The most interesting aspect of service-oriented architectures is that they have potentially unlimited nesting. A full-blown SOA solution is just a simple service to others.
Is WSDL too hard?. In response to Greg Reinacker's comments I didn't say WSDL is hard, I said its cumbersome and unproductive. Come on, its just angle brackets how hard can it be ?? [Simon Fell]
Hard or not hard -- can we agree on "It's just not enough" ? :) My main problem with WSDL is that it tries to do 2 things (message contract and transport mapping), while it should do 3 things (message contract, service contract and transport mapping), however at the same time, one thing (WSDL) shouldn't do all these 3 things altogether but leave them to 3 separate things: A message contract definition language (defines soap:Body content), a service contract definition language (soap:Header) and a "web services binding language" that maps messages combined with services to transports.
It's not easy to read, it's certainly not written to entertain, but still one of the most important pieces of information on COM+ out there: U.S. Patent 6,422,620. PDF browser at espacenet , image and full-text version (you want to look at the text version first) at USPTO.
The patent explains how COM+ works internally -- how stuff gets activated, how policies provide extensibility points, how contexts are built and how context propagation works. The filing of this patent was a long while ago (Aug 17,1998), but the document was only published by the USPTO three months ago and although in XML times it may seem like anything 1998 must be outdated, this stuff describes quite well what's happening inside any copy of Win2K and up. Reminder: It's not a "how to" guide for hooking your own stuff into COM+, but allows you to understand what they've done -- reading this it is also a pretty complicated way to explain to oneself why WS-Coordination is such a relevant WS spec.
Related: US6473791, US6301601, US6134594, US6014666, US5958004, US5890161, US6425017
The event I've been waiting all weekend to announce: Everett is out!
Visual Studio .NET 2003 Final Beta is here:
For MSDN members only:
download: http://msdn.microsoft.com/subscriptions/resources/subdwnld.asp
site: http://msdn.microsoft.com/vstudio/productinfo/vstudio03/
[Sam Gentile's Weblog]
.... that event is also an event that's releasing me of yet another NDA. It's a "freedom of speech" event. Celebrate!
There's tons of cool new things in Everett, but don't look for the next wave of revolutions. Everett comes with very many little improvements here and there, some needed, some nice to have, but no huge new chunks of functionality -- MS simply made a good thing better and that's perfectly cool this time around :)
One of the little things that I really like is that in C#, typing "override<space>" inside a class-body will bring up IntelliSense with choices from the base class. Once you select a method to override, IntelliSense will give you a default implementation for the method that calls the base-class. Pretty.
Architect's Forum, Oslo (Dec. 9-10) is the first stop on the tour. This is the 4th time I am going to be in Norway this year and I am always happy to go back -- Norway is a great country -- it'd be at a "fantastic country" if a beer (in words: one) wouldn't cost at least €7.50.
Benelux, mark your calendars for Feb 18-19: Developer Days 2003. I will be doing a rerun of my Web Services DevCon talk about how to extend ASP.NET Web Services with custom extensions and I am honored to have been invited to do one of the keynotes, which will, among other things, highlight and (maybe) prove that "Enterprise Services" (COM+ if you're of the old-fashined type) is now more than ever heart and soul of scalable, robust and secure .NET server applications.
Pretty much 100% of what I am working on right now is covered by some NDA and still keeps me very busy at the same time. Funny, how one starts to feeling "guilty" about not blogging for a while. With the number of people having linked here and/or are visiting frequently, keeping the blog going really is like "customer service" -- in a good sense.
However, there's light at the end of this tunnel. I am preparing for a speaking tour throughout Europe which will kick off in Norway next month and will continue through 10 more countries from January to April '03. I'll talk about "service-oriented architectures" and "aspect-oriented programming/metadata-driven architectures" on this tour - as usual there's going to be plenty of "demo-code fallout" from brand-new talks, which I'll post around here in the upcoming weeks.
And now for something completely different: http://www.somethingawful.com/photoshop/ ;)
Little known COM feature: CoGetInterceptor. This function provides you with a universal interception mechanism that lets you dynamically inspect all aspects of a call and that feels a lot like .NET Remoting Context interception sinks (which unfortunately went from documented to "internal only" in .NET FW RTM)
I don't have the cycles right now to provide an isolated sample or an in-depth explanation, but it works something like that:
IUnknown * pItfToBeIntercepted;
ICallInterceptor * pInterceptor;
// ... get pItfToBeIntercepted from somewhere
MyEventHandler * myEventHandler = new MyEventHandler( pItfToBeIntercepted ); // implements ICallFrameEvents
CoGetInterceptor(iidToBeIntercepted, NULL, IID_IContextInterceptor, (void**)&pInterceptor); // get interceptor
pInterceptor->RegisterSink( myEventHandler ); // register
with myEventHandler being an instance of a class that implements ICallFrameEvents. That interface has a method OnCall that gives you the ICallFrame info. You forward the call to the actual target object using ICallFrame::Invoke or you can just consume the call right there and not forward.
