, and comprehensive search.

I can only assume that IBM supports standards only when it's convenient for them to do so.

Blogger: Anne Thomas Manes

My recent product profile on IBM WebSphere Service Registry and Repository (WSRR) is attracting a lot of attention. Burton Group APS clients can download the article from here. For non-clients, TechTarget provides an excellent summary of the article here

I characterize WSRR as a platform-specific registry and repository. A registry enables information exchange among runtime systems, while a repository manages information and provides governance capabilities such as lifecycle and policy management. I must applaud IBM for the repository features of the product, but I want to slap them for spurning UDDI.

While the industry has never adopted a standard for repositories, the same is not true for registries. UDDI defines a widely adopted standard registry protocol that enables diverse runtime systems to share information. Runtime infrastructure products that rely on UDDI to enable information exchange include all web services management products (e.g., AmberPoint, Actional, SOA Software, webMethods Infravio X-Broker, Oracle Web Services Manager, HP SOA Manager, and CA WSDM), all XML gateways (e.g., Cisco Reactivity, Forum Systems, IBM DataPower, Layer 7, and Vordel), and quite a few ESBs (e.g., BEA AquaLogic, Oracle ESB, Software AG crossvision, Sonic ESB, Tibco BusinessWorks, etc.). Most development tools (e.g., Visual Studio, Eclipse, NetBeans, IntelliJ, etc) include wizards that use UDDI to query a registry.

But WSRR does not support the UDDI protocol. Instead it exposes a proprietary protocol (via Java/SDO and SOAP). Runtime infrastructure products that support the WSRR protocol include IBM WebSphere ESB, IBM WebSphere Process Server, IBM WebSphere Message Broker, IBM DataPower appliances, and IBM Tivoli Composite Application Manager (ITCAM) for SOA. Notice the abundance of IBM products and the absence of third-party vendor products in that list. IBM has developed a plug-in for Eclipse and Rational that enables these tools to query the registry/repository. No other tools can interface with WSRR.

The soon-to-be released WSRR v6.0.2 (available May 25) will include a UDDI synchronization framework, which will enable reasonable coexistence between WSRR and a separate UDDI registry. IBM even includes a separate UDDI registry with the product. But I don’t think this makes up for the fact that WSRR does not directly support the UDDI protocol or for the fact that IBM has chosen to implement support for WSRR’s proprietary registry protocol rather than UDDI in its plethora of runtime products. This is clearly a proprietary platform strategy.

IBM—supposedly a great proponent of standards—is proving its true colors.

Bottom line: WSRR will appeal to organizations that exclusively use IBM SOA infrastructure, but it is inappropriate for organizations that use a heterogeneous environment.