Web Services Pitfalls
by David Orchard
|
Pages: 1, 2
Provisioning
The process of adding a user to a system, typically called provisioning, must also be addressed. In the travel reservation service example, user information must be entered into the reservation service: seat preferences, meal preferences, frequent flyer numbers, preferred alliance partners for flight selection, billing address, shipping address for the ticket, credit card information. For each user that can use the service, information needs to be entered. There can also be complications, where the price of the ticket is dependent upon the company that the user is part of. Often larger companies negotiate discounted rates based upon their size.
Thus the ASP must provide a mechanism for providing user information, and typically these would be in an automated API manner. The developer integrating the service must also incorporate logic to provision the service for the user. This logic would presumably be executed once the user is authorized to use the service.
The service provider and consumer need a mechanism to exchange provisioning information, and the service provider must know who it trusts as a source of that user information. It’s hard to imagine this without a contract in place.
DLL Hell Magnified?
Last, there's the issue of service version control. Service providers change their interfaces and workflows. Perhaps the travel reservation service provider decides to add a parameter to the fare quote request, for example: the specification of whether an electrical port is required for a particular trip. Usually the ASP will provide a new interface for the parameter, and it probably won’t keep the old interface available. It is very difficult for ASPs to maintain backwards compatibility, and they often don’t. Their databases, business logic, have all changed, so they don’t want to keep the old stuff running. A typical example of this is the way that organizations often don't offer two different versions of an ERP system at the same time, using the same underlying data.
What happens to our client when the interface changes? Generally, the client code breaks. The ASP's interface is expecting another parameter in the middle step, and the client software isn’t providing it. In the worst scenario, the ASP simply changed the interface and didn’t give any advance warning to the client. This is what typically happens in the web service provider market today. When the interface changes, the clients break. The consumer must assign a developer to discover the new parameter, perhaps changing interface and logic to collect and pass on the parameter. Depending upon the complexity, the consumer’s service may be down for an unknown amount of time, perhaps weeks or months.
This seems a lot like DLL hell, only worse. In DLL hell, a new application on your desktop installs a new DLL that breaks one of your existing applications. In web services DLL hell, a service upgrade breaks an arbitrarily large number of services that are on many different and separate machines, outside of a firewall. The consumer of the service can’t download an update, uninstall, or re-install.
There is no technical solution even mentioned in any of the presentations on web services. The problem of upgrading services and how that affects existing client software is not treated in any way.
The only solution today is through the use of contracts. Typical wording in the contract will state that the service provider must give 60 days notice of interface change, with test accounts available for testing available within 30 days.
But even then, each and every client must upgrade. The consumer simply has more warning. The key message though is that part of the contract between the service provider and the consumer is the treatment of versioning of interfaces.
What’s it all mean?
I’ve described some of the real-world issues of web service integration, particularly contract negotiation, billing, security, provisioning, version control. I’ve skipped other important issues like quality service, monitoring and support. But it turns out that any real and useful web service must provide some specification of these capabilities. It is unlikely that the service provider will simply provide these to the general world via a public registry. I expect that for quite some time, services will be offered via a private catalog. There will be a fairly extensive and human-centric process that occurs before data and information is entered in the catalog on behalf of consumers and service providers. The specifications for the various capabilities are also collected during this negotiation process. Consumers can then trust the validity of the catalog, and service providers can trust that consumers have been validated. Further consumers can go to one place to find all the information, rather than n different service providers. And Service Providers can update only one place, rather than m consumers.
Building an ecosystem of integrated web services is much more complex than the examples often suggest. There are many characteristics that must be accounted for, with contractual policies in place. The hypesters often don’t address these issues when describing web services, but they exist nonetheless.
The real summary is that web services will be used as an enabling technology to integrate applications together more quickly and easily. There are real-world integration problems that are being solved by web services standards compliant products and deployments. It will be quite some time, if ever, before there is widespread adoption of standalone web services that are usable without significant human intervention and contract negotiation.
- Component model, systemcollaboration
2002-05-25 16:54:29 Oleg Zak - Web Services Pitfalls
2002-02-22 15:20:49 Jim Thomas - DLL Hell?
2002-02-21 11:52:05 John Pansewicz - DLL Hell?
2002-02-26 13:36:38 Bryan Fegan
