• Save
Oopsla 2009 Combining REST and Cloud A Practitioners Report
Upcoming SlideShare
Loading in...5

Oopsla 2009 Combining REST and Cloud A Practitioners Report



This is the deck I presented at this years OOPSLA, and again at the Cloud Computing Boot Camp. It discusses overcoming input limitations through access to richer information in order to form more ...

This is the deck I presented at this years OOPSLA, and again at the Cloud Computing Boot Camp. It discusses overcoming input limitations through access to richer information in order to form more advanced contexts. The associated paper is here: http://portal.acm.org/toc.cfm?id=1639950&type=proceeding&coll=portal&dl=GUIDE



Total Views
Views on SlideShare
Embed Views



3 Embeds 4

http://www.slideshare.net 2
http://telcoweb.blogspot.com 1
http://telcoweb.blogspot.in 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Oopsla 2009 Combining REST and Cloud A Practitioners Report Oopsla 2009 Combining REST and Cloud A Practitioners Report Presentation Transcript

  • Using RESTful Web Services and Cloud Computing for Next-Generation Mobile Applications Jason H Christensen Intelligence In Motion Partners OOPSLA 2009, Practitioner Reports
  • What We’ll Cover  Evolution of Mobile  Overcoming the Limitations of Mobile Systems  Cloud  REST  Baseline Modern Mobile Architecture  Implementers View of Common Component of the Architecture. Also, A big thanks to the following for the great design: Rebecca Vaneyll Hugh Griffith – hgriffith@vfs.com
  • Pre-2000: Basic devices with small screens, expensive connectivity 2001: 3G Introduced in Europe and Asia 2002: Blackberry email device released (non-TCP technologies) 2005: Nokia introduces N770 internet tablet for GA (no cellular connectivity) 2007: Apple introduces the iPhone Mobile Architectures Timeline View slide
  • Modern Mobile Architectures I used to carry a laptop everywhere Now I only carry one if I’m programming. My smart phone has one distinct and clear advantage Unlike my Laptop.... My iPhone is:  Always On  Always Connected(internet)  Always With Me View slide
  • Smartphone – a New Era of Consumer Computing Smart phones have key coexisting features that their predecessors do not:  TCP Application Stack  Multimodal Radio Connectivity  Sensors for Ascertaining Context  Common Programming Language Interfaces
  • Leveraging Modern Mobile Architectures Most smartphones have enabling API's for internet connectivity using standard protocols. This has ushered in a number of new approaches to applications:  Location Based Services – Japan (circa)2002  Spatial Augmented Reality – GeoVector 2003  Social Tracking/Web 2.0 Integration – Loopt 2007
  • Existing Smart Phone Input Limitations Smart Mobile Devices are “Input limited,” But sensor and connectivity rich Context can address this “Input limitation” Reduce inputs using “Context Awareness.” Most people are familiar with location contexts(Use the GPS), but there are some that remain untapped.
  • Advanced Mobile Contexts  Explicit Location Contexts  Radio beacons that are detectable (Bluetooth, Wifi, Zigbee(maybe someday )  provide fine grained interior location  Photo/Audio Contexts  Image processing/Voice to Text contexts for document generation/scientific uses  Social Contexts  Contexts that use social data (twitter relationships for instance) to determine influence/info flow (Social network analysis, corp TIA)  Group Contexts  Same as web 2.0 rankings (iMapMyRide, Yelp AR easter egg)
  • Using Context to Overcome Input Limitations Advanced contexts are external (i.e.)  Not on the device  Data will be collected from the device  Data will be processed centrally  Context will be returned to the device.
  • Cloud Computing Web 2.0 Storage Data Security Synchronization What’s in the Cloud? Social Transaction Data Management Processing
  • Cloud to Overcome Classic Mobile Limitations Traditionally the limitations of Mobile Computing have included:  Minimal Storage  Highly Constrained Processing Environment.  Poor quality multitasking/concurrency support. Let's Look at How Cloud Computing Can Help
  • Some Cloud Computing Options Storage Federated Security  Amazon S3  Custom  Apple's iDisk  Amazon Processing  Facebook  Custom  OAUTH  Amazon EC2, and  Google EMR  Open Social Synchronization  OpenID  XMPP backed Two-  Microsoft Phase Commit  Yahoo  XMPP backed MOM
  • REST for Cloud Connectivity REST = Representational State Transfer(Fielding, 2007) RESTful Web-Services are advantageous for mobile devices  REST is HTTP = Stateless and Connectionless:  REST is URL based (standard invocation),  REST can be made Very Succinct.
  • Baseline #MobileCloud Archetype Authenticated RESTful Invocation Synchronous RESTful Response Secured Push Server Push Notification Asynchronous Response
  • CLOUD Computing via REST  Most cloud services have exposed REST interfaces  Authentication Varies  Amazon's Cloud Computing Platform(via REST)  S3 for storage  EC2 for Additional computing  EMR for Processor Intensive Task  Most commonly, Roll your own Restful Service  Don’t forget security.  Architect for Mobile, other platforms benefit.
  • REST Requests REST HTTP *Invocations* fall into four categories:  URL only  Yahoo and Google GeoCoding  Amazon Elastic Map Reduce  URL + Headers  S3 Get Service, Get Bucket Contents  URL + Headers + XML Body  S3 Copy Object,  URL + Headers + File Content  S3 Put Object,
  • REST Responses REST HTTP *Responses* fall into three categories:  URL + Headers  S3 PUT Bucket  URL + Headers + File Content  S3 Get Object  URL + Headers + XML  S3 Get Bucket Contents  Google Maps Geo call  Elastic Map Reduce
  • Guidelines for REST for Mobile Platforms Stay “Header” centric Data in headers are easily processed Use XML streaming, i.e. SAX/expat for memory optimization Balance Memory and Processing Favor Attributes Raw Data can be encoded and passed directly using HTTP.
  • RxASM – REST XML As a State Machine REST State Starts with Headers Status Code, Content Type, Content Length Create a state representation of the XML tags and attributes. Allows us to only extract essential data, and discard the superfluous, easing both memory and processing
  • RxASM Example: Google Geocoding State Diagram Present Tag = HTTP 200 Processing AddressDetails XML Accuracy > 8 OK to Use Pending Coordinates Response Received Present Tag = Coordinates HTTP and in Error FoundCharacters Processing Aborted Grab Char’s Stop Processing
  • RxASM Example: Google Geocoding Cocoa Touch State = OK to Use Pending Coordinates State= Lat Lon Pending State = Found Characters
  • Security in the cloud  Most cloud technologies use some sort of Federated Security Model  Proprietary, OpenID, or Open Auth  Amazon S3 uses a proprietary scheme  Public Key/Private Key  Private Key to sign certain headers.  Most Social Nets use Open Auth, except Facebook uses FBConnect.
  • Key Handling Procedures  Cloud and Mobile Environments are “Hostile”  Open Auth handles this, mobile devices must use 3-Legged OAuth  Public Keys - properties file(j2me) or defaults bundle(cocoa touch)  Private Keys - “sandboxed” keystore  This does two things, one is it decouples applications for evolution concerns.  It adds one more level of “privacy” since applications are restricted to their keystore instance(s)
  • Amazon Authentication  Amazon issues a public key: identifies the customer  Amazon issues a private key: used for signing  Create the string to sign(s3-dg p.13)  StringToSign = HTTP-Verb n Content-MD5 n Content-Type n Date n CanonicalizedAmzHeaders n /Bucket/Resource(up to query string)  Sign the string using the private key and HMAC- SHA1  Base64 encode the result and append to the Authorization Header.
  • OAuth Authentication 1of 2  Service Provider issues an “Unauthorized Request Token”  App requests the service providers “Request Token Url”  For Twitter :http://www.twitter.com/oauth/request_token.  The service provider responds with a request token and secret in the body:  oauth_token=ab3cd9j4ks73hf7g&oauth_token_secret=xyz4992 k83j47x0b  At this point the consumer needs to get client permission
  • OAuth Authentication 2of 2  The application creates a GET to the authorize URL  Twitter: http://twitter.com/oauth/authorize  The user is then taken to an embedded html page and authenticates with the site.  The site then redirects the user back to the application using the callback method.  The application can now access authenticated resources using the generated “Access Key.”
  • Key Architectural Considerations - Mobile Amazon S3  Check Connectivity  Gracefully Handle Temporary Redirects  Support Continue  Use Chunked Gets(dg p. 127)  Consider Network Type  Time Versus Bandwidth  The Amazon AUTH Token uses the Date header.  This Header is “Volatile”, use x-AmzDate instead
  • Key Architectural Considerations - Mobile Amazon EMR  Configure an S3 Bucket to support the executable files(java jars**)  When ready to invoke  Put the input file on S3 in a predetermined location  Invoke the EMR request with:  Check for and grab the output  Poll S3 using a HEAD request  Configure a Push Server **other languages are supported but require streaming
  • Summary  What we covered:  Mobile friendly REST  Examples of S3 for file storage.  How federated identity is used in cloud computing.
  • Questions?  Feel free to contact me: Jason H Christensen jason_h_christensen@jasonc411.com Slideshare: jasonc411 Twitter: jasonc411 http://jasonc411.com Photo Credits Iphone – (adapted from) http://images.apple.com/iphone/home/images/buystrip-iphone-20090608.png Clouds – (adapted from) http://en.wikipedia.org/wiki/File:Cumulus_mediocris.jpg Servers – (adapted from) http://www.hp.com/products1/servers/carrier_grade/images/G7400001082007.gif Amazon aws - http://media.amazonwebservices.com/logo_aws.gif Twitter logo - https://s3.amazonaws.com/twitter_production/a/1256597179/images/twitter_logo_header.png