Adoption of SOAP 1.1 has been so fast and so broad that the World Wide Web Consortium standard can almost be viewed as a synonym for Web services. After two and a half years of development work, the follow-on version of Simple Object Access Protocol, 1.2, is almost complete.
SOAP 1.2 thoroughly scrubs SOAP 1.1, cleaning up a number of areas of ambiguity and error. It also adds a new way to query SOAP servers, using simple HTTP GET commands, instead of using SOAP-formatted requests. This is a major change that bridges the world between SOAP and the competing Web services effort, REST (Representational State Transfer).
The REST camp, a loose online gathering of developers who want a simpler alternative to SOAP, has developed the only significant alternative standard efforts for Web services. With its support for REST-style URL queries in SOAP (with parameters passed in the URL), SOAP 1.2 will give users the best of both worlds. (SOAP 1.2 is downloadable from www.w3.org/2000/xp/Group.)
"[Weve brought] the SOAP spec into its own in the sense we were tightening it up and working on it to make it appropriate for the heavy lifting [needed]," said David Fallside (pictured), senior technical staff member at IBM, in Grass Valley, Calif., and chair of the XML Protocol working group (the W3C group responsible for SOAP 1.2). "It was a good spec, the 1.1 spec, but it hadnt seen the light of day in big deployments. [We are] making it watertight and ready to go for large-scale adoption."
Its true that SOAP 1.2 will be able to shoulder bigger burdens than SOAP 1.1, but, unfortunately, Version 1.2 follows in the footsteps of 1.1 in that it has little to offer in the way of security. SOAP 1.2 still defers security concerns to other groups in the W3C that work on general XML security standards and to the Organization for the Advancement of Structured Information Standards, which has established a Web Services- Security technical committee to develop concrete security specifications that will work with the W3Cs SOAP work.
"The XML Protocol working groups mission never directly included the creation of security technology," said Fallside. "It just wasnt in our charter. We would be going for many more years if that was true."
As a result, SOAP users will still need to rely on separate authentication steps and point-to-point encryption techniques to protect SOAP messages.
SOAP 1.2, now in Candidate Recommendation phase, is going through final reviews and is expected to be complete by midyear.
The W3C is conducting SOAP 1.2 functionality and interoperability tests using Web services products from seven organizations, including The Apache Software Foundation, BEA Systems Inc., Microsoft Corp., Systinet Corp. and TIBCO Software Inc.