[service-orientated-architecture] Greenfield on Adolescent WS

Mon, 29 May 2006 08:07:38 -0700

<<Paralleling the rise of SOAs has been the rise of Web services,
those software constructs that use the Web Services Description
Language (WSDL) and the Simple Object Access Protocol (SOAP) for
system-to-system messaging. While it's true that SOAs predate Web
services and can be built with other technologies, it's also true that
Web services have breathed new life into SOAs. The platform
independence of Web services means developers can develop in .NET, tap
into data in a J2EE platform, and use a wealth of third-party
management and deployment tools.

Yet while Web services may be standards-based and less expensive to
license and implement than Message-Oriented Middleware (MOM) solutions
such as IBM's WebSphere MQ and Sonic Software's SonicMQ, they're also
known to suffer from significant performance problems not experienced
by MOM-based solutions. Back in 2002, Rutgers University researchers
showed how Web services can run 200 times slower than competing
interprocess technologies such as Java Remote Method Invocation (RMI).

Keep in mind, however, that the performance issues aren't fundamental
to Web services, and much has changed since 2002. The primary cause of
SOAP's poor performance, according to Rutgers, was that the Apache
Axis SOAP stack was poorly optimized, using multiple system calls to
send one logical message. "The Apache stack has since gone through two
significant releases that further improve its performance, and the
newer SOAP stacks such as the current Apache Axis don't introduce the
latency attributed to multiple system calls," says Alistair
Farquharson, vice president of technology at SOA Software.

That's good news, but much also remains unchanged since 2002. Web
services still rely on the text-based XML protocol, which means a
natural language parser is needed to decipher and transform SOAP-based
messages--a processor-intensive task. The text-based messages are also
much longer than the binary equivalent, so much so that Kevin Rice,
enterprise architect at Allstate Financial, recommends keeping
transactions to no more than 5KB to 10KB.

To address the problems surrounding XML's text nature, the World Wide
Web Consortium (W3C)'s XML Binary Characterization Working Group began
working on a standard for Binary XML last fall. Binary XML formats
encode parsed XML documents to reduce the transmission and storage
size. The encoded documents can be parsed and transformed up to 60
times faster with some Binary XML parsers.

Proprietary binary formats already exist, such as EventStream from
Sarvega, the XML networking start-up Intel acquired in August. So
while Binary XML may improve the language's performance and lower its
storage requirements, it may also create interoperability problems as
different binary XML versions emerge. The working group is currently
trying to tackle this very problem.

SECURITY

Most companies may be willing to wait for standards or invest in XML
acceleration hardware to improve Web services performance, but
security is another matter. As companies evolve from running Web
services over internal networks to extending Web services across the
Internet to business partners, security becomes a paramount concern.

Indeed, 66 percent of IT architect readers we polled for this story
indicated they were very concerned about security. (Concern over the
cost of re-engineering or integrating applications came in second with
49 percent.)

Today, most IT architects (40.9 percent of respondents) still use SSL
to encrypt and sign Web services data, but SSL doesn't protect the
full path of a transaction. As companies pass sensitive data that
needs to comply with regulatory requirements, path-level protection
will be necessary. The Organization for the Advancement of Structured
Information Standards (OASIS) has developed a standard to address this
issue. With WS-Security, application developers can encrypt and
decrypt SOAP packets, then authenticate the user using usernames or
tokens. XML Signature from the W3C provides a way to digitally sign
XML documents, while XML Encryption defines how to encrypt XML
documents or portions thereof.

Those standards provide enough protection to ensure Web services
security across the Internet. "Security really shouldn't be a major
issue anymore. It's not hard to make Web services secure," writes Anne
Thomas Maines, vice president and research director of application
platform strategies at the Burton Group, in an IM.>>

You can read this article in full at:

<http://www.itarchitectmag.com/shared/article/showArticle.jhtml;jsessionid==X4OYDDUMRMGI4QSNDBGCKHSCJUMEKJVN?articleId=1000814>

Gervas








SPONSORED LINKS
Computer software Computer aided design software Computer job
Soa Service-oriented architecture

YAHOO! GROUPS LINKS



Reply via email to