a pragmatic introduction to rest · 2018-01-25 · d-40880 ratingen ch-6330 cham
TRANSCRIPT
Copyright innoQ 2008. All rights reserved.
A Pragmatic Introduction to REST
QCon London 2008Stefan Tilkov, [email protected]
1
Copyright innoQ 2008. All rights reserved.
Stefan Tilkov
http://www.InfoQ.com
http://www.innoQ.com
http://www.innoq.com/blog/st/
2
Copyright innoQ 2008. All rights reserved.
REST vs. ... ?3
Copyright innoQ 2008. All rights reserved.
REST vs. WS-*?REST vs. SOA?REST vs. SOAP?
4
Copyright innoQ 2008. All rights reserved.
Not today
5
Copyright innoQ 2008. All rights reserved.
(At least we’ll try)
6
Copyright innoQ 2008. All rights reserved.
First, let’s define some things
7
Copyright innoQ 2008. All rights reserved.
What is SOA?
8
Copyright innoQ 2008. All rights reserved.
3 Possible Definitions
9
Copyright innoQ 2008. All rights reserved.
Take your pick
10
Copyright innoQ 2008. All rights reserved.
1
11
Copyright innoQ 2008. All rights reserved.
SOA: An Approach to Business/IT Alignment
A different approach to an enterprise’s IT architecture ...
... driven by business, not technology
... focusing on shared and re-used functionality
... aligning business and IT
... relying on strong governance
12
Copyright innoQ 2008. All rights reserved.
SOA: An Approach to Business/IT Alignment
... can be implemented using any architecture, technology, or set of products
13
Copyright innoQ 2008. All rights reserved.
2
14
Copyright innoQ 2008. All rights reserved.
SOA: A Technical Architecture
Services with clearly defined interfaces
... autonomous and with explicit boundaries
... relying on shared schema, not shared code
... programming language-independent
... separating interface and implementation
... containing multiple specific operations
15
Copyright innoQ 2008. All rights reserved.
… somewhat technology-independent – can be built with e.g. CORBA, DCE RPC, DCOM, RMI, or Web services.
SOA: A Technical Architecture
16
Copyright innoQ 2008. All rights reserved.
3
17
Copyright innoQ 2008. All rights reserved.
SOA = Web Services
Business data as XML messages
... sent in a SOAP body
... enriched with metadata in SOA headers
... described with WSDL and XML Schema
... configured through WS-Policy
... registered in a UDDI registry
18
Copyright innoQ 2008. All rights reserved.
SOA = Web Services
... implemented using technologies and products from the WS-* universe
19
Copyright innoQ 2008. All rights reserved.
Web Services Standards Overview
innoQ Deutschland GmbH innoQ Schweiz GmbHHalskestraße 17 Gewerbestrasse 11D-40880 Ratingen CH-6330 ChamPhone +49 21 02 77 162-100 Phone +41 41 743 [email protected] · www.innoq.com
This
post
er is
not
to b
e re
prod
uced
or t
rans
mitt
ed in
any
form
or f
or a
ny p
urpo
se w
ithou
t the
exp
ress
per
miss
ion
of in
noQ
Deut
schl
and
GmbH
.·Co
pyrig
ht ©
inno
Q De
utsc
hlan
d Gm
bH. A
ll Ri
ghts
Res
erve
d. T
he p
oste
r may
also
con
tain
refe
renc
es to
oth
er c
ompa
ny, o
rgan
isatio
n, b
rand
and
pro
duct
nam
es. T
hese
com
pany
, org
anisa
tion,
bra
nd a
nd p
rodu
ct n
ames
are
use
d he
rein
for i
dent
ifica
tion
purp
oses
onl
y an
d m
ay b
e th
e tr
adem
arks
of t
heir
resp
ectiv
e ow
ners
.
InteroperabilityIssues
Metadata Specifications Reliability Specifications
Security Specifications TransactionSpecifications
Messaging Specifications SOAP
Management Specifications PresentationSpecifications
Messaging Specifications
WS-Notification
SOAP Message Transmission Optimization Mechanism
SOAP 1.2
SOAP 1.1
WS-Addressing – Core
WS-Addressing – WSDL Binding
WS-Addressing – SOAP Binding
WS-Topics
WS-BrokeredNotification
WS-Eventing
WS-Enumeration
WS-BaseNotification
Met
adat
a
Secu
rity
Reso
urce
Metadata SpecificationsWS-Policy
WS-Discovery
WS-PolicyAttachment
WS-MetadataExchange
Universal Description, Discovery and Integration
Web Service Description Language 1.1
Web Service Description Language 2.0 Core
Web Service Description Language 2.0 SOAP Binding
Mes
sagi
ngSecu
rity
WS-Security
WS-Security: SOAP Message Security
WS-Security: Kerberos Binding
WS-Security: SAML Token Profile
WS-Security: X.509 Certificate Token Profile
WS-Security: Username Token Profile
WS-SecurityPolicy
WS-Trust
WS-Federation
WS-SecureConversation
Security Specifications
Met
adat
a
Mes
sagi
ng
Relia
bilit
y
Dependencies
Basic Profile1.1
WS-IFinal Specification
! Basic Profile – The Basic Profile 1.1 providesimplementation guidelines for how related set of non-proprietary Web Service specifications should be usedtogether for best interoperability.
Basic Profile1.2
WS-IWorking Group Draft
! Basic Profile – The Basic Profile 1.2 builds on Basic Profile1.1 by incorporating Basic Profile 1.1 errata, requirementsfrom Simple SOAP Binding Profile 1.0, and adding supportfor WS-Addressing and MTOM.
Basic Profile2.0
WS-IWorking Group Draft
! Basic Profile – The Basic Profile 2.0 is an update of WS-IBP that includes a profile of SOAP 1.2.
Basic Security Profile1.0
WS-IBoard Approval Draft
! Basic Security Profile defines the WS-I Basic SecurityProfile 1.0, based on a set of non-proprietary Web servicesspecifications, along with clarifications and amendmentsto those specifications which promote interoperability.
