WS-* vs. RESTful Services

1 WS-* vs. RESTful ServicesCesare PautassoFaculty of Informatics, USI Lugano, standardtechnologystackmaybeinsight: advocatesofREpresentationalStateTransfer (REST)havecometobelievethattheirideasexp lainingwhytheWorldWideWebworksarejustasa pplicabletosolveenterpriseapplicationint egrationproblemsandtoradicallysimplifyth eplumbingrequiredtobuildservice-oriented architectures. Inthistutorialwetakea scientificlookattheWS-* vs. REST debatebypresentinga technicalcomparisonbasedonarchitecturalp rinciplesanddecisions. Weshowthatthetwoapproachesdifferinthenum berofarchitecturaldecisionsthatmustbemad eandinthenumberofavailablealternatives. Thisdiscrepancybetweenfreedom-from-choic eandfreedom-of -choicequantitativelyexplainstheperceive dcomplexitydifference.

2 : REST iswellsuitedforbasic,adhocintegrationsce narios lamashup,WS-* is morematureandaddressesadvancedqualityofs ervicerequirementscommonlyfoundinenterpr isecomputing. 2009-2010 - Cesare Pautasso - Cesare Pautasso Assistant Professor at the Faculty of Informatics,University of Lugano, Switzerland (since Sept 2007) Research Projects: SOSOA Self-Organizing Service Oriented Architectures CLAVOS Continuous Lifelong Analysis and Verification of Open Services BPEL for REST Researcher at IBM Zurich Research Lab(2007) Post-Doc at ETH Z rich Software:JOpera: Process Support for more than Web at ETH Z rich, Switzerland (2004) LaureaPolitecnicodiMilano (2000) Representations.

3 (Web) (Twitter Feed) 2010 Cesare Pautasso 2009-2010 - Cesare Pautasso - * Standards Stack 2009-2010 - Cesare Pautasso - Services StandardsAtomPub 2010 - Cesare Pautasso6Is REST really used? 2010 - Cesare Pautasso7Is REST really used?Atom, 2%Gdata, 1%JavaScript, 6%JSON-RPC, 0%R E S T, 71%RSS, 1%SMS, 0%SOAP, 17%XML-RPC, 2%X M P P, 0 %2042 2009-2010 - Cesare Pautasso - Sites (1992)HTTPHTMLWeb BrowserWeb Server(HTTP)SOAPS erverClientXMLWSDLWS-*Web Services (2000) 2009-2010 - Cesare Pautasso - Web Services (2007)ClientHTTPPO-XMLRSS/AtomJSONWeb ServerWADLWS-*Web Services (2000)(HTTP)SOAPS erverClientXMLWSDL 2009-2010 - Cesare Pautasso - to RESTful Web REST and WS-* 2010 - Cesare Pautasso11 Web Services expose their data and functionality trough resourcesidentified by URI Uniform InterfacePrinciple.

4 Clients interact with resources through a fix set of verbs. Example HTTP:GET (read), POST (create), PUT (update), DELETE Multiple representationsfor the same resource Hyperlinksmodel resource relationships and valid state transitions for dynamic protocol description and discoveryREST in one slideRPUTDELETEGETPOST 2009-2010 - Cesare Pautasso - - Uniform Resource Identifier Internet Standard for resource naming and identification (originally from 1994, revised until 2005) Examples: #1 REST does notadvocate the use of nice URIs In most HTTP stacks URIs cannot have arbitrary length (4Kb) #Fragments are not even sent to the serverURI SchemeAuthorityPathQueryFragment 2009-2010 - Cesare Pautasso - is a nice URI?

5 ,+switzerland&layer=&ie=UTF8&z=12&om=1&i wloc= RESTful service is much more than just a set of nice URIs 2009-2010 - Cesare Pautasso - Design Guidelines Prefer Nouns to Verbs Keep your URIs short If possible follow a positional parameter-passing scheme for algorithmic resource query strings (instead of the key=value&p=v encoding) Some use URI postfixes to specify the content type Do not change URIs Use redirection if you really need to change themGET /book?isbn=24&action=deleteDELETE /book/24 Note:REST URIs are opaque identifiers that are meant to be discovered by following hyperlinks and not constructed by the client This may break the abstraction Warning:URI Templates introduce coupling between client and server 2009-2010 - Cesare Pautasso - Templates URI Templates specify how to construct and parse parametric URIs.

