 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / October 2007data transport
Hi, I'm designing a service platform and want your opinion on which way to go. I have databases and developers, and want to put a service middle- layer, to serve as a gatekeeper. I don't want the developers touching the database itself! The developers work with both Java and .NET, so whatever I do, needs to be consumable from both platforms. Obviously, I want to abstract the transport complexities from the users (developers). I need logging and auditing capabilities (who's using the data, etc), and security (user/transport) I want to create a server/client architecture. I will create the client, so the developers will instantiate my client and get information. A client snippet would look like this, for example: dbClient db = new dbClient('myuser'); List <name> names = db.getNames(); Since I own both sides, I can embed a bean 'Name' in my client app (jar, or whatever C# uses) My coworkers want to go with web services, but I believe all the complexity of SOAP is not necessary here. Also, we plan to use this service internationally, which means we need to save bandwidth. I've so far played with the following: 1) Ice (zeroc.com). Problem: it doesn't support complex beans, and I have to create the Slice, since there is no way to derive a Slice from a Java class. I have hundreds of Java beans, so it's not an option to create the Slice files manually. 2) JSON-based msg. It marshalls and unmarshalls OK, but now I need a transport protocol that supports logging/auditing/security. Any ideas? 3) CXF -> Even though it abstracts most of the complexity, we're finding problems with security, etc. 4) Axis2 -> Is it as slow as people are making it? Opinions please!!! Thanks. Jerry. > Hi, > I'm designing a service platform and want your opinion on which way to [quoted text clipped - 43 lines] > Thanks. > Jerry. I've also heard of xfire (I have no experience on that) and rest API's. Look for those as possibilities as well. Other than that, I haven't enough knowledge to provide the feedback you desire. HTH, Daniel. >> Hi, >> I'm designing a service platform and want your opinion on which way to [quoted text clipped - 49 lines] > Other than that, I haven't enough knowledge to provide the feedback > you desire. Of course, both XFire and Axis are SOAP implementations. What makes SOAP more complex than the listed alternatives, or the roll-your-own approach? What do you sacrifice (besides tested and stable solutions) by avoiding SOAP-based web services?  SignatureLew > What makes SOAP more complex than the listed alternatives, or the > roll-your-own approach? > > What do you sacrifice (besides tested and stable solutions) by avoiding > SOAP-based web services? You sent your reply to the wrong place; it goes to the newsgroup: > -------- Original Message -------- > Subject: Re: data transport [quoted text clipped - 9 lines] > Then there's the marshalling/unmarshalling, the overhead of creating > the soap service/WSDL on the fly, etc. You'll find the overhead of other protocols isn't so much better, and the complexity of implementing it yourself instead of leveraging the existing libraries may be more egregious than just using the standard solutions. YMMV, of course. Good luck. SignatureLew >>> What makes SOAP more complex than the listed alternatives, or the >>> roll-your-own approach? [quoted text clipped - 10 lines] > > You'll find the overhead of other protocols isn't so much better, Actually, any non-XML protocol is going to pass much less over the wire. > and the complexity of implementing it yourself instead of leveraging > the existing libraries may be more egregious than just using the > standard solutions. There are alternatives that are simpler and more flexible than the WS death star suite. One that may be appropriate for the original poster's problem is Jini with a distributed JavaSpace. Regards, Patrick ------------------------------------------------------------------------ S P Engineering, Inc. | Large scale, mission-critical, distributed OO | systems design and implementation. pjm@spe.com | (C++, Java, Common Lisp, Jini, middleware, SOA) > Actually, any non-XML protocol is going to pass much less over >the wire. Huh? XML is about the fluffiest encoding yet invented. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com >> Actually, any non-XML protocol is going to pass much less over >> the wire. > > Huh? XML is about the fluffiest encoding yet invented. That was what he said !?!? Arne >>> Actually, any non-XML protocol is going to pass much less over >>> the wire. >> >> Huh? XML is about the fluffiest encoding yet invented. > >That was what he said !?!? There is an ambiguity. Which did he mean? 1. pass must less useful information over the wire in a given time. 1. pass fewer bits over the wire to express the same message. