Category Archives: Everything

October 16, 2006

Is SML to CIM what WS is to RPC?

The question I hear most often when talking about SML, is how it relates to CIM. The easy part of the answer is to explain that SML is a metamodel, like MOF, not a set of model elements/classes like CIM. SML per se doesn’t define what a blade server or a three tier application looks like. So the question usually gets refined to comparing SML to MOF, or comparing an SML-based model to the CIM model. Is it a replacement, people want to know.

Well, you can look at it this way, but whether this is useful depends on your usage model. Does your usage model include a distinction between observed state and desired state? You can use SML to model the laptop in front of you, but if all you’re doing is reading/writing properties of the laptop directly you don’t get much out of using SML rather than CIM, definitely not enough to justify modifying an existing (and tested) manageability infrastructure. But if you change your interaction model towards one where there is more automation and intermediation between you and the resource (at the very least by validating the requested changes before effectuating them), then SML starts to provide additional value. The question is therefore more whether you would benefit from the extra expressiveness of constraints (through schematron) and the extra transformability/validation/extensibility (through the use of XML) that SML buys you. If you’re just going to assign specific values to specific properties then CIM is just as good. And of course keep in mind that a lot of work has already gone into defining the domain-specific semantics of many properties in CIM and that work should, to the extent possible, be leveraged. Either directly by using CIM where SML doesn’t provide additional value, or indirectly by carefully surfacing CIM-defined elements inside an SML model. Finally, CIM defines operations while SML doesn’t have such a concept. The most natural way to do a “start” using SML is not to invoke a “start” operation as it is in CIM, it is to request the configuration to be changed to a state in which the resource is started. In conclusion, there is a lot more to the “CIM versus SML” question than a direct replacement. Those who just look at ways to do syntactical translation between the two approaches will repeat the same errors that created (and still create) so many problems for those who saw Web services as just another way to do object to object RPC. The usage model (some would say the architecture) is what matters, not the syntax.

1 Comment

Filed under Everything, SML, Standards, Tech

October 10, 2006

Search engine for XML documents

One of the entries that has been collecting dust in the “draft” folder for this blog was about how it would be nice to have a search engine for XML documents. So, when the announcement of Google Code Search came out, I thought it was finally done and I could delete the never-published entry. Well, turns out it doesn’t support searching on XML documents. I don’t care to debate whether XML (or some XML dialects) is code or not, all I know is that it would be very nice to be able to do things such as:

  • look for instances of a specific GED
  • compare how often different XSD constructs are used (choice, sequence…)
  • look for all wsdl:binding elements that implement a given portType
  • look for all wsdl:port elements and all the WS-A EPRs that have an address in the hp.com domain
  • look for all XML documents for which a given XPath query evaluates to “true”
  • look at the entire Web (or a subset of it) as one giant SML model and query it
  • even for good old HTML/XHTML documents, it would be nice to search them as XML documents and be able to look for pages that contain a certain string as part of the title element or as part of a list.

In the meantime, people are going to have fun searching for password embedded in source code and other vulnerabilities.

Comments Off on Search engine for XML documents

Filed under Everything, Tech

October 1, 2006

WS-Notification is an OASIS standard

WS-BaseNotification v1.3, WS-BrokeredNotification v1.3 and WS-Topics v1.3 are now OASIS standards. Congrats and many thanks to the whole working group and especially the editors. Here is the announcement and here are the specs (these are the committee drafts that were voted on, they haven’t yet been edited to reflect the fact that they are now standards):

[UPDATE: here are the links to the final versions of the standard: WS-Notification spec, XSD, WSDL; WS-Topics spec, XSD; WS-BrokeredNotification spec, XSD, WSDL]

Comments Off on WS-Notification is an OASIS standard

Filed under Everything, Standards

September 28, 2006

WWW2007 call for papers

I am on the program committee this year again for the Web services track at International World Wide Web Conference. So please send us some great papers.

Comments Off on WWW2007 call for papers

Filed under Everything, Research

September 5, 2006

Network World article about SML

I wrote a short article on SML for Network World that was just published on-line and in the paper edition.

