Saturday, 25 August 2007

QoS requirements for web services development project

Many a times a question comes up about which Quality-of-Service (QoS) requirements should be gathered for web services development project. Let me share my answer to this question.

QoS requirements are not so much different from the non-functional requirements that we gather for any typical software development project. Let me list them down with some explanation:
  • Availability in terms of probability of service being available
  • Accessibility in terms of probability of success in accessing the service
  • Performance in terms of throughput (number of successful service requests made per given time period) and latency (aka response time)
  • Reliability in terms of failures per give time period
  • Security (this requires a detailed explanation as given below)
Security Requirements come as a top requirement for web services. I
have come across many people who believe that web services are
inherently insecure. It's far from true! With a release of WS-Security
specification from OASIS and subsequently release of Basic Security
Profile from WS-I should help eradicate this wrong perception. Now, gathering security requirements for web services is a tricky job. Everybody wants to have web services to be
as much secure as possible and no less. But then there are trade-offs
to be considered with other QoS requirements, particularly the
performance requirements. So it makes sense to ask for only essential
security requirements. Further the security requirements for web
services should be broken down into the following:

  • Authentication
  • Authorization
  • Message Integrity
  • Non-repudiation

A note should be made that all security requirements except
non-repudiation requirements can be met by using the WS-Security
specifications. If there are non-repudiation requirements then a
non-standard way will need to be adopted.

A good news is that service development per se need not take into account these QoS requirements. These QoS requirements can very well be externalized and can be handled independent of service implementation. However, if there are some very peculiar or critical QoS requirements then the high-level design of the service implementation needs to get influenced.

Any comments?

When to use REST and when to use SOAP

There are so many pages and blogs on REST vs SOAP that a person like me who wants to know which one to use where, simply gets confused. These blogs and pages talk more about pros and cons of REST and/or SOAP, while I believe every such thing has a place in a particular scenario. In other words, REST will be applicable (please note I am not saying better!) in some cases, while SOAP will be applicable in some other cases. Fortunately, I found this article by Sameer Tyagi, which gives good advice on when to use REST and when to use SOAP. Let me quickly outline my understanding of Sameer's article in this blog.

A RESTful design may be appropriate when
  • Completely stateless web services are needed.
  • A caching infrastructure can be leveraged.
  • The requirement is for point-to-point integration. This means both service consumer and provider have mutual understanding of the context and content being passed.
  • Limited bandwidth exists between service consumer and provider; e.g. having mobile device as a consumer.
  • Front-end technologies such as AJAX and DWR are being used.
A SOAP-based design may be appropriate when
  • A formal contract is needed for a service (to be provided as WSDL).
  • Complex non-functional (aka QoS) requirements are present and need to be handled in a standardized way.
  • Requirements for asynchronous service invocation are present.
Now this kind of information comes handy when a solution is to be proposed for a particular case.

Friday, 24 August 2007

A simple methodology for making build vs buy decision

Today while I was on web site of Elastic Path Software, I happened to read one of their white papers titled, Build versus Buy in Four Easy Steps. Initially I thought this must be another way to say that buying Elastic Path E-commerce Platform is the best decision to make! Yes, the white paper does have a sales pitch but still it makes a good read due to the methodology that they have described for making build versus buy decision.

The four easy steps of this simple methodology are as follows:

1. Pick up three criteria, each for buy and build options from a compiled list of criteria.
2. Put them vertically and horizontally on a three-by-three matrix. Then write the most compelling option in each cell by comparing intersecting criteria. In a group, each one has to do this exercise independently.
3. Count the number of buy and build options and that could give a good indication of your base decision. For a group, an average of counts would be needed.
4. Check out whether this decision makes sense to you. If not, then perhaps you have missed an important criteria or you have got single overriding criteria. For a group, a third possibility exists of unspoken assumptions!

The white paper describes this methodology in detail with examples and provides worksheets too. Given my experience of participating in many discussions for buy versus build decision-making, I found this methodology quite simple and hence quite useful.

E-commerce Platform making use of open-source software components

This is perhaps the first time I saw a commercial business application product, which was almost entirely developed on top of open source software components. Although Elastic Path E-commerce Platform is itself not an open source software, it provides full source code (along with JUnit tests!) to its customers.

