restful soa - jazoonjazoon.com/history/portals/0/content/slides/tu_a3_1100-1150_tilkov.pdf ·...
TRANSCRIPT
RESTful SOAUsing the Web's Architecture for Enterprise IT
Stefan TilkovinnoQ Deutschland GmbH107
1Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Stefan [email protected]
http://www.innoq.com/blog/st/@stilkov
2Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Web Services Standards Overview
Vers
ion
3.0*
· Fe
brua
ry 2
007
This
post
er is
not
to b
e re
prod
uced
or t
rans
mitt
ed in
any
form
or f
or a
ny p
urpo
se w
ithou
t the
exp
ress
per
miss
ion
of in
noQ
Deut
schl
and
GmbH
.Co
pyrig
ht ©
inno
Q De
utsc
hlan
d Gm
bH.
All R
ight
s Res
erve
d. T
he p
oste
r may
also
con
tain
refe
renc
es to
oth
er c
ompa
ny, o
rgan
isatio
n, b
rand
and
pro
duct
nam
es.
Thes
e co
mpa
ny, o
rgan
isatio
n, b
rand
and
pro
duct
nam
es a
re u
sed
here
in fo
r ide
ntifi
catio
npur
pose
s onl
y an
d m
ay b
e th
e tr
adem
arks
of t
heir
resp
ectiv
e ow
ners
.
InteroperabilityIssues
Basic Profile1.1
WS-IFinal Specification
Basic Profile1.2
WS-IWorking Group Draft
Basic Profile2.0
WS-IWorking Group Draft
Basic Security Profile1.0
WS-IBoard Approval Draft
REL Token Profile1.0
WS-IWorking Group Draft
SAML Token Profile1.0
WS-IWorking Group Draft
Conformance Claim Attachment Mechanism
(CCAM)1.0
WS-IFinal Specification
Reliable AsynchronousMessaging Profile (RAMP)
1.0WS-I
Working Draft
Attachments Profile1.0
WS-IFinal Specification
Simple SOAPBinding Profile
1.0 · WS-IFinal Specification
Business Process ExecutionLanguage for Web Services 1.1(BPEL4WS) · 1.1 · BEA Systems, IBM,
Microsoft, SAP, Siebel SystemsOASIS-Standard
WS-Choreography ModelOverview1.0 · W3C
Working Draft
Web Service ChoreographyInterface (WSCI)
1.0 · W3CSun Microsystems, SAP, BEA Systems
and Intalio · Note
Business Process Specifications
Business Process ExecutionLanguage for Web Services 2.0
(BPEL4WS) · 2.0OASIS, BEA Systems, IBM, Microsoft,
SAP, Siebel Systems · Committee Draft
Business Process Management Language (BPML)
1.1BPMI.org
Final Draft
Web Service ChoreographyDescription Language (CDL4WS)
1.0W3C
Candidate Recommendation
XML Process Definition Language (XPDL)
2.0Final
WS-Policy1.5
W3CWorking Draft
WS-PolicyAssertions1.1
BEA Systems, IBM, Microsoft, SAP
Public Draft
Metadata Specifications
WS-PolicyAttachment1.2
W3CW3C Member Submission
WS-DiscoveryMicrosoft, BEA Systems, Canon,
Intel and webMethodsDraft
WS-MetadataExchange1.1
BEA Systems, Computer Associates, IBM, Microsoft, SAP, Sun
Microsystems and webMethodsPublic Draft
Universal Description,Discovery and Integration
(UDDI)3.0.2
OASISOASIS-Standard
Web Service DescriptionLanguage 2.0 SOAP Binding
2.0W3C · Working Draft
Web Service Description Language 2.0 Core
2.0W3C
Candidate Recommendation
Web Service DescriptionLanguage 1.1
1.1W3CNote
WS-Security1.1
OASISOASIS-Standard
WS-SecurityPolicy1.1
IBM, Microsoft, RSA Security, VeriSign
Public Draft
Security Specifications
WS-Security: SOAP Message Security
1.1OASIS
Public Review Draft
WS-Security: Username Token Profile
1.1OASIS
Public Review Draft
WS-Security:Kerberos Binding
1.0Microsoft, IBM, OASIS
Working Draft
WS-Federation1.0
IBM, Microsoft, BEA Systems, RSA Security, and VeriSign
Initial Draft
WS-Security: SAML Token Profile
1.1OASIS
Public Review Draft
WS-TrustBEA Systems, Computer Associates,
IBM, Layer 7 Technologies, Microsoft,Netegrity, Oblix, OpenNetwork, Ping
