Unencumbered by Vendor Support, WS-CDL has moved forward gaining ground on WS-BPEL.  However Steve Ross-Talbot, the co-chair of the Web Services Choreography Working Group sees these standards not as competing but as complementary standards.

About W3C

The World Wide Web Consortium (W3C) develops interoperable technologies (specifications, guidelines, software, and tools) to lead the Web to its full potential.  W3C is a forum for information, commerce, communication, and collective understanding.  More information on W3C can be found at: www.w3.org .

About Steve Ross-Talbot

Steve Ross-Talbot, co-chair of the Web Services Choreography working group and chair of Web Services Coordination, talks about the current status of Web Services Choreography Description Language (WS-CDL) and its relationship to Business Process Execution Language (WS-BPEL).

About Pi4 Technologies

Pi4 Technologies offers open source tools, consulting and professional open source support to leverage the power of the Pi Calculus. 

I recently got an update from Steve on the status of things at the W3C's Web Services Choreography Working Group.

Could you give me an update on the status of WS-CDL?

Ross-Talbot: It is still a Candidate Recommendation (CR).  There is one full implementation and we are working hard getting a second and possibly a third implementation.  We need the second implementation in order to show interoperability.  The exit criteria to move out of Candidate Recommendation has been set.  That is why we need the two implementations.

These are live implementations but you can’t talk about who they are?

Ross-Talbot:  I can talk about one of them, the other one I can’t talk about.  I do know who they all are, but can only talk about one of them.  One is the pi4 for tech implementation.  The pi4soa for Sourceforge project (http://sourceforge.net/projects/pi4soa).  That is a full implementation of the specification as it stands today.  We certainly raised a few issues against the standard, but nothing major.  There are some fixes to do against WS-CDL.  You can see these issues if you look at the public face of the working group.  You’ll see that certain issues were logged as they appear in agendas and minutes, of late.  There are a few issues to be resolved but they are relatively minor.  We have one full implementation and that implementation is also being used at a number of “blue-chip” banks.  I can’t tell you who they are at the moment because I am not allowed to.

Can you tell me more about the nature of their implementations?

Ross-Talbot:  The nature is really to do with some related work such as the International Swaps and Derivatives Association – ISDA who owns the vertical standard FpML - the Financial Products Mark-up Language.  ISDA recently announced that FpML 4.3 will come with a fully described choreography for business processes.  FpML is a wire format.  It just says here is the XML Schema for all the different message types you wish to exchange if one is doing derivatives trading.  What CDL will do is document and formally describe business processes such as payment, affirmation, and confirmation.  Those are the fundamental 3 business processes for all derivatives trading.  Affirmation is a process whereby you’re announcing to your counterparts in the investment banking community what you intend to do or what you have just completed.  Confirmation is a process when all parties agree.  Payment is the process whereby payment is extracted and received.  These are not insignificant developments in the life of CDL, to say the least.

Does CDL talk to the underlying network infrastructure?

Ross-Talbot:  CDL is agnostic about the implementation of the services.  In CDL, if you look at the spec - there is a concept of a role and role type.  You define these role types and the role types have an interface description and the interface description can be a reference to a WSDL, but that is optional.  And because of that one decision by the working group to make it optional you can put whatever you want in that field and target it at whatever you want.  Currently the investment banks are using it and equally the same is true for ISDA, they can use it to implement business processes using standard web services technology.  They might use access with SOAP over HTTP.  But equally they can use exactly the same description and exactly the business logic without changing anything at all and re-target it to a standard sort of message-driven SOA.  They might use J2EE containers for services instead of access and they might use JMS as the transport and not have any SOAP; or they might have SOAP as well but they don’t have to – it is entirely up to them.  The beauty it that, certainly with pi4soa for tools, is that this is a vendor dependent thing.  It is up to vendor what you what you want to do with choreography as long as the tool conforms to the standard and as long the behavior you implement in reality conforms to the semantics laid down in the spec.

What are the various tools out there that support CDL?

Ross-Talbot:  I think there are three implementations on the web page that have been listed.  One from Imperial College London, one from pi4soa, and there is one other [I forget their current name].  At the moment these are the only three serious implementations.  Amazingly no big vendor is picking it up, yet amazingly there are some very large banks and very large standards organizations that are picking it up.

Why do you think that is?

