In this issue:

• New IT Conversations (Sound Advice)
  • Rasmus Lerdorf: PHP (he invented it!)
  • Andre Durand: Federated Identity
• Web Services
• Mark O'Neill: Architecting Security for Web Services
• Doug Kaye: Web Services Security Check (yours truly)
• Doug Kaye: Web-Services Networks (me again!)
• Paul Brown: An Introduction to BPEL
• Adam Bosworth: Dealing with REST
• Subscription and Contact Info

Rasmus Lerdorf: PHP. [An IT Conversation] "I really don't like programming. I built this tool to program less so that I could just reuse code."

Ten years later, PHP is now running on the web servers of one third of all domains on the World Wide Web.

In this extremely popular IT Conversation, Rasmus explains why the easy-to-use PHP scripting language can power some of the Web's busiest sites including portions of Yahoo! that handle over 120 million unique visitors each month. PHP is scalable because of its "shared-nothing" architecture, unlike Java or similar virtual-machine runtime environments.

Whether you're already a PHP user, or haven't yet taken the plunge, you'll enjoy this interview with its humble creator--a true pioneer of the open-source movement. You'll also hear what's in the works for the next major release, PHP 5.0, and why Rasmus believes the Web will become "the interface to everything."
Posted Tuesday, December 02, 2003 4:27:36 PM  

Andre Durand: Federated Identity. [Another new IT Conversation] Spending six weeks on a friend's boat in the Carribean was what it took for Andre to see the big picture of federated identity. "It's more than just a technology problem," he says. Inspired in part by the worldwide ATM financial networks, he returned home with a vision to build the federated-identity infrastructure, which he broke down into three pieces: (1) federated-identity software supporting multiple protocols; (2) common legal agreements signed by all parties; and (3) a shared infrastrcuture of managed services.

His for-profit Ping Identity Corporation develops the software, which it then makes available using an open-source model from SourceID.org. The company also manages the shared network infrastrcture of PingID, which is the membership-driven entity that solves the scalability problem of the legal issues (managing the number of relationships that otherwise increases at an n-squared rate).

In this interview, Andre explains his vision for how real-world federated identity will be deployed. He also responds to three recent commentaries: Jim Rapoza of eWeek (who wrote that the Liberty Alliance "missed the point" on privacy), Doug Kaye, the host of IT Conversations (federation isn't as valuable for consumers as the Liberty Alliance documents suggest), and Carol Coye Benson of Glenbrook Partners (federated-identity networks won't support liability transfer).

Listen in to hear what Andre has to say about the coalescing (or not) of SAML, the Liberty Alliance, and WS-Federation, and just when federated identity will become mainstream for those extranet applications and for those that are consumer facing.
Posted Friday, December 05, 2003 5:38:20 AM

Mark O'Neill: Architecting Security for Web Services "SOAP is e-mail for applications." A good overview of the security issues unique to XML and web services by the CTO of Vordel. [Source: JavaPro]
Posted Sunday, December 07, 2003 10:34:59 PM

Doug Kaye: Web Services Security Check. Speaking of security, here's a short article I wrote for the December 1st issue of InfoWorld--part of an excellent special report on The Next Phase for Web Services with articles by Eric Knorr, Phil Windley, Brent Sleeper, and others.
Posted Monday, December 01, 2003 6:35:07 PM

Doug Kaye: Web Services Networks--What Are They Good For? (Lots of writing this month!) "WSNs excel as solutions where standards have yet to be set, let alone widely implemented. WSNs can certainly implement standardized technologies, too, but they specialize in solving problems in which the parties involved aren't able to agree on the use of a single protocol, whether standardized or not." It's an an excerpt from Loosely Coupled--The Missing Pieces of Web Services, published on WebServices.org.
Posted Friday, December 12, 2003 2:28:18 PM

Paul Brown: An Introduction to BPEL. Paul posted this presentation in PDF format. It's a slide show, but it's quite readable--a good 10-minute tour of BPEL.
Posted Tuesday, December 09, 2003 1:56:07 PM

Adam Bosworth: Learning to REST Although he confesses not to fully understand it, Adam presents an excellent case for the disadvantages of the REST model for web services.

• REST is tied to HTTP. There's no mechanism for reliable or asynchronous delivery.
• Correlation of requests and responses isn't inherent.
• REST has no loosely bound mechanism for describing interfaces (such as WSDL).
• REST doesn't allow the combination of a query (GET) with an update (PUT) in a single request. (Could be important for applications supported by server-side data caching.)
• REST doesn't support the subscribe/event message-exchange pattern. (Actually, REST probably does this, but at a higher level, not inherent in the low-level request/response model.)

Loosely Coupled--Now Available as a PDF (at a 63% Discount)

Entire book: US$14.95 Major parts (4 total): US$5.95 each Individual chapters (21 total): US$1.95 each

As an alternative to the hardcopy edition, you can now download my latest book in PDF format at a substantial discount using PayPal or BitPass. From the time you purchase the eBook version, you have 7 days during which you can download the content up to 10 times. The PDF files can be printed, but the text cannot be copied or modified.

Amazon.com Review of the Week: