pushing soa up the slope (with a pointy stick)

AWS is the latest to the join the cloud pub/sub hubbub with the (beta) launch of its Simple Notification Service. I took it for a spin this morning while waiting for my flight.

Once I signed up for the service in my AWS account, it was a simple matter of opening up the AWS Console and selecting the SNS tab.

You create a topic (I called mine “MyPersonalTweeter”).

Then create a subscription.

Subscribers can be HTTP/HTTPS WebHooks, or an email address or an SQS queue. I selected email.

AWS sends a confirmation to the nominated email address (damn, there go the SPAM opportunities).

Then just publish a message to the topic consisting of a subject and a message body (for some reason my first message never arrived, so I’m showing message number two sent later that day).

Digging a bit deeper, topics have policies which allow reasonably fine-grained control over who can publish and subscribe to your topic.

O’Reilly have released a new book in their “Beautiful…” series called “Beautiful Data.”  There’s a very comprehensive review on Slashdot which I highly recommend. The description of chapter eight caught my eye:

Chapter Eight is about social data APIs and pushes gnip heavily as the de facto social endpoint aggregator for programmers. The chapter mentions WebHooks as an up and coming HTTP Post event transmission project but doesn’t offer much more than a wake up call for programmers. The traditional polling has dominated web APIs and has lead to fragile points of failure. This chapter is a much needed call for sanity in the insane world of HTTP transactional polling. Unfortunately, the community seems to be so in love with the simplicity of polling that they use it for everything, even when a slightly more complicated eventing model would save them a large percentage of transactions.

The link “fragile points of failure” is worth following as it leads to a robust slashdot discussion on Twitter APIs and polling versus push for the web.

I think for a long time, the “web” as we know it has suffered from the lack of the Event/Listener paradigm. This is a pretty simple design concept that I’m going to refer to as the Observer [wikipedia.org]. Let’s say I want to know what Stephen Hawking is tweeting about and I want to know 24/7. Now if you have to make more than one call, something is wrong. That one call should be a notification to Twitter who I am, where you can contact me and what I want to keep tabs on–be it a keyword or user. So all I should ever have to do is tell Twitter I want to know everything from Stephen Hawking and everything with #stephenhawking or whatever and from that point on, it will try to submit that message to me via any number of technologies. Simple pub/sub [wikipedia.org] message queues could be implemented here to alleviate my need to continually go to Twitter and say: “Has Stephen Hawking said anything new yet? *millisecond pause* Has Stephen Hawking said anything new yet? *millisecond pause* …” ad infinitum.

And yet…

That’s not easy to do on a large scale. A persistent connection has to be in place between publisher and subscriber. Twitter would have to have a huge number of low-traffic connections open. (Hopefully only one per subscriber, not one per publisher/subscriber combination.) Then, on the server side, they’d have to have a routing system to track who’s following what, invert that information, and blast out a message to all followers whenever there was an update. This is all quite feasible, but it’s quite different from the classic HTTP model.

It’s been done before, though. Remember Push technology [wikipedia.org]? That’s what this is. PointCast sent their final news/stock push message [cnet.com] in February 2000. There’s more support for “push” in HTML5, incidentally.

Ahhh yes, I remember PointCast well. One of the early darlings of the dot-com era. This reply points at some new hope:

For messaging architectures (like, say, the internet), the pattern is usually described as “Publish/Subscribe”. All serious messaging protocols support it (XMPP, AMQP, etc.) and some are dedicated to it (PubSubHubbub). The basic problem with using it the whole way to the client is that many clients are run in environments where it is impractical to run a server which makes recieving inbound connections difficult.

There are fairly good solutions to that, mostly involving using a proxy for the client somewhere that can run a server which holds messages, and then having the client call the proxy (rather than the message sources) to get all the pending messages together.

Keep watching.

My daughter Ruby and her friends are finalists in Shoot It ’10. The short film is called “The Human Disposition”. Check it out and please vote!

Update: Ruby and Georgina won the “Peoples Choice” category! Thanks to everyone who voted.

I’m crotchety enough to have used the world wide web in the early nineties and before that, Usenet in the eighties. Back then the internet was a wild west where anarchy was viewed as a benefit. Openness and “freedom” – however you defined it – was ruthlessly defended, often to lunatic proportions. Back then the press blamed everything bad on the internet and privacy was a big issue. We seem to have come a long way from that world, but still the press blames everything bad on the internet and privacy is still a big issue.

Even bigger in the last few weeks with the furore over Facebook’s antics and Google’s drive-by privacy violations. A couple of good commentaries on this have been the Background Briefing report on the “Privacy Paradox” and Nicolas Carr’s observations on Facebook’s identity lock-in.

