Dave Oliver's Blog

Enterprise Technology Thought Leadership in a FTSE 100
  Home  |   Contact  |   Syndication    |   Login
  403 Posts | 0 Stories | 168 Comments | 202 Trackbacks

News

Dave's Mug View David Oliver's profile on LinkedIn Add to Technorati Favorites Blog Directory for Guildford, Surrey

Tag Cloud


Archives

Post Categories

Image Galleries

Architecture

Community

Is the future of SOA is REST?

What makes me quite annoyed is grand statements such as the title to this post.

It is true that REST is getting more exposure these days and it being primarily a connectivity technology i.e. a web service it's not unlikely that SOA and REST will inevitable get linked together.

The Burton group has stuck it's neck out and said that yes REST is the future of SOA. Funnily enough today at work I was talking with some colleagues about REST and one raised a good point, where are the working examples? So lets not start betting the farm on something that hasn't been proved yet!

REST has more than afew hurdles to get over before it reaches the mainstream adoption that WS-I web services currently enjoys and they are.

1) A concrete definition of a RESTful web services, there seems to be quiet a lot of confusing on what exactly does this mean. Something like the four tenets which Don Box wrote about was indeed very helpful in clarifying the advantage of web services. Yes there are good definitions already but they are to abstract and the meaning is lost with interpretation.

2) REST is simple but the consequences of it's adoption are like opening a can of worms, they are far reaching which developers will have to think and design systems in a much different way than they do currently.

3) REST isn't something today that's integrated into development tools such as Visual Studio. Some would argue that simple HTTP gets and puts are simple to code anyway, I would argue that this to low level from many mainstream developers, the tools that they will use will need to be comparable at least to what they currently enjoy this is why I find the Burtons group statement even more baffling, or perhaps they know something I don't as many development tool creators haven't put REST creation and integration high on the priority list.

4) REST will only succeed if parties that are involved in the WS-I can also agree on the implementation of REST, yes we are back to the definitive definition again.

To my mind that the success of a SOA isn't on the choice of a definitive service protocol that all technologies can use. The simple fact is that a successful SOA will for the time being have different service types for reasons of practicality.

For example entity service need to perform so there is no reason why they can't enjoy more than one interface, one being the generic web service but another being a .Net assembly that can plug straight in. Ok so this example doesn't protect against application specifics and comes with all sorts of baggage but having a hi/lo grade service isn't such a bad thing when we are trying to beat the laws of physics! The service boundary is still abstract and the purest's can call it an application implementation.

Anyway, I will keep an eye on the goings on in the SOA world. What I can say is that REST isn't just another fad but it's success will come from real world implementations solving real world problems so for now I will not throw my weight behind REST and will stay a curious observer.

posted on Thursday, May 31, 2007 12:22 PM

Feedback

# Link Listing - May 31, 2007 5/31/2007 11:41 PM Christopher Steen
All style tags after the first 30 style tags on an HTML page are not applied in Internet Explorer workaround...

# re: Is the future of SOA is REST? 6/3/2007 7:56 AM Mikael Söderström
Well, I really don´t like REST!

With SOAP and WSDL you can post and get data with no problems since you can see all methods etc in the WSDL.

With REST you´ll have to customize the consumer everytime you use a new web service.

The only problem with SOAP as far as I know is the overhead you get since it´s XML based, but with for example JSON you´ll get rid of the problem.

# re: Is the future of SOA is REST? 6/5/2007 5:12 AM chris seary
Hi Dave

Hope you're feeling better.

I found a good article showing useage of REST:
http://www.vordel.com/downloads/rsa_conf_2006.pdf

I was looking for articles on security and REST, and thought this gave a good roundup of the subject.

REST security seems a long way behind WS_Security, and the article seems to have a number of misconceptions. REST has a lot of security gaps, which include:
-'Unless SSL is used, we can log information' - this would seem to remove any confidentiality that can be provided when using REST?
-not enough emphasis on message-level security, instead focusing on firewalls
-no certs
-no full digital signatures (ie. signing whole transactions)

I just don't think it's kept up with SOAP web services in this respect.

However, it certainly gives food for thought, and security aspects could surely be developed further. I think the security model could be much stronger if the REST thinkers could focus on security at the message level, within the application, rather than 'XML Firewalls'.

Maybe take it for granted that SSL will be a requirement when security is needed. Extend the use of certificates via an initial token issuing after presenting a certificate via XML PUT.

It doesn't seem like enough research is going on here, and hopefully this will change. If this progresses forcefully, I think REST will become more popular more quickly.

Comments have been closed on this topic.