Identity Corp., Reactivity, RSASecurity, VeriSign and Westbridge
Technology · Initial Draft
WS-SecureConversationBEA Systems, Computer Associates,
IBM, Layer 7 Technologies, Microsoft,Netegrity, Oblix, OpenNetwork, Ping
Identity Corp., Reactivity, RSASecurity, VeriSign and Westbridge
Technology · Public Draft
WS-Security: X.509Certificate Token Profile
1.1OASIS
Public Review Draft
WS-ReliableMessaging1.1
OASISCommittee Draft
Reliability Specifications
WS-Reliable Messaging Policy Assertion (WS-RM Policy)
1.1OASIS
Committee Draft
WS-Reliability1.1
OASISOASIS-Standard
WS-Coordination1.1
OASISWorking Draft
WS-Business Activity1.1
OASISWorking Draft
WS-Atomic Transaction1.1
OASISCommittee Draft
WS-Composite ApplicationFramework (WS-CAF)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsyst. · Committee Specification
WS-Context (WS-CTX)1.0 · Arjuna Technologies, Fujitsu,
IONA, Oracle and SunMicrosystems · Committee Draft
TransactionSpecifications
ResourceSpecifications
Management Using Web Services (WSDM-MUWS)
1.0OASIS
OASIS-Standard
Management Of Web Services (WSDM-MOWS)
1.0OASIS
OASIS-Standard
Management Specifications
WS-ManagementAMD, Dell, Intel, Microsoft and Sun
MicrosystemsPublished Specification
Service Modeling LanguageIBM, BEA, BMC, Cisco,
Dell, HP, Intel, Microsoft, SunDraft Specification
Web Services for Remote Portlets (WSRP)
2.0OASIS
Committee Draft
PresentationSpecifications
Web Services Resource Framework (WSRF)
1.2 · OASIS · OASIS-Standard
WS-BaseFaults (WSRF)1.2
OASISWorking Draft
WS-ServiceGroup (WSRF)1.2
OASISWorking Draft
WS-ResourceProperties1.2
OASISWorking Draft
WS-ResourceLifetime1.2
OASISWorking Draft
WS-TransferW3C
W3C Member Submission
Resource RepresentationSOAP Header Block (RRSHB)
W3C · Recommendation
WS-Coordination Framework (WS-CF)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsystems · Committee Draft
WS-Transaction Management (WS-TXM)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsystems · Committee Draft
innoQ Deutschland GmbH innoQ Schweiz GmbHHalskestraße 17 Gewerbestrasse 11D-40880 Ratingen CH-6330 ChamPhone +49 2102 77162-100 Phone +41 41 743 [email protected] · www.innoq.com
SOAP Message Transmission Optimization
Mechanism (MTOM)1.0 · W3C
Recommendation
SOAP1.2
W3CRecommendation
SOAP1.1
W3CNote
WS-Addressing – Core1.0
W3CRecommendation
WS-EventingW3C
Public Draft
WS-Addressing – WSDLBinding
1.0W3C
Candidate Recommendation
WS-Addressing – SOAP Binding
1.0W3C
Recommendation
WS-EnumerationSystinet, Microsoft, Sonic Software,
BEA Systems and Computer Associates
Public Draft
WS-Notification1.3
OASISOASIS-Standard
WS-BaseNotification1.3
OASISOASIS-Standard
WS-Topics1.3
OASISOASIS-Standard
WS-BrokeredNotification1.3
OASISOASIS-Standard
XML 1.11.1
W3CRecommendation
XML 1.01.0
W3CRecommendation
Namespaces in XML1.1
W3CRecommendation
XML Information Set1.0
W3CRecommendation
XML Schema1.1
W3CWorking Draft
XML binary Optimized Packaging (XOP)
1.0W3C
Recommendation
Describing Media Content ofBinary Data in XML (DMCBDX)
W3CNote
XML Specifications
Messaging Specifications SOAP
*HINWEIS: Dies ist eineim Informationsgehalt reduzierte Version des WS-Standards-Posters voninnoQ. Sie finden die Vollversion zum Downloadim PDF-Format unter:www.innoq.com/resources/ws-standards-poster/.Dort können Sie auch dasausgedruckte Poster imDIN A0 Format bestellen.
3Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
http://soa-expertenwissen.de
4Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
http://rest-http.info
5Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
http://Heise.de/developer/podcast
6Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
The Goal of SOA
7Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
The Goal of SOA
… is to apply consistent architectural guidance to an IT landscape by transforming it from a collection of applications that require complicated integration to a set of services that explicitly support interoperation.
8Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Levels of SOA
High-Level SOA as a means for better IT LandscapesSOA as a means for better IT Landscapes
Architecture T-SOA REST
Technology SOAP, WSDL, WS-*
(RESTful) HTTP, URI, ...
9Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Technical Ingredients to Support SOA
Standard protocols
Standard formats
Library and tool support
Mature and useful intermediaries
Support for loose coupling
Wide availability and adoption
Well-defined architectural model
10Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
What is REST?
11Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
REST: An Architectural StyleOne of a number of “architectural styles”
... described by Roy Fielding in his dissertation
... defined via a set of constraints that have to be met
... architectural principles underlying HTTP, defined a posteriori
... with the Web as one particular instanceSee: http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
12Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
REST: The Web Used Correctly
A system or application architecture
... that uses HTTP, URI and other Web standards “correctly”
... is “on” the Web, not tunneled through it
... also called “WOA”, “ROA”, “RESTful HTTP”
13Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
REST: XML without SOAP
Send plain XML (w/o a SOAP Envelope) via HTTP
... violating the Web as much as WS-*
... preferably use GET to invoke methods
... or tunnel everything through POST
... commonly called “POX”
14Tuesday, June 1, 2010
Copyright (c) 2010 innoQCopyright (c) 2010 innoQ
Let’s look at the Web …
15Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
URIs Identifies Resources
http://example.com/orders?year=2008
http://example.com/customers/1234
http://example.com/orders/2007/10/776654
http://example.com/products/4554
http://example.com/processes/sal-increase-234
16Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Resources are Linked
17Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Representations in different Formats
XML
HTMLXHTML
JSONYAML
Plain Text
Binary18Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Hypermedia Drives Applications
<order self='http://example.com/orders/3321'> <amount>23</amount> <product ref='http://example.com/products/4554' /> <customer ref='http://example.com/customers/1234' /> <link rel='edit’ ref='http://example.com/order-edit/ACDB' /></order>
19Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Message are Self-descriptiveGET /service/customers/1234 HTTP 1.1Host: www.example.comUser-Agent: XYZ 1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Keep-Alive: 300Connection: keep-aliveIf-Modified-Since: Fri, 02 Oct 2009 16:47:31 GMTIf-None-Match: "600028c-59fb-474f6852c9dab"Cache-Control: max-age=60
HTTP/1.1 304 Not ModifiedDate: Sun, 04 Oct 2009 19:36:25 GMTServer: Apache/2.2.11 (Debian)Last-Modified: Fri, 02 Oct 2009 16:47:31 GMTEtag: "600028c-59fb-474f6852c9dab"Cache-Control: max-age=300Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 7160Keep-Alive: timeout=15, max=91Connection: Keep-AliveContent-Type: application/xml
<?xml version=‘1.0’ encoding=‘utf-8’ ?>...