6 On the service they are often used to configure routing rules On the client they are used to instantiate URIs from local parameters Do not hardcode URIs in the client! Do not hardcode URI templates in the client! Reduce coupling by fetching the URI template from the service dynamically and fill them out on the clientURI TemplateURI TemplateparametersURIparametersURIclient service 2009-2010 - Cesare Pautasso - Template Examples From Template: {oid}/item/{iid} Example URI: Template: {-join|&|q,num} Example URI: 2009-2010 - Cesare Pautasso - Interface ConstraintHTTPSAFEIDEMPOTENTPOSTC reate a sub resourceNONOGETR etrieve the current stateof the resourceYESYESPUTI nitialize or update the state of a resourceat the given URINOYESDELETEC lear a resource, after the URI is no longer validNOYES 2009-2010 - Cesare Pautasso - vs.

7 GET GET is a read-onlyoperation. It can be repeated without affecting the state of the resource (idempotent) and can be cached. Note: this does not mean that the same representation will be returned every time. POST is a read-writeoperation and may change the state of the resource and provoke side effects on the browsers warn you when refreshing a page generated with POST 2009-2010 - Cesare Pautasso - vs. PUTWhat is the right way of creating resources (initialize their state)?PUT /resource/{id}201 CreatedProblem: How to ensure resource {id} is unique? (Resources can be created by multiple clients concurrently)Solution 1: let the client choose a unique id ( , GUID)POST /resource301 Moved PermanentlyLocation: /resource/{id}Solution 2: let the server compute the unique idProblem.

8 Duplicate instances may be created if requests are repeated due to unreliable communication 2009-2010 - Cesare Pautasso - Architectural ElementsUser AgentOrigin ServerCacheProxyGatewayConnector (HTTP)Client/ServerLayeredCacheStateless Communication 2009-2010 - Cesare Pautasso - SetupUser AgentOrigin ServerHTTPC achingUser AgentOrigin ServerHTTPUser AgentCachingOrigin ServerHTTPA dding CachingCachingUser AgentCachingOrigin ServerHTTP 2009-2010 - Cesare Pautasso - or Gateway?ClientProxyHTTPO rigin ServerHTTPC lientGatewayHTTPO rigin ServerHTTPI ntermediaries forward (and may translate) requests and responsesA proxy is chosen by the Client (for caching, or access control)The use of a gateway (or reverse proxy) is imposed by the server 2009-2010 - Cesare Pautasso - resources to be exposed as Services ( , yearly risk report, book catalog, purchase order, open bugs, polls and votes) relationships ( , containment, reference, state transitions) between resources with hyperlinks that can be followed to get more details (or perform state transitions)

9 Nice URIs to address the what it means to do a GET, POST, PUT, DELETE for each resource (and whether it is allowed or not) and document resource and deploy on Web with a Web browserGETPUTPOSTDELETE/loan /balance /client /book /order ? /soap 2009-2010 - Cesare Pautasso - SpaceM Representations (Variable) 2009-2010 - Cesare Pautasso - Doodle API : polls and Relationship: GETPUTPOSTDELETE/poll /poll/{id} /poll/{id}/vote /poll/{id}/vote/{id} ?poll{id1} embed IDs of child instance on the container is used to create child for updating and removing child resources{id2}{id3}vote{id4}{id5} 2009-2010 - Cesare Pautasso - Doodle API a poll(transfer the state of a new poll on the Doodle service) a poll (transfer the state of the poll from the Doodle service)POST /poll<options>A,B,C</options>201 CreatedLocation: /poll/090331xGET /poll/090331x200 OK<options>A,B,C</options> <votes href= /vote />/poll/poll/090331x/poll/090331x/vote 2009-2010 - Cesare Pautasso - Doodle API Example Participating in a poll by creating a new vote sub-resourcePOST /poll/090331x/vote<name>C.

10 Pautasso</name> <choice>B</choice>201 CreatedLocation: /poll/090331x/vote/1 GET /poll/090331x200 OK<options>A,B,C</options> <votes> <vote id= 1 > <name>C. Pautasso</name> <choice>B</choice> </vote> </votes>/poll/poll/090331x/poll/090331x/vote/pol l/090331x/vote/1 2009-2010 - Cesare Pautasso - Doodle API Example Existing votes can be updated (access control headers not shown)PUT /poll/090331x/vote/1<name>C. Pautasso</name> <choice>C</choice>200 OKGET /poll/090331x200 OK<options>A,B,C</options> <votes> <vote id= /1 > <name>C. Pautasso</name> <choice>C</choice> </vote> </votes>/poll/poll/090331x/poll/090331x/vote/pol l/090331x/vote/1 2009-2010 - Cesare Pautasso - Doodle API Example Polls can be deleted once a decision has been madeDELETE /poll/090331x200 OKGET /poll/090331x404 Not Found/poll/poll/090331x/poll/090331x/vot e/poll/090331x/vote/1 2009-2010 - Cesare Pautasso - End to End View The resource acts as an communication medium that allows Services to exchange representations of their state This is not equivalent to sending and receiving messages from a busRABCPUTGETGET 2009-2010 - Cesare Pautasso - Doodle Demo Info on the real Doodle API.