1 Comment

Filed under Articles, Everything, Standards

August 31, 2006

WS-ResourceTransfer published

HP, IBM, Intel and Microsoft just published the first specification described by the WS-Management/WSDM convergence roadmap from March 2006. It’s WS-ResourceTransfer (WS-RT), which builds on top of WS-Transfer to allow more flexible access to the representation of the resource (e.g. retrieving only a portion of the representation instead of the whole thing). This level of features corresponds to the WS-Transfer extensions present in WS-Management or to what WS-ResourceProperties offers in the WSRF world. Attentive readers of the roadmap might remember that it mentions a WS-TransferAddendum specification. There won’t be any such specs, instead there will soon be a backward-compatible update of WS-Transfer.

2 Comments

Filed under Everything, Standards

August 18, 2006

Is SCA to SML what SOA is to ITIL?

I very much agree with Eric Newcomer’s recent post about service-oriented tooling. In discussions around SML, when people debate the decision of creating yet another metamodel I usually make three points:

  • Need for powerful mechanism to convey constraints beyond the structure of the model
  • Need for alignment w/ XML-based messaging
  • It’s not really a new metamodel anyway since it borrows so much from XSD.

The second bullet resonates well with Eric’s argument. One of the consequences of using OO for modeling is the difficulty of mapping it to XML processing.

Now, despite its name SML is not really a service modeling language. What Eric has in mind is something more like SCA. SML is less specialized than that. Surely it can be used as a foundation for modeling services. But if you give just the SML spec to two persons and ask them to model services with it, don’t expect much useful interoperability between them. At least until common service modeling elements are defined on top of SML. Which begs the question, how does this relate to what SCA already provides?

In a very simplified way, what we see happening between SCA and SML is a smaller scale version on what is happening between SOA and ITIL. ITIL came from an operations perspective, with the goal of increasing the flexibility and responsiveness of the IT infrastructure. SOA came from a software design perspective, with similar goals. ITIL covers the whole spectrum of IT resources while SOA is focused on services. Similarly, SML came from an operations perspective and is generic enough to potentially apply at all levels of the IT infrastructure. While SCA came from the software design side of the house and is focused on software services.

This still doesn’t answer the question of the relationship between SML and SCA (e.g. can SCA be an SML-based model?) though. Stay tuned.

Comments Off on Is SCA to SML what SOA is to ITIL?

Filed under Everything, Standards

August 16, 2006

WS-MeX 1.1

WS-MetadataExchange was updated and republished today. While technically not part of the WS-Management/WSDM convergence effort, this is part of the same wave of consolidation/clarification. This update was described and pre-announced in the white paper describing the Web services management convergence, including the move towards using WS-Transfer’s GET operation. While WS-MetadataExchange doesn’t say anything about this (it doesn’t need to), this move towards using WS-Transfer also means that if the provider and the requestor both support the WS-ResourceTransfer extensions to WS-Transfer they will be able to exchange portions of the metadata rather than the entire thing, in the same way than a management system would retrieve a portion of the representation of a system. This allows better re-use and composition between specifications.

Comments Off on WS-MeX 1.1

Filed under Everything, Standards

August 15, 2006

SML feedback session

The public feedback session on SML will take place on September 12 in Mountain View. All are invited, but there is one of these pesky feedback agreements to sign. You can find the agreement at http://serviceml.org/. Once you’ve signed it, please send email to sml-feedback@external.cisco.com announcing your intention to come to the face to face meeting. Or you can directly email your feedback to that same address.

Comments Off on SML feedback session

Filed under Everything, SML, Standards

August 14, 2006

CMDB overview

This Network World article provides a pretty good overview of what the value of a well-used CMDB is. The statement that CMDBs are “enabled by open interfaces among management systems” is giving us (management system vendors) a bit more credit than we deserve at this point, but there is plenty of work in progress to make this be true (example 1, example 2, example 3).

Comments Off on CMDB overview

Filed under Everything, Standards

July 31, 2006

Announcing SML

BEA, BMC, Cisco, Dell, EMC, HP, IBM, Intel, Microsoft and Sun just published a new modeling specification called SML (Service Modeling Language). This is the next step in the ongoing drive towards more automation in the management of IT resources. The specification makes this possible by providing a more powerful way (using Schematron) to express system constraints in a machine-readable (and more importantly machine-actionable) way. It also has the advantage (being based on XSD) to align very well with XML document exchange protocols and the Web services infrastructure.

