1 / 24

Service Oriented UIs Principals and Practice Michael Barker - Valtech

Service Oriented UIs Principals and Practice Michael Barker - Valtech. Agenda. What is... Service Orientation? A Service Oriented UI? Case Study How does a SOUI affect... API Design? Security? Performance and Scalability? Automated Testing? When is it appropriate?.

gareth-giles
Download Presentation

Service Oriented UIs Principals and Practice Michael Barker - Valtech

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Service Oriented UIsPrincipals and Practice Michael Barker - Valtech

  2. Agenda • What is... • Service Orientation? • A Service Oriented UI? • Case Study • How does a SOUI affect... • API Design? • Security? • Performance and Scalability? • Automated Testing? • When is it appropriate?

  3. What is Service Orientation? • Its a bit vague... • Vendor/platform agnostic interface to a system • Interface has a number of traits • Loose Coupling • Service Contract • Statelessness • Autonomy, Abstraction, Reusablility, Composability, Discoverability... • Originally for integration

  4. What is a Service Orientated UI (SOUI)? • Characterised by: • Client utilises a service-oriented back end. • Conversational state is managed on the client. • Client deployment is lightweight (e.g. in a browser). • Driven by a requirement for rich UI behaviour • Term coined in InfoQ Article • A.k.a. SOFEA • Service Oriented Front End Architecture

  5. What is a Service Oriented UI?

  6. What is a Service Oriented UI?

  7. SOUI Technologies • Silverlight • Flash (Flex)‏ • Google Web Toolkit • AJAX – not necessarily • Java Applets (JavaFX)‏

  8. Advantages • Clear separation of UI code and data • Clear separation of client and server code • Richer UI behaviour • Potential sharing of thin/thick client code

  9. Disadvantages • Higher requirements on connecting clients • Javascript enabled, plug-ins installed, etc. • Stateless services may require more thought during design • Security • Performance • Replication of logic on client and server

  10. Alternatives • Model-View-Controller • ASP.net MVC • JSF • Ruby on Rails • and all the rest... • Model-View-Presenter • Hack it into one big PHP/JSP/ASP page • All generally execute logic on the server

  11. Case Study • A large government project to replace a series of green screen applications (Oracle Forms 1.0)‏ • Strict set of non-functional requirements • Web-based (ease of deployment)‏ • Rich behaviour (no browser refresh for validation, etc.)‏ • No Java, Flash or Active-X • Solution: JavaScript + XmlHttpRequest. • Late 2003 – AJAX term coined in 2005.

  12. Service API Design • Stateless services to support a UI can differ for stateless services for integration • Often single shot (re-authenticate every request)‏ • UIs are “chattier” • Minimise state (use of HTTP session)‏ • Use HTTP sessions for non-functional aspects

  13. Security – Authentication • Resubmit credentials with each request • Need SSL • Cookies • Not stateless, requires replication • Message Authentication Codes • Requires some low level library access

  14. Security – Message Authentication Codes • C: Submit credentials • S: Authenticate client • S: Create and return session key • One-way hash: user name, date, server secret • C: Submit data, user name and MAC • One-way hash: data, user name, session key • S: Regenerates MAC and compares to supplied

  15. Security – Authorisation Gotchas

  16. Security – Authorisation Gotchas public interface MailService { List<Folder> GetFolders(string mailboxName); List<Summary> GetSummaries(string folderId); Message GetMessage(string messageId); }

  17. Security – Authorisation Gotchas public interface MailService { List<Folder> GetFolders(string mailboxName); List<Summary> GetSummary(string mailboxName, string path); Message GetMessage (string mailboxName, string path, int messageIndex); }

  18. Security – Authorisation Gotchas • Authorisation is simplified when accessing through an “administrable” object • Pure access by key can lead to leaking of concepts across tiers (broken encapsulation)‏

  19. Performance & Scalability • Many of existing tuning strategies will work • Main bottleneck is I/O (database)‏ • SOUIs tend to require deeper, more eager fetches • Cartesian Joins • N+1 • Possible improvements using lazy loading • Fine-grained requests aren't bad, but be careful • Caching becomes even more relevant

  20. Automated Testing • Services – Easy • Client – More difficult • Record/Replay HTTP requests is insufficient • Watir, Selenium, JExplorer for AJAX • Load Testing • Load Services • Measure client times separately

  21. When is it relevant and not? • Relevant: • Rich UI is required • Application has a high degree of 2-way communication • CRM, Case Management, Diary Management • Not: • Page metaphor fits application • Communication is mostly 1-way • Application is heavily content-managed

  22. Resources • InfoQ • http://www.infoq.com/news/2007/11/soui-death-of-mvc2 • SOFEA • http://www.thinserverarchitecture.com/home • http://silverlight.net • http://www.adobe.com/products/flex/ • http://sun.com/javafx • http://code.google.com/webtoolkit/

More Related