1 / 9

Matthew J. Graham (Caltech, NVO)

T HE US N ATIONAL V IRTUAL O BSERVATORY. REST. vs. WS-*. Matthew J. Graham (Caltech, NVO). What is REST?. Representational State Transfer (Fielding 2000) A resource-oriented architectural style for web services based on the WWW architecture: Each resource has a unique identifier (URI)

emil
Download Presentation

Matthew J. Graham (Caltech, NVO)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THE US NATIONAL VIRTUAL OBSERVATORY REST vs WS-* Matthew J. Graham (Caltech, NVO) IVOA Beijing: Grid & Web Services 2

  2. What is REST? • Representational State Transfer (Fielding 2000) • A resource-oriented architectural style for web services based on the WWW architecture: • Each resource has a unique identifier (URI) • Resource representations are exchanged in XML over HTTP • Agents employ the HTTP methods as a standard API to ensure uniform interface semantics • REST is about exposing resources through URIs and not services through messaging interfaces • REST is possible with SOAP and WSDL 2.0 IVOA Beijing: Grid & Web Services 2

  3. RESTful interfaces • GET is safe: it has no side effects and is purely for retrieval • GET, PUT, and DELETE are idempotent: the side-effect of N > 0 identical requests is the same as for a single request • Atom Publishing Protocol is the canonical REST interface • WebDAV is not RESTful: • URLs are inherently hierarchical and not opaque • properties and locks are not separate resources • PROPPATCH, PROPFIND, LOCK and UNLOCK methods manipulatemetadata attached to a resource • 207 (Multi-Status) response code for “bundled” operations IVOA Beijing: Grid & Web Services 2

  4. WS-* (18 months ago) • WS-Semantics • WS-Topic • WS-Transaction • WS-Transaction Management • WS-Transfer • WS-Trust • ASAP • ebXML • MTOM • SAML • SOAP • SwA • UBL • UDDI • WSDL • XACML • XML Encryption • XML Signature • XKMS • + others incl. WS-KitchenSink • WS-I Basic Profile • WS-I Basic Security Profile • WS-Manageability • WS-Management • WS-MetadataExchange • WS-Notification • WS-Policy • WS-PolicyAssertions • WS-PolicyAttachment • WS-PolicyFramework • WS-Polling • WS-Provisioning • WS-Reliability • WS-ReliableMessaging • WS-RemotePortals • WS-ResourceFramework • WS-ResourceLifetime • WS-ResourceProperties • WS-Routing • WS-SecureConversation • WS-Security • WS-SecurityPolicy • WS-Addressing • WS-AtomicTransaction • WS-Attachments • WS-BaseNotification • WS-BPEL • WS-BrokeredNotification • WS-BusinessActivity • WS-CAF • WS-Choreography • WS-CDL • WS-Context • WS-Coordination • WS-CoordinationFramework • WS-Discovery • WS-DistributedManagement • WS-Enumeration • WS-Eventing • WS-ExperienceLanguage • WS-Federation • WS-GAF • WS-Inspection • WSIL IVOA Beijing: Grid & Web Services 2

  5. Description languages - I • WSDL: • Complicated • Difficult to describe protocols that use SOAP headers so not straightforward for WS-* • Operation-centric • Web service versioning is difficult (better in WSDL 2.0) • Limited modelling of interaction patterns (no more than two messages within a single exchange) • No choreographic information so cannot specify ordering constraints between operations • WSDL is immutable so no dynamic endpoints IVOA Beijing: Grid & Web Services 2

  6. Description languages - II • WSDL 1.1: • Supports HTTP GET and POST • Cannot use GET with no parameters • Cannot mix multiple HTTP methods on one port • WSDL 2.0: • Supports HTTP GET/PUT/POST/DELETE • No support for JSON or binary format (need to write specification for binding rules on how to serialize) • Authentication limited to HTTP Basic and Digest • No support for links: cannot write WSDL for Atom Publishing Protocol • WADL: • Backed by Sun (wadl.java.dev.net - wadl2java) • http://code.google.com/p/rest-api-code-gen/ • REST Describe (http://tomayac.de/rest-describe/latest/RestDescribe.html) IVOA Beijing: Grid & Web Services 2

  7. Sample WADL file <application xmlns="http://research.sun.com/wadl/2006/10" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:vot="http://www.ivoa.net/xml/VOTable/v1.1" xsi:schemaLocation="http://research.sun.com/wadl/2006/10 wadl.xsd"> <grammars> <include href="votable.xsd"/> </grammars> <resources base="http://galex.stsci.edu/gxWS/ConeSearch"> <resource path="gxConeSearch.aspx"> <method name="GET"> <request> <param name="ra" type="xsd:float" style="query"/> <param name="dec" type="xsd:float" style="query"/> <param name="sr" type="xsd:float" style="query"/> </request> <response> <representation mediaType="text/xml" element="vot:VOTABLE"/> </response> </method> </resource> </resources> </application> IVOA Beijing: Grid & Web Services 2

  8. Security • WS-Security: • provides message level, end-to-end security • really requires WS-SecurityPolicy • interoperable implementations? • HTTP Basic: • Base64-encoded username/password • HTTP Digest: • MD5 hashes of username, password, authentication realm, etc. • SSL/TLS: • provides transport level, point-to-point security • Message authentication: • AWS approach using HMAC with SHA-1 hash code • HTTPSec for “full” message level security IVOA Beijing: Grid & Web Services 2

  9. Addressing + state • WS-Addressing: • SOAP lacks a standard way to specify where a message is going, how to return a response or where to report an error • provides SOAP header keywords such as: To, ReplyTo, FaultsTo, Anonymous, and MessageId/RelatesTo. • SAF (Store-and-forward) service is a use case that REST cannot address • WSRF: • framework for handling state • separates web service and state information (resource) • a resource has a unique key and message exchanges with the service are used to interact with the resource • basically equivalent to REST IVOA Beijing: Grid & Web Services 2

More Related