Here is the SML spec on the HP site. Very soon there will be an HTML version of the spec there in addition to the PDF. In addition, the serviceml.org Web site is a basic but vendor-neutral home for the spec.

Those familiar with the QuarterMaster work will see a lot of commonality and know that HP has a lot of experience to contribute in this domain: paper 1, paper 2 and paper 3.

This is an initial draft, not a final specification. The major hole in my mind at this time is the lack of support for versioning. Something to address soon.

There are many good things about this specification, but unfortunately not the name. Just for kicks, here are some better candidates:

  • ITSOK (IT Systems Operational Knowledge) “it’s ok”
  • ITSON (IT Systems Open Notation) “it’s on”
  • ITSUP (IT Systems Upkeep Profile) “it’s up”

Comments Off on Announcing SML

Filed under Everything, SML, Standards, Tech

July 27, 2006

Going shopping

The Mercury Interactive acquisition is very exciting. Especially since it brings Systinet along, and not the Systinet of a few years ago. The company very smarty got itself out of the “Web services infrastructure” melee and is now the leader in SOA governance. A much better match for OpenView.

On the other hand, this would be scary. I am sure we’ll get to $6 billion in revenue but I am willing to wait a little bit and earn it.

Comments Off on Going shopping

Filed under Business, Everything

July 20, 2006

There is no control-Z on this thing!

Seen in today’s issue of the RISKS digest:

In the process of upgrading its storage management, PlusNet deleted more than 700GB of its customers’ e-mail and disabled the ability of about half its 140,000 users to send and receive new e-mail. “At the time of making this change the engineer had two management console sessions open one to the backup storage system and one to live storage. These both have the same interface, and until [then] it was impossible to open more than one connection to any part of the storage system at once.” Patches were installed, but the engineer assumed he was working with the backup rather than the live server. Thus, “the command to reconfigure the disk pack and remove all data therein was made to the wrong server.”

It’s for things like this that the RISKS digest should be a required reading for software professionals, especially in enterprise software. Tools make it easier to do useful things, they also make it easier to do very stupid things. Additional automation (that we are working on right now) can help prevent these problems. But it has corner cases too that may open the door to even bigger failures.

I have no idea what vendor console is involved in this specific incident. Could well be HP. Or Veritas. Or Tivoli

[UPDATE: turns out it was Sun.]

Comments Off on There is no control-Z on this thing!

Filed under Everything, Tech

July 18, 2006

A look at Web services support at Microsoft

A “high-level overview of Microsoft support for Web services across its product offerings” was recently published at MSDN. At times it sounds a bit like a superficial laundry list of specs (it really doesn’t mean much to say that a product “supports” a spec even though we all often resort to such vague statement). Also, the screen captures are not very informative. But considering the breath of material and the stated goal of providing a high-level overview this is a nice document. And if I imagine myself in the position of trying to write a similar document for HP, my appreciation for the work that went into it rises quickly.

Having all this listed in one place points out one disappointing aspect: the disconnect between Web services usage for “management and devices” and everything else Web services. If you look at the table at the bottom of the MSDN article, there is no checkbox for any management or device Web service technology in the ASMX 2.0, WSE 2.0, WSE 3.0 or WCF columns. These technologies only appear in the guts of the OS. So Vista can interact with devices using WS-Eventing, WS-Discovery and the Web services device profile, but I guess Visual Studio developers are not supposed to want to do anything with these interfaces. Similarly, Windows Server R2 provides access to its manageability information using WS-Management (actually, AFAIK it’s still an older, pre-standard version of WS-Management but we’ll pass on that), WS-Transfer, WS-Enumeration and WS-Eventing but the Visual Studio developers are again on their own to take advantage of this to write applications that take advantage of these capabilities.