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com >>>> Actually, any non-XML protocol is going to pass much less >>>> over the wire. [quoted text clipped - 8 lines] > > 1. pass fewer bits over the wire to express the same message. I meant (1). ;-) I intended the obvious claim that XML requires far more bits per useful message than do other protocols. Regards, Patrick ------------------------------------------------------------------------ S P Engineering, Inc. | Large scale, mission-critical, distributed OO | systems design and implementation. pjm@spe.com | (C++, Java, Common Lisp, Jini, middleware, SOA) > I intended the obvious claim that XML requires far more bits per > useful message than do other protocols. If it takes twice as many bits to send a message, but the format is three times as useful, what's the balance sheet? You're treating "useful message" as the unit of utility. What if you could attach more or less utility to a single message? SignatureLew >> I intended the obvious claim that XML requires far more bits >> per useful message than do other protocols. > > If it takes twice as many bits to send a message, but the format is > three times as useful, what's the balance sheet? If the two messages are equivalent, how can a format be more useful? Patrick ------------------------------------------------------------------------ S P Engineering, Inc. | Large scale, mission-critical, distributed OO | systems design and implementation. pjm@spe.com | (C++, Java, Common Lisp, Jini, middleware, SOA) > >> I intended the obvious claim that XML requires far more bits > >> per useful message than do other protocols. [quoted text clipped - 4 lines] > If the two messages are equivalent, how can a format be more > useful? Possibly in flexibility, scalability, extensibility, and backward compatibility. Along with a lot of other 'bilities not otherwise listed :-) >>>> I intended the obvious claim that XML requires far more bits >>>> per useful message than do other protocols. [quoted text clipped - 6 lines] > compatibility. Along with a lot of other 'bilities not otherwise > listed :-) Begging the question: placing the conclusion as the premise of the argument. "If the two messages are equivalent" is the point at issue, isn't it? SignatureLew >>>>> I intended the obvious claim that XML requires far more bits >>>>> per useful message than do other protocols. [quoted text clipped - 10 lines] > > "If the two messages are equivalent" is the point at issue, isn't it? Apparently that was your intention. My question remains, though. The use of a heavy weight wire format like XML and an equally heavy weight, inelegant infrastructure like Web Services requires more defense than "It's a standard." Lighter weight, more efficient solutions are available and should be considered. A number of companies that I've worked with use Web Services to expose interfaces outside their firewalls, but use technologies like Jini internally. In practice that approach provides significant benefits, including addressing all the NFRs ("ilities") mentioned by Mr. Pitts. Sincerely, Patrick ------------------------------------------------------------------------ S P Engineering, Inc. | Large scale, mission-critical, distributed OO | systems design and implementation. pjm@spe.com | (C++, Java, Common Lisp, Jini, middleware, SOA) Lew writes: >> "If the two messages are equivalent" is the point at issue, isn't it? > Apparently that was your intention. "Apparently" I was not clear. It is exactly my point that XML, while taking somewhat more wire bandwidth than other formats, provides benefits not available in other formats, thus making the messages not equivalent. > My question remains, though. The use of a heavy weight wire > format like XML and an equally heavy weight [sic], inelegant infrastructure That is not a valid engineering assessment. Compared to some other approaches with more compact wire formats, XML is neither more heavyweight /in development costs/ nore "inelegant" (whatever /that/ is supposed to mean). Nor, as you point out, is it the only solution. I only want to elucidate some of the tradeoffs ignored by the knee-jerk "XML is heavyweight" canard so often cited. > like Web Services requires more defense than "It's a standard." Don't trivialize my argument. The point is, that /as/ a standard it has already subsumed solutions to the problems you will face developing a custom library, and /as/ a standard will save time and money in development, and /as/ a standard will have many, many others working on the disadvantages inherit in the approach, e.g., processing efficiency. > Lighter weight, more efficient solutions are available and should be > considered. Of course, but not based on incomplete assessment of the difficulties one faces, nor by ignoring other costs than the usually trivial "wire weight". > A number of companies that I've worked with use Web Services to > expose interfaces outside their firewalls, but use technologies like > Jini internally. In practice that approach provides significant > benefits, including addressing all the NFRs ("ilities") mentioned by > Mr. Pitts. Meaning that they have looked into the different tradeoffs involved and have optimized to their own satisfaction the balance sheets of those approaches. This is what I was recommending. SignatureLew > My question remains, though. The use of a heavy weight wire > format like XML and an equally heavy weight, inelegant infrastructure > like Web Services requires more defense than "It's a standard." > Lighter weight, more efficient solutions are available and should be > considered. In some contexts "standard" is by far the most important criteria. > A number of companies that I've worked with use Web Services to > expose interfaces outside their firewalls, but use technologies like > Jini internally. In practice that approach provides significant > benefits, including addressing all the NFRs ("ilities") mentioned by > Mr. Pitts. Web services are certainly not a good solution for all scenarios. But they have their place. Arne > >>>> I intended the obvious claim that XML requires far more bits > >>>> per useful message than do other protocols. [quoted text clipped - 13 lines] > -- > Lew I was only giving things that could be measured against the format of a message. I wasn't arguing for any side or another. Also, the messages being equivalent doesn't imply anything about the format the messages are in. > Also, the messages being equivalent doesn't imply anything about the > format the messages are in. I was speaking to non-equivalence of the formats. That was the point. Responses to the argument that sidestep that point miss the point. My point is that using XML and SOAP as the transport mechanism for interprocess communication gives advantages that the OP might have overlooked, or that others facing the same issue might overlook. To dismiss these formats because they are "bloated" misses the issue of what that "bloat" cost earns in return. Likewise to issue an unsupported claim that they're somehow too complicated to use misses the point that they really are not too complicated, when compared to custom solutions that have to handle the same issues. Usually the custom solutions are at least as complicated, and much buggier, than the standards available through more thoroughly-tested third-party libraries, most of which in this case are free of monetary license fees. The differences in format are precisely the differences that matter, in this analysis. Calling the content "equivalent" is a straw-man argument against a proposal regarding format differences. SignatureLew > > Also, the messages being equivalent doesn't imply anything about the > > format the messages are in. [quoted text clipped - 19 lines] > -- > Lew And my point was that while the *message* (payload) contains equivalent information, the *format* (structure) can have different abilities. It was the same argument you made, just phrased differently. > And my point was that while the *message* (payload) contains > equivalent information, the *format* (structure) can have different > abilities. It was the same argument you made, just phrased > differently. Oh, I see. In that case, you make a very good point. Sorry for the misunderstanding. SignatureLew > My point is that using XML and SOAP as the transport mechanism for > interprocess communication gives advantages that the OP might have [quoted text clipped - 7 lines] > standards available through more thoroughly-tested third-party > libraries, most of which in this case are free of monetary license fees. Web services has somehow gotten the reputation of being complex in the Java world. Not very justified in my opinion. In a J2EE 1.4 and higher app server you just add a few lines to a deployment descriptor and voila a web services is created. In Axis 1.x you just rename a class file from .java to .jws and sump it into the Axis web app and voila it is a web service. Ofcourse if people start wanting to write and read XML manually it soon becomes complex. But they should not. Arne > Web services has somehow gotten the reputation of being complex > in the Java world. [quoted text clipped - 11 lines] > > But they should not. I think you're describing developing a web service given a certain toolset that implements the standards. The standards themselves *are* complex. The set of Java classes that implement those standards *do* form a quite large and complex API. My irritation with Web-services in Java is from implementing JSE clients not JEE servers. For this the developer toolset seems much more complex. * There isn't a set of web-service classes for clients included in JSE 1.6 (AFAIK). * Hence you have to evaluate and select a toolkit to use. I found this non trivial. Axis, XFire/CXF, ... * As soon as you want to use something like WS-Security with PKCS12 files, I find things get more complex for the developer. WSS4J, ... * Because what is going on under the covers is so complex, it can be quite difficult to debug client/server interoperability issues. Using web-services should give you significant benefits but in many cases it does not. A small change to the interface will result in a new WSDL or whatever and your old server or old client will not simply ignore a new extraneous XML element received. This may be a good thing but it makes it harder to build in flexibility and backwards-compatibility. Part of the problem with CSV (say) is having both ends agree on the implicit meaning of the columns. The tagnames in XML should overcome that issue but in practice they do not. Inserting a new column in CSV requires that both ends definition be updated. Inserting a new element in XML also, in practice, seems to require that both ends are given an updated XSD, WSDL or other definition and rebuilt. XML ought to be more self explanatory than CSV (or JSON) but in practice it is equally useless without an external definition in XSD or some other form. Oh dear, I seem to have worked myself up into an anti-web-services rant. I'd better stop here :-) > I think you're describing developing a web service given a certain > toolset that implements the standards. > > The standards themselves *are* complex. The set of Java classes that > implement those standards *do* form a quite large and complex API. [ . . . ] > * Because what is going on under the covers is so complex, it can be > quite difficult to debug client/server interoperability issues. This is a very important point. Complexity has a significant cost. > Using web-services should give you significant benefits but in many > cases it does not. [ More excellent points elided. ] > Oh dear, I seem to have worked myself up into an anti-web-services > rant. I'd better stop here :-) I'll take a turn, then. ;-) I was discussing the ridiculous complexity of the WS death star with a woman who was involved in several of the "standards". I suggested that the WS-* teams would have produced a better quality product if they'd followed the IETF process of requiring at least two independent and interoperable implementations for any standard to be approved. Implementation has a way of reducing unnecessary complexity that is completely lacking when the only output required is a document. Her response was "Don't worry about the complexity, there will be tools to hide that." This is broken on multiple levels. First, it amounts to a near complete abdication of responsibility. Waving the magic wand of tool support merely pushes the real work off to someone else. Second, it is an admission of failure. If significant tool support is required simply to use the technology then either the correct abstractions have not been found or (inclusive) the underlying language(s) are insufficiently expressive for the problem domain. In the case of Web Services, I suspect both are true. We need to be able to manage complexity, not just "hide" it behind black box tools. Failure to do so results in exactly the issues identified by Mr. Brick, of which difficulty in debugging is just the tip of the iceberg. The WS-* suite is a teetering edifice of components that range from the gratuitously heavyweight through the poorly thought out to the utterly unproven. If you can keep your balance long enough to stand at the top, you'll hear the chaotic winds at the edge of manageable complexity. Stay there too long and you'll realize you've gone past that edge. Regards, Patrick ------------------------------------------------------------------------ S P Engineering, Inc. | Large scale, mission-critical, distributed OO | systems design and implementation. pjm@spe.com | (C++, Java, Common Lisp, Jini, middleware, SOA) > I was discussing the ridiculous complexity of the WS death star > with a woman who was involved in several of the "standards". I > suggested that the WS-* teams would have produced a better quality > product if they'd followed the IETF process of requiring at least two > independent and interoperable implementations for any standard to be > approved. I think IBM and MS actually did provide independent implementation of many of the WS-*. > Implementation has a way of reducing unnecessary complexity > that is completely lacking when the only output required is a [quoted text clipped - 21 lines] > manageable complexity. Stay there too long and you'll realize you've > gone past that edge. What do you think the 1950's assembler programmers would say about todays Java programs ? That they are way to complex and that the compiler & language hiding the complexity is a bad thing ? Whenever we invent a better tool, then someone else will invent a more complex problem to apply it to. Arne >> I was discussing the ridiculous complexity of the WS death >> star with a woman who was involved in several of the "standards". [quoted text clipped - 5 lines] > I think IBM and MS actually did provide independent implementation > of many of the WS-*. Not for all and not before adoption of the standard. >> We need to be able to manage complexity, not just "hide" it >> behind black box tools. Failure to do so results in exactly the [quoted text clipped - 10 lines] > What do you think the 1950's assembler programmers would say about > todays Java programs ? I have a friend who may be the last GCOS still actively consulting. I know exactly what he thinks of Java. > That they are way to complex and that the compiler & language hiding > the complexity is a bad thing ? Actually, he just thinks they're sloppy. Being a Yorkshireman, he makes the case somewhat more scatologically. The difference between a language like Java and the WS-* abomination is that Java provides tools for increasing the level of abstraction, and therefore the complexity, that can be managed by a programmer. Even in a verbose, not particularly expressive language such as Java, the costs of using it relative to assembler are exceeded by the benefits in most cases. The costs of WS-*, relative to other options, on the other hand, are high and the additional benefits frequently not significant. > Whenever we invent a better tool, then someone else will invent a > more complex problem to apply it to. WS-* is the complex problem, not the better tool. Regards, Patrick ------------------------------------------------------------------------ S P Engineering, Inc. | Large scale, mission-critical, distributed OO | systems design and implementation. pjm@spe.com | (C++, Java, Common Lisp, Jini, middleware, SOA) >> Web services has somehow gotten the reputation of being complex >> in the Java world. [quoted text clipped - 17 lines] > The standards themselves *are* complex. The set of Java classes that > implement