SOA, according to analyst Jason Bloomberg, is a bad word.
“There’s perception and there’s reality,” he began. “The perception in the market is it’s yesterday’s news. It’s too difficult. Web services had too many complexities. We’ve moved on to the cloud, so SOA’s dead.
“The reality,” he continued, “is there is more SOA than ever going on. There are huge initiatives going on. But because of the perception, they’re being called something else: enterprise integration, regulatory compliance. But if you get architects together, they look at it and go, ‘Yeah, it’s SOA.’ ”
It wasn’t that long ago that SOA was the “it” buzzword, with its notions of cross-organizational communication that would make the Internet more than mere browsers and portals. Data could be exchanged, business could be executed, and this would all be done with a handful of standards: SOAP, WSDL and UDDI.
At first, companies created services and primarily used them in-house. Today, of course, the cloud is the dominant topic, and REST has supplanted SOAP as the de facto protocol for connectivity. In fact, any number of analysts and publications declared unequivocally that “SOA is dead.” So, does this mean that service-oriented architecture has lost its relevance?
Not according to several experts in the space. “Fundamentally, the thing that’s most relevant from the ‘SOA revolution’ is that it’s not a technology. It’s an architecture concept, and it’s alive and well and stronger than ever,” said Ian Goldsmith, vice president of product management at SOA Software, a company that provides governance software. “You can’t find a development initiative today that isn’t based on a services architecture.”
Paul Fremantle, CTO and cofounder of WSO2, which calls itself “the lean enterprise middleware company,” echoed Goldsmith’s remarks. “SOA is a mindset and an architecture, and not about which protocol you use.”
Where it began
The first generation of SOA saw implementations that were created internally (despite the business-to-business communication possibilities originally envisioned), as architects, developers and IT worked to gain an understanding of the processes.
“People didn’t know how to do it externally, and I think it was very ambitious at the outset to try to figure that problem out first,” said Hub Vandervoort, CTO of SOA Infrastructure Products at Progress Software. “More SOA is applied internally at the outset than externally.”
Vandervoort explained that when SOA first began, it was mostly inward-facing. As it has morphed to a more outward-facing paradigm, with inter-business-process connectivity growing, it has created problems.
“Years ago,” he said, “I used to ask people all the time, ‘How much of the content and functionality that you deliver to your end customer is in your direct control?’ Five to seven years ago, that answer was well more than 50%. People would say that most of what [they] deliver as an SLA to [their] end users, the thing they hold [them] accountable for 100% whether it works or doesn’t work on any given day, more or less all of it is in [their] direct control. Which says SOA is used on more of a departmental basis.”
Today, Vandervoort continued, you ask that question, and the percentage that organizations say is in their direct control is decidedly below 50%. “Some people say as much as 80% of it is being outsourced,” he said.
“When you look at it, it’s coming from not only the cloud infrastructure providers—the Amazons, Rackspaces, and so on that are providing virtual machines—but you’ve got SaaS and PaaS, and all kinds of business partners, exchanges, extranets, various community types of networks, and you’ve got BPOs…business process outsourcers of all sorts. And now, all of a sudden, 80% of the experience you’re delivering to your customers is outside of your control, and it’s gotten exceedingly federated…
“I would say that just, categorically, SOA is pointing outward now. One fundamental difference is that in the past, when it was pointing inward, I controlled both ends of the connections, and today, SOA is more about only controlling one end of the connection, and that changes radically how you have to build in that type of environment: in a life-cycle sense, in an organizational sense, and in a technological sense.”
Where it went wrong
So how did SOA go from the must-have buzzword of the early part of the century to, in Bloomberg’s mind, a bad word?
“This is a familiar story,” said Bloomberg, president of the analyst firm ZapThink, which is now a Dovel Technologies company. “It’s an architectural approach that promises to solve knotty problems, but vendors put lipstick on their product pigs and use and confuse the market.”
SOA Software’s Goldsmith agreed that SOA might have been over-promised. “There was this pie in the sky about dynamic business processes, the ability to find a service to use and connecting to it automatically,” he said. “That doesn’t happen. BPM and process automation are great, but it’s automation of relatively static processes. There is no dynamic discovery of new partners to integrate with.”
Meanwhile, a number of the WS-* specifications that were created to better enable the exchange of secure services have fallen by the wayside. “I don’t see people using WS-ReliableMessaging,” said WSO2’s Fremantle. “That’s a shame, as it’s quite good. And WS-Transaction, I don’t see a lot of that.”
Another specification you don’t hear much about, but which was staunchly defended by Goldsmith, is WSDL, the Web Services Description Language. “Most RESTful services are defined by WSDL,” he pointed out. “And we believe REST should be defined by WSDL. There are other camps that argue REST should have nothing to do with the ways of Web service standards. But a service interface has to be defined in a way that supports future requirements, such as data types, schemas and interface mechanisms. This is where WSDL excels.”
Without SOA, there is no cloud
REST, of course, is a key component of cloud computing. Another is APIs. Both, some argue, are extensions of SOA—its next generation. “People are kind of morphing into APIs,” Fremantle said. “It’s a rebranding of services, offered outside the firewall, with a focus on REST, and JSON with mobile devices.”
Goldsmith agreed, saying, “The big trend is APIs, which is nothing more than a well-structured service designed to be used by a wide range of entities outside the firewall, that are easy to use and secure.”
Ken Godskind, vice president of monitoring products at SmartBear, said, “SOA is a category; APIs are a general category that fall under that. When I look at Web services, I see just XML RPCs over HTTP.” But in a world where three-quarters of new application development will be for devices—not desktops—by 2015 (according to a Forrester Research report), he said that “serving users in richer fashion will be the add-in. For applications to deliver rich functionality, it’ll be primarily with rich navigation and control containers making requests to Web services to pull in data via REST, SOAP and JSON.”
But ZapThink’s Bloomberg takes a contrarian view. “If people say API is the next-generation SOA, they only have a superficial understanding of either. It’s happening with REST as well. Often, people say their API is RESTful when it’s not. There’re tons of confusion out there, and these new approaches add to the confusion. REST is complex in the details. The point is building hypermedia apps, a bunch of Web pages linked to each other.
“People think REST is about URLs. You create APIs based on URLs, but that’s a small piece of REST. The URL might not be RESTful, in that when you click on it you don’t get a page with hyperlinks. So the buzz [around REST] is dying off, because people are getting it wrong, screwing it up, and they blame the approach.”
Goldsmith said the key to making SOA work in today’s world is governance. “Cloud is the most abused term in the industry today,” he said. “It’s all delivering a service in some way or another. Governance is at the intersection of cloud, SOA and enterprise architecture.”
Fremantle added, “A cloud service looks like a multi-tenant Web application. Under the covers, it’s an enterprise service bus, federated identity…basically a complete SOA architecture. You want a highly scalable, evolvable project. With SOA, you build for change.
“When we were talking about SOA 10 years ago, it was buying and using a service. Do you own the car or take a taxi? If you take the taxi, all the worries are outsourced. That’s a key point. Services are meant to be giving up the concern to someone else. That got lost inside the internal machinery of enterprises.”