The more I learn about Zope, the more I like. Mostly.

I’ve always had a keen interest in software composition, and so was particulary impressed with Zope’s notion of “acquisition”, which is just composition by aggregation. What’s really novel here is not that, which has been done before, many times, but the binding of the URI hierarchy to containment relationships. Kudos for that.

One of the very few criticisms I have about Zope though is the use of “URL Traversal”, to locate scripts named in a URI. I added some comments to that page (itself, a nifty feature!), as you can see there;

I was thoroughly impressed with most of what I’d seen in Zope, but not so much with this feature. Perhaps it’s convenient, but it’s also quite dangerous in general I think. The examples of “feed” and “wash” are are called “unsafe” methods in Web architecture terms (; that is, they change the state of the object. Therefore they, shouldn’t be invoked with GET, as Googlebot might come along and accidentally feed your hippos. If you want to change the hippo directly to the fed state, use PUT with a document which represents the state of that fed hippo. If you just want to give him food (that he may or may not choose to eat), use POST with a description of the food.

I also wonder if the same misunderstanding about GET vs. POST was responsible for some problems I noticed with object publishing. For example, both GET and POST end up invoking the “index_html” method (eek, a horrid name) of an object (basically the equivalent of doGet() for you servlet fans). It’s odd that the object model define ambiguous dispatch behaviour for GET/POST, yet define proper dispatch behaviour for PUT, HEAD, and the WebDAV extensions. Perhaps a legacy mistake that’s too costly to fix? Dunno. But the more I read the publishing section, the more it seems that Zope has a bit of split personality in supporting both the Web and RPC models.

Hopefully that doesn’t get in the way of what I want to do with it.

Today the WS-I announced a bunch of implementations of a sample application they’d speced out. Seems like a good idea.

I downloaded a couple of them, and was very pleased to see a series of URIs that appeared as though they were identifying domain objects;


For a moment there, I thought my days of REST promotion were over and that secretly and collectively, WS-I members had “got it”. But alas, that wasn’t the case. Though you can invoke GET on the URIs, all they return – at least in the case of BEA’s WarehouseA URI is an HTML description of the object, include exposed operations and sample code. Bowstreet’s URI returns a SOAP fault, Sun’s returns an HTML page describing the state of the SOAP services, IBM’s returns a prophetic HTML page, and Microsoft’s returns an indication that GET isn’t supported at all. Ditto for Oracle.

So why wasn’t the returned document a description of the state of the warehouse, including inventory information? Once you’ve got the URI for a domain object (kudos on that, at least), why not serialize the state of that domain object as a response to GET requests?

I can finally give a bit of a glimpse into what I’ve been working 24/7> on the past few months. It’s just a small piece of the big picture, but a really interesting part of it. Suppose ABC Limited has Current Assets $ 5,00,000 and Current Liabilities of $ 300,000. Fixed Assets are $ 1,00,000. Long Term Debt is $1,00,000, and Short Term Debt included in the Current Liability above is $25,000. Calculate the Working Capital of the Company and analyze the same. Working Capital refers to the Funds available with the Company to meet its day to day Business operations. It is an indicator of the Short Term Financial Strength of the Company and signifies the capability to meet the Current Liabilities and Debt Obligations due within one year. The following working capital example provides an outline of the most common sources of working capital. Nanometrics has just announced Taurus(PDF), a portable seismograph. It’s Java/Linux/Web/Semantic-Web all the way. Definitely the coolest device I’ve ever worked on.
When you double-click an application[…]

Isn’t that cute? It’s so 1988. Of course, any self-respecting application developer today single-clicks theirs. 8-)

Thanks Roy. That’s really good to see. Roy’s far more articulate than I am on these matters, and I’d say that he picked the right guy to come out of the woodwork for too. My favourite bit;

I don’t buy the argument that programmers benefit from a Web Services toolkit. Such things do not build applications — at most they automate the production of security holes.


I found this in in my aggregator, but it’s not on his site any longer;

Adam Bosworth admits he doesn’t get REST. I like that. It takes courage. The REST advocates promote by intimidation. A clear sign they don’t want you looking too closely. Now Bosworth is going to do exactly that. Bravo.

Apparently I intimidate Dave so much that he’s unable to dig deeply into the issues himself! I rule. Golly.

I am jazzed about Adam’s latest weblog entry though. I’ve always expected that he’d be one of the first big Web services proponents to really get the Web, since he’s such a bright guy. I’ll respond when I get a minute.

I’ve just been getting into Zope, and was reading The Zope Book when I stumbled upon this;

The technology that would become Zope was founded on the realization that the Web is fundamentally object-oriented. A URL to a Web resource is really just a path to an object in a set of containers, and the HTTP protocol provides a way to send messages to that object and receive its response.

I would have phrased the last part of the last sentence differently – perhaps “provides a way to request the state of the object, and to process the serialized state of objects” – but yah, close enough.

Identity; check.

State; check.

Behaviour; check.

Encapsulation; check.

Data hiding; nope, but I personally never considered data hiding axiomatic of OO-ness.

Sean points, indirectly via Jorgen to an effort out of Microsoft Research (CRL) called Project Samoa, which provides tools for verifying the security of Web services.

Cool stuff, but you realize that you’d have to apply this to every single application interface out there? Ouch.

Yet another example of a benefit of using a single application interface.

In a post to service-orientated-architecture.

For your (re)viewing pleasure.