To get between the caller and the object, you call QueryInterface for iidToBeIntercepted on pInterceptor and hand this reference to the client instead of the actual interface.The actual "inner" interface is wrapped by the class that handles ICallFrameEvents and which forwads the call to it inside OnCall using ICallFrame::Invoke. (as shown in the pseudo-code constructor above).
If the target object is aggregatable, you can do all of this in an outer QueryInterface, proxying each interface being asked for and therefore construct a fully transparent interception layer.
Busy times. No time to blog in the past two weeks. We're doing a major redesign of the newtelligence website, which will finally be fully dynamic, web service enabled and the new home for my blog. I've written a news aggregation service using all the good stuff in the .NET Framework and a bunch of ASP.NET controls for this.
We're hopefully done with all of that by end of next month -- takes a long time because we're really busy with our regular work in between. Just got back from a week-long .NET workshop and will be going to another one next week, followed two weeks later by our open-for-everyone .NET seminar "TornadoCamp.NET". (All in German, still a few seats left).
[Yes, TornadoCamp.NET might sound like a silly name, but it works as an expressive anglizism for the German market]
After toying around with various RSS/RDF feeds over the past few days (I am doing something in that area, but I am not yet ready to say what), my conclusion was that regular expressions are the only way to parse them. It really seems that RSS != XML. Sad.
Radio's rss.xml has unescaped ampersands in the <comments> tag! :-(
< comments>http://radiocomments.userland.com/comments?u=108971&p=12&link=http%3A%2F%2Fradio.weblogs.com%2F0108971%2F2002%2F10%2F17.html%23a12</comments>
I really like Google News for what it does, but ... News is very much about trust. I go to CNN.com and MSNBC.com knowing that they're both "breaking news" outlets and that what they are reporting often needs to be consumed with caution. Other news sites don't break the news as fast, but they are typically more solid in their assessment of what's happening for real and what's only a rumor. Aggregators like Yahoo! carry AP, Reuters and other news-agencies where you really know that these things come hot off the wire and are often even more speculative than what you get at CNN.
If you look, for instance, at the German media landscape, let me focus on TV, there's one TV news-show the "Tagesschau" that's among the highest rates programs (across the board) every night. It's dry news. No flashy intros, no sensational stories, no dog-breeder show reports. Very plain. They could air the show in black & white and read the news in Latin and people would still watch it. One thing you know is: They are very careful in figuring out rumors from facts and they cover the world. They've done so for 40+ years, false reports are extremely rare and trust only builds over time. The same is true for your trusted newspaper and just as much for the news website you visit most.
Now, Google News gives you an aggregated view of some 4000 different news sources and does so with almost to-the-minute accuracy. How do I sort fact from fiction? How do I tell trusted sources from speculative sources? It's difficult. News isn't news.
 It's a 0.1 version! Don't expect miracles!
Here's the C# wizard for ASP.NET Soap Extensions.
What works: It'll generate a compiling SoapExtension that will exactly do nothing. However, the code should have all the hooks to get started.
What doesn't work: (a) You need to click on "Application Options" once to initialize the settings correctly. (b) I haven't had the time to test all option combinations. (c) Any project name that isn't a single word will likely cause the wizard to create garbage. (d) The namespace from the project settings page isn't picked up. (e) Probably several bugs in the template code.
Purpose: Demonstrates that custom stuff can be plugged into VS.NET. Makes creating full SOAP Extensions a bit easier and helps understanding how they are built.
What to do with it: If you need adjustments, poke around in the wizard's templates\1033 subdir.
How to install: Unpack the archive, read the readme.txt. It's just three steps. Unpack an archive, copy one file, edit one file. Once that's done, start VS.NET and try.
And as always: It may just not work for you. If that's the case, mail me.
Martin Spedding, a good friend and excellent architect, just wrote in a chat on Messenger: "One thing I notice after September 11th a lot of weblogs mentioned the events but no mention of the atrocity in Bali...curious". He's right.
