in reply to (OT) Webservices really progress?

I guess I see this principally as a problem of marketing in at least the following senses:

First, what Microsoft is doing right now in pushing SOAP as an integral part of .NET, and with it Webservices, is wrapping up older techologies (i.e., XML-RPC, the JVM) under a single product (or product "namespace" for all its ambiguity), and by selling these once disparate technologies (by which I mean flexible and independent ;) together they ensure their hegemony for another decade because to buy into one you must buy into all.

Secondly, SOAP/.NET is touted as a way to build sophisticated Web applications quickly and without all the overhead of competing protocols like those named in the letter (and DCOM). On the surface of it, this is progress; after all, as robust as CORBA is, it's a pain in the ass to code because of all the machinery it employs to ensure cross-language/platform compatibility and security. It's a similar story but to a lesser degree with Java RMI because at least there you're dealing with the same language on both sides of the method invocation. SOAP reintroduces flexibility and ease of development at the cost of decoupling components in a distributed system and allowing you to bypass security checks. What this means is that Web apps built using the heavier-weight protocols will typically take longer to complete and will be more resistent to change than a comparable app (comparable in terms of functionality, not reliability or security) written with SOAP.

Unfortunately, it is clear at this point that what people expect most of the Web is continued flashiness, functionality, and ease of use. Emphasis on any one of these can reduce reliability and security, and taken together they result in disaster (MS Outlook being the premiere example). Until reliability and security are taken as valuable in and of themselves, we will continue to see software that looks nice but is rife with problems.

As I suggested before, I think this is principally a marketing issue; SOAP is being pushed based on the virtue of quick deployment, which is anathema to secure software. Since the marketplace values increasing functionality, aesthetics and ease of use primarily, there is cash to be made in allowing developers to create cooler things faster. But to quote tilly from the excellent thread blakem suggested, "If security is something people have to get right again and again, then mistakes will happen. Repeatedly. And people will turn out to (quite predictably) wind up making similar mistakes, making life quite convenient for crackers."

  • Comment on Re: (OT) Webservices - really progress?