Ross-Talbot:  I think of the problems that incurred early with choreography was IBM and Microsoft pretty much insisted that choreography was meaningless and would compete with BPEL and should be strangled at birth.  They made those kinds of statements without interacting with the working group and without any real understanding of what choreography is.  They have confused the market and that hasn’t been helpful on their part.  As a result certain standards bodies like ISDA, like ISO who are doing stuff in the financial services sector as well as around SWIFT and other standards went done the route of UML and BPEL and without any exception that I know of, they all have said that BPEL doesn’t meet their needs.  It isn’t that BPEL is bad, it just isn’t what CDL does.  I have been around these guys in the financial industry and  have shown them what CDL can do over a long period of time.  Once the tools are available they ditched all the BPEL.

It seems like the adoption of BPEL has dropped off?

Ross-Talbot: That is what I see certainly from the financial services industry.  I don’t know one investment bank that has actually gone into production with BPEL.  I don’t know of one.

Is WS-BPEL competing with WS-CDL?

Ross-Talbot:  They are not competing standards - they do different things.  CDL isn’t about recursive composition of web services, it is not an aggregator of web services that yields yet another service.  That is what BPEL does.  From our perspective BPEL is just an endpoint language.  If you have three services that you want to run collocated then BPEL is a really good bet for you – that is what you should use.  CDL does not care what the endpoint language is.  It can generate the state machine that represents the observable behavior and you can inject your business logic.  And we can generate to BPEL just as easily as we can generate to C# or Java.  It may be in your interest to use BPEL because of all the tooling around BPEL.  It makes it easy to administer, so a lot of production issues go away if you were just using C# in a container or JAVA in a J2EE container.  The value of BPEL is less to do with the orchestration itself but more to do with what you get from an orchestrated solution at production – you get visibility. You get visibility of how things play out and that is quite valuable for a production engineer.

What are you doing to encourage adoption of WS-CDL?

Ross-Talbot:  Well we don’t have the marketing budget of the IBMs and the Microsofts of the world.  It is a shame they aren’t interested; I think they will become interested in it with ISDA adopting it.  More recently there is a working group within ISO called WG4, part of a technical committee called T68.  T68 is all about financial services within ISO.  They own ISO20022 which is the SWIFT standard.  For most payments between institutions they use SWIFT and the secure network provided by SWIFT and all the rest of it.  And that working group is looking to unify to FIX, TWIST, FpML and SWIFT.  So all these standards – business processes including payment can be done end-to-end, and they are actively trialing CDL to do this.  When this is successful and we do expect it will be successful and it will deliver results this year.  I am sure that they will formally adopt CDL and I think at that point all the big players will all sit up and take notice.  Because they all presently use SWIFT. 

This is how bizarre it is.  One of the players in that working group is Microsoft.  Not because Microsoft is interested in financial standards per se but because Microsoft has a very large treasury department and they have to manage that money.  They are interested in that connectivity from their Microsoft Treasury Department to the rest of the financial world.  We may be in a bizarre situation where Microsoft is using CDL without realizing it and not supporting it and yet their treasury department will manage money transactions using CDL.

That would be kind of ironic?

Ross-Talbot:  It certainly would be.  I think we will get there and it is our intention as well with pi4soa open source tools to provide service generation to a .net environment but from Eclipse which will probably be like a cross compiler.  That is probably going to be done the middle of next year.

Can CDL also be used to do Orchestration within an Enterprise?

Ross-Talbot:  Orchestration does imply that there is central control and when you use CDL you do not have central control.  You can think of it as a script and you automatically give all dancers their roles to play and consequently they all work together since their roles were all generated from a global script and that way you get rid of a centralized orchestration.

So no one owns that central control in Choreography?

Ross-Talbot:  That’s right.  It is peer-to-peer.  It becomes peer-to-peer in this way and you are ensured the behaviors are aligned so that when someone gets a message they know exactly what they are supposed to do with that message and they do it.  And if it is not at the right time the service should complain – “hey I got a message and it is out of sequence here and I am not expecting this message and I am in a different state.

It has more to do with Centralized Control vs. peer-to-peer rather than within an enterprise vs. between enterprises?

Ross-Talbot: Obviously between organizations you can’t have central orchestration because no one is going to give up control.  Equally within in a large institution the one thing they don’t want is central control.  They want central management but they don’t want to incur the risk of having something going down.  That is essentially what CDL provides.  If you are a BPEL vendor you are gated by the number of orchestrations that you can have.  If you think about a pyramid you would have to have an orchestrator at the top.  And that gates the adoption of BPEL because people are very concerned about that.  If you use BPEL and CDL together you actually enable orchestration vendors to sell more.  You just removed the one obstacle that prevents adoption which is over-centralization.  At some point the BPEL vendors will understand CDL isn’t competing at all.  Not only is it complementary it could be the one thing that makes BPEL take off.

