bestkungfu weblog

The W3C’s Philippe Le Hégaret went first. (Full disclosure: I work for W3C, and have been chatting all week with Philippe and others, but he yelled at us for leaving food around the booth, so I should be pretty close to impartial. I’ll note when I’m not.) He emphasized the position of W3C that the standards created in Web Services need to be IP-unencumbered. He enumerated the current overview of Web Services, and new work going beyond Web Services, including XML Key Management, XML Signature, XML Encryption, and a P3P implementation for Web Services.

OASIS’s Jamie Clark followed. Most of the OASIS slide on standards was the same, with one notable exception: he believes standards should be subject to “explicit, disclosed” IP terms. “Anything else,” says the slide, “is proprietary.”

“Harmonization is hard.” Instability of specs (e.g., some owner rescinds a standard, or changes it each year) causes formats to be of less value than open standards.

He noted that OASIS has submitted a UDDI namespace document to IETF for consideration as an RFC, and does so with other groups as well. They have thirteen documents that are final, and several dozen that have provisional approval.

He says everyone has pretty much agreed on SOAP for messaging, and that lots of people are using the UDDI and ebXML registries, so service discovery is good. On service description, W3C is winning with WSDL, though there are hints that something else is coming. “We haven’t found anybody who can’t use WSDL yet.”

Audience question to Philippe: “What does WS-Inspection have to do with standards?” Questioner specifically noted ebXML registry. Philippe answered that he was thinking of a system where “you don’t need a central registry.” Questioner said that there are already two competing standards in the space, and convergence has to happen before good things happen. Jamie said there are people working in those groups who disagree.

Jamie says that orchestration and management is in a “rap singer” phase: everybody who has the mic says they’re the greatest. “We’re all developing these systems trying to solve this problem.” OASIS has several groups working on this, including the BPEL technical committee. W3C has one as well, the Web Services Choreography Interface working group.

Proposed questions:

• Should users implement web services with proprietary products or wait for the standards?
• Is conformance and interoperability part of the lifecycle of a standard?
• How can we move from enterprise services to web services?

Mark Palmer: “There’s a level of frustration” with the moving around of data payloads in the implementer community.

Joe Chiusano, OASIS: “In some cases, it can actally help a standard” to start out proprietary, get shaken out, then get brought to a standards body. Philippe mentioned that W3C is learning and getting feedback from WSDL and SOAP being in everyday use, and is using that feedback to work on it.

Question on the state of content management standards: Philippe says W3C is using that kind of feedback in WSDL 2.0. Questioner (Farouk? from Sun) said ebXML is on trajectory to becoming a content management standard. Sun has several CMS products, and none of them talk to each other. In the absence of standards in this space, he proposes using ebXML as the basis for a CMS standard. Jamie mentioned that there are products one can buy that allow content migration. (My impression is that the question centers on mergers, where existing databases collide. Personally, I think that CMS vendors are still aiming more for lock-in than open content exchange, and they’re going to have to grow up — er, mature — and stop holding corporate content hostage when someone buys into their system. But I won’t say that, because I want people to come to my session on content management accessibility tomorrow.)

A Sun consultant says that in his experience in the field, customers are now seeing the point in developing a single architecture based on standards. He says that customers are getting the religion of waiting until “the vendors get done fighting it out.” And they want it fast. Philippe says that it’s still important to do it well, even if that takes time with, for example, WSDL 2.0. Eve Maler from Sun says there’s a lot of moving to the middle to be done, particularly with things like security.

Joe Chiusano: It’s more critical the lower down the stack to agree on a singular standard, and perhaps less important at higher levels, especially with things like XSLT. Michael Sperberg-McQueen of W3C says that, expanding on this, the lowest layer is designed to allow more than one mechanism, which would contradict the assertion. Our colleague Martin Dürst mentioned that in IETF they look like this more like an hourglass. (This makes sense if you understand the OSI model. Honest.)

Farouk addresses the second question by submitting the Java Community Process, which requires conformance testing in order for specs to move forward. Philippe agrees, citing the W3C Candidate Recommendation process, where two implementations of each part of the specification must be found. Additionally, CR requires a test suite to ensure interop and conformance. Jamie says that OASIS requires groups to certify that they conform to a standard, but they don’t require evidence of that conformance. “Frankly, it extends the process quite a bit.” Michael interjects: “Conformance tests cannot prove conformance, because tests cannot prove correctness.” You can only scientifically disprove something. (This is why I don’t get into arguments with logicians.)

Eve Maler of Sun: “Once a specification starts to show some traction,” it’s important to have test suites, etc., but before then, it’s a lot of work to impose on a group. Conformance clauses and testable assertions are sufficient before then. Mark Palmer adds that two interoperable implementations is the minimum, and OASIS’s approach of implementability is insufficient. Jamie says that at the final stage, they actually require three implementations, but still don’t require interop. WS-Security had “several big” interoperability tests, but it isn’t documented in the process. Janet Daly, head of communications for W3C, notes that a publicly-viewable implementation report is required to exit Candidate Recommendation. Also, comments on the spec must have some disposition in public.