It is not surprising that the anarchy of the early web led to the building of “walled gardens” as a form of protection (this was AOL’s first web business model). It’s perhaps also not surprising that some of those walled gardens have become fortresses where the new Oligarchs exploit their netizens as “bonded labour”. Meet the new Oligarchs:

• Steve Jobs rules fortress AppStore. He is chief censor and code reviewer and wants to protect our iP* user experience. All for our own good.
• Sergei and Larry rule fortress Google. They have the largest correlation engine on the planet. They “[W]on’t be Evil” but we must trust that they know where lies the boundary. Google only wants to improve our search experience. All for our own good.
• Mark Zuckerberg rules fortress Facebook. He generally only opens his mouth to change feet, but lately says he wants to unburden us of all this privacy nonsense. Privacy is just so 20th century. All for our own good.
• Stephen Conroy wants to rule fortress Australia. Protecting us all from internet nasties by throwing a big censorship net around the country – just like China and Pakistan. All for our own good.

The problem with these new Oligarchs is that they purport to have our best interests at heart, but there is no openness or recourse, no rationale as to how they will separate our interests from their own. Google is too protective of their information assets and conveniently forgets to tell us about much of what they gather. Facebook views our private data too much as their own property to be onsold to others without our knowledge. AppStore acceptance or rejection appears arbitrary and fickle. As for the Net Filter, Conroy claims that a democratically elected government is more trustworthy than Facebook & Google – but there is nothing so undemocratic as a secret blacklist.

The new Oligarchs have built their fortresses on the architecture of the internet. Capitalising on Metcalfe’s law to build unbelievably valuable networks. But Metcalfe’s law also applies to our personal information. The value of any one piece of data about us is proportional to the square of all the other pieces of information they can correlate it with.

Is it all bad? Not really, the lesson of the web is that networks can provide powerful advantages. The Google search engine is testament to the power of massive collaborative filtering. Social networks such as Facebook have opened up wonderful social landscapes. The iP* AppStore has revolutionised the way we go mobile. To some extent this is also what was bought-into when we smothered all internet business models that involved payment. Web users want everything free but data centres, unlike clouds, don’t build themselves. The only currency we have allowed on the Web is that which can be obtained covertly. The real danger arises when power becomes so concentrated and subject to the whims of a few individuals. This is the lesson in the architecture of the underlying packet-switched internet.

From the old anarchic internet to the new oligarchic internet – everything and nothing has changed. Perhaps we should feel a lot less safe now when such people have our own interests so much at heart.

Service oriented architecture centres heavily on the concepts of service providers and consumers. It’s easy with request/reply web services to fall into the lazy habit of thinking of the provider as being the “server” side of the request/reply interaction. The consumer requests information from the provider, which the provider – naturally – provides! But this is wrong.

What happens in an N-tier architecture where there may be many “servers” in the stack? What happens with JMS-based services using a one-way message exchange pattern (MEP)? If one application is using SOAP/JMS to send a message to another application, which is the consumer and which is the provider?

On the face of it, you might say the “sender” is the “provider” and the “receiver” is the “consumer”, but that ignores the fact that there are two types of one-way MEP – “one-way out” and “one-way in.” (Actually there are many types of MEP and they differ slightly depending on the version of WSDL you use, see the WSDL standard for more confusing details).

We really need to look beyond the technology to find the answer and the Web Services Glossary gives a clue. It splits the model into an “agent” (software or process) that operates on behalf of an “entity” (person or organization). Specifically a Provider Agent and a Requester Agent operate on behalf of a Provider Entity and a Requestor Entity respectively.

So the “provider” of a Web service is basically the person or organization responsible for that service. It is the person or organization that you contact to get permission to use the service, or obtain the WSDL, or give your credit card details for charging.

An example will help to clarify the relationship between provider and consumer in one-way MEPs. Suppose a service provides alert notifications. Multiple consumers subscribe to this service to receive alerts on subjects that are important to them. At the messaging level, the provider puts a message onto a JMS Topic and multiple consumers receive the message. This is a “one-way out” MEP.

Another service might be a central audit service where multiple agents send messages via a JMS Queue representing steps in a distributed process. This is commonly used for “track and trace” in distributed workflows. In this case, the message senders are not responsible for the audit system, they are “users” or “consumers” of the service. This is a “one-way in” MEP.

In summary, service providers and consumers can be confusing in an N-tier architecture or with one-way MEPs. The fundamental consideration is more “business” than “technical”. Who is the organization or person responsible for the service? Then the way consumers interact with them determines the MEP that is being used.