Sunday, May 20, 2007

Federation power fight in the backyard of OASIS

pencil icon, that"s clickable to start editing the post

First there was the clash of reliable web services messaging in OASIS. Second the outlook for a potential double ISO standard for document formats and now the next power fight looks to be on federation standards inside Oasis.

About a month ago OASIS let the word out with a Call for Participation on Web Services Federation. So what's the party about? you might ask, well you can start by reading the complete mail - it's long, so at a glance it looks like a lot of work has to be done, I guess it's a draft for the TC charter. The reason I write looks like is that the work kicks off on a version 1.1 of the WS-Federation specification, and I can't tell how close a match there is between the charter and the latest specification. One evil thought is that since the description is so detailed it could look like an attempt to rubber stamp the submitted specification, but a bit more on that later.

Version 1.0

The two versions of the specification can be found on the IBM WS-Federation site. The first version of Web Services Federation Language (WS-Federation) from July 8 2003 is 41 pages. The WSDL has 9 wsdl:message's:

  • SignOutMsg
  • RequestSSOMessagesMsg
  • CancelSSOMessagesMsg
  • GetPseudonymMsg
  • GetPseudonymResponseMsg
  • SetPseudonymMsg
  • SetPseudonymResponseMsg
  • DeletePseudonymMsg
  • DeletePseudonymResponseMsg

and 12 wsdl:operation's (spread over 6 wsd:portType's ):

  • SignOut
  • RequestSSO
  • CancelSSO
  • GetPseudonymResponse
  • SetPseudonymResponse
  • DeletePseudonymResponse
  • GetPseudonymRequest
  • SetPseudonymRequest
  • DeletePseudonymRequest
  • GetPsuedonym
  • SetPsuedonym
  • DeletePsuedonym

This initial version was developed by

  • BEA Systems, Inc.
  • IBM Corporation
  • Microsoft Corporation
  • RSA Security, Inc.
  • Verisign, Inc.

Version 1.1

Web The second version (Version 1.1) is from December 2006 and has triple the original size with 124 pages. This version has some new participants and RSA missing (the new ones in bold):

  • BEA Systems, Inc.
  • BMC Software
  • CA, Inc.
  • International Business Machines Corporation
  • Layer 7 Technologies
  • Microsoft Corporation, Inc.
  • Novell, Inc.
  • VeriSign, Inc.

As for the WSDL for version 1.1 it's a bit strange. There's only one wsdl:message called SignOut and two wsdl:operation's in seperate wsdl:portType's. I haven't dived into the specification yet, so maybe all the former operations stick, though not likely and in Appendix I - WSDL there's an example with the text The following illustrates the WSDL for the Web service methods described in this specification and it references 5 specifications whereof only one is a standard:

one conclusion could be that since 2003 there has been a massive convergence (and spread over new WS-Star specs) that the majority of operations are defined in other specifications.

Counting points - the fight is on

In the mix of paranoia, conspiracy and facts it's interesting to read the comments resolution log (pdf). There has already been said and written a lot about this, here are a couple of my picks: Burton Group, Eve Maler and Tim Bray. As usual the coverpages has a great collection of resources.