REST: putting the web back in to web services


Published on

Slides