REL Token Profile1.0
WS-IWorking Group Draft
! REL Token Profile is based on a non-proprietary Web services specification, along with clarifications andamendments to that specification which promoteinteroperability.
SAML Token Profile1.0
WS-IWorking Group Draft
! SAML Token Profile is based on a non-proprietary Web services specification, along with clarifications andamendments to that specification which promoteinteroperability.
Conformance ClaimAttachment Mechanism (CCAM)
1.0WS-I
Final Specification
! Conformance Claim Attachment Mechanism (CCAM)catalogues mechanisms that can be used to attach WS-IProfile Conformance Claims to Web services artefacts(e.g., WSDL descriptions, UDDI registries).
Reliable AsynchronousMessaging Profile (RAMP)
1.0WS-I
Working Draft
! Reliable Asynchronous Messaging Profile (RAMP) is aprofile, in the fashion of the WS-I profiles, that enables,among other things, basic B2B integration scenarios usingWeb services technologies.
" XML – Extensible MarkupLanguage is a pared-downversion of SGML, designedespecially for Webdocuments. It allows one tocreate own customized tags,enabling the definition,transmission, validation, andinterpretation of databetween applications andbetween organizations.
" XML – Extensible Markup Language is a pared-downversion of SGML, designedespecially for Webdocuments. It allows one tocreate own customized tags,enabling the definition,transmission, validation, andinterpretation of databetween applications andbetween organizations.
" Namespaces in XMLprovides a simple methodfor qualifying element andattribute names used in XMLdocuments by associatingthem with namespacesidentified by IRI references.
" XML Information Set is an abstract data set toprovide a consistent set ofdefinitions for use in otherspecifications that need torefer to the information in a well-formed XMLdocument.
" XML Schema – XMLSchema Definition Languageis an XML language fordescribing and constrainingthe content of XMLdocuments.
" XML binary OptimizedPackaging (XOP) is an XMLlanguage for describing andconstraining the content ofXML documents.
WS-Security1.1
OASISOASIS-Standard
WS-Security: Username Token Profile
1.1OASIS
Public Review Draft
! WS-Security is a communications protocol providing ameans for applying security to Web Services.
WS-Security: SOAP Message Security
1.1OASIS
Public Review Draft
! WS-Security: SOAP Message Security describesenhancements to SOAP messaging to provide messageintegrity and confidentiality. Specifically, this specificationprovides support for multiple security token formats, trustdomains, signature formats and encryption technologies.The token formats and semantics for using these aredefined in the associated profile documents.
WS-Security:Kerberos Binding
1.0Microsoft, IBM, OASIS
Working Draft
WS-Security: X.509Certificate Token Profile
1.1OASIS
Public Review Draft
! WS-Security: X.509 Certificate Token Profile describesthe use of the X.509 authentication framework with theWS-Security: SOAP Message Security specification.
! WS-Security: Username Token Profile describes how a Web Service consumer can supply a Username Token as ameans of identifying the requestor by username, andoptionally using a password (or shared secret, etc.) toauthenticate that identity to the Web Service producer.
WS-SecurityPolicy1.1
IBM, Microsoft, RSA Security, VeriSign
Public Draft
! WS-SecurityPolicy defines how to describe policies related to various features defined in the WS-Security specification.
WS-TrustBEA Systems, Computer Associates, IBM, Layer 7
Technologies, Microsoft, Netegrity, Oblix,OpenNetwork, Ping Identity Corporation,
Reactivity, RSA Security, VeriSign and WestbridgeTechnology · Initial Draft
WS-Security: SAML Token Profile
1.1OASIS
Public Review Draft
! WS-Security: SAML Token Profile defines the use ofSecurity Assertion Markup Language (SAML) v1.1 assertionsin the context of WSS: SOAP Message Security includingfor the purpose of securing SOAP messages and SOAPmessage exchanges.
WS-Federation1.0
IBM, Microsoft, BEA Systems, RSA Security, and VeriSign
Initial Draft
! WS-Federation describes how to manage and broker thetrust relationships in a heterogeneous federatedenvironment including support for federated identities.
WS-SecureConversationBEA Systems, Computer Associates, IBM,
Layer 7 Technologies, Microsoft, Netegrity,Oblix, OpenNetwork,
Ping Identity Corporation, Reactivity, RSA Security, VeriSign and Westbridge
Technology ·Public Draft
! WS-SecureConversation specifies how to manage andauthenticate message exchanges between parties includingsecurity context exchange and establishing and deriving session keys.
WS-PolicyAssertions1.1
BEA Systems, IBM, Microsoft, SAP
Public Draft
WS-Policy1.5
W3CWorking Draft
WS-PolicyAttachment1.2
W3CW3C Member Submission
WS-DiscoveryMicrosoft, BEA Systems, Canon,
Intel and webMethodsDraft
WS-MetadataExchange1.1
BEA Systems, Computer Associates, IBM, Microsoft, SAP, Sun Microsystems and
webMethodsPublic Draft
! WS-Policy describes the capabilities and constraints of the policies on intermediaries and endpoints (e.g. businessrules, required security tokens, supported encryptionalgorithms, privacy rules).
! WS-PolicyAssertions provides an initial set of assertionsto address some common needs of Web Servicesapplications.
! WS-PolicyAttachment defines two general-purposemechanisms for associating policies with the subjects towhich they apply; the policies may be defined as part of existing metadata about the subject or the policies may be defined independently and associated through an external binding to the subject.
! WS-Discovery defines a multicast discovery protocol fordynamic discovery of services on ad-hoc and managednetworks.
! WS-MetadataExchange enables a service to providemetadata to others through a Web services interface. Givenonly a reference to a Web service, a user can access a set of WSDL /SOAP operations to retrieve the metadata thatdescribes the service.
Universal Description,Discovery and Integration (UDDI)
3.0.2OASIS
OASIS-Standard
! Universal Description, Discovery and Integration (UDDI)defines a set of services supporting the description and discovery of businesses, organizations, and other Webservices providers, the Web services they make available,and the technical interfaces which may be used to accessthose services.
