Using RESTful Web Services and
Cloud Computing for
Next-Generation Mobile
Applications
Jason H Christensen
Intelligence In Motion Partners
OOPSLA 2009, Practitioner Reports

What We’ll Cover
 Evolution of Mobile
 Overcoming the Limitations of Mobile Systems
 Cloud
 REST
 Baseline Modern Mobile Architecture
 Implementers View of Common Component of
the Architecture.
Also, A big thanks to the following for the great design:
Rebecca Vaneyll
Hugh Griffith – hgriffith@vfs.com

Pre-2000: Basic devices with small
screens, expensive connectivity
2001: 3G Introduced in Europe and
Asia
2002: Blackberry email device
released (non-TCP technologies)
2005: Nokia introduces N770 internet
tablet for GA (no cellular connectivity)
2007: Apple introduces the
iPhone
Mobile Architectures Timeline

Modern Mobile Architectures
I used to carry a laptop everywhere
Now I only carry one if I’m programming.
My smart phone has one distinct and clear advantage
Unlike my Laptop....
My iPhone is:
 Always On
 Always Connected(internet)
 Always With Me

Smartphone – a New Era of Consumer Computing
Smart phones have key coexisting features that
their predecessors do not:
 TCP Application Stack
 Multimodal Radio Connectivity
 Sensors for Ascertaining Context
 Common Programming Language
Interfaces

Leveraging Modern Mobile Architectures
Most smartphones have enabling API's for internet
connectivity using standard protocols.
This has ushered in a number of new approaches to
applications:
 Location Based Services – Japan (circa)2002
 Spatial Augmented Reality – GeoVector 2003
 Social Tracking/Web 2.0 Integration – Loopt 2007

Existing Smart Phone Input Limitations
Smart Mobile Devices are “Input limited,”
But sensor and connectivity rich
Context can address this “Input limitation”
Reduce inputs using “Context Awareness.”
Most people are familiar with location contexts(Use the
GPS), but there are some that remain untapped.

Advanced Mobile Contexts
 Explicit Location Contexts
 Radio beacons that are detectable (Bluetooth, Wifi, Zigbee(maybe
someday )
 provide fine grained interior location
 Photo/Audio Contexts
 Image processing/Voice to Text contexts for document
generation/scientific uses
 Social Contexts
 Contexts that use social data (twitter relationships for instance) to
determine influence/info flow (Social network analysis, corp TIA)
 Group Contexts
 Same as web 2.0 rankings (iMapMyRide, Yelp AR easter egg)

Using Context to Overcome Input Limitations
Advanced contexts are external (i.e.)
 Not on the device
 Data will be collected from the device
 Data will be processed centrally
 Context will be returned to the device.

Cloud Computing
Web 2.0 Storage
Data
Security
Synchronization
What’s in the Cloud?
Social
Transaction Data
Management
Processing

Cloud to Overcome Classic Mobile Limitations
Traditionally the limitations of Mobile Computing
have included:
 Minimal Storage
 Highly Constrained Processing Environment.
 Poor quality multitasking/concurrency support.
Let's Look at How Cloud Computing Can Help

Some Cloud Computing Options
Storage Federated Security
 Amazon S3  Custom
 Apple's iDisk  Amazon
Processing  Facebook
 Custom  OAUTH
 Amazon EC2, and  Google
EMR  Open Social
Synchronization  OpenID
 XMPP backed Two-  Microsoft
Phase Commit  Yahoo
 XMPP backed MOM

REST for Cloud Connectivity
REST = Representational State Transfer(Fielding, 2007)
RESTful Web-Services are advantageous for mobile
devices
 REST is HTTP = Stateless and Connectionless:
 REST is URL based (standard invocation),
 REST can be made Very Succinct.

Baseline #MobileCloud Archetype
Authenticated RESTful Invocation
Synchronous RESTful Response
Secured Push Server
Push
Notification
Asynchronous Response

CLOUD Computing via REST
 Most cloud services have exposed REST interfaces
 Authentication Varies
 Amazon's Cloud Computing Platform(via REST)
 S3 for storage
 EC2 for Additional computing
 EMR for Processor Intensive Task
 Most commonly, Roll your own Restful Service
 Don’t forget security.
 Architect for Mobile, other platforms benefit.

