Shrikant's Notes: web services

Showing posts with label web services. Show all posts

Sunday, 2 September 2007

Checklist for developing a strategy for web services

In his book titled Loosely Coupled, Doug Kaye has offered a checklist for developing a strategy for web services. After going through it, I found it useful as a starting point for making road-map for SOA adoption. This checklist has got more than 80 items grouped into into four categories: Inventory, Project Requirements, Planning and Evangelism. You can find this checklist as a free chapter download (without giving out email address!) from the book web site.

Saturday, 25 August 2007

QoS requirements for web services development project

Many a times a question comes up about which Quality-of-Service (QoS) requirements should be gathered for web services development project. Let me share my answer to this question.

QoS requirements are not so much different from the non-functional requirements that we gather for any typical software development project. Let me list them down with some explanation:

Availability in terms of probability of service being available
Accessibility in terms of probability of success in accessing the service
Performance in terms of throughput (number of successful service requests made per given time period) and latency (aka response time)
Reliability in terms of failures per give time period
Security (this requires a detailed explanation as given below)

Security Requirements come as a top requirement for web services. I
have come across many people who believe that web services are
inherently insecure. It's far from true! With a release of WS-Security
specification from OASIS and subsequently release of Basic Security
Profile from WS-I should help eradicate this wrong perception. Now, gathering security requirements for web services is a tricky job. Everybody wants to have web services to be
as much secure as possible and no less. But then there are trade-offs
to be considered with other QoS requirements, particularly the
performance requirements. So it makes sense to ask for only essential
security requirements. Further the security requirements for web
services should be broken down into the following:

Authentication
Authorization
Message Integrity
Non-repudiation

A note should be made that all security requirements except
non-repudiation requirements can be met by using the WS-Security
specifications. If there are non-repudiation requirements then a
non-standard way will need to be adopted.

A good news is that service development per se need not take into account these QoS requirements. These QoS requirements can very well be externalized and can be handled independent of service implementation. However, if there are some very peculiar or critical QoS requirements then the high-level design of the service implementation needs to get influenced.

Any comments?

When to use REST and when to use SOAP

There are so many pages and blogs on REST vs SOAP that a person like me who wants to know which one to use where, simply gets confused. These blogs and pages talk more about pros and cons of REST and/or SOAP, while I believe every such thing has a place in a particular scenario. In other words, REST will be applicable (please note I am not saying better!) in some cases, while SOAP will be applicable in some other cases. Fortunately, I found this article by Sameer Tyagi, which gives good advice on when to use REST and when to use SOAP. Let me quickly outline my understanding of Sameer's article in this blog.

A RESTful design may be appropriate when

Completely stateless web services are needed.
A caching infrastructure can be leveraged.
The requirement is for point-to-point integration. This means both service consumer and provider have mutual understanding of the context and content being passed.
Limited bandwidth exists between service consumer and provider; e.g. having mobile device as a consumer.
Front-end technologies such as AJAX and DWR are being used.

A SOAP-based design may be appropriate when

A formal contract is needed for a service (to be provided as WSDL).
Complex non-functional (aka QoS) requirements are present and need to be handled in a standardized way.
Requirements for asynchronous service invocation are present.

Now this kind of information comes handy when a solution is to be proposed for a particular case.

Wednesday, 22 August 2007

WSDL Viewer

While surfing, I came across this web page that provides a fantastic XSL that translates the WSDL to a format, which can be read and understood by a human user. I really liked this tool!

Thanks Tomi Vanek for providing such wonderful tool!

Get it at http://tomi.vanek.sk/index.php?page=wsdl-viewer

Monday, 20 August 2007

Tradeoffs in web services design

While designing web services, we encounter many trade-offs. A good discussion of these trade-offs is provided in a report prepared by Web Services and Practices working group at National Information Standards Organization (NISO). This report, named Best Practices for Designing Web Services in the Library Context discusses following trade-offs:

Complexity levels vs. expandability
Amount of data returned levels vs. performance speed
Audience levels vs. service interface size
Performance levels vs. number of operations

The report also discusses different models involved in fully describing or documenting a web service interface and provides some useful best practices.

Sunday, 19 August 2007

Open source software for web services frameworks

For one of our customers, I recently investigated availability of open source software for web services frameworks. I was amazed to see that not only there are many options but also there is a good amount of competition among them to prove to be the best option. Obviously, I am evaluating them on the basis of our customer requirements. I have short-listed following five options, which you may also consider if you need to evaluate and select an open source software for web services framework.