Management Of Web Services (WSDM-MOWS)
1.0OASIS
OASIS-Standard
WS-ManagementAMD, Dell, Intel, Microsoft and Sun
MicrosystemsPublished Specification
Management Using WebServices (WSDM-MUWS)
1.0OASIS
OASIS-StandardWeb Services for Remote
Portlets (WSRP)2.0
OASISCommittee Draft
! Web Service Distributed Management: Management OfWeb Services (WSDM-MOWS) addresses management ofthe components that form the network, the Web servicesendpoints, using Web services protocols.
! WS-Management describes a general SOAP-basedprotocol for managing systems such as PCs, servers,devices, Web services and other applications, and othermanageable entities.
Service Modeling LanguageIBM, BEA, BMC, Cisco, Dell, HP, Intel,
Microsoft, SunDraft Specification
! Servcie Modeling Language (SML) is used to modelcomplex IT services and systems, including their structure,constraints, policies, and best practices.
! Web Service Distributed Management: Management UsingWeb Services (WSDM-MUWS) defines how an IT resourceconnected to a network provides manageability interfacessuch that the IT resource can be managed locally and fromremote locations using Web services technologies.
" Web Services for Remote Portlets (WSRP) defines a set of interfaces and related semantics which standardizeinteractions with components providing user-facingmarkup, including the processing of user interactions withthat markup.
Web Service DescriptionLanguage 2.0 Core
2.0W3C
Candidate Recommendation
Web Service DescriptionLanguage 1.1
1.1W3CNote
Web Service DescriptionLanguage 2.0 SOAP Binding
2.0W3C · Working Draft
! WS-Business Activity provides the definition of the business activitycoordination type that is to be used with the extensible coordinationframework described in the WS-Coordination specification.
WS-Coordination1.1
OASISWorking Draft
! WS-Atomic Transaction defines protocols that enable existingtransaction processing systems to wrap their proprietary protocolsand interoperate across different hardware and software vendors.
! WS-Coordination describes an extensible framework for providingprotocols that coordinate the actions of distributed applications.
WS-Composite ApplicationFramework (WS-CAF)
1.0 · Arjuna Technologies, Fujitsu, IONA,Oracle and Sun Microsystems
Committee Specification! WS-Composite Application Framework (WS-CAF) is a
collection of three specifications aimed at solving problemsthat arise when multiple Web Services are used in combina-tion. It proposes standard, interoperable mechanisms formanaging shared context and ensuring business processesachieve predictable results and recovery from failure.
WS-Context (WS-CTX)1.0
Arjuna Technologies, Fujitsu, IONA, Oracleand Sun Microsystems
Committee Draft
! WS-Context (WS-CTX) is intended as a lightweight mechanismfor allowing multiple Web Services to share a common context.
WS-Coordination Framework (WS-CF)
1.0 · Arjuna Technologies, Fujitsu, IONA,Oracle and Sun Microsystems
Committee Draft! WS-Coordination Framework (WS-CF) allows the
management and coordination in a Web Services interactionof a number of activities related to an overall application.
WS-Transaction Management (WS-TXM)
1.0 · Arjuna Technologies, Fujitsu, IONA,Oracle and Sun Microsystems
Committee Draft! WS-Transaction Management (WS-TXM) defines a core infrastructure
service consisting of a Transaction Service for Web Services.
WS-Business Activity1.1
OASISWorking Draft
WS-Atomic Transaction1.1
OASISCommittee Draft
ResourceSpecifications
SOAP Message Transmission Optimization
Mechanism (MTOM)1.0 · W3C
Recommendation
SOAP1.2
W3CRecommendation
SOAP1.1
W3CNote
XML 1.11.1
W3CRecommendation
XML 1.01.0
W3CRecommendation
Namespaces in XML1.1
W3CRecommendation
XML Information Set1.0
W3CRecommendation
XML Schema1.1
W3CWorking Draft
XML binary OptimizedPackaging (XOP)
1.0W3C
Recommendation
" Describing Media Contentof Binary Data in XML(DMCBDX) specifies how toindicate the content-typeassociated with binaryelement content in an XMLdocument and to specify, inXML Schema, the expectedcontent-type(s) associatedwith binary elementcontent.
Describing Media Contentof Binary Data in XML
(DMCBDX)W3CNote
XML Specifications
! WS-Trust describes a framework for trust models that enablesWeb Services to securely interoperate. It uses WS-Security basemechanisms and defines additional primitives and extensionsfor security token exchange to enable the issuance anddissemination of credentials within different trust domains.
! WS-Security: Kerberos Binding defines how to encodeKerberos tickets and attach them to SOAP messages. Aswell, it specifies how to add signatures and encryption to theSOAP message, in accordance with WS-Security, which uses and references the Kerberos tokens.
WS-Addressing – Core1.0
W3CRecommendation
WS-EventingW3C
Public Draft
" WS-Addressing – Coreprovides transport-neutralmechanisms to addressWeb services and messages.This specification definesXML elements to identifyWeb service endpoints andto secure end-to-endendpoint identification inmessages.
WS-Addressing – WSDLBinding
1.0W3C
Candidate Recommendation
" WS-Addressing – WSDLBinding defines how theabstract properties definedin Web Services Addressing– Core are described usingWSDL.
WS-Addressing – SOAP Binding
1.0W3C
Recommendation
" WS-Addressing – SOAPBinding provides transport-neutral mechanisms toaddress Web services andmessages.
" WS-BaseNotificationstandardizes the terminology,concepts, operations, WSDLand XML needed to expressthe basic roles involved inWeb services publish andsubscribe for notificationmessage exchange.
WS-EnumerationSystinet, Microsoft, Sonic Software, BEA
Systems and Computer Associates
Public Draft
" WS-Enumeration describes a general SOAP-basedprotocol for enumerating a sequence of XMLelements that is suitablefor traversing logs, messagequeues, or other linearinformation models.
