Nine Circles of Hell and Web Services

If they take the time to keep the nine circles of hell up to date, one circle, perhaps the sixth or seventh, features sinners constantly writing WSDL documents by hand. In fact, the coiners of the phrase Simple Object Access Protocol must be in the hypocrites circle writing WSDL using Notepad, trying to get early implementations of web services talking to each other.

In the outer circles, you’d find the people writing to the WS-basic specification using a tool like XMLSpy, one of the better tools for the job—though I think one would describe it as “encroaching upon reasonable”.

As you may have guessed, I’ve been working within this circle today.

WSDL was never really designed for people to be writing it by hand. Tools were supposed to take our code and generate it for us, producing code which you could use with any other tool which supported the WSDL specification to generate code in another language which would then be able to talk to our code across the network. In reality, early tools produced completely unusable code, hopelessly bloated and seemingly incompatible with any other WSDL implementation.

Added to this are the morass of Web Service Specifications, affectionately dubbed WS-* . These specifications were supposed to allow us, as application developers, to easily include useful messaging functionality, such as secure or reliable messaging, into our applications simply and without fuss. They layer functionality on top of the basic web service communication patterns. Again, this hasn’t been the case so far, with different groups seemingly intent on producing incompatible implementations.

I’m sure the creators of WS-* and other specs upon which they build had good intentions. Perhaps they even thought that implementers of the technology might think to test their implementations together. These days, after several years of frustration, basic services which work across different implementations are fairly easy to knock up. We have been discovering that when you try more complicated forms of communication, however, things still swiftly break down.

Take, for example, the WS-Security specification. This is supposed to allow two web services to communicate in a secure manner, by authenticating each party and, I think, encrypting message contents. However, take two implementations of the specification—specifically Weblogic and .Net’s Web Service Extensions—and politely ask them to talk to each other. They’ll exchange a simple name token, but ask them to do anything more complicated and things collapse around you. One of the main reasons for this is that each chose to implement a different encryption scheme. How many phone calls between the respective teams would it have taken to sort that out, choosing one scheme which both would use? At most a couple. sigh

Of course, this wouldn’t be so frustrating if it wasn’t for the fact Web Services were advertised as the simple way to get all your disparate applications talking to each other; a way through the mire of competing communications technologies. Almost a silver bullet, if you will.

Everyone talks text, went the theory, so lets send some specially formatted messages across the void—everyone will understand them. Simple idea, and I’m at quite a loss to see how it evolved into the current conflagration of WS-specifications, WSDL, XSD, other abbreviations and confusing errors trying to get two programs talking to each other.

At last, some sense appears to be making its way into the WS-world. Different implementers are talking to each other. Sun’s Project Tango and Microsoft’s .Net WS-team are working on getting several of the more useful WS-specifications working when their respective implementations talk to each other. From the internet posts on the subject, these efforts are making good progress.

My hope is that that both the tools will improve—auto-generated WSDL becoming workable, for example—and that implementations will work together as the evangelists promised. The various WS-* specs do have their place in the world, perhaps not betwixt every program talking to another program over the internet, but within enterprises where the kinds of things WS-* deals with matter.

For now, however, I have seen hell, and it is authoring WSDL by hand.

.:.