William Vambenepe's blog

After taking the form of two early drafts (versions 0.5 and 0.65), the SML specification has now reached v1.0, along with its sidekick the SML-IF specification. You can find both of them at serviceml.org. This is where the happy bunch that assembled to create these specs would normally part ways. Not quite true in this case since there is related work about to be tackled by a very similar set of people (more on this later), but at least we are not going to touch SML and SML-IF anymore. They are ready for submission to a standards body where further modifications will take place (more on this later too).

Network World recently published a “technology update” column I wrote for them on WS-ResouceTransfer. It was supposed to come out soon after the release of WS-ResourceTransfer (in August 2006) but got postponed a few times. In the process, the editors requested that I made some improvements but also made some changes to the article that I hadn’t seen until it was published. The title is from them for example, as is this statement which I don’t actually agree with: “Models can be easily translated from one modeling language to another, so the invoker of the model and the service providers don’t need to use the same modeling language. Service Modeling Language, for example, was designed for that purpose.” SML was not designed for the purpose of doing model translation (even though you can of course transform to and from SML) and unfortunately model translation is not always easy. I guess the lesson is that if I had written the article more clearly to start with they wouldn’t have felt the need to make such modifications.

I think the article is still helpful in describing the potential role of WS-ResourceTransfer at the intersection of SOA and model-based management.

SML is, if I simplify, XSD augmented with Schematron. For those, like me, who aren’t fond of XSD, this is not very exciting… until you try to look at things in a different light. Instead of another spec that forces you towards the use of XSD (like WSDL), maybe the fact that SML uses XSD is your ticket *out* of XSD-hell. Let me explain.

I wrote above that I am not fond of XSD, and yet I see the value of having SML make use of it. Like it or not, many people and organizations have made heavy use of XSD to define well-known and reusable XML elements. And there is a lot of tooling (design time and runtime) for it. Breaking away from XSD altogether is possible (and advisable in many cases), but hard to do in places like systems management that have already invested heavily in using XSD.

The problem is that XSD is a document description language. It works well when the “document” abstraction is a good match. So, when I retrieve an XHTML page from a Web site, I want the paragraphs to be in the right order. The “document” abstraction is a good match. On the other hand, when I retrieve the configuration of a server, I don’t necessarily care if the description of the CPU comes before or after the description of the network card. I am still retrieving a document though (because XML forces this abstraction). But I don’t have the same requirements on its structure that I have on a document meant for publishing (like a Web page). For the non-publishing kind of interaction, a contract (a bullet list of things you can count on) is a better abstraction than a document.

XSD works better for the publishing kind of scenario, where you want to control all aspects of the document. It doesn’t work as well in situations where you just have some constraints that need to be met (e.g., the memory size must be a number) but other things are not important to you (order of some of the elements). As a result of XSD quirks, people often end up arbitrarily fixing the order of elements where it’s not needed (using xsd:sequence) and even have to introduce unneeded elements (to escape the dreaded UPA rule). And things become even worse when you have to extend and/or version existing XSD because of all the arbitrary constraints. Other metamodels like RDF avoid a lot of these problems by focusing on the assertion, rather than the document, as the base concept but this is a topic for another post.

One nice thing about the syntax constraints usually imposed by an XSD is that it makes the serialization of a piece of XML into a Java (or other language) more efficient. It doesn’t really matter semantically if the zip code is before or after the city name. In the US the zip code typically comes after (in postal addresses), in France it’s the contrary. And for this (unlike for the stupid MMDDYY date format, don’t get me started on this) you can make a case either way since in some places a zip code includes several cities and in others a city contains several zip codes. But whichever way you choose, you may be able to write a faster parser if you know in what order to expect them.

So I don’t mind at all having an XSD that describes a reusable type for elements that are very often used as an information atom, like an address (on the other hand, serializing an entire XML document into a Java object is often the wrong way to handle it).

By now you are getting an idea of what I want as an XML contract language. I want reusable elements that are small and potentially tightly defined (XSD definitions for a set of GEDs). And I want assertions that describe rules that a set of such elements need to obey in order to be valid as a unit per the contract. Which is where SML comes in. Because it provides a way to package XSD and Schematron, I can’t help thinking of it as a possible alternative to an all-XSD view of the world. If people have the discipline to only use the XSD part to describe small reusable elements and to rely on the XPath-driven Schematron constraints to provide the contract rules that tie these GEDs into a meaningful unit.

A few notes:

- I am fully aware (being part of it) that SML wasn’t created as a generic contract language for XML-based interaction, but as a desired state modeling language. The usage I am suggesting here is clearly a hack that abuses the syntax provided by SML (actually SML-IF). And I am not even sure that the SML-IF packaging would be an entirely convenient vehicle for this approach. I haven’t done the experimentation needed to validate that. It just seems to hit the ballpark of the requirements.

