07.19.07

I had a call with a client yesterday, who wanted to know what we were doing with web services, and I realized I had not blogged about any of this lately.  We have so much going on in this area that it will take several entries, but the best place to start is interoperability.

A major vision for the GXS Trading Grid is to achieve “preferential integration” with as many software packages and services as possible.  By “preferential integration”, I mean going beyond moving transactions and documents, and having an integrated solution for supply chain collaboration.  Essentially, integrating software and services in problem domains where there are no standards to implement (managing trading partners, tracking documents, tracking the execution of business processes).  As of today, we have realized the first stage of this vision, with the successful automation of important partner management functions.

What has been really interesting is how easily partners can use our web services.  To date we have five implementations in various stages, and they have all been relatively smooth.  Part of why I find this surprising is that the web services are fully commercial, with authentication, authorization, etc.  We provision access to them through the normal process used for all services of the GXS Trading Grid.

The “real interoperability” is a result of our decision to use SOAP, WSDL and WS-Security. 

Many folks like to use REST these days, and for good reason, but in our environment we prefer SOAP.  Much of the REST usage I have seen on other Software as a Service providers has tended more towards the consumer space, and we tend to deal more with enterprise IT or ISV folks.  Both enterprise IT groups and software vendors tend to have access to tools that “eat” WSDL and produce stub code to call services, so SOAP is not issue.  Sadly, few of them leverage the excellent abilities of the scripting languages (Python, Ruby, Perl), but they also use SOAP very well.

WS-Security was more surprising.  I was initially not to sure about our Chief Architect’s decision to use this standard, fearing it might be too complicated — and I was dead wrong.  By using a standard mechanism, we have had no push back from our partners on how we do authentication, which is a first.  On top of that, we are now able to accept WS-Security from partners, and use SAML assertions inside — so our developers don’t need to know anything about WS-Security!  That helpful capability was another great idea from our Chief Architect Jeff Barton, working with a key web services vendor Forum Systems.

So beyond all these acronyms what do I mean by “real interoperability”?  We now have “client” implementations in Java, .NET, and legacy Microsoft C — and none of them required more than about a week or two to complete.  Of even more surprise is that they all seemed about the same level of effort. 

Given the results to date, I think you can count on many more web services interfaces to the GXS Trading Grid.