I agree.  The CDL adoption will happen when they see the results.

Ross-Talbot:  We have been very careful this year about how we go to the market and tell the market what we are doing and who we are doing it with.  We don’t want to count our chickens before they hatch.  But we do expect that early next year or this side of the new year; to see two pretty significant deployments with two huge major banks.  When we have some success stories like that, at that point we will really start to crank up the volume.

It seems like the Financial Services are really driving this adoption?

Ross-Talbot:  To be honest they have been driving this standard from day one.  And my background has been in the financial services in IT.  So I have always come from that environment and I am well aware of their concerns and what their needs are.  That has allowed me to engage them very early on.  If you track back all of the minutes and notes you will see early references to FIX, TWIST, FpML and other standards.  They have been kept informed on a pretty much regular basis across the wholesale banking industry through other standards bodies - ISO, ISDA, FIX, etc.  These standards bodies have been tracking the level of interest in CDL and reported that interest went up massively the day we announced candidate recommendations.  At that point the standards bar was raised.

How does CDL work with WS-Security?  What is the relationship to other standards?

Ross-Talbot:  Security, transactions, WS-Coordination, WS-Policy and all these other standards are part of the deployment model that you have.  If you want to describe a business protocol these are annotations to the choreography in some way.  That is how you would interact with those standards because they are not part of the overarching description of the choreography.  If you have a business protocol in a particular vertical industry they aren’t going to set the particular security requirements.  But any two constituent members may require particular security considerations.  You need to be able to annotate the choreography preserving the behavior and then use that annotation to generate or to create the necessary descriptors to make this stuff real.  So that is essentially how we do it.

Is Security keeping up with CDL?

Ross-Talbot:  It doesn’t really affect choreography so it is not a primary concern for choreography as a standard since you can add this as annotation or as an attachment to it.  For example if you have two roles: someone may want to annotate the roles.  I want this choreography which I got from my regulator but I want to use WS-Security.

And somebody else may come along and say I want use to Kerberos.  So you can add  those attachments or annotations to describe the type of security you want to your choreography and then it is up to the tool vendor to determine how to best to use those annotations to actually make them real.

Has Eclipse jumped on the bandwagon?

Ross-Talbot:  For choreography?  No they haven’t really.  But we have been conscious that they are quite happy for us to become one of the Eclipse projects.  We felt it was too early since it would provide too much visibility before we have some major deployments.  But everything we do is within an Eclipse framework.  It is a real Eclipse play right now.  Even the generation to .net is handled as a cross compiler within Eclipse.  At some point maybe at the end of the year we may well review that.

What is your prediction on when CDL will become mainstream?

Ross-Talbot:  Let me answer this in two ways.  First of all I think SOA is completely misnamed - it is not Service-Oriented Architecture it is Service-Oriented Design.  There is no architecture in it at all as far as I can see.  It is the natural consequence of doing object oriented design over many, many years.  We have stepped up and said objects are small and services are big – all we have done is adjust the granularity and put the letter S in front instead of object.  One of the things that has been missing – how do you write down the design of an SOA - where is the ‘A”.  With object oriented design we weren’t thinking about concurrency per se, we were thinking about the objects interacting generally within a JVM or virtual machine and occasionally we were thinking about it as a way of combining services.  No body really had a good answer for how you write down the design in a distributed system.  I think that is exactly what CDL does; I think CDL puts the “A” back into SOA.  It can do that in two ways and any mix of the two.  You can use CDL to generate the state machines and fill in the business logic for the set of business services, and therefore you can go from the top all the way down to implementation.

Equally if you have an existing SOA you can write the choreography, you can create some proxies like JMS queue browsers for example which inspect messages and send it to a correlation engine that understands the choreography and therefore gives you business activity monitoring against a script.  It lets you write choreography and test it against existing services to see if you are doing what you thought they were doing.  If you like, you are retrospecting the architecture back to an existing set of systems.  And you can do any combination of that so you might generate and monitor existing systems.  In terms of mainstream I think that is the mainstream activity for my money.  That is where CDL provides the most value add - longer term.  It really provides you with the architectural blueprint for any set of services that you want to launch into your enterprise and that you need to monitor and to manage.  You can now actually see the message exchanges between services and determine whether those message exchanges are in the right sequence.  That is what architects want to do – they want to act globally but they want to think locally.  Whereas the application builder, the architect wants him to act locally but think globally.  Therefore you get this lovely tension between acting globally and thinking locally and the other way around which is totally supported by CDL.

