Application DevelopmentWeb Services Episode IV: A New Hope

Hans GranqvistSr. Engineer, VIS

Application DevelopmentWeb Services Episode IV: A New Hope

Hans GranqvistSr. Engineer, VIS

Web services, def.

•Machine-to-machine•XML

– Messaging, encoding•“Service”

– Describe, discover, use•Interoperable

History 101

1950-ies

•Procedure calls

1976

•Remote Procedure Calls (RFC 707)

1989

•Object-oriented RPC– Brokers

1995-ish

•XML-RPC– RPC over the internet– 2 pages– 9 data types

Example XML-RPC POST /RPC2 HTTP/1.0

User-Agent: Curl/5.1.2 (Windows)Host: example.orgContent-Type: text/xmlContent-length: 162

<?xml version="1.0"?><methodCall> <methodName>example.getStateName</methodName> <params> <param><value><i4>41</i4></value></param> </params></methodCall>

1998

SOAP

•Abstract messaging framework– HTTP– Data types– Recipients– Rules & controls– Infinitely customizable

SOAP

•Content– Envelope = (Headers, Body)

•Encoding– Section 5 or literal

•Structure– RPC or Document-centric

Example SOAP <SOAP-ENV:Envelope xmlns:SOAP-

ENV="http://www.w3.org/2003/05/soap-envelope"xmlns:xsd="http://www.w3.org/1999/XMLSchema"xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance">� <SOAP-ENV:Header> . . . Meta data . . . Optional data . . . </SOAP-ENV:Header> <SOAP-ENV:Body> <w:stateName xmlns:m="http://example.com/"> <num xsi:type="xsd:int">41</num> </m:stateName> </SOAP-ENV:Body></SOAP-ENV:Envelope>

Criticism

•HTTP as transport•Collapsed URI•Firewalls

•Patents

•…Umm, okay, complexity

• WSDL, UDDI, MTOM, BPEL4WS, WS-CDL,ASAP, WSRP

• WS-– Policy, Metadataexchange,

Reliability, PolicyAttachement,ReliableMessaging, Addressing,MessageDelivery, Notification,Enumeration, Trust, Coordination,SecurityPolicy, Transfer, CAF,Federation, SecureConversation,Eventing, Transactions, Security,Provisioning, Manageability, …

• OASIS, W3C, WS-I, IETF• IBM, BEA, TIBCO, Microsoft, Sun, SAP,

Oracle, VeriSign

*

REST = Architectural style

•Not software, nor a specification

– Selection of ideals

– Best practices

•Not magic!

•The Web = REST

REST

1. Resources

• Named resources• Logical URLs• Nouns

http://verisign.com/certs/04224

2. Representations

• XML/HTML/JPG/ . . .• Interconnected, traversable

<?xml version="1.0"?><certificate> <id>04224</id> . . . <owner xlink:href= "http://verisign.com/owner/1701-A"/> </owner></certificate>

3. State

4. HTTP

• Application protocol• PUT, GET, POST, DELETE

– Create, Retrieve, Update, Delete• Use of headers fundamental

– Accept, Content-type . . . and many more

Accept: text/*; text/html -->

<-- Content-Type: text/xml

POST /test HTTP/1.1Host: http://verisign.comContent-Type: text/xmlContent-length: . . .

<message> . . . </message>

Headers

Content

REST Criticism and Responses

Security

• RFC 2617 (HTTP Auth)– Extensible!

• XMLDSIG and XMLENC still applicable• And so is HTTPS

Description & Discovery

• UDDI R.I.P.– January 12, 2006:

IBM, SAP, MSFT kill public UDDI server• WSDL 2.0

Reliability, Tools

• Web is internet scale• IDEs not necessary

Auditing, policy, eventing…

• Application issues!

Is there a happy ending?

SOAP vs. REST

• Completeness vs. Toy-like• Pragmatism vs. Hippie ideology

or

• Bloated vs. Agile• Complexity vs. Simplicity• Web 1.0 vs. Web 2.0

Conclusion

•Both SOAP and REST needed– Simplicity rules

•Consider REST– Side-effects

•Consider security issues•WS-* momentum•Fight the good fight!

Thank you!Q/A?

“Web 2.0”