This is disappointing because one of the most interesting aspects of using Web services for management is to ease integration between IT management and business applications, a necessary condition in order to make the former more aligned with the later. By using SOAP for both we are getting a bit closer than when one was SNMP and the other was RMI, but we won’t get to the end goal if there is no interoperability above the SOAP layer.

Hopefully this is only a “point in time” problem and we will soon see better support for Web services technologies used in management in the general Web services stack.

The larger question of course is that of the applicability (or lack of applicability) of generic XML transfer mechanisms (like WS-Transfer, WS-Eventing and WS-Enumeration) outside of the resource management domain. That’s a topic for a later post.

Comments Off on A look at Web services support at Microsoft

Filed under Everything, Implementation, Tech

July 5, 2006

RDF to XML tools for everyone in 2010?

As has been abundantly commented on, a lot of the tool/runtime support for XML development is centered on mapping XML to objects. The assumption being that developers are familiar with OO and not XML and so tools provide value by allowing developers to work in the environment they are most comfortable in. Of course, little by little it becomes obvious that this “help” is not necessarily that helpful and that if the processing of XML document is core to the application then the developer is much better off learning XML concepts and working with them.

The question is, what will happen to the tools once we move beyond XML as the key representation. XML might still very well be around as the serialization (it sure makes transformations easy), but in many domains (IT management for one), we’ll have to go beyond XML for the semantics. Relying on containment and order is a very crude mechanism, and one that can’t be extended very well despite what the X in XML is supposed to stand for. Let’s assume that we move to something like RDF and that by that point most developers are comfortable with XML. Who wants to bet that tools would show up that try to prevent developers from having to learn RDF concepts and instead find twisted ways to process RDF statements as one big XML document, using the likes of XPath, XSLT and XQuery instead of SPARQL?

All the trials and errors around Web services tools in Java (especially) made it very clear how tools can hold you back just as much as they can help you move forward.

Comments Off on RDF to XML tools for everyone in 2010?

Filed under Everything, Implementation, Tech

June 20, 2006

Looking at AMQP

If you spend a large part of your day reading and writing XML-related specs and artifacts, what do you do in the evening for a change? You read a non-XML spec. That’s what I did tonight, with the newly-released AMQP specification.

The clear aim of AMQP is to open up and commoditize the message queuing middleware space. Some customers in the financial services industry and smaller software vendors are fed up with, respectively, IBM/Tibco fees and IBM/Tibco market dominance. And this is how they plan to bring change. Definitely something to watch. And not just if you’re in banking, many other domains have demanding messaging needs, including IT management. So they have my attention.

I am not a messaging guru, so my comments are not about the core content of the spec (it seems very well thought-through though) but mostly around the interconnection between this spec and the domain I focus on. Basically, how this would fit in the landscape of standards-based management integration for increased automation and flexibility.

So how would this map to WS-Eventing, which is the basis for the eventing part of the ongoing Web services management convergence? To a large extent, they are orthogonal and complementary. WS-Eventing is about creating and managing subscriptions, not how the notifications get delivered. As long as you can create an EPR that indicates that AMQP is the delivery mechanism, WS-Eventing will be ok with that protocol. And conversely, AMQP has limited support for the function of subscribing. The closest thing is the ability, defined by AMQP, for a consumer application to create message queues and then to pass bindings to the server to drive messages into these queues. But in AMQP there is no concept of notifying the publisher application that there is now interest from a consumer for some type of message. So, in the general case, a mapping of a WS-Eventing subscribe call to AMQP would require two steps, one to create the appropriate queue and binding on the server and another (if applicable to the system), to notify (through a mechanism not specified by AMQP) the publisher application that there is interest for a specific type of messages. In some systems the publisher app always sends the same notifications and lets the messaging infrastructure deal with dropping those that no-one cares to get. But in other use case (including some in the management space), the system that plays the role of publisher application is able to vary the amount of notification it sends depending on its configuration. This is not addressed by AMQP.

Another interesting aspect is to look at how something like WS-Topics can be used with AMQP. AMQP does have a built-in “Topic” exchange type just for this. But it specifies that “the routing key used for a topic exchange MUST consist of words delimited by dots. Each word may contain the letters A-Z and a-z and digits 0-9”. This wouldn’t allow a direct mapping from WS-Topics since the topics in WS-Topics are XML elements, therefore their names are of type NCName, which includes the “dot” character.