In my blogs I often talk about the three stages of adoption.  In the third stage UDDI becomes the method of discovering services.  Most people I talk to doubt that we will ever get to that final stage and use UDDI.  What is your opinion?

Ross-Talbot:  It is nobody’s interest to get to a UDDI repository either through one which is located in an institution or through a third party somewhere in order to get to a service which has a certain functional signature.  It is not actually that interesting to do that because you don’t have any idea whether that service will work with your existing services.  You don’t know the order of the calls that you can make in order to use the service.  If you could query it and give me a service that has these functional signatures and behaves in this way; then and only then can you actually think about swapping services in and out.  At the end of the day UDDI is fundamental to making this happen and needs to be about substitutability of a service.

If you have a service from someone and it isn’t meeting SLA commitments then you want to substitute with another service?

Ross-Talbot: You want to know you can swap with impunity and there are no unintended consequences – it will just work.  You need a guarantee of interoperability and the only way you can do that is through behavior.  The reason is that there is a technique in formal computer science and in Pi calculus called bi-simulation.  What bi-simulation really says is that Service A is quite similar to Service B if everything that I can do in Service A at any stage, I can do exactly the same in Service B.  It doesn’t mean to say Service B can’t do more than Service A.  What it means is that every time I make a call to Service A and it state changes and is prepared to accept changes, Service B is in the exactly the same state and mimics exactly the same behavior.  So what it means from the observer point of view is that you can’t tell one service from one another.  The only way you can tell them apart is from their SLA appearance.  You then get into a kind of market economy for services.  You need a certain behavior and you need substitutability.  Without that you never get there.  That is what CDL is completely and utterly targeted for and that is exactly what it can do.

So you believe we will get to that third stage and UDDI will be used?

Ross-Talbot:  Yes I am convinced of that.  If you look at the players we have from academias that are working with us as invited experts.  These people just don’t pop up anywhere, they are very careful about what they engage in.  There are some pretty heavy weight people.  Robin Milner invented Pi Calculus and is a Turning recipient as well.  You can liken him to Alan Turning; he is a later day Alan Turning or the later day Alanzo Church.  These are the founding fathers in Computer Science.  Robert Milner is spoken of in the same vein, so to have him as an invited expert guiding and helping us develop this stuff has been an awesome experience for everybody.  Along with him the other two people Dr. Kohei Honda and Dr Nobuko Yoshida are also invited experts.  One of the reasons they have been interested in taking these assignments is that they are not just talking shop and are not just vendor controlled but actually are hands on.  We listen and we act and we have provided facilities in CDL to allow then to create their advance type system which allows this notion of substitutability to be used in practice.  They get real life use cases to show all that they have been thinking about deeply. Not only is it real in academic but it has meaning and value in the wider world.  Which results are measured commercially - ultimately.

That is good to hear, since most people wonder if standards will have real world application.

Ross-Talbot:  Absolutely.  Oddly enough if you look back in the history of CDL, and the fact that Microsoft and IBM decided not to work with us and not to become part of our group - initially worked in our favor.  It hasn’t worked in our favor since but the game is not up yet so I am confident.  Not having them around meant we could make decisions and not get tied up in politics.  When we set out we wanted to get to candidate recommendation by the beginning of this year, and we succeeded by hitting our deadline.  Contrast that to the BPEL TC who are 18 months to 2 years late.  It is not that BPEL is that hard.  It is because you have 60-100 people on every conference call.  You have a 2 hour conference call and you spend the first 45 minutes of the meeting taking the register.  BPEL’s popularity is because of IBM and Microsoft who have supported all long and saying it is the best thing since sliced bread; has actually has worked against it and not for it.

I agree that has probably slowed BPEL down.  Anything else you would like to add?

Ross-Talbot:  There will be some more stuff going up on the website.  One of the exit criteria is not only to show two implementations of CDL tools working together – importing and exporting to one another; but also to show that we can create a system that can be monitored against choreography.  The pi4soa tool runs on access using SOAP over HTTP and we’ve have also added a complete J2EE application, which is about to be released.  It runs over JBoss, runs over GlassFish and runs generic J2EE and we will be doing a binding to MQSeries and Websphere shortly.  And if you couple that with .net and you have a very good way of building SOA.  These solutions can be very mixed in terms of what technical architecture you use under the covers and yet it guarantees everything works together. 

Keep a watch out for new stuff on the web site and it is all open source which is free for people to play with.

------

For more information about the W3C WS-CDL standards: http://www.w3.org/2002/ws/chor/

For more information about Steve’s company Pi4 Technologies Ltd.  http://www.pi4tech.com/

Gary E. Smith

SOA Architect Series