REST Requests
REST HTTP *Invocations* fall into four categories:
 URL only
 Yahoo and Google GeoCoding
 Amazon Elastic Map Reduce
 URL + Headers
 S3 Get Service, Get Bucket Contents
 URL + Headers + XML Body
 S3 Copy Object,
 URL + Headers + File Content
 S3 Put Object,

REST Responses
REST HTTP *Responses* fall into three categories:
 URL + Headers
 S3 PUT Bucket
 URL + Headers + File Content
 S3 Get Object
 URL + Headers + XML
 S3 Get Bucket Contents
 Google Maps Geo call
 Elastic Map Reduce

Guidelines for REST for Mobile Platforms
Stay “Header” centric
Data in headers are easily processed
Use XML streaming, i.e.
SAX/expat for memory optimization
Balance Memory and Processing
Favor Attributes
Raw Data can be encoded and passed directly using
HTTP.

RxASM – REST XML As a State Machine
REST State Starts with Headers
Status Code, Content Type, Content Length
Create a state representation of the XML tags and
attributes.
Allows us to only extract essential data, and discard
the superfluous, easing both memory and processing

RxASM Example: Google Geocoding State Diagram
Present Tag =
HTTP 200 Processing AddressDetails
XML Accuracy > 8
OK to Use
Pending
Coordinates
Response
Received
Present Tag =
Coordinates
HTTP and in
Error FoundCharacters
Processing
Aborted Grab
Char’s
Stop
Processing

RxASM Example: Google Geocoding Cocoa Touch
State = OK to
Use Pending
Coordinates
State= Lat Lon Pending
State = Found
Characters

Security in the cloud
 Most cloud technologies use some sort of Federated
Security Model
 Proprietary, OpenID, or Open Auth
 Amazon S3 uses a proprietary scheme
 Public Key/Private Key
 Private Key to sign certain headers.
 Most Social Nets use Open Auth, except Facebook
uses FBConnect.

Key Handling Procedures
 Cloud and Mobile Environments are “Hostile”
 Open Auth handles this, mobile devices must use 3-Legged
OAuth
 Public Keys - properties file(j2me) or defaults
bundle(cocoa touch)
 Private Keys - “sandboxed” keystore
 This does two things, one is it decouples applications
for evolution concerns.
 It adds one more level of “privacy” since applications
are restricted to their keystore instance(s)

Amazon Authentication
 Amazon issues a public key: identifies the customer
 Amazon issues a private key: used for signing
 Create the string to sign(s3-dg p.13)
 StringToSign = HTTP-Verb n Content-MD5 n Content-Type
n Date n CanonicalizedAmzHeaders n /Bucket/Resource(up
to query string)
 Sign the string using the private key and HMAC-
SHA1
 Base64 encode the result and append to the
Authorization Header.

OAuth Authentication 1of 2
 Service Provider issues an “Unauthorized Request
Token”
 App requests the service providers “Request Token
Url”
 For Twitter :http://www.twitter.com/oauth/request_token.
 The service provider responds with a request token
and secret in the body:
 oauth_token=ab3cd9j4ks73hf7g&oauth_token_secret=xyz4992
k83j47x0b
 At this point the consumer needs to get client
permission

OAuth Authentication 2of 2
 The application creates a GET to the authorize URL
 Twitter: http://twitter.com/oauth/authorize
 The user is then taken to an embedded html page
and authenticates with the site.
 The site then redirects the user back to the
application using the callback method.
 The application can now access authenticated
resources using the generated “Access Key.”

Key Architectural Considerations
- Mobile Amazon S3
 Check Connectivity
 Gracefully Handle Temporary Redirects
 Support Continue
 Use Chunked Gets(dg p. 127)
 Consider Network Type
 Time Versus Bandwidth
 The Amazon AUTH Token uses the Date
header.
 This Header is “Volatile”, use x-AmzDate instead

Key Architectural Considerations
- Mobile Amazon EMR
 Configure an S3 Bucket to support the executable
files(java jars**)
 When ready to invoke
 Put the input file on S3 in a predetermined location
 Invoke the EMR request with:
 Check for and grab the output
 Poll S3 using a HEAD request
 Configure a Push Server
**other languages are supported but require streaming

Summary
 What we covered:
 Mobile friendly REST
 Examples of S3 for file storage.
 How federated identity is used in cloud
computing.

Questions?
 Feel free to contact me:
Jason H Christensen
jason_h_christensen@jasonc411.com
Slideshare: jasonc411
Twitter: jasonc411
http://jasonc411.com
Photo Credits
Iphone – (adapted from) http://images.apple.com/iphone/home/images/buystrip-iphone-20090608.png
Clouds – (adapted from) http://en.wikipedia.org/wiki/File:Cumulus_mediocris.jpg
Servers – (adapted from) http://www.hp.com/products1/servers/carrier_grade/images/G7400001082007.gif
Amazon aws - http://media.amazonwebservices.com/logo_aws.gif
Twitter logo - https://s3.amazonaws.com/twitter_production/a/1256597179/images/twitter_logo_header.png