WS-Notification1.3
OASISOASIS-Standard
" WS-Notification is afamily of related whitepapers and specificationsthat define a standard Web services approach tonotification using a topic-based publish/subscribepattern.
WS-BaseNotification1.3
OASISOASIS-Standard
" WS-Eventing defines abaseline set of operationsthat allow Web services toprovide asynchronousnotifications to interestedparties.
WS-Topics1.3
OASISOASIS-Standard
" WS-Topics defines threetopic expression dialectsthat can be used as sub-scription expressions insubscribe request messagesand other parts of the WS-Notification system.
WS-BrokeredNotification1.3
OASISOASIS-Standard
" WS-BrokeredNotificationdefines the interface forthe NotificationBroker. A NotificationBroker is anintermediary, which, amongother things, allowspublication of messagesfrom entities that are notthemselves service providers.
" SOAP MessageTransmissionOptimizationMechanismdescribes anabstract feature foroptimizing thetransmission and/orwire format of aSOAP message.
" SOAP is a lightweight,XML-based protocol forexchange of informationin a decentralized,distributed environment.
WS-PolicyAssertions
Vers
ion
3.0
· Feb
ruar
y 20
07
Reliability SpecificationsWS-ReliableMessaging
WS-Reliability
WS-Reliable Messaging Policy Assertion
Tran
sact
ion
Resource SpecificationsWeb Service Resource Framework
WS-BaseFaults
WS-ResourceLifetime
WS-Transfer
Resource Representation SOAP Header Block (RRSHB)
WS-ServiceGroup
Mes
sagi
ng
Secu
rity
Tran
sact
ion
WS-ResourceProperties
Met
adat
a
Secu
rity
Basic
Prof
ile
Presentation SpecificationsWeb Services for Remote Portlets
Mes
s.
Secu
r.
Relia
b.
Mes
sagi
ng
Secu
rity
Management Specifications
Reso
urce
Met
a
WS-Management
Management Of Web Services
Management Using Web Services
Service Modeling Language
Business Process Specifications
WS-Choreography Model Overview
Web Service Choreography Description Language
Web Service Choreography Interface
Business Process Management Language
Business Process Execution Language for Web Serv. 2.0
XML Process Definition Language
Business Process Execution Language for Web Services
Mes
sagi
ng
Tran
sact
ion
Secu
rity
Relia
bilit
y
Transaction Specifications
Mes
sagi
ng
Secu
rity
Relia
bilit
y
Met
adat
a
WS-Composite Application Framework
WS-Transaction Management
WS-Context
WS-Coordination Framework
WS-Business Activity
WS-Atomic Transaction
WS-Coordination
Standards BodiesThe Organization for the Advancement of Structured Information Standards (OASIS) is a not-for-profit, international consortium
that drives the development, convergence, and adoption of e-business standards. Theconsortium produces more Web services standards than any other organization along with stan-dards for security, e-business, and standardization efforts in the public sector and for applica-tion-specific markets. Founded in 1993, OASIS has more than 4,000 participants representingover 600 organizations and individual members in 100 countries.
The World Wide Web Consortium (W3C) was created in October 1994 to lead the World Wide Web to its full potential by developing common protocols that promoteits evolution and ensure its interoperability. W3C has over 350 Member organiza-
tions from all over the world and has earned international recognition for its contributions to thegrowth of the Web. W3C is designing the infrastructure, and defining the architecture and the coretechnologies for Web services. In September 2000, W3C started the XML Protocol Activity to addressthe need for an XML-based protocol for application-to-application messaging. In January 2002, theWeb Services Activity was launched, subsuming the XML Protocol Activity and extending its scope.
The Web Services Interoperability Organization (WS-I) is an open industry organization chartered to promote Web services interoperability across platforms,
operating systems and programming languages. The organization’s diverse community of Webservices leaders helps customers to develop interoperable Web services by providing guidance,recommended practices and supporting resources. Specifically, WS-I creates, promotes andsupports generic protocols for the interoperable exchange of messages between Web services.
The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.
Attachments Profile1.0
WS-IFinal Specification
! Attachments Profile – The Attachment Profile 1.0complements the Basic Profile 1.1 to add support for interoperable SOAP Messages with attachments-basedWeb Services.
Simple SOAP Binding Profile
1.0WS-I
Final Specification
! Simple SOAP Binding Profile – The Simple SOAP BindingProfile consists of those Basic Profile 1.0 requirementsrelated to the serialization of the envelope and itsrepresentation in the message.
Business Process ExecutionLanguage for Web Services 1.1
(BPEL4WS) · 1.1 · BEA Systems, IBM,Microsoft, SAP,
Siebel Systems · OASIS-Standard
! WS-Choreography Model Overview defines the formatand structure of the (SOAP) messages that are exchanged,and the sequence and conditions in which the messagesare exchanged.
! Business Process Execution Language for Web Services1.1(BPEL4WS) provides a language for the formalspecification of business processes and business interactionprotocols using Web Services.
! Web Service Choreography Interface (WSCI) describeshow Web Service operations can be choreographed in thecontext of a message exchange in which the Web Serviceparticipates.
WS-Choreography ModelOverview
1.0 · W3CWorking Draft
Web Service ChoreographyInterface
(WSCI) · 1.0 · W3CSun Microsystems, SAP, BEA Systems
and Intalio · Note
Business Process Specifications
Business Process ExecutionLanguage for Web Services 2.0
(BPEL4WS) · 2.0OASIS, BEA Systems, IBM, Microsoft, SAP,
Siebel Systems · Committee Draft
! Business Process Execution Language for Web Services2.0 (BPEL4WS) provides a language for the formalspecification of business processes and business interactionprotocols using Web Services.
! Business Process Management Language (BPML)provides a meta-language for expressing businessprocesses and supporting entities.
Business Process ManagementLanguage (BPML)
1.1BPMI.org
Final Draft
! Web Service Choreography Description Language(CDL4WS) is to specify a declarative, XML based languagethat defines from a global viewpoint the common andcomplementary observable behaviour, where messageexchanges occur, and when the jointly agreed orderingrules are satisfied.
