Patrick Logan has a post on the recently re-ignited discussion on REST vs. SOAP entitled REST and SOAP where he writes
Update: Mike Champion makes
an analogy between messaging technologies (SOAP/WSDL and HTTP) and road
vehicle types (trucks and cars). Unfortunately this is an arbitrary analogy.
That is, saying that SOAP/WSDL is best "to haul a lot of heavy stuff
securely and reliably, use a truck" does not make it so. The question is
how to make an objective determination.
Mike is fond of implying that you need to use WS-* if you want
security and reliability while REST/POX is only good for simple
scenarios. I agree with Patrick Logan that this seems to be an
arbitrary determination not backed by empirical evidence. As an end
user, the fact that my bank allows me to make financial transactions
using REST (i.e. making withdrawals and transfers from their website)
is one counter example to the argument that REST isn't good enough for
secure and reliable transactions. If it is good enough for banks why
isn't it good enough for us?
Of course, the bank's website is only the externally focused aspect of the service and
they probably do use systems that ensure reliability and security
internally that go beyond the capabilities of the Web's family of
protocols and formats. However as someone
who builds services that enable tens of millions of end users
communicate with each other on a daily basis I find it hard to imagine
how WS-* technologies would significanlty improve the situation for
folks in my situation.
For example, take the post Clemens Vasters entitled
The case of the missing "durable messaging" feature
where he writes
I just got a
comment from Oran about the lack of durable messaging in WCF and the need
for a respective extensibility point. Well... the thing is: Durable messaging is
there; use the MSMQ bindings. One of the obvious "problems" with durable
messaging that's only based on WS-ReliableMessaging is that that spec
(intentionally) does not make any assertions about the behavior of the
respective endpoints.
There is no rule saying: "the received
message MUST be written do disk". WS-ReliableMessaging is as reliable (and
unreliable in case of very long-lasting network failures or an endpoint outright
crashing) and plays the same role as TCP. The mapping is actually pretty
straightforward like this: WS-Addressing = IP, WS-ReliableMessaging = TCP.
So if you do durable messaging on one
end and the other end doesn't do it, the sum of the gained reliability doesn't
add up to anything more than it was before.
The funny thing about Clemens's post is that scenarios like the hard
drive of a server crashing are the exact kind of reliability issues
that concern us in the services we build at MSN Windows Live. It's cool that specs like WS-ReliableMessaging
allow me to specify semantics like AtMostOnce (messages must be
delivered at most once or result in an error) and InOrder (messages
must be delivered in the order they were sent) but this only scratches
the surface of what it takes to build a reliable world class service.
At best WS-* means you don't have to reinvent the building blocks when
building a service that has some claims around reliability and
security. However the specifications and tooling aren't mature yet. In
the meantime, many of us have services to build.
I tend to agree with Don's original point in his Pragmatics post.
REST vs. SOAP is mainly about reach of services and not much else. If
you know the target platform of the consumers of your service is going
to be .NET or some other platform with rich WS-* support then you
should use SOAP/WSDL/WS-*. On the other hand, if you can't guarantee
the target platform of your customers then you should build a Plain Old
XML over HTTP (POX/HTTP) or REST web service.