In the last few weeks I have come into contact with Adobe Flex to create a separate Flex front-end that talks to a back-end using web services. The advantage would be rapid development of a front-end that can use the tons of fancy UI features offered by Flex.

After a few proof of concepts I quickly ran into several issues. The most important being that Flex does not support WS-Security. Read that again: Flex does not support WS-Security. Note that Flex is positioned as something that prefers to use web services to talk to the back end. Also check this bug report. There are some tutorials that explain how you can cheat and add WS-Security headers yourself. This is obviously limited to simple headers and does not include signing or encryption.

I wonder how Adobe can keep on positioning Flex as a great enterprise capable way of creating portable rich front ends when they don’t support WS-Security. They don’t support any of the WS-* standards.

Not supporting WS-Security is one thing, it might be on the road map but not yet implemented. There is however something else in that bug report that caught my attention …

dashes (-) are not allowed while naming things like classes, variables, attribute, etc in AS3. The elements named with dashes, when mapped to AS3 objects will not compile.

Gasp. Not allowing dashes in naming is something that other languages also do but having a standard mapping (XML/SOAP to ActionScript 3) that does not take this into account is more severe. They obviously didn’t test the mapping extensively or they did and ignored the results.

For me, as a developer, this is also an indication that their underlying code that maps XML to ActionScript objects started as a quick & dirty implementation to support simple demonstrations and somehow grew into code that went into the production version. The fact that they don’t support any of the WS-* standards only supports this theory.