It is based on Spring Framework and makes use of Velocity, Dojo, Spring MVC and DWR for user interaction. It uses Apache Axis along with Dozer and xDoclet for web service-enabling of some of its software components. Hibernate is used for O/R mapping. Other software tools that are used include Apache Lucene, JBoss Rules, Acegi Security System and JBossCache.

The company counts names such as XEROX and P&G as its customers and provides quite a few case studies (not of XEROX and P&G though!). Overall it looks like a very cost-effective e-commerce solution for mid-market online retailers. It perhaps can also be used by large organizations having web as one of the sales channel.

Wednesday, 22 August 2007

Kernow

For last few days, I was searching for a tool with GUI that can take an XML and XSL and transform that XML file into new XML file. And I got one! Kernow 1.5.1 provides this functionality plus lot more! And did I mention that it is an open source software. -:)



WSDL Viewer

While surfing, I came across this web page that provides a fantastic XSL that translates the WSDL to a format, which can be read and understood by a human user. I really liked this tool!

Thanks Tomi Vanek for providing such wonderful tool!

Get it at http://tomi.vanek.sk/index.php?page=wsdl-viewer

Tuesday, 21 August 2007

I have a dream

From the time when I heard it first, the historic speech by Dr. Martin Luther Kind Jr, has made a significant impact on me. I used to have an audio file of this speech but today I could watch its video recording on youtube.com. You can also watch it by clicking here. It's truly inspiring speech!

Monday, 20 August 2007

Tradeoffs in web services design

While designing web services, we encounter many trade-offs. A good discussion of these trade-offs is provided in a report prepared by Web Services and Practices working group at National Information Standards Organization (NISO). This report, named Best Practices for Designing Web Services in the Library Context discusses following trade-offs:

  • Complexity levels vs. expandability
  • Amount of data returned levels vs. performance speed
  • Audience levels vs. service interface size
  • Performance levels vs. number of operations

The report also discusses different models involved in fully describing or documenting a web service interface and provides some useful best practices.

India Day Parade in New York City

Today I participated in India Day Parade in New York City as part of Asha for Education Group. Asha for Education is a non-profit organization, which works for providing education to underprivileged children in India. I had earlier participated in such Parade in year 2000. It was really a great experience to walk on the streets of New York city while chanting songs such as "Ham honge kamiyaab" and slogans such as "Vande Mataram" and "Bharatmata ki Jay".

The Asha volunteers who were walking with me were from NYC/NJ chapter of Asha. While I was just walking, many of them were distributing flyers about Asha and their upcoming fund raiser program called Notes of Hope (NOH) to people observing parade. NOH for this year will be a performance by Indian Ocean, the contemporary Indian music band. It is on Saturday Aug 25 at the Synod Hall in New York City. I am planning to attend, not only for the music but for supporting the cause!

Sunday, 19 August 2007

Open source software for web services frameworks

For one of our customers, I recently investigated availability of open source software for web services frameworks. I was amazed to see that not only there are many options but also there is a good amount of competition among them to prove to be the best option. Obviously, I am evaluating them on the basis of our customer requirements. I have short-listed following five options, which you may also consider if you need to evaluate and select an open source software for web services framework.

1. Apache Axis2: Currently available in its version 1.3, Apache Axis2 is complete rewrite of Apache Axis.

2. Apache CXF: A merger of XFire and IONA-backed Ciltrix, CXF has released its version 2.0 recently. This project is currently in incubation at Apache.

3. JBossWS: It is part of JBoss Application Server.

4. Metro: As part of GlassFish project, Metro is actually a reference implementation for JAX-WS. It was earlier known as JWSDP.

5. Spring Web Services: Developed by Spring community, Spring-WS is made for developing web services by using contract-first principle. As I am fan of this development principle, exploration of this software is very much on my agenda now. It has just released its version 1.0.

A good comparison among first four options and few more is available at http://wiki.apache.org/ws/StackComparison.

BPMN Tutorial

A very good tutorial on BPMN is now available on BPMN site at http://www.bpmn.org/Documents/OMG%20BPMN%20Tutorial.pdf. It is in the form of 78 presentations slides.

The tutorial begins with a quick background and then describes various diagram elements. And guess what? It gives a set of questions as an exercise! Following this exercise, it covers some more conceptsand concludes with other exercise.

In all, it provides a good introductory capsule on BPMN. It can also be used to deliver an hour-long session to business process analysts.