I loosened my tie and surveyed the grisly scene. The UDDI Business Registry lay on the darkened floor in a pool of blood. 50,000 registry entries lay scattered about in the flickering light of the street streaming through the barred window of the flophouse. What bothered me the most was that I knew UBR was a man of great promise… why did the family crime bosses of IBM, SAP and Microsoft withdraw their protection from him at this point in his career?
I'd caught wind of the gin joint buzz around this crime, but nobody seemed to know "who dunnit?" Some wags speculated that UBR had died earlier and was propped up at the crime scene as some kind of sick marionette. Others speculated that UBR was set up, never destined to become a crime boss in his own right.
In the dim light, I could see the once happy-go-lucky grin of UBR as a rictus, a mockery of happy days, like in September of 2000 when UBR was introduced with fanfare as part of UDDI. I studied the room for clues. Then, I noticed something fishy. The 50,000 registry entries scattered like the petals of dried flowers on a gunman's grave, they were as bogus as three-dollar bills. Mixed in among real entries was a heap of funny money, the kind of junk you can't even pass off to the rubes.
But where was the smoking gun? While some grief-stricken family members were quick to blame crime bosses IBM, SAP and Microsoft, most sly sleuths know that old and out of date technologies live long lives and die
At first glance, UDDI is just one service among many. After all, service -oriented architecture is made up of exactly that—lots and lots of services. Who gives a rat's derriere about some low-level bagman trying to hustle up the vig for his gambling debts? But in terms of services, UDDI held the keys to the kingdom in the whole SOA racket—UDDI was the only service whose job it was to know all of the other services. UDDI's little black book contained all the contact information and organizational schemes needed to run the whole SOA. You get access to the black book and you could bring down the whole organization. Another crime family gets access to the black book and they could move right into your territory.
But UBR wasn't satisfied just being able to see the books. UBR was looking to play a bigger game. UBR was the kind of wise guy who can't leave well enough alone. UBR wanted to own the SOA racket for the whole world. Any publicly available service could be found in UBR's black book—and this far reaching agenda was the cause of the downfall.
I checked the corpse of UBR for a pulse—the body was still warm, but he was dead as a doornail. Who would have thought a little man like UBR would try to take the whole racket? What could he have done differently?
Well, UDDI was about providing an open standard for interchange between registries. As such, UDDI was as chatty as a stool pigeon under witness protection. It was one thing for UBR to write down the names of all the other services and how to contact them, but to write down all of the policies and processes of the crime business in the black book, that was biting off a lot more than UBR could chew. UBR would have needed a lot more cover than witness protection to successfully house all of that and UDDI was not built to deal withthe complexities of running a crime organization.
The natural place for details about all the crime organizations business policies was to scribble them into the UDDI black book. The black book already contained all of the other services and operators and how to get in touch. Why not write notes in the margin to explain how the business actually worked?
But what the little man didn't consider was that he was dealing with a bigger game that he was set up to handle. Policies span SOA design time, run time and change time and the UDDI black book didn't have what it takes to protect that vital information. By opening up that information to anyone that shows up, UBR got passed around like a bad cold and it ended up hooking up with the wrong people. If only UBR had a mechanism of governing, validating and securing the services. If only UBR had a way of provisioning resources and managing the business policies associated with running a racket like that.
So this sad little tale of a little man trying to hit it big comes to an end. After studying the facts, it's clear that UBR was left hung out to dry because there was no way of governing all of the junk entries and crazy behavior which found its way into the UDDI black book.
Too bad for UBR. UDDI is still a useful tool; I wouldn't want to run a racket without a black book. But it's clear now that governance is the culprit and that lack of it should be held to account for this terrible crime. Like any good crime business, you need to keep two sets of books—one for the services and how to reach them and another for the policies and how the business works. Only when you put those together can you avoid the fate of UBR.
Miko Matsumura is the vice president for technology standards at Infravio Inc. and he chairs the OASIS SOA Blueprints Technical Committee.
This was first published in January 2006