How do SOA developers know if the WSDL they created will actually work and more importantly conform to their company's policies?
That was the problem Rizwan Mallal, managing director, Crosscheck Networks, Inc., based in Newton, Mass., set out to solve in creating the WSDL Report Card, a testing tool that gives WSDLs school-style grades based on their adherence to customizable corporate SOA policies.
WSDL Report Card, part of the SOAPSonar v.4.0 SOA testing tool released by Crosscheck Networks this past week, is based on customer feedback. "They gave us the problem," said Mallal, who is also a founding member and Chief Security Architect at Boston-based Forum Systems Inc., where he is responsible for all security related aspects of Forum's technology.
Customers were reporting friction between developers and QA team members over the quality of WSDLs being passed from development to testing, Mallal explained.
"The developers were producing WSDLs without doing tests," he said. "They would hand it over to the QA people and they would load the WSDL and the WSDL would fail to parse or would create methods that would not conform to standard practice. The test cases they were running would not communicate with the backend services."
What the customers asked for was a way to check WSDL policy conformance that developers and QA could agree upon.
So Mallal set about creating a customizable tool that would scan the WSDL and grade it A through F in key areas including WSDL definitions, schema, PortTypes, bindings, messages, and services.
Mallal offers a use case for the scorecard.
"There could be a corporate policy requiring that all WSDLs must contain the schemas," he said. "For example, all strings within the XML Schemas that are part of the WSDL should be bounded. Every string that is part of the schema should have a boundary."
When the user loads the WSDL into SOAPSonar, the tool checks if all the strings are bounded for a schema that is part of the WSDL. If everything is bounded correctly according to corporate policy, it would get an A in the schema category. If not, it might get a D.
Naming conventions could be another rule customized by the company, he said. For example, all the WSDL operations within the enterprise should start with a prefix of BANK. SOAPSonar will go through the WSDL and make sure all the naming conventions follow that rule.
Explaining the customizability, Mallal said: "We have these dynamic rules that calculate the corporate best policy and then average it out over all the different rule sets that are predefined in the scorecard. These rule sets are very dynamic. You can apply the weights to them based on your corporate best policy. Any group or division within the enterprise that is producing WSDLs can load it in and look at their scorecard."
"This addresses one of the major pain points that SOA users face. That is: How to test for quality of WSDLs," said Mamoon Yunus, CTO at Forum Systems and advisor to Crosscheck Networks, in the announcement for the new tool.
Mallal believes the WSDL Report Card will end squabbles between developers and QA teams because they can all look at the same grades based on their corporate policies. If a WSDL gets a D in one category there should be little argument that it needs to be fixed before any testing can be done.