UDDI: policy enforcer or dead parrot?

Mercury acquisition of Systinet points to UDDI role as policy enforcement mechanism
Written by Joe McKendrick, Contributing Writer

Mercury Interactive's announcement that it was buying SOA vendor Systinet has stirred some mixed reactions from the industry. Some eyebrows were raised by the fact that Mercury was also recently delisted from the Nasdaq stock exchange. Mercury apparently blames the delisting on a failure to file appropriate financial statements by deadline. (See, even high-tech companies still get flummoxed by paperwork.)

Computer Business Review's Tony Baer weighed in on the announcement, noting that the UDDI specification -- around which Systinet built its business -- has taken on a new role in the emerging SOA framework. To quote Baer:

"On the face of it, the acquisition of Systinet Corp by Mercury Interactive Corp underscores the reality that UDDI, the Universal Description, Discovery and Integration language, is continuing to morph from its origins as a runtime discovery engine to become a policy enforcement mechanism." 

Fellow ZDNet blogger Dana Gardner also provided his insights into what Mercury -- and end-user enterprises, for that matter -- gain in the emerging SOA governance space by acquiring Systinet. "For me the cosmic bang comes when groups of engaged enterprises, each with their own uber registry for policy and governance, start to carve out a portion of that metadata to securely and deliberately share across a business ecology. A two-way street of policy and process provisioning then becomes possible — despite the burgeoning complexity of SOA and semantic meta information sharing — to automate and enliven how companies can inter-relate, possibly on the fly."

UDDI, of course, has always been knocked around. It was orginally part of the Big Four standards that launched Web services in 2000, along with XML, WSDL, and SOAP. Originally presented as the "yellow pages" for finding services across the public Web, it disappeared from view during the dot-bomb fizzle. It has seen a resurgence as of late as an internal directory mechanism. 

The spec received more negative press last month when IBM, SAP, and Microsoft announced they would be shutting down their public UDDI registries.  David Linthicum, for one, called UDDI a "dead parrot" in the wake of the announcement. 

The runtime aspect of UDDI has always been questionable, especially since UDDI has been positioned more as a specification that supports designtime processes -- especially by Systinet. Also, the CBR article goes on to note, quite correctly, that a UDDI registry only makes sense to an enterprise if there are multiple services (Web services in particular) that are available for discovery. Most organizations at this point are only working with a handful of services, and architects, developers, or even appropriate business users at this point don't need registry implementations to "discover" where or what these services are. 

In theory, this scenario will change in the not-too-distant future, as services get built and deployed across multiple parts of the enterprise by multiple teams. A good registry will keep Team A from putting time and effort into building the same type of service that Team B already built last year.

Editorial standards