StandardMethod
Media Type
Data
Control DataVisibility
20Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
getOrderDetails()
updateQuote()
cancelSubscription()
findMatchingBid()
initiateProcess()
submitApplicationData()
listAuctions()
getUsers()
21Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
getOrderDetails()
updateQuote() cancelSubscription()
findMatchingBid()
initiateProcess()
submitApplicationData()
listAuctions()
getUsers()
GET
PUT
POST
DELETE
22Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
interface Resource { Resource(URI u) Response get() Response post(Request r) Response put(Request r) Response delete()}
generic
specific
class CustomerCollection : Resource { ... Response post(Request r) { id = createCustomer(r) return new Response(201, r) } ...}
Any HTTP client(Firefox, IE, curl, wget)
Any HTTP server
Caches
Proxies
Google, Yahoo!, MSN
Anything that knows your app
23Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Consequences
24Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Web ServicesA separate interface (façade) for each purpose
As known CORBA, DCOM, RMI/EJB
Often used for SOA (“CORBA w/ angle brackets)
Application-specific protocol
+ getOrders()
+ submitOrder()
+ getOrderDetails()
+ getOrdersForCustomers()
+ updateOrder()
+ addOrderItem()
+ cancelOrder()
+ cancelAllOrders()
OrderManagementService
+ getCustomers()
+ addCustomer()
+ getCustomerDetails()
+ updateCustomer()
+ deleteCustomer()
+ deleteAllCustomers()
CustomerManagementService
25Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
POST http://example.com/CustomerMgmt<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <deleteCustomer xmlns="http://example.com/ns1"> <customerId>13</customerId> </ns:deleteCustomer> </soap:Body></soap:Envelope>
Method ID Endpoint
26Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
“Endpoint”?
27Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
28Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
29Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Contribution to the Net’s Value
2 URLs
‣ http://example.com/customerservice‣ http://example.com/orderservice
1 method
‣ POST
30Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
31Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
REST Approach
A single generic (uniform) interface for everything
Generic verbs mapped to resource semantics
A standard application protocol (e.g. HTTP)
GET - get order details
PUT - update order
POST - add item
DELETE - cancel order
/orders/{id}
GET - list all orders
PUT - unused
POST - add a new order
DELETE - cancel all orders
/orders
GET - get customer details
PUT - update customer
POST - unused
DELETE - delete customer
/customers/{id}
GET - list all customers
PUT - unused
POST - add new customer
DELETE - delete all customers
/customers
GET
PUT
POST
DELETE
«interface»
Resource
GET - get all orders for customer
PUT - unused
POST - add order
DELETE - cancel all customer orders
/customers/{id}/orders
32Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Millions of URLs
‣ every customer‣ every order
4-6 supported methods per resource
‣ GET, PUT, POST, DELETE, OPTIONS, HEAD
Cacheable, addressable, linkable, ...
Contribution to the Net’s Value
33Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
many very few(one per service)
many
34Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
very few(fixed)
many
many
35Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Mapping ExamplesgetFreeTimeSlots(Person) →GET /people/{id}/timeslots?state=free
rejectApplication(Application) →POST /rejections↵ <application>http://...</application>↵ <reason>Unsuitable for us!</reason>
performTariffCalculation(Data) →POST /contracts↵ Data←Location: http://.../contracts/4711→GET /contracts/4711/tariff←Result
shipOrder(ID) →PUT /orders/0815/status↵ <status>shipped</status>
shipOrder(ID) [variation] →POST /shipments↵ Data←Location: http://.../shipments/4711
36Tuesday, June 1, 2010
Copyright (c) 2010 innoQCopyright (c) 2010 innoQ
Why you should care
37Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
The Web & SOA
Standard protocols ✔
Standard formats ✔
Library and tool support ✔
Mature and useful intermediaries ✔
Support for loose coupling ✔
Wide availability and adoption ✔
Well-defined architectural model ✔
38Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
39Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
“My Internet is bigger than your enterprise.”
Paraphrasing Dare Obasanjo,see http://tinyurl.com/dare-enterprise
40Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
We’ve been there before …
41Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
42Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
VersicherungX
Unlock information as resources
43Tuesday, June 1, 2010
Copyright (c) 2010 innoQCopyright (c) 2010 innoQ
Pragmatical Recommendationsfrom an Enterprisey
RESTafarian
44Tuesday, June 1, 2010
Copyright (c) 2010 innoQCopyright (c) 2010 innoQ
#1: Ensure your Web apps are RESTful
45Tuesday, June 1, 2010
Copyright (c) 2010 innoQCopyright (c) 2010 innoQ
#2: Expose machine-readable information
via HTTP GET
46Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Don Box, Co-inventor of SOAP
“I do think the REST-afarians are missing an opportunity by not driving home the secret sauce that is HTTP GET. […] GET is one
of the most optimized pieces of distributed systems plumbing in the world. It's an absolute/objective slam dunk. No arguing/evangelism needed IMO. GET is
the classic ‘the first bag is free’ kind of feature a platform builder dreams about.”