Web Service ChoreographyDescription Language
(CDL4WS) · 1.0 · W3CCandidate Recommendation
! XML Process Definition Language (XPDL) provides anXML file format that can be used to interchange processmodels between tools.
XML Process DefinitionLanguage (XPDL)
2.0Final
WS-ReliableMessaging1.1
OASISCommittee Draft
! WS-ReliableMessaging describes a protocol that allowsWeb services to communicate reliable in the presence ofsoftware component, system, or network failures. It definesa SOAP binding that is required for interoperability.
WS-Reliability1.1
OASISOASIS-Standard
! WS-Reliability is a SOAP-based protocol for exchangingSOAP messages with guaranteed delivery, no duplicates,and guaranteed message ordering. WS-Reliability isdefined as SOAP header extensions and is independent ofthe underlying protocol. This specification contains abinding to HTTP.
WS-Reliable Messaging Policy Assertion (WS-RM Policy)
1.1OASIS
Committee Draft
! Web Services ReliableMessaging Policy Assertion(WS-RM Policy) describes a domain-specific policy assertionfor WS-ReliableMessaging that that can be specified withina policy alternative as defined in WS-Policy Framework.
! Web Service Description Language 2.0 Core is an XML-based language for describing Web services and how toaccess them. It specifies the location of the service and theoperations (or methods) the service exposes.
! Web Service Description Language 1.1 is an XML-basedlanguage for describing Web services and how to accessthem. It specifies the location of the service and theoperations (or methods) the service exposes.
! Web Service Description Language SOAP Bindingdescribes the concrete details for using WSDL 2.0 inconjunction with SOAP 1.1 protocol.
WS-BaseFaults (WSRF)1.2
OASISWorking Draft
Web Services Resource Framework (WSRF)
1.2OASIS
OASIS-Standard
WS-ServiceGroup (WSRF)1.2
OASISWorking Draft
! WS-BaseFaults (WSRF) defines a base set of informationthat may appear in fault messages. WS-BaseFaults defines anXML schema type for base faults, along with rules for howthis base fault type is used and extended by Web Services.
! Web Services Resource Framework (WSRF) defines a family ofspecifications for accessing stateful resources using Web Services.
! WS-ServiceGroup (WSRF) defines a means by which WebServices and WS-Resources can be aggregated or groupedtogether for a domain specific purpose.
WS-ResourceProperties1.2
OASISWorking Draft
! WS-ResourceProperties specifies the means by which thedefinition of the properties of a WS-Resource may be declaredas part of the Web Service interface. The declaration of theWS-Resource properties represents a projection of or a viewon the WS-Resource state.
! WS-ResourceLifetime is to standardize the terminology,concepts, message exchanges, WSDL and XML needed tomonitor the lifetime of, and destroy WS-Resources.Additionally, it defines resource properties that may be usedto inspect and monitor the lifetime of a WS-Resource.
! WS-Transfer describes a general SOAP-based protocol foraccessing XML representations of Web service-based resources.
WS-ResourceLifetime1.2
OASISWorking Draft
WS-TransferW3C
W3C Member Submission
Resource RepresentationSOAP Header Block (RRSHB)
W3CRecommendation
! Resource Representation SOAP Header Block (RRSHB)complements MTOM by defining mechanisms fordescribing and conveying non-XML resource representationsin a SOAP 1.2 message.
http://www.innoq.com/resources/ws-standards-poster/20
Copyright innoQ 2008. All rights reserved.
Why is SOA so hard to define?
21
Copyright innoQ 2008. All rights reserved.
A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.
W3C Web Services Architecture WGhttp://www.w3.org/TR/2004/NOTE-ws-arch-20040211/
22
Copyright innoQ 2008. All rights reserved.
“Service Oriented Architecture is a paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. It provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations.”
OASIS SOA Reference Modelhttp://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm
23
Copyright innoQ 2008. All rights reserved.
“An Economy is a paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. It provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations.”
Nick Gall, VP, Gartnerhttp://tech.groups.yahoo.com/group/service-orientated-architecture/message/9065
24
Copyright innoQ 2008. All rights reserved.
What is REST?
25
Copyright innoQ 2008. All rights reserved.
3 definitions again
26
Copyright innoQ 2008. All rights reserved.
1
27
Copyright innoQ 2008. All rights reserved.
REST: An Architectural Style
One of a number of “architectural styles”
... described by Roy Fielding in his dissertation
... defined via a set of constraints that have to be met
... architectural principles underlying HTTP, defined a posteriori
... with the Web as one particular instance
See: http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
28
Copyright innoQ 2008. All rights reserved.
2
29
Copyright innoQ 2008. All rights reserved.
REST: The Web Used Correctly
A system or application architecture
... that uses HTTP, URI and other Web standards “correctly”
... is “on” the Web, not tunneled through it
... also called “WOA”, “ROA”, “RESTful HTTP”
30
Copyright innoQ 2008. All rights reserved.
3
31
Copyright innoQ 2008. All rights reserved.
REST: XML without SOAP
Send plain XML (w/o a SOAP Envelope) via HTTP
... violating the Web as much as WS-*
... preferably use GET to invoke methods
... or tunnel everything through POST
... commonly called “POX”
32
Copyright innoQ 2008. All rights reserved.
Only option 1 is the right one(because Roy said so)
33
Copyright innoQ 2008. All rights reserved.
But we’ll go with option 2 (and equate “REST” with “RESTful HTTP usage”)
34
Copyright innoQ 2008. All rights reserved.
and avoid option 3 like the plague
35
Copyright innoQ 2008. All rights reserved.
REST Explainedin 5 Easy Steps
36
Copyright innoQ 2008. All rights reserved.
1. Give Every “Thing” an ID
http://example.com/customers/1234
http://example.com/orders/2007/10/776654
http://example.com/products/4554
http://example.com/processes/sal-increase-234
37
Copyright innoQ 2008. All rights reserved.