1. Apache Axis2: Currently available in its version 1.3, Apache Axis2 is complete rewrite of Apache Axis.

2. Apache CXF: A merger of XFire and IONA-backed Ciltrix, CXF has released its version 2.0 recently. This project is currently in incubation at Apache.

3. JBossWS: It is part of JBoss Application Server.

4. Metro: As part of GlassFish project, Metro is actually a reference implementation for JAX-WS. It was earlier known as JWSDP.

5. Spring Web Services: Developed by Spring community, Spring-WS is made for developing web services by using contract-first principle. As I am fan of this development principle, exploration of this software is very much on my agenda now. It has just released its version 1.0.

A good comparison among first four options and few more is available at http://wiki.apache.org/ws/StackComparison.

My Talks

“Where Do You Want to Go in SOA Adoption Journey?”, Interop 2009, Mumbai, India, October 7-9, 2009
"Enterprise Search for Academic Excellence", Tech@Edu, New Delhi, India, June 13-14, 2009
“Adopting Service-oriented Architecture using Open Source Software”, National Conference on Open Source Software (NCOSS-09), Mumbai, India, May 25-26 2009
“Where Do You Want to Go in SOA Adoption Journey?”, Enterprise Architecture Practitioners Conference, Bangalore, India, February 25-27, 2008

My Publications

Shrikant Mulik, “Software Selection using Analytic Hierarchy Process and Decision Analysis Spreadsheet”, 3rd International Conference on Global Interdependence and Decision Sciences, December 28-30, 2009, Hyderabad, India, McMillan Publishers, ISBN 023-032-852-0, pp. 262-268
Shrikant Mulik, “Using Enterprise Service Bus (ESB) for connecting Corporate Functions and Shared Services with Business Divisions in a large Enterprise”, 2009 IEEE Asia-Pacific Service Computing Conference (IEEE APSCC 2009), IEEE Proceedings, ISBN 978-1-4244-5336-8, December 7-11, 2009, Biopolis, Singapore, pp.1103-1108
Shrikant Mulik, “Searching for information within your organization”, BenefIT, December 2009, pp. 50-51
Shrikant Mulik, Manish Godse, “An Approach for Selecting Software-as-a-Service (SaaS) Product”, IEEE 2009 International Conference on Cloud Computing (CLOUD-II 2009), September 21-25, 2009, Bangalore, India
Shrikant Mulik, Manish Godse, "Design-Time Selection of Web Services for Composite Applications", The Architecture Journal # 21, September 2009, pp 5
Shrikant Mulik, Manish Godse, Kavindra Sharma, “Service-enabling Enterprise Legacy Applications with Assurance”, 2009 IEEE Congress on Services (Services 2009), 6-10 July, Los Angeles, USA
Shrikant Mulik, Chaitali Kantank, Manish Godse, Mona Sudarshan, “Knowledge Management using Joomla”, National Conference on Open Source Software, (NCOSS-09), 25-26 May 2009, Mumbai, India
Shrikant Mulik, Sushil Ajgaonkar, Harsh Jetly, Neha Pandey, Sagar Yerunkar,Vinod Kakkanat, “Multi-Channel Asynchronous Request Dispatcher Framework (M-CARDiF)”, National Conference on Open Source Software, (NCOSS-09), May 25-26, 2009, Mumbai, India
Manish Godse, Vinod Pathari, Shrikant Mulik, Rajendra Sonar, "Comparing AHP-ANP Models for Web Service Selection in Global Enterprise Applications", In: Karuna Jain, Rahul Patil (eds.), 2nd International Conference on Decision Sciences in Global Enterprise Management (ISDSI 2009), January 3-5, 2009, Mumbai, India, Macmillan Publishers, ISBN 023-063-725-6, pp. 299-311
Manish Godse, Rajendra Sonar, Shrikant Mulik, "Web Service Selection based on Analytical Network Process Approach", The 3rd IEEE Asia-Pacific Service Computing Conference (APSCC 2008), IEEE Proceedings, December 9-12, 2008, Yilan, Taiwan, pp.1103-1108
Manish Godse, Rajendra Sonar, Shrikant Mulik, "The Analytical Hierarchy Process Approach for Prioritizing Features in Selection of Web Services", 6th IEEE European Conference on Web Services (ECOWS 2008), 12-14 November, 2008, Dublin, Ireland
Shrikant Mulik, Sushil Ajgaonkar, Kavindra Sharma, “Where do you want to go in SOA Adoption Journey”, IEEE IT Professional magazine, May/June 2008, pp. 36-39
Shrikant Mulik, “SOA Maturity Models”, Dataquest magazine, June 15, 2007, pp. 82,84