What I find more puzzling is the claim (not in the spec but in the announcement) that “The AMQProtocol can be used with most of the current messaging and Web Service Specifications such as JMS, SOAP, WS-Security, WS-Transactions, and many more, complimenting (sic) the existing work in the industry.” I can easily see how AMQP can be used with JMS and as I described above it can also be used with the WS specs that manage subscriptions. But I don’t understand how it relates to things like WS-Security and WS-Transaction. AMQP defines a binary protocol that doesn’t conform to the SOAP model, so how does it compose with SOAP-based specifications? This is especially important because AMQP is very light on security. And when it comes to transactionality and reliability it just says that “there are no confirmations in AMQP. Success is silent, and failure is noisy. When applications need explicit tracking of success and failure, they should use transactions.” And leaves it at that.

The AMQP announcement is covered in this eWeek story. BTW, unless he is quoted out of context ZapThink’s Jason Bloomberg seems to miss the point when he compares AMQP with JMS and its “vendor-specific implementations”. The fact that JMS is not a on-the-wire protocol and has therefore vendor-specific implementations is actually the very reason why something like AMQP is needed. AMQP asserts that the protocol can be mapped to JMS and indeed I didn’t see anything in the spec that would prevent this from being true.

I also wonder if it’s for the irony or as a Freudian slip that the topic example they use in the spec happens to be STOCK.USD.IBM.

[UPDATED 2008/10/27: Microsoft announced that they will join the group.]

[UPDATED 2009/3/17: There is some debate around RedHat patents related to AMQP. Kirk is not happy. Matt is not worried. RedHat says it’s pure.]

2 Comments

Filed under Everything, Standards, Tech

June 16, 2006

Public review of WS-Notification specs

I am a little late in pointing this out but we are half-way through the (hopefully final) public review of the WS-Notification family of specs (WS-BaseNotification, WS-BrokeredNotification and WS-Topics). You have one more week to review the specs and send your comments. Many of the changes in WS-BaseNotification and WS-BrokeredNotification relate to lifecycle management and how these specs relate to WS-ResourceLifetime. There is only one change to WS-Topics but I think it is a pretty major improvement. It cleans up how extension topics appear in a TopicSet document. All the links and information on how to comment are in this announcement.

Comments Off on Public review of WS-Notification specs

Filed under Everything, Standards

May 23, 2006

Just-in-scope (or just-if-i-care) validation

I started my Christmas wish list early this year. In January I described how I would like a development tool that tests XPath statements not just against instance documents but also against the schema. Since I am planning to be good this year for a change, I might get away with a second item on my wish list, so here it is. It’s the runtime companion of my January design-time request.

Once I have written an application that consumes messages by providing XPath expressions to retrieve the parts I care about, I would like to have the runtime validate that the incoming messages are compatible with the app. But not reject messages that I could process. One approach would be to schema-validate all incoming messages and reject the messages that fail. Assuming that I validated my XPath statements against the schema using the tool from my January wish, this should protect me. But this might also reject messages that I would be able to process. For example, even if the schema does not allow element extensibility at the end of the document, it shouldn’t break my application if the incoming message does contain an extra element at the end, if all I do with the message is retrieve the value of a well-defined foo/bar element. So what I would like is a runtime that is able to compare the incoming message with the schema I used and reject it only if the deviations from the schema are in locations that can possibly be reached by my application through the XPath statements it uses to access the message. Otherwise allow the message to be processed.

Steve, could Alpine do that?

Comments Off on Just-in-scope (or just-if-i-care) validation

Filed under Everything, Implementation, Tech

April 28, 2006

Security by complexity?

WSRF/CDL/WS-Addressing complexity used as a security barrier? Ouch!

Comments Off on Security by complexity?

Filed under Everything, Security, Standards

April 25, 2006

WS-Management a DMTF preliminary standard

WS-Management came out of the working group and has been published by the DMTF as a preliminary standard. Read it here.

Comments Off on WS-Management a DMTF preliminary standard

Filed under Everything, Standards