Does FACEBOOK-MYSPACE Get to Validate the "Services" API?
A few days ago, TechCrunch reported that MySpace is creating a developer platform. While this has not been validated, it is certainly a trend which has started to take momentum, with FaceBook and other social sites being the early movers. For FaceBook this has been an incredibly successful strategy with developers and hobbyists building FaceBook applications from their garages which are downloaded by literally millions of consumers. The big question is whether they are starting to validate the architectures and protocols for the new generation of service based applications. I am getting a lot of partners asking me this very question(answer at the very bottom :-)).
Like in the mid-90s when eCommerce web sites were the first to build real applications ( transactional systems ) using simple web protocols and simple server technologies, intentionally or not, they validated that these Web technologies were robust, would scale to 100,000 users and provided real reach. Through this validation, this started the movement of enterprise and ISV developers to build their next generation of applications using HTML, DHML, PHP, ASP, etc, etc. This evolved with hybrid Software as a Service ( Saas) / Software + Service solutions which you see today from ISVs like Salesforce.com.
These new social sites are building their application interfaces using RESTful protocols to enable developers to build new solutions on their platform. They are doing this because of ease of access to developers and the reach it provides to different application types. The big question is whether REST will succeed over the WS-* protocols for most of the Internet applications or will REST only be able to support scenarios which offer lower value services? This discussion will continue for a while, based on the fact that many sites will contain "High Value" services which need to get the protection that WS-Trust and WS-Security and technologies such as CardSpace will offer, in comparison to something like OpenID which has a potential threat from "Man in the middle" attacks.
Ultimately these community sites are starting to validate that the RESTful approach is good enough in most cases. The bigger question is how many sites will want to provide greater protection for their content and services over the long term and will find that REST does not provide enough support for transactions, security, trust, federation?
The silver cloud on the services horizon
For once Microsoft is very well positioned to support both models. With Windows Communication Foundation ( WCF ) we can get the developer to design the contract once and then allow the service to be offered out through many different end-points(heads) through config, with many different protocols, including REST, POX and WS-*. This model will allow these service based sites to hedge their bets or rapidly evolve over time. We are working with a number of large sites that are doing just this, so I think that this is a solid strategy....