those standards *do* form a quite large and complex API. Yes. Using web service toolkits are simple. Creating one is work - a lot of work ! > My irritation with Web-services in Java is from implementing JSE clients > not JEE servers. For this the developer toolset seems much more complex. Is it ? You give your IDE the URL of the WSDL, it generates a stub class and you call that. JBuilder, Eclipse, Visual Studio etc.. > * There isn't a set of web-service classes for clients included in JSE > 1.6 (AFAIK). I thought WS client support was in 1.6 as well. > * Hence you have to evaluate and select a toolkit to use. I found this > non trivial. Axis, XFire/CXF, ... We like Java because we have choices. We hate Java because we have choices. > * As soon as you want to use something like WS-Security with PKCS12 > files, I find things get more complex for the developer. WSS4J, ... True. But I do not consider it surprisingly that doing complex stuff becomes complex. > Using web-services should give you significant benefits but in many > cases it does not. A small change to the interface will result in a new [quoted text clipped - 10 lines] > self explanatory than CSV (or JSON) but in practice it is equally > useless without an external definition in XSD or some other form. For CSV you need to modify the code. For XML you just need to rebuild (whicg regenerates the stub). And there are versioning patterns that can be used to reduce the problem. Arne > But I do not consider it surprisingly that doing complex stuff becomes > complex. I agree wholeheartedly - it's why we have jobs, after all - but OTOH it's hard not to sympathize with the urge to leaner, more elegant code and protocols. XML has its own elegance, considering for example that as a protocol it's utterly semantically void, and certainly its costs. Not every XML dialect (what old-time SGMLers style "XML languages" and I (very) loosely call "schemas") is equally well designed. Unquestionably XML carries more bits per message than most custom, certainly most binary protocols. The hybrid approach mentioned upthread is very promising. This posits a lean protocol "inside" where one controlls the software, and XML (SOAP) as the /lingua franca/ for "outside" communication. It seems smart to balance the protocols like that, considering the overhead of managing two approaches. If an organization discovers later that the XML approach buys advantages that even benefit the intranet, they could switch over without too much trouble if they've designed their architecture right. I argue the XML side not because it's always correct but to point up why it serves a purpose. As Arne points out, service-to-service communication and other models of inter-system interaction have a complex world to handle in the first place. The good news is that most web-service toolkits do make it easier to put together straightforward web-service applications. At least IMHO. Up to a point. I'm still working on figuring out the complex parts. The real test of a toolkit is Hippocratic and utilitarian: - Does it make my job harder? More accurately: In what ways does it make my job harder? - (In what ways) does it make my job easier? SignatureLew >>> Web services has somehow gotten the reputation of being complex >>> in the Java world. [quoted text clipped - 16 lines] > > I thought WS client support was in 1.6 as well. I didn't realise this (Doh!) Thanks for spurring me to go and have a look. I downloaded JDK 6 Update 3. Googling found http://weblogs.java.net/blog/vivekp/archive/2006/12/webservices_in.html which didn't work (the apt tool must have changed and is no longer needed) Googling also found http://java.sun.com/developer/technicalArticles/J2SE/jax_ws_2/ Which is netbeans oriented (I use Eclipse) but, in combination with Vivek's article I managed to get a simple example working (see later). So yes, JDK 6 has usable web-services capability built in at last! From my very brief play with it, it seems comparable to that supplied with Mono (C#). This is good as far as I am concerned. >> * Hence you have to evaluate and select a toolkit to use. I found this >> non trivial. Axis, XFire/CXF, ... > > We like Java because we have choices. > > We hate Java because we have choices. What irritated me was actually that (until 6) there wasn't a *default* WS toolkit included in the JDK. Choices are good, but we newbies like to have a default toolkit we can immediately get started with, without having to choose, download and install extras. >> * As soon as you want to use something like WS-Security with PKCS12 >> files, I find things get more complex for the developer. WSS4J, ... [quoted text clipped - 3 lines] > But I do not consider it surprisingly that doing complex stuff becomes > complex. The WS edifice has become a bit like ISO OSI - there are many different ways to achieve any task. The Java WS API has to be flexible enough to cope with this. This leads to complexity that could otherwise have been avoided. For example: RPC/Encoded, Doc/Literal, Doc/Literal/Wrapped? Inclusive canonicalisation or exclusive? Standalone, Enveloping or Enveloped signatures? RSA or DSA? SHA1 or MD5? Actually the whole canonicalisation step seems unecessary for most Web Services - few apps forward the XML payload, transform the structure, reorder the attributes arbitrarily, rename the namespaces and still need to verify the signature at the end of that process. IIRC canonicalization leaves whitespace unchanged, and that (at least line endings) is the part I'd expect to be most likely to be affected by the transport. >> Part of the problem with CSV (say) is having both ends agree on the >> implicit meaning of the columns. The tagnames in XML should overcome [quoted text clipped - 8 lines] > > For XML you just need to rebuild (whicg regenerates the stub). I sometimes wonder if a 'csvgen' tool to create CSVDL and a corresponding 'csvdlimport' stubmaker would illustrate the pointlessness of some of the complexity in SOAP/XML/HTTPS based web-services. P.S. For anyone new to WS in Java 6, here's my slightly modified source from the above references. Built & run using command line as shown in comments. ------------------------- 8< --------------------- package hello; import javax.jws.WebService; import javax.xml.ws.Endpoint; /* * From http://java.sun.com/developer/technicalArticles/J2SE/jax_ws_2/ * * > javac hello/CircleFunctions.java * > wsgen -cp . hello.CircleFunctions * > java hello/CircleFunctions * */ @WebService public class CircleFunctions { public double getArea(double r) { return java.lang.Math.PI * (r * r); } public double getCircumference(double r) { return 2 * java.lang.Math.PI * r; } public static void main(String[] args) { Endpoint.publish("http://localhost:8080/" + "WebServiceExample/circlefunctions", new CircleFunctions()); } } ------------------------- 8< --------------------- package client; /* * * From http://java.sun.com/developer/technicalArticles/J2SE/jax_ws_2/ * * Slightly adapted by RedGrittyBrick * * > wsimport -p client -keep \ * http://localhost:8080/WebServiceExample/circlefunctions?WSDL * > javac -cp . client/CircleClient.java * > java client/CircleClient * Result = 28.274333882308138 * Done * */ class CircleClient { public static void main(String[] args) { try { double radius = 3.0; CircleFunctionsService service = new CircleFunctionsService(); CircleFunctions port = service.getCircleFunctionsPort(); double result = port.getArea(radius); System.out.println("Result = "+result); } catch (Exception ex) { System.out.println("Exception "); } System.out.println("Done"); } } ------------------------- 8< --------------------- I'm pretty sure that in C# you don't have this obscure "port" step. The equivalent C# code is usually like this ... CircleFunctionsService service = new CircleFunctionsService(); double result = service.getArea(radius); Java likes to be that bit more complicated :-) P.P.S. Don't take this rant too seriously :-) >> I thought WS client support was in 1.6 as well. > > I didn't realise this (Doh!) Thanks for spurring me to go and have a > look. I downloaded JDK 6 Update 3. > So yes, JDK 6 has usable web-services capability built in at last! > From my very brief play with it, it seems comparable to that supplied [quoted text clipped - 8 lines] > have a default toolkit we can immediately get started with, without > having to choose, download and install extras. Hm. I am not too happy about too many "beginner" implementations as part of the JDK. It is not that hard to download. And you will usually want the best very soon. I can see the point in adding WS to JDK though. Applets. Downloading all the Axis or whatever jars to run an applet using WS calls would be a waste of bandwidth. >>> * As soon as you want to use something like WS-Security with PKCS12 >>> files, I find things get more complex for the developer. WSS4J, ... [quoted text clipped - 8 lines] > cope with this. This leads to complexity that could otherwise have been > avoided. Web service are portable between technologies. That is only possible if everyone supports them. To get everyone support you need to give them some influence. The result is some rather complex machinery. But as long the tools can make it invisible, then I can live with that. >> For CSV you need to modify the code. >> [quoted text clipped - 3 lines] > corresponding 'csvdlimport' stubmaker would illustrate the pointlessness > of some of the complexity in SOAP/XML/HTTPS based web-services. Put some IBM'ers and MS'ers in a committee to agree on that standard and it will end up just as complex. > I'm pretty sure that in C# you don't have this obscure "port" step. The > equivalent C# code is usually like this ... That is correct. Arne RedGrittyBrick wrote: >> I sometimes wonder if a 'csvgen' tool to create CSVDL and a >> corresponding 'csvdlimport' stubmaker would illustrate the >> pointlessness of some of the complexity in SOAP/XML/HTTPS based >> web-services. > Put some IBM'ers and MS'ers in a committee to agree on that > standard and it will end up just as complex. The problem with CSV is that the position of a datum has semantics. This causes trouble. People *think* CSV would be easier than XML. Then they try to tie together systems that have different ideas about what goes in column two. SignatureLew > RedGrittyBrick wrote: > [quoted text clipped - 5 lines] >> Put some IBM'ers and MS'ers in a committee to agree on that >> standard and it will end up just as complex. Perhaps the world needs a better method than that. Perhaps the methods used originally by the IETF have a better chance of avoiding excessive baroqueness in the end result? All I know is that the result seems a bit of a mess. > The problem with CSV is that the position of a datum has