Reflecting on Web Services DevCon East. This conference was easily the best one I attended in a long time -- and I go to a lot of conferences. It's rare that I sit through nearly all talks anywhere, but this was definitely different. If any conference would ever be worth the "summit" moniker, this is it. The coolest aspect of the conference was that with all the Microsoft, IBM and Axis folks, the spirit of interop was in the air -- so much in contrast to the wars the kids in the newsgroups are waging. We may all have our own tastes regarding programming models, languages and runtimes, but we're happily agreeing on most things going on on the wire.
Brian Jepson has a good review of all talks: Thursday, Friday.
Regarding my talk at DevCon:
I am trying to wrap up the setup for the very last demo, the "ASP.NET Soap Extension" wizard for C# in VS.NET today. Tim Ewald suggested that I make the various options switchable ([X] Extend WSDL, [X] Handle BeforeSerialize, etc.) before code generation and that's what I want to add before releasing it. The wizard will help you jump start writing the type of extensions that I have been developing over the past six months and which I showed in my talk. The Security and Transaction packages come with free source code and the Session and Management extensions come as a free binary package right now.
I was stunned by the way my stuff was received and how most people in the audience hadn't seen those extensibility points in ASMX yet -- or at least not "in action". I would like to encourage everyone who hasn't done so yet to grab the security package and peek into the source code to find out what ASMX can do for you.
Issues with my WS-Security stuff
Having said that, there are a couple of issues with the current state of the security extensions that I am going to fix (and am already fixing) for a future build. These are mostly related to the Kerberos aspects and don't really affect functionality, but are rather related to the WS-Security mapping per se.
- WS-Security mandates that the session tickets are packaged as "raw" RFC1510 session tickets. The problem is that neither GSSAPI nor the Kerberos SSP will give you those. So, I am currently sending GSSAPI-interoperable session tickets and have already had some feedback from third parties that this indeed works. What I am going to correct is not my implementation, but I am actually going to add a "Kerberos V5 ST, GSSAPI wrapped" ticket type, since I think that's the proper way to do it right now.
- I don't support signatures, because, again, I can't implement that on top of the Kerberos SSP. The WS-Security spec mandates that signatures are created using the Kerberos session key, which isn't exposed by the Kerberos SSP. Instead, the Kerberos SSP provides a signature function that creates a wrapped signature that can't be made compliant with the spec. For this, I am yet again going to make a spec extension to make that work for me.
Like it or not, these standards are all in a 0.x release state and if I can't implement them on the current technology set, I am going to make them work for me. As long as I am using the defined extensibility points as defined in the specification (inventing your own security tokens is just fine) and as long as I don't cause collisions, all is cool.
In a future build I'll also likely retire my own "user-name authentication" implementation and integrate the whole stuff with the Microsoft WSDK, including an attribute-driven mapping for Microsoft's X.509 authentication.
The other stuff
I showed how to use WMI to monitor you web services' activities for performance, logging and exception monitoring using the management extensions I wrote. Now, this stuff along with the session extensions is explicitly not "open source" and the license for the free download restricts use to evaluation, because ... well .. I am not as much Mother Teresa as it may seem. The current license is sufficient for demo purposes and that's what they were built for. If there is enough interest (enlist here: info@newtelligence.com), and it seems so right now, all of the extensions and a few more that we have brewing will be promoted from "demo status" to "production status", will get a serious review and some real QA, and they'll be available for commercial licensing as part of an "SDK subscription" (with full source), which will also include the Enterprise Services Utilities. As much as I enjoy doing these things and share them with everyone, we need to start covering our development cost in some way. Watch this space for this status going from "maybe" to "we'll do it".
Workshops
We have a "Web Services Architectural Guidance" workshop format available as part of our training & education portfolio. The workshop covers architectural considerations and challenges for building both public and intranet based web services. This workshop format has been co-developed with CBDi and Microsoft EMEA and can be customized for decision maker, architect and developer audiences. The architect and developer tracks include in-depth coverage of all the extensibility tips & tricks for ASP.NET-based Web Services (this is what the extension stuff was really built for). The workshop is immediately available for in-house delivery by us anywhere in the world. Based on interest by individuals, we'll also consider setting up central workshops at some locations. (training@newtelligence.com).
Sharing a little secret from our calendar: Atlantis .NET Code Week: Nov 11th - Nov. 17th in Radovljica, Slovenia. ( interactive map). While all advertising for this event is in Slovenian, the event itself is run in English with newtelligence material by myself and my partner Achim Oellers and open to anyone. The location is conveniently close to the Austrian and Italian borders. It's a week-long bootcamp on "all things .NET". The price is approx. USD/€ 2700 (625.000 SIT) plus applicable tax; registration is handled by Atlantis, seats are very limited.
|