2. Link Things To Each Other
<order self=’http://example.com/orders/1234’> <amount>23</amount> <product ref=’http://example.com/products/4554’ /> <customer ref=’http://example.com/customers/1234’ /></order>
38
Copyright innoQ 2008. All rights reserved.
3. Use Standard Methods
GET retrieve information, possibly cached
PUT Update or create with known ID
POST Create or append sub-resource
DELETE (Logically) remove
39
Copyright innoQ 2008. All rights reserved.
4. Allow for Multiple “Representations”
GET /customers/1234Host: example.comAccept: application/vnd.mycompany.customer+xml
GET /customers/1234Host: example.comAccept: text/x-vcard
<customer>...</customer>
begin:vcard...end:vcard
40
Copyright innoQ 2008. All rights reserved.
5. Communicate StatelesslyGET /customers/1234Host: example.comAccept: application/vnd.mycompany.customer+xml
time
<customer><order ref=’./orders/46’</customer>
GET /customers/1234/orders/46Host: example.comAccept: application/vnd.mycompany.order+xml
<order>...</order>
shutdownupdate softwarereplace hardwarestartup
41
Copyright innoQ 2008. All rights reserved.
Consequences
42
Copyright innoQ 2008. All rights reserved.
43
Copyright innoQ 2008. All rights reserved.
Cheating?
44
Copyright innoQ 2008. All rights reserved.
Maybe.
45
Copyright innoQ 2008. All rights reserved.
many very few(one per service)
many
46
Copyright innoQ 2008. All rights reserved.
very few(fixed)
many
many
47
Copyright innoQ 2008. All rights reserved.
Designing a RESTful Application
Identify resources & design URIs
Select formats (or create new ones)
Identify method semantics
Select response codes
See: http://bitworking.org/news/How_to_create_a_REST_Protocol
48
Copyright innoQ 2008. All rights reserved.
What’s cool about REST?
49
Copyright innoQ 2008. All rights reserved.
A very rough analogy(in pseudocode)
50
Copyright innoQ 2008. All rights reserved.
interface Resource { Resource(URI u) Response get() Response post(Request r) Response put(Request r) Response delete()}
generic
specific
class CustomerCollection : Resource { ... Response post(Request r) { id = createCustomer(r) return new Response(201, r) } ...}
Any HTTP client(Firefox, IE, curl, wget)
Any HTTP server
Caches
Proxies
Google, Yahoo!, MSN
Anything that knows your app
51
Copyright innoQ 2008. All rights reserved.
interface Resource { ...}
generic
specific
class CustomerCollection : AtomFeed { ...}
Anything that understands HTTP
Anything that knows your app
class AtomFeed : Resource { AtomFeed get() post(Entry e) ...}
Any feed reader
Any AtomPub client
Yahoo! Pipes
52
Copyright innoQ 2008. All rights reserved.
Some HTTP FeaturesVerbs (in order of popularity):
GET, POST
PUT, DELETE
HEAD, OPTIONS, TRACE
Standardized (& meaningful) response codes
Content negotiation
Redirection
Caching (incl. validation/expiry)
Compression
Chunking
53
Copyright innoQ 2008. All rights reserved.
RESTful HTTP Advantages
Universal support (programming languages, operating systems, servers, ...)
Proven scalability
Real web integration for machine-2-machine communication
Support for XML, but also other formats
54
Copyright innoQ 2008. All rights reserved.
REST and Web Services
55
Copyright innoQ 2008. All rights reserved.
Web Services Issues
Web Services are “Web” in name only
WS-* tends to ignore the web
Abstractions leak, anyway
Protocol independence is a bug, not a feature
56
Copyright innoQ 2008. All rights reserved.
Web ServicesA separate interface (façade) for each purpose
As known CORBA, DCOM, RMI/EJB
Often used for SOA (“CORBA w/ angle brackets)
Application-specific protocol
+ getOrders()
+ submitOrder()
+ getOrderDetails()
+ getOrdersForCustomers()
+ updateOrder()
+ addOrderItem()
+ cancelOrder()
+ cancelAllOrders()
OrderManagementService
+ getCustomers()
+ addCustomer()
+ getCustomerDetails()
+ updateCustomer()
+ deleteCustomer()
+ deleteAllCustomers()
CustomerManagementService
57
Copyright innoQ 2008. All rights reserved.
Contribution to the Net’s Value
2 URLs
http://example.com/customerservice
http://example.com/orderservice
1 method
POST
58
Copyright innoQ 2008. All rights reserved.
REST ApproachA single generic (uniform) interface for everything
Generic verbs mapped to resource semantics
A standard application protocol (e.g. HTTP)
GET - get order details
PUT - update order
POST - add item
DELETE - cancel order
/orders/{id}
GET - list all orders
PUT - unused
POST - add a new order
DELETE - cancel all orders
/orders
GET - get customer details
PUT - update customer
POST - unused
DELETE - delete customer
/customers/{id}
GET - list all customers
PUT - unused
POST - add new customer
DELETE - delete all customers
/customers
GET
PUT
POST
DELETE
«interface»
Resource
GET - get all orders for customer
PUT - unused
POST - add order
DELETE - cancel all customer orders
/customers/{id}/orders
59
Copyright innoQ 2008. All rights reserved.
Millions of URLs
every customer
every order
4-6 supported methods per resource
GET, PUT, POST, DELETE, OPTIONS, HEAD
Cacheable, addressable, linkable, ...
Contribution to the Net’s Value
60
Copyright innoQ 2008. All rights reserved.
vs. SOAfor
Business
Architecture
Technology
SOA as an approach to business/IT alignment
Technical SOA REST
SOAP, WSDL, WS-* (RESTful) HTTP, URI, ...
REST
61
Copyright innoQ 2008. All rights reserved.
REST as an alternative way to achieve SOA goals
62
Copyright innoQ 2008. All rights reserved.
Why You Should Care
63
Copyright innoQ 2008. All rights reserved.
WS-* Roots
The Enterprise
RPC, COM, CORBA, RMI, EJB
Transaction Systems
Controlled Environment
Top-down Approach
64
Copyright innoQ 2008. All rights reserved.
REST Roots
The Internet
Text formats
Wire Standards
FTP, POP, SMTP
Bottom-up Approach
65
Copyright innoQ 2008. All rights reserved.
Internet vs. Enterprise
66
Copyright innoQ 2008. All rights reserved.
What’s the difference between the Internet
and a typical enterprise?
67
Copyright innoQ 2008. All rights reserved.
Internet vs. Enterprise
The other is a worldwide, publicly accessible series of interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP).
One is a gigantic, uncontrollable anarchy of heterogeneous systems with varying quality that evolve independently and constantly get connected in new and unexpected ways.
68
Copyright innoQ 2008. All rights reserved.
REST Support
69
Copyright innoQ 2008. All rights reserved.
Everybody HTTP Servers, Clients, Proxies, Libraries, ...
DHH & The Rails Community Ruby on Rails
Google BaseGDataCalendarDocument ListsBloggerNotebookPicasa
Amazon Simple Storage Service (S3)Queue ServiceFlexible PaymentSearch
Sun JSR 311Jersey
IBM AbderaProject Zero
Microsoft AstoriaWCF
70
Copyright innoQ 2008. All rights reserved.
Advanced Stuff
71
Copyright innoQ 2008. All rights reserved.
DescriptionWhat’s the WSDL equivalent in REST?
72
Copyright innoQ 2008. All rights reserved.
There is none ...
XSD (95% of WSDL) is available to you, anyway
Of the remaining 5%, 90% is just silly
Why would you want to describe the uniform interface over and over again?
73
Copyright innoQ 2008. All rights reserved.
... unless you insist
WADL (Web Application Description Language)https://wadl.dev.java.net/
Use URI Templates to define resource behavior
74
Copyright innoQ 2008. All rights reserved.
WADL Example<resources base="http://api.search.yahoo.com/NewsSearchService/V1/"> <resource path="newsSearch"> <method name="GET" id="search"> <request> <param name="appid" type="xsd:string" style="query" required="true"/> <param name="query" type="xsd:string" style="query" required="true"/> <param name="type" style="query" default="all"> <option value="all"/> <option value="any"/> <option value="phrase"/> </param> <param name="results" style="query" type="xsd:int" default="10"/> <param name="start" style="query" type="xsd:int" default="1"/> <param name="sort" style="query" default="rank"> <option value="rank"/> <option value="date"/> </param> <param name="language" style="query" type="xsd:string"/> </request> <response> <representation mediaType="application/xml" element="yn:ResultSet"/> <fault status="400" mediaType="application/xml" element="ya:Error"/> </response> </method> </resource> </resources>
75
Copyright innoQ 2008. All rights reserved.
What You Should Do(in my very humble opinion)
76
Copyright innoQ 2008. All rights reserved.
Appreciate the Web
Be skeptical of WS-*
Learn to love the URILearn more about REST
77
Copyright innoQ 2008. All rights reserved.
If You Want to Know More
78
Copyright innoQ 2008. All rights reserved.
http://www.innoq.com/resources/REST
79
Copyright innoQ 2008. All rights reserved.
http://www.oreilly.com/catalog/9780596529260/
80
Copyright innoQ 2008. All rights reserved.
http://www.infoq.com
81
Copyright innoQ 2008. All rights reserved.
Thank you!
Stefan Tilkovhttp://www.innoq.com/blog/st/[email protected]
Web Services Standards Overview
Vers
ion
3.0*
· Fe
brua
ry 2
007
This
post
er is
not
to b
e re
prod
uced
or t
rans
mitt
ed in
any
form
or f
or a
ny p
urpo
se w
ithou
t the
exp
ress
per
miss
ion
of in
noQ
Deut
schl
and
GmbH
.Co
pyrig
ht ©
inno
Q De
utsc
hlan
d Gm
bH.
All R
ight
s Res
erve
d. T
he p
oste
r may
also
con
tain
refe
renc
es to
oth
er c
ompa
ny, o
rgan
isatio
n, b
rand
and
pro
duct
nam
es.
Thes
e co
mpa
ny, o
rgan
isatio
n, b
rand
and
pro
duct
nam
es a
re u
sed
here
in fo
r ide
ntifi
catio
npur
pose
s onl
y an
d m
ay b
e th
e tr
adem
arks
of t
heir
resp
ectiv
e ow
ners
.
InteroperabilityIssues
Basic Profile1.1
WS-IFinal Specification
Basic Profile1.2
WS-IWorking Group Draft
Basic Profile2.0
WS-IWorking Group Draft
Basic Security Profile1.0
WS-IBoard Approval Draft
REL Token Profile1.0
WS-IWorking Group Draft
SAML Token Profile1.0
WS-IWorking Group Draft
Conformance Claim Attachment Mechanism
(CCAM)1.0
WS-IFinal Specification
Reliable AsynchronousMessaging Profile (RAMP)
1.0WS-I
Working Draft
Attachments Profile1.0
WS-IFinal Specification
Simple SOAPBinding Profile
1.0 · WS-IFinal Specification
Business Process ExecutionLanguage for Web Services 1.1(BPEL4WS) · 1.1 · BEA Systems, IBM,
Microsoft, SAP, Siebel SystemsOASIS-Standard
WS-Choreography ModelOverview1.0 · W3C
Working Draft
Web Service ChoreographyInterface (WSCI)
1.0 · W3CSun Microsystems, SAP, BEA Systems
and Intalio · Note
Business Process Specifications
Business Process ExecutionLanguage for Web Services 2.0
(BPEL4WS) · 2.0OASIS, BEA Systems, IBM, Microsoft,
SAP, Siebel Systems · Committee Draft
Business Process Management Language (BPML)
1.1BPMI.org
Final Draft
Web Service ChoreographyDescription Language (CDL4WS)
1.0W3C
Candidate Recommendation
XML Process Definition Language (XPDL)
2.0Final
WS-Policy1.5
W3CWorking Draft
WS-PolicyAssertions1.1
BEA Systems, IBM, Microsoft, SAP
Public Draft
Metadata Specifications
WS-PolicyAttachment1.2
W3CW3C Member Submission
WS-DiscoveryMicrosoft, BEA Systems, Canon,
Intel and webMethodsDraft
WS-MetadataExchange1.1
BEA Systems, Computer Associates, IBM, Microsoft, SAP, Sun
Microsystems and webMethodsPublic Draft
Universal Description,Discovery and Integration
(UDDI)3.0.2
OASISOASIS-Standard
Web Service DescriptionLanguage 2.0 SOAP Binding
2.0W3C · Working Draft
Web Service Description Language 2.0 Core
2.0W3C
Candidate Recommendation
Web Service DescriptionLanguage 1.1
1.1W3CNote
WS-Security1.1
OASISOASIS-Standard
WS-SecurityPolicy1.1
IBM, Microsoft, RSA Security, VeriSign
Public Draft
Security Specifications
WS-Security: SOAP Message Security
1.1OASIS
Public Review Draft
WS-Security: Username Token Profile
1.1OASIS
Public Review Draft
WS-Security:Kerberos Binding
1.0Microsoft, IBM, OASIS
Working Draft
WS-Federation1.0
IBM, Microsoft, BEA Systems, RSA Security, and VeriSign
Initial Draft
WS-Security: SAML Token Profile
1.1OASIS
Public Review Draft
WS-TrustBEA Systems, Computer Associates,
IBM, Layer 7 Technologies, Microsoft,Netegrity, Oblix, OpenNetwork, Ping
Identity Corp., Reactivity, RSASecurity, VeriSign and Westbridge
Technology · Initial Draft
WS-SecureConversationBEA Systems, Computer Associates,
IBM, Layer 7 Technologies, Microsoft,Netegrity, Oblix, OpenNetwork, Ping
Identity Corp., Reactivity, RSASecurity, VeriSign and Westbridge
Technology · Public Draft
WS-Security: X.509Certificate Token Profile
1.1OASIS
Public Review Draft
WS-ReliableMessaging1.1
OASISCommittee Draft
Reliability Specifications
WS-Reliable Messaging Policy Assertion (WS-RM Policy)
1.1OASIS
Committee Draft
WS-Reliability1.1
OASISOASIS-Standard
WS-Coordination1.1
OASISWorking Draft
WS-Business Activity1.1
OASISWorking Draft
WS-Atomic Transaction1.1
OASISCommittee Draft
WS-Composite ApplicationFramework (WS-CAF)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsyst. · Committee Specification
WS-Context (WS-CTX)1.0 · Arjuna Technologies, Fujitsu,
IONA, Oracle and SunMicrosystems · Committee Draft
TransactionSpecifications
ResourceSpecifications
Management Using Web Services (WSDM-MUWS)
1.0OASIS
OASIS-Standard
Management Of Web Services (WSDM-MOWS)
1.0OASIS
OASIS-Standard
Management Specifications
WS-ManagementAMD, Dell, Intel, Microsoft and Sun
MicrosystemsPublished Specification
Service Modeling LanguageIBM, BEA, BMC, Cisco,
Dell, HP, Intel, Microsoft, SunDraft Specification
Web Services for Remote Portlets (WSRP)
2.0OASIS
Committee Draft
PresentationSpecifications
Web Services Resource Framework (WSRF)
1.2 · OASIS · OASIS-Standard
WS-BaseFaults (WSRF)1.2
OASISWorking Draft
WS-ServiceGroup (WSRF)1.2
OASISWorking Draft
WS-ResourceProperties1.2
OASISWorking Draft
WS-ResourceLifetime1.2
OASISWorking Draft
WS-TransferW3C
W3C Member Submission
Resource RepresentationSOAP Header Block (RRSHB)
W3C · Recommendation
WS-Coordination Framework (WS-CF)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsystems · Committee Draft
WS-Transaction Management (WS-TXM)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsystems · Committee Draft
innoQ Deutschland GmbH innoQ Schweiz GmbHHalskestraße 17 Gewerbestrasse 11D-40880 Ratingen CH-6330 ChamPhone +49 2102 77162-100 Phone +41 41 743 [email protected] · www.innoq.com
SOAP Message Transmission Optimization
Mechanism (MTOM)1.0 · W3C
Recommendation
SOAP1.2
W3CRecommendation
SOAP1.1
W3CNote
WS-Addressing – Core1.0
W3CRecommendation
WS-EventingW3C
Public Draft
WS-Addressing – WSDLBinding
1.0W3C
Candidate Recommendation
WS-Addressing – SOAP Binding
1.0W3C
Recommendation
WS-EnumerationSystinet, Microsoft, Sonic Software,
BEA Systems and Computer Associates
Public Draft
WS-Notification1.3
OASISOASIS-Standard
WS-BaseNotification1.3
OASISOASIS-Standard
WS-Topics1.3
OASISOASIS-Standard
WS-BrokeredNotification1.3
OASISOASIS-Standard
XML 1.11.1
W3CRecommendation
XML 1.01.0
W3CRecommendation
Namespaces in XML1.1
W3CRecommendation
XML Information Set1.0
W3CRecommendation
XML Schema1.1
W3CWorking Draft
XML binary Optimized Packaging (XOP)
1.0W3C
Recommendation
Describing Media Content ofBinary Data in XML (DMCBDX)
W3CNote
XML Specifications
Messaging Specifications SOAP
*HINWEIS: Dies ist eineim Informationsgehalt reduzierte Version des WS-Standards-Posters voninnoQ. Sie finden die Vollversion zum Downloadim PDF-Format unter:www.innoq.com/resources/ws-standards-poster/.Dort können Sie auch dasausgedruckte Poster imDIN A0 Format bestellen.
82
Copyright innoQ 2008. All rights reserved.
Photo Credit
http://www.flickr.com/photos/toddography/462611643/
http://www.flickr.com/photos/raveller/159146501/
http://en.wikipedia.org/wiki/Image:Sangreal.jpg
83