47Tuesday, June 1, 2010
Copyright (c) 2010 innoQCopyright (c) 2010 innoQ
#3: Manage Your Metadata with RESTful HTTP
48Tuesday, June 1, 2010
Copyright (c) 2010 innoQCopyright (c) 2010 innoQ
#4: Use WS-* forread/write interactions if
politics or legacy force you
49Tuesday, June 1, 2010
Copyright (c) 2010 innoQCopyright (c) 2010 innoQ
#5: Draw your own Conclusions Watching
the Adoption of WS-* vs. RESTful HTTP
50Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Q&A
Stefan [email protected]://www.innoq.com/blog/st/@stilkovPhone: +49 170 471 2625
Web Services Standards Overview
Vers
ion
3.0*
· Fe
brua
ry 2
007
This
post
er is
not
to b
e re
prod
uced
or t
rans
mitt
ed in
any
form
or f
or a
ny p
urpo
se w
ithou
t the
exp
ress
per
miss
ion
of in
noQ
Deut
schl
and
GmbH
.Co
pyrig
ht ©
inno
Q De
utsc
hlan
d Gm
bH.
All R
ight
s Res
erve
d. T
he p
oste
r may
also
con
tain
refe
renc
es to
oth
er c
ompa
ny, o
rgan
isatio
n, b
rand
and
pro
duct
nam
es.
Thes
e co
mpa
ny, o
rgan
isatio
n, b
rand
and
pro
duct
nam
es a
re u
sed
here
in fo
r ide
ntifi
catio
npur
pose
s onl
y an
d m
ay b
e th
e tr
adem
arks
of t
heir
resp
ectiv
e ow
ners
.
InteroperabilityIssues
Basic Profile1.1
WS-IFinal Specification
Basic Profile1.2
WS-IWorking Group Draft
Basic Profile2.0
WS-IWorking Group Draft
Basic Security Profile1.0
WS-IBoard Approval Draft
REL Token Profile1.0
WS-IWorking Group Draft
SAML Token Profile1.0
WS-IWorking Group Draft
Conformance Claim Attachment Mechanism
(CCAM)1.0
WS-IFinal Specification
Reliable AsynchronousMessaging Profile (RAMP)
1.0WS-I
Working Draft
Attachments Profile1.0
WS-IFinal Specification
Simple SOAPBinding Profile
1.0 · WS-IFinal Specification
Business Process ExecutionLanguage for Web Services 1.1(BPEL4WS) · 1.1 · BEA Systems, IBM,
Microsoft, SAP, Siebel SystemsOASIS-Standard
WS-Choreography ModelOverview1.0 · W3C
Working Draft
Web Service ChoreographyInterface (WSCI)
1.0 · W3CSun Microsystems, SAP, BEA Systems
and Intalio · Note
Business Process Specifications
Business Process ExecutionLanguage for Web Services 2.0
(BPEL4WS) · 2.0OASIS, BEA Systems, IBM, Microsoft,
SAP, Siebel Systems · Committee Draft
Business Process Management Language (BPML)
1.1BPMI.org
Final Draft
Web Service ChoreographyDescription Language (CDL4WS)
1.0W3C
Candidate Recommendation
XML Process Definition Language (XPDL)
2.0Final
WS-Policy1.5
W3CWorking Draft
WS-PolicyAssertions1.1
BEA Systems, IBM, Microsoft, SAP
Public Draft
Metadata Specifications
WS-PolicyAttachment1.2
W3CW3C Member Submission
WS-DiscoveryMicrosoft, BEA Systems, Canon,
Intel and webMethodsDraft
WS-MetadataExchange1.1
BEA Systems, Computer Associates, IBM, Microsoft, SAP, Sun
Microsystems and webMethodsPublic Draft
Universal Description,Discovery and Integration
(UDDI)3.0.2
OASISOASIS-Standard
Web Service DescriptionLanguage 2.0 SOAP Binding
2.0W3C · Working Draft
Web Service Description Language 2.0 Core
2.0W3C
Candidate Recommendation
Web Service DescriptionLanguage 1.1
1.1W3CNote
WS-Security1.1
OASISOASIS-Standard
WS-SecurityPolicy1.1
IBM, Microsoft, RSA Security, VeriSign
Public Draft
Security Specifications
WS-Security: SOAP Message Security
1.1OASIS
Public Review Draft
WS-Security: Username Token Profile
1.1OASIS
Public Review Draft
WS-Security:Kerberos Binding
1.0Microsoft, IBM, OASIS
Working Draft
WS-Federation1.0
IBM, Microsoft, BEA Systems, RSA Security, and VeriSign
Initial Draft
WS-Security: SAML Token Profile
1.1OASIS
Public Review Draft
