The "full SOA"

Joe McKendrick remarks that vendors are toning down talk about "SOA".

I see a parallel with PKI ten years ago. Initially, the large vendors would tout PKI as a "top-down" architecture, a case of "build it and the applications will come". Some large organizations put PKIs in place, and then thought "hmm now what do we do with this?". Others were not so rash, and started out with the applications (SSL was the "killer app" for PKI) and then decided if they needed a PKI or not [many didn't, and used VeriSign or Thawte instead].

Simple XML-based integration, and simple Web 2.0 style mash-up applications, are arguably the killer apps for SOA. Both are enabled by XML Gateways, which apply the security and performance that is non-negotiable. But, these applications do not require a "full SOA", anymore than organizations ten years ago needed a "full PKI" in order to run the B2C and B2B Websites that used SSL.