Service assembly is finally showing up on the radar as an issue in service-oriented architectures, but in an interesting and perhaps revealing spin, some of the most telling examples are surfacing from the realm of hosted services.
Personally I think this is indicative of where service-oriented architectures are heading, although I know it goes against the grain of mainstream thinking to say that. Jeff Schneider, at least, agrees with me: "Services will be built, bought, leased and borrowed," he wrote in his blog last week. "Recombining services, from anywhere, for value-add solutions is at the heart of a Service Oriented Enterprise."
Jeff also takes a salutary attitude to a story that recently surfaced about the supposed dangers of outsourcing services within an SOA. A financial services firm outsourced certain non-critical services within a web services-based risk analysis application, but didn't foresee the extra overhead of monitoring multiple separate services, with the result that both the risk analysis and the systems management applications crashed. Jeff's verdict? "Stupid people shouldn't do SOA (on-shore or off-shore)." This was actually a failure of integration testing and operational management, nothing to do with SOA.
But the mainstream response tends to take the opposite view. The general attitude to using external service providers is, "Don't do it." After all, nobody ever got fired for keeping everything in-house.
The mainstream makes an exception, though, when it comes to on-demand application providers. Signing up for salesforce automation from Salesforce.com is no longer seen as going out on a limb. Vendors like this have gained enough market presence and credibility to be seen as a safe choice. When the time comes to extend the solution or integrate it with another application, it's inevitably going to involve services that are either wholly or partially beyond the firewall.
There's another factor that makes the pureplay on-demand application providers a fertile launch-pad for service assembly projects: they have a compelling business need to support service-oriented integration, so that customers can link data and processes from the externally hosted applications into their existing on-premises infrastructure. The vendors can't be credible players in the enterprise applications market if they don't support this. So they've gone out of their way to make sure they do.
It should be no surprise, then, to find that when application assembly vendor Above All Software launched version 4.0 of its Composite Application Platform this week, all four of the customer examples it was briefing on were integrating to Salesforce.com. One of them is described in a press release issued this week security and encryption vendor PGP in fact uses another external service, from credit referencing agency Dun and Bradstreet, to assign a unique key to each of its customers, which then forms the basis of integration between records hosted at Salesforce.com and the matching customer records held on-premises in its Oracle order management system. The resulting composite application is also hosted at Salesforce.com on its AppForce platform.
Above All makes the point that combining services from different applications isn't just a matter of defining web services interfaces. It's also important to reconcile semantic mismatches between those different application stacks. "Web services don't do a great job of semantic interoperability," Above All's VP marketing Sanjay Sarathy told me.
There are, indeed, many other things that basic web services don't do, such as control access, specify quality of service, bill for usage or provide a consistent user interface. Whle all of these aspects (along with a shared semantics base) might be assumed or imposed within an entirely in-house SOA, they can't be taken for granted when services are being combined across separately owned infrastructures. Therefore we're starting to see platforms or markeplaces springing up that add this kind of consistency. I've reviewed the current state of play in a posting to my ZDNet software-as-services blog this week.
There's certainly a wide variety of approaches to be seen. I'm particularly intrigued by StrikeIron's Web Services Marketplace, which provides fairly simple services you might call them business utilities, such as address validation. This doesn't at present look like a composite application platform (although perhaps it might morph into one in the future). The main use case seems to be where a developer wants to pull a specific service into an application that's under construction. But it has very sophisticated provisioning and billing functionality.
At the other end of the scale is the Rearden Commerce Platform, which Keith Rodgers wrote about in this week's Loosely Coupled feature article, Profiting from service reuse. This currently supports a single composite application that Rearden itself has designed and built, but as Keith describes, the plan is to open it up to third parties and indeed to customers so that they can add services and compose new applications in the future.
Salesforce.com's AppExchange takes yet another tack, concentrating more on offering a choice of discrete applications that share a common architecture and look-and-feel. This environment requires third-party products like Above All's to assemble services into composite applications.
This variety in approaches illustrates how much innovation is going to have to happen before any kind of best practice in assembling loosely coupled composite applications gets established. What's clear though is that a lot of the innovation is going to involve hosted service providers like these, making the space well worth watching for clues as to what works and what flops.