WS-TrustBEA Systems, Computer Associates,
IBM, Layer 7 Technologies, Microsoft,Netegrity, Oblix, OpenNetwork, Ping
Identity Corp., Reactivity, RSASecurity, VeriSign and Westbridge
Technology · Initial Draft
WS-SecureConversationBEA Systems, Computer Associates,
IBM, Layer 7 Technologies, Microsoft,Netegrity, Oblix, OpenNetwork, Ping
Identity Corp., Reactivity, RSASecurity, VeriSign and Westbridge
Technology · Public Draft
WS-Security: X.509Certificate Token Profile
1.1OASIS
Public Review Draft
WS-ReliableMessaging1.1
OASISCommittee Draft
Reliability Specifications
WS-Reliable Messaging Policy Assertion (WS-RM Policy)
1.1OASIS
Committee Draft
WS-Reliability1.1
OASISOASIS-Standard
WS-Coordination1.1
OASISWorking Draft
WS-Business Activity1.1
OASISWorking Draft
WS-Atomic Transaction1.1
OASISCommittee Draft
WS-Composite ApplicationFramework (WS-CAF)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsyst. · Committee Specification
WS-Context (WS-CTX)1.0 · Arjuna Technologies, Fujitsu,
IONA, Oracle and SunMicrosystems · Committee Draft
TransactionSpecifications
ResourceSpecifications
Management Using Web Services (WSDM-MUWS)
1.0OASIS
OASIS-Standard
Management Of Web Services (WSDM-MOWS)
1.0OASIS
OASIS-Standard
Management Specifications
WS-ManagementAMD, Dell, Intel, Microsoft and Sun
MicrosystemsPublished Specification
Service Modeling LanguageIBM, BEA, BMC, Cisco,
Dell, HP, Intel, Microsoft, SunDraft Specification
Web Services for Remote Portlets (WSRP)
2.0OASIS
Committee Draft
PresentationSpecifications
Web Services Resource Framework (WSRF)
1.2 · OASIS · OASIS-Standard
WS-BaseFaults (WSRF)1.2
OASISWorking Draft
WS-ServiceGroup (WSRF)1.2
OASISWorking Draft
WS-ResourceProperties1.2
OASISWorking Draft
WS-ResourceLifetime1.2
OASISWorking Draft
WS-TransferW3C
W3C Member Submission
Resource RepresentationSOAP Header Block (RRSHB)
W3C · Recommendation
WS-Coordination Framework (WS-CF)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsystems · Committee Draft
WS-Transaction Management (WS-TXM)
1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsystems · Committee Draft
innoQ Deutschland GmbH innoQ Schweiz GmbHHalskestraße 17 Gewerbestrasse 11D-40880 Ratingen CH-6330 ChamPhone +49 2102 77162-100 Phone +41 41 743 [email protected] · www.innoq.com
SOAP Message Transmission Optimization
Mechanism (MTOM)1.0 · W3C
Recommendation
SOAP1.2
W3CRecommendation
SOAP1.1
W3CNote
WS-Addressing – Core1.0
W3CRecommendation
WS-EventingW3C
Public Draft
WS-Addressing – WSDLBinding
1.0W3C
Candidate Recommendation
WS-Addressing – SOAP Binding
1.0W3C
Recommendation
WS-EnumerationSystinet, Microsoft, Sonic Software,
BEA Systems and Computer Associates
Public Draft
WS-Notification1.3
OASISOASIS-Standard
WS-BaseNotification1.3
OASISOASIS-Standard
WS-Topics1.3
OASISOASIS-Standard
WS-BrokeredNotification1.3
OASISOASIS-Standard
XML 1.11.1
W3CRecommendation
XML 1.01.0
W3CRecommendation
Namespaces in XML1.1
W3CRecommendation
XML Information Set1.0
W3CRecommendation
XML Schema1.1
W3CWorking Draft
XML binary Optimized Packaging (XOP)
1.0W3C
Recommendation
Describing Media Content ofBinary Data in XML (DMCBDX)
W3CNote
XML Specifications
Messaging Specifications SOAP
*HINWEIS: Dies ist eineim Informationsgehalt reduzierte Version des WS-Standards-Posters voninnoQ. Sie finden die Vollversion zum Downloadim PDF-Format unter:www.innoq.com/resources/ws-standards-poster/.Dort können Sie auch dasausgedruckte Poster imDIN A0 Format bestellen.
51Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
FAQ
52Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
http://www.flickr.com/photos/stygiangloom/230412544/
Tunneling Through
GET53Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
http://example.com/some-api?method=deleteCustomer&id=13http://example.com/some-api?method=insert&name=Smith
54Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
http://www.markbaker.ca/blog/2005/04/14/accidentally-restful/
http://example.com/some-api?method=findCustomer&id=13http://example.com/customers/13
RESTfulAccidentally
55Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Applicability
56Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
RESTful HTTP
set of problems
MoM
RMI/DCOM/CORBA
SOAP/WSDL
SpacesActors
…
57Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Transactions
58Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
DBRESTful Service
InterfaceImplementation
Local Tx
DB ARESTful Service
InterfaceImplementation
DB B
MQ
Distrib Tx
Tx across services
59Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
create new Tx resource →POST /transactions↵←Location: http://.../transactions/4711<status>in progress</status>
update state →PUT /transactions/4711 ↵ <Data>
commit →PUT /orders/0815/status↵ <status>committed</status>
60Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Sessions
61Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Server
Client 1
Client 2State Client 1
State Client 2
Server State
R1R2
Rn
Representation
R1
R2
Turn session state …
62Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Server
Client 1
C1 C1
Client 2
C2
State Client 1
State Client 2
Server State
Representation
R1 R2
RnC2
C2
C2
C1C1
R2
R1
… into client or resource state
63Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Security
64Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
Message-based
‣ encrypt/sign individual messages
‣ indefinite protection‣ Slow, inefficient,
scarcely used‣ end-to-end‣ persistent
Transport-based
‣ encrypt communication channel
‣ protection while in transit‣ fast, efficient, wide-
spread‣ not end-to-end‣ not persistent
SSLHTTPSREST
WSSXMLWS-*
65Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
HTTP Security
Extensible HTTP Authentication Mechanism
HTTP + SSL + Basic Auth
OpenID
OAuth
Google AuthSub + ClientLogin
HMAC
66Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
DescriptionWhat’s the WSDL equivalent in REST?
67Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
There is none ...
Anatomy of a typical WSDL file:
XSD
Legacy Garbage
Operation Names
Protocol Info
Endpoint
80%
20%
Still available
Not needed
Hypermedia
68Tuesday, June 1, 2010
Copyright (c) 2010 innoQ
... unless you insist: WADL<resources base="http://api.search.yahoo.com/NewsSearchService/V1/"> <resource path="newsSearch"> <method name="GET" id="search"> <request> <param name="appid" type="xsd:string" style="query" required="true"/> <param name="query" type="xsd:string" style="query" required="true"/> <param name="type" style="query" default="all"> <option value="all"/> <option value="any"/> <option value="phrase"/> </param> <param name="results" style="query" type="xsd:int" default="10"/> <param name="start" style="query" type="xsd:int" default="1"/> <param name="sort" style="query" default="rank"> <option value="rank"/> <option value="date"/> </param> <param name="language" style="query" type="xsd:string"/> </request> <response> <representation mediaType="application/xml" element="yn:ResultSet"/> <fault status="400" mediaType="application/xml" element="ya:Error"/> </response> </method> </resource> </resources>
69Tuesday, June 1, 2010