Casey Chesnut has a greatresponse to this FUDfestover on news.com. Some choice quotes:

“let me politely say that these people are idiots, and theyshould not be running your business… the other option is REST. if youdont think you can make very simple SOAP requests without doing WS-Security andthe advanced specs, then you deserve a kick in the nuts… how complex isXML? all the WS-* specs are about is getting the XML to match a schema. makingXML look the way you want it to is about as simple as it gets…MS and IBMare making toolkits to even hide that little bit of complexity from you. we'vegot .NET, WSE, and Indigo tomorrow…”

You know, it seems like Casey could really benefit from learning how to expresshis feelings more explicitly J

His last point is right on, though. I’ve been at an Indigo SDR for thepast couple of days – after playing with the bits, I’m amazed athow well Indigo has succeeded in keeping the wire-level complexity from leakingup into the higher order programming model. Using this toolkit, it’sentirely possible to build a secure, interoperable service without ever knowingthat the WS-* specs even exist. It’s a thing of a beauty, really.

It’s not like the WS-* specs are these radically incomprehensible thingsthat only genius developers who work for big corporations can implement. Hell,Casey implemented WS-Security for the compact framework by himself (and he evenhad to hack up crypto libraries). He doesn’t work for MS. The PlumbworkOrange project is working on WS-ReliableMessaging and WS-Federation, and noneof those guys work for MS. It doesn’t seem to me that the complexity ofthe specs is precluding independent implementations.

The key to complexity management in the WS-* space is composition. There’sonly one spec – WS-Addressing – that everyone really needs tounderstand (and that probably should have been part of SOAP in the firstplace). Beyond that, if you don’t need the features, you don’t needto care about the spec. If you’re fine with the transport-level security providedby HTTPS and the point-to-point reliability guarantees provided by TCP, then byall means forget about WS-Security and WS-ReliableMessaging. But, if you movebeyond the simple case and find your requirements are exceeding thecapabilities of the infrastructure, the WS-* specs are there for you. The will come when parts (if not all) of theindustry are ready to move beyond the simple case, and I’m glad we’rethinking about these issues now.