- I find it ironic that the approach to an XML contract language that I described above is already how many XML specs are defined in their human-readable section (at least in the SOAP world): a list of pseudo-XPath statements with a description of what to expect at the end of each one. But somehow at the bottom of each of these specs we get a huge XSD that imposes a lot of extra constraints that have no justification in the semantics of the spec. Rather than having a set of XPath-driven schematron statements that provide a machine-readable equivalent of the human-readable rules described used pseudo-XPath. Like the Queen song (almost) says “Fat bottomed specs you make the SOAPin world go dumb”.

What would you think of programmers who switch from C to Java in order to be able to use Javadoc for interface documentation? On the one hand, if the benefits of Javadoc alone justify the effort to switch then why not? On the other hand, you can’t help thinking that it’s a pity that they don’t realize (and take advantage of) all the other improvements they are getting for switching to Java. Especially if they start to rewrite some of their existing C code in Java in a way that smells more like C than real Java. Wouldn’t you want to sit with them for a talk?

Well, I am seeing early signs of this happening with SML. As I wrote earlier, the main difference between CIM and SML is that of usage model. Unlike CIM, SML is designed to enable desired-state management. That’s the real difference. But it also happens that SML is XML-based (and naturally compatible with document exchange types of interactions, be they Web Services or REST) while CIM is not (and its XML form is unusable in practice for anything other than RPC). And the difficulty of doing XML doc exchange with CIM happens to be a more immediate problem to many people than desired-state management. As a result, it is tempting to look at SML as a solution to CIM’s lack of XML friendliness. But moving to SML for this reason, while keeping the same level of granularity and the same usage model, is just like moving from C to Java for the Javadoc.

Moving to SML because it is defined around XML documents is hard to justify. BTW, moving to SML because it’s based on XSD is even worse, as I’ll explain in the next post.

I wasn’t looking for yet another “REST vs. Web Services” thread but Pete Lacey sucked me in (and many others) by hooking us with a hilarious bait post and since then he’s been pulling strongly on the line with very serious discussions on the topic so we haven’t been able to let go. The latest one left me a little puzzled though. In the security section Pete writes that it would make sense to use WS-Security indeed (and the SOAP envelope as a wrapper) if there was a need for message-level security rather than simply transport-level security. And then, barely catching his breath, he dismisses WS-Transfer and WS-Enumeration in the following paragraph on the basis that “these specifications effectively re-implement HTTP” (not really true for WS-Enumeration but let’s leave that aside). More importantly, how am I to reconcile this with the previous paragraph? Once I use WS-Security and the SOAP envelope, I can’t use pure HTTP anymore. But the patterns supported by HTTP are still very useful. That’s what WS-Transfer is for. That’s what SOAP is for more generally, providing a hook-up point for things like WS-Security that compose with the rest of the message. I don’t understand how Pete can concede that in some cases message-level security is useful but then take away the possibility to do a GET in these circumstances. Is he saying that for some reason the scenarios that justify message-level security are scenarios in which REST-style interactions don’t apply?

The cynical view of SOAP is not new, but this piece (“The S stands for Simple” by Pete Lacey) puts it down in the best form I’ve seen so far. What makes it such a good satire is not the funny writing (”Saints preserve us! Alexander the Great couldn’t unravel that” on reading the XSD spec) but how true it is to what really took place. There was plenty of room for exaggeration to get additional comic effect but Pete staid clear of that and the resulting piece is much more powerful for it.

I am impatiently waiting for the second installment, when the poor developer gets introduced to the WS-Addressing disaster.

I love the piece, but it doesn’t mean I have given up on SOAP. The fact that there was a lot of bumping around trying to find out how SOAP is most useful is not bad per se even if the poor developer left a few handfuls of hair on the floor in the process (that’s the joy of being an early adopter, right?). Many other good technologies go through that, in fact this is what makes them good, figuring out what they should not do.

SOAP is indeed for doc exchange (not “wrapped-doc/lit”). If you need end to end security, reliability or transaction then it helps you with that. If you don’t need them but think you might need them someday then the cost of putting your message in a SOAP envelope it pretty low, so do it. If you know you won’t need that then by all means POX all you want. And BTW, while the “role” attribute is indeed useless, “mustUnderstand” is very important. In fact, it would be very nice to have something like this for any portion of the message, not just headers. And speaking of extending header goodies to the body, EPRs would be useful if they were a real mechanism for templatizing SOAP messages (any part of the message, with a way to indicate what portions are there because of the template) instead of a dispatching crutch for sub-standard SOAP stacks. And since I have switched into “Santa Claus list” mode, the other piece we need is a non-brittle XML contract language. That’s for a future blog entry.

The question I hear most often when talking about SML, is how it relates to CIM. The easy part of the answer is to explain that SML is a metamodel, like MOF, not a set of model elements/classes like CIM. SML per se doesn’t define what a blade server or a three tier application looks like. So the question usually gets refined to comparing SML to MOF, or comparing an SML-based model to the CIM model. Is it a replacement, people want to know.

Well, you can look at it this way, but whether this is useful depends on your usage model. Does your usage model include a distinction between observed state and desired state? You can use SML to model the laptop in front of you, but if all you’re doing is reading/writing properties of the laptop directly you don’t get much out of using SML rather than CIM, definitely not enough to justify modifying an existing (and tested) manageability infrastructure. But if you change your interaction model towards one where there is more automation and intermediation between you and the resource (at the very least by validating the requested changes before effectuating them), then SML starts to provide additional value. The question is therefore more whether you would benefit from the extra expressiveness of constraints (through schematron) and the extra transformability/validation/extensibility (through the use of XML) that SML buys you. If you’re just going to assign specific values to specific properties then CIM is just as good. And of course keep in mind that a lot of work has already gone into defining the domain-specific semantics of many properties in CIM and that work should, to the extent possible, be leveraged. Either directly by using CIM where SML doesn’t provide additional value, or indirectly by carefully surfacing CIM-defined elements inside an SML model. Finally, CIM defines operations while SML doesn’t have such a concept. The most natural way to do a “start” using SML is not to invoke a “start” operation as it is in CIM, it is to request the configuration to be changed to a state in which the resource is started. In conclusion, there is a lot more to the “CIM versus SML” question than a direct replacement. Those who just look at ways to do syntactical translation between the two approaches will repeat the same errors that created (and still create) so many problems for those who saw Web services as just another way to do object to object RPC. The usage model (some would say the architecture) is what matters, not the syntax.

One of the entries that has been collecting dust in the “draft” folder for this blog was about how it would be nice to have a search engine for XML documents. So, when the announcement of Google Code Search came out, I thought it was finally done and I could delete the never-published entry. Well, turns out it doesn’t support searching on XML documents. I don’t care to debate whether XML (or some XML dialects) is code or not, all I know is that it would be very nice to be able to do things such as:

• look for instances of a specific GED
• compare how often different XSD constructs are used (choice, sequence…)
• look for all wsdl:binding elements that implement a given portType
• look for all wsdl:port elements and all the WS-A EPRs that have an address in the hp.com domain
• look for all XML documents for which a given XPath query evaluates to “true”
• look at the entire Web (or a subset of it) as one giant SML model and query it
• even for good old HTML/XHTML documents, it would be nice to search them as XML documents and be able to look for pages that contain a certain string as part of the title element or as part of a list.

In the meantime, people are going to have fun searching for password embedded in source code and other vulnerabilities.

BEA, BMC, Cisco, Dell, EMC, HP, IBM, Intel, Microsoft and Sun just published a new modeling specification called SML (Service Modeling Language). This is the next step in the ongoing drive towards more automation in the management of IT resources. The specification makes this possible by providing a more powerful way (using Schematron) to express system constraints in a machine-readable (and more importantly machine-actionable) way. It also has the advantage (being based on XSD) to align very well with XML document exchange protocols and the Web services infrastructure.

Here is the SML spec on the HP site. Very soon there will be an HTML version of the spec there in addition to the PDF. In addition, the serviceml.org Web site is a basic but vendor-neutral home for the spec.

Those familiar with the QuarterMaster work will see a lot of commonality and know that HP has a lot of experience to contribute in this domain: paper 1, paper 2 and paper 3.

This is an initial draft, not a final specification. The major hole in my mind at this time is the lack of support for versioning. Something to address soon.

There are many good things about this specification, but unfortunately not the name. Just for kicks, here are some better candidates:

• ITSOK (IT Systems Operational Knowledge) “it’s ok”
• ITSON (IT Systems Open Notation) “it’s on”
• ITSUP (IT Systems Upkeep Profile) “it’s up”

Seen in today’s issue of the RISKS digest:

In the process of upgrading its storage management, PlusNet deleted more than 700GB of its customers’ e-mail and disabled the ability of about half its 140,000 users to send and receive new e-mail. “At the time of making this change the engineer had two management console sessions open one to the backup storage system and one to live storage. These both have the same interface, and until [then] it was impossible to open more than one connection to any part of the storage system at once.” Patches were installed, but the engineer assumed he was working with the backup rather than the live server. Thus, “the command to reconfigure the disk pack and remove all data therein was made to the wrong server.”

It’s for things like this that the RISKS digest should be a required reading for software professionals, especially in enterprise software. Tools make it easier to do useful things, they also make it easier to do very stupid things. Additional automation (that we are working on right now) can help prevent these problems. But it has corner cases too that may open the door to even bigger failures.

I have no idea what vendor console is involved in this specific incident. Could well be HP. Or Veritas. Or Tivoli…

[UPDATE: turns out it was Sun.]