Fog Creek Software
Discussion Board

Web Services: the Next Big Thing?

Is it?

Szasz Attila
Wednesday, February 27, 2002

Do you know of any company who isn't talking about web services? Sun, IBM, Adobe, etc. are all following Microsoft footsteps on that one. So consumers don't really have much of a choice.

I don't see what's the big deal about it. Besides, wireless connections are way too expensive and even more expensive outside the U.S. . Also there's the fact that only a minority of people have a broadband connection.

Sure Web Services may make our everyday life a little easier, but it'll take a lot of time before we can take advantage of this technology.

Wednesday, February 27, 2002

Funny, the same issue just popped up in the Delphi non-tech newsgroup. So in the danger of cross posting:

"Web Services: the Next Big Thing?"

My conclusion: No.

Nothing ground breaking here. It's RPC over HTTP. At best it is another tool which could come in handy in some situations.

The huge amounts of money spend on PR by a certain software company makes a lot of managers/developers feel like they miss something important. Don't worry.

Jan Derk
Wednesday, February 27, 2002

Well i have Made a real aplication with web services and i tell
you that is a good thing
That aplication had 5 tiers and yes it was distibuted accross 5 computers
In dot net it is very easy to build a such a thing :
no DCOM,no IDL ,no Corba and yes behind was the ol' RPC with also XML
Some clicks and voila a web disitributed thing .
The cool part was that you can make a windoze aplication
and a web asp net one .And don't matter how the firewall was configured on the tcp /ip
the only important thing is it worked over HTTP (xml over http)

Marius Popa aka Mariuz
Wednesday, February 27, 2002

  "And don't matter how the firewall was configured on the tcp /ip the only important thing is it worked over HTTP (xml over http)"

Which is a large part of the problem. If SOAP is marketed as simply a way of getting around those pesky firewalls, it's not going to be much longer before sysadmins start to block HTTP. Not a nice outcome.

Roy Fielding (HTTP1.1, apache) wrote a lovely dissertation about HTTP vs RPC. . A recent thread on xml-dev also discussed the differences. Fieldings position is that RPC (as expressed by SOAP) breaks many of the architectural features that have made the web (HTTP/XML/URI) such a success.

It's worth reading this stuff before you jump on the rpc over http bandwagon.

James Uther
Wednesday, February 27, 2002

Web Services == Push 2002.

Banana Fred
Wednesday, February 27, 2002

XML RPC is a massive security hole waiting to happen. Anyone remember the problems we had with _regular_ RPC? Yes, XML-RPC more-or-less removes many of the buffer-overflow problems, but it just pushes the weakness into the application logic instead of the application implementation without ever addressing the lack of a workable security model that has been a hamstring of RPC since day one.

Any time you allow programmers to expose arbitrarialy complex interfaces to the outside world with minimal validation over an un-encrypted channel, you're asking to have your teeth kicked in.

Alex Russell
Friday, March 1, 2002

You should have all your incoming XML validated by XML Schema's and tack on your own vaildation if necessary. In principle, SOAP guarantees that the data will never, ever be mingled with code and executed. Plus, you should work over https whenever possible.

Web services will allow you to use a standard-components like GLUE to turn your application into a web service fairly easily. But the biggest advantage of web services is the momentum it has gained. A lot of companies/consortia are developing datamodels like HR-XML. Connecting the information systems of various companies will save a lot of money. EDI has already proven that although it is extremely complex and expensive. I hope/believe that web services will bring Electronic Data Interchange to the masses (no more: print, snailmail, type into computer).

Whenever you give people technology like this they may abuse it of course, but IMHO web services have some great potential.

PS. C, Java, ASP, JSP, etc allow you to 'expose arbitrarialy complex interfaces to the outside world with minimal validation over an un-encrypted channel'. What's your point? That web services makes it too easy?

Wouter Zelle
Thursday, March 7, 2002

*  Recent Topics

*  Fog Creek Home