semantics. s/CSV/Java Method calls/; s/datum/argument/; Still a problem? > This causes trouble. Like a java programmer writing `new Dimension(height, width)`? > People *think* CSV would be easier than XML. Then they try to tie > together systems that have different ideas about what goes in column two. Yes, I think I mentioned that in an earlier message. But CSVDL would take care of that in the same way that WSDL (and XSD) are needed to take care of semantic ambiguity for XML. Note: I'm not pushing CSV, I was just using it in an attempt to illustrate what seems to be needless complexity in WS and in Java's WS toolkits. I'm sure that some of that complexity is necessary (at least sometimes) but I have doubts about a lot of it. Lew wrote: >> The problem with CSV is that the position of a datum has semantics. > s/CSV/Java Method calls/; s/datum/argument/; Still a problem? Not comparable. The method is called in a single program. The CSV is a bridge between independent disparate systems. Therefore not a problem, or even a related issue. >> This causes trouble. > > Like a java programmer writing `new Dimension(height, width)`? No. >> People *think* CSV would be easier than XML. Then they try to tie >> together systems that have different ideas about what goes in column two. [quoted text clipped - 7 lines] > toolkits. I'm sure that some of that complexity is necessary (at least > sometimes) but I have doubts about a lot of it. I'm saying the complexity isn't "needless". Well, not all of it. XML /per se/ isn't the problem. Perhaps WSDL could be improved, but given the range of matters that it covers I'm not so sure. CSV isn't designed to support, for example, digital signatures. Web-services protocols with SOAP are. Just to pick one of the details that account for the differences. CSV is not self describing. XML is. CSV doesn't have neutral structure. XML does. CSV is not semantically void. XML is. But go ahead, try to solve all the problems with CSV that SOAP does. Don't take my word for it. Then get it to work across everyone's systems. SignatureLew >>>> I intended the obvious claim that XML requires far more bits >>>> per useful message than do other protocols. [quoted text clipped - 6 lines] > compatibility. Along with a lot of other 'bilities not otherwise > listed :-) What about bullshitability ? :-) XML is a subset of binary formats so can not be more flexible. Both binary formats and XML should scale linear. And I do not see any difference in extensibility and backward compatibility. The main benefits I see with XML is: - library & tool support, you don't need to write the code somebody else already have - interoperability, it does not matter if it Java on Windows/x86 or COBOL on z/OS / zSeries For some types of XML you could add readability by humands, but web services XML does not really fullfill that ! Arne an IBM >If it takes twice as many bits to send a message, but the format is three >times as useful, what's the balance sheet? Most of the time the nested structure of XML is not being used. You are just sending identical rows of data. You might as well be using SQL, CSV or a fixed binary format. XML does not pay until you turn on nesting, multiple values per field or you only specify a few of many possible fields. XML is not so painful now that parsing is built in to the JRE. Previously, you had the overhead of having to download the parsing class library too even for a tiny XML file. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com >> If it takes twice as many bits to send a message, but the format is three >> times as useful, what's the balance sheet? [quoted text clipped - 5 lines] > XML does not pay until you turn on nesting, multiple values per field > or you only specify a few of many possible fields. I disagree. The tools support is much better for XML than for CSV. > XML is not so painful now that parsing is built in to the JRE. > Previously, you had the overhead of having to download the > parsing class library too even for a tiny XML file. That is mostly an applet problem. The overhead by adding Xerces to a server app was minimal (not to mention that J2EE servers already came with it bundled). Arne >> I intended the obvious claim that XML requires far more bits per >> useful message than do other protocols. > > If it takes twice as many bits to send a message, but the format is > three times as useful, what's the balance sheet? I think useful is a rather meaningless term in this context. Arne >>>> Actually, any non-XML protocol is going to pass much less over >>>> the wire. [quoted text clipped - 6 lines] > > 1. pass fewer bits over the wire to express the same message. If there is an ambiguity then it is good manners to assume it being the correct ! And not "Huh?" it. Especially when the correct interpretation seems much more likely considering the context. It is very rude to slam people for your far out interpretation of what they posted. Arne PS: I am pretty sure that you just misread what you commented on and just don't have the character to admit it, but if you prefer to be considered rude instead of admitting to miss a type of double negation, then fine. >If there is an ambiguity then it is good manners to assume >it being the correct ! Not in a scientific discussion. I misunderstood the message until I realised it was ambiguous. So might others. The proper thing to do is point out the ambiguity and ask the speaker to resolve it definitively. I wish I could punch the lights out of foolish vendors when I report ambiguities in their program prompts and they respond telling me they are not ambiguous if you look at them in a particular way. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com On Tue, 02 Oct 2007 04:56:23 GMT, Roedy Green <see_website@mindprod.com.invalid> wrote, quoted or indirectly quoted someone who said : >Not in a scientific discussion. I misunderstood the message until I >realised it was ambiguous. So might others. The proper thing to do is >point out the ambiguity and ask the speaker to resolve it >definitively. Experiments show that people grasp a small fraction of what you tell them, and retain even less. Yet when we write posts, we tend to assume: 1. everyone reads it. 2. everyone reads all of it. 3. everyone understands it So I have a high tolerance for anything that increases the odds, e.g. 1. clarifying ambiguity. 2. getting feedback that you understood someone. 3. getting feedback that someone else understands you. 4. repetition of important ideas in various different ways. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com >> If there is an ambiguity then it is good manners to assume >> it being the correct ! > > Not in a scientific discussion. Yes it is. > I misunderstood the message until I > realised it was ambiguous. So might others. The proper thing to do is > point out the ambiguity and ask the speaker to resolve it > definitively. If you think it it can be ambiguous, then you write "I assume that you mean ..." instead of "Huh". Arne >If there is an ambiguity then it is good manners to assume >it being the correct ! On the other paw, in the political groups there are "lawyers" who drive you nuts by deliberately misinterpreting perfectly clear language in some insane way, thus proving you incompetent. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com >> From: Jerry B. <grblanco@gmail.com> >> Well... for starters I don't want to bloat the communication: XML is a [quoted text clipped - 8 lines] > existing libraries may be more egregious than just using the standard > solutions. Setting up web service toolkits is usually very simple. XML in general and SOAP specifically do make the wire messages big. Parsing XML in general and SOAP specifically do cost significant CPU power. WSDL is only generated once so that has no performance impact. Arne > I've also heard of xfire (I have no experience on that) and rest > API's. Look for those as possibilities as well. The XFire project now redirects one to <http://incubator.apache.org/cxf/> mentioned in the OP's post. It handles all the above-mentioned alternatives, apparently. I've not used it myself. SignatureLew >My coworkers want to go with web services, but I believe all the >complexity of SOAP is not necessary here. There are many ways to skin that cat, and all but one of them don't require SOAP. See http://mindprod.com/jgloss/remotefileaccess.html For a summary of approaches, their pros and cons. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com >I don't want to bloat the communication: >XML is a beast, and >I'll need something small to go through the wire. Unotal is more like S-expressions, i.e., smaller than XML - »Junotal« is its Java implementation. There is a library in alpha publication state (GPL). What's new: A tutorial is half-finished. Some advanced topics are missing - but the information given is sufficient to use the implementation. http://www.purl.org/stefan_ram/pub/junotal_tutorial > 2) JSON-based msg. It marshalls and unmarshalls OK, but now I need a > transport protocol that supports logging/auditing/security. Any ideas? The only JSON example I know of, used HTTP for transport and supported security by means of an HTTP header containing an SHA1 hash of a concatenated shared-secret with JSON body text. The whole point of JSON seems to be that it should be much much simpler than SOAP/XML. I suspect adding logging and auditing requirements should make you reconsider the heavyweight web-services protocols like SOAP. I've done a few projects using SOAP over HTTP(S), the first ones were fabulously easy. The more recent ones have become depressingly hard. In particular because of WS-Security, due mainly to the requirement to canonicalise the XML and hindered by the provision by a government agency of WSDL that none of my Java/C#/Perl tools could digest. In your shoes I'd be mightily tempted to use JSON over HTTPS and add headers to contain the user credentials in some secure form. If you understand how WS-Security works in SOAP then you'll know enough to work out how to use RSA or DSA to produce a signature using a private key from a keystore. Security = authentication + confidentiality + integrity * Authentication: use a shared secret, digital signatures or whatever is appropriate to your situation. * Confidentiality: let HTTPS take care of that. * Integrity: Use a hash, signed if needed. Just some random thoughts. Bear in mind that Usenet advice is often only worth what you pay for it :-) > Security = authentication + confidentiality + integrity > [quoted text clipped - 7 lines] > Just some random thoughts. Bear in mind that Usenet advice is often only > worth what you pay for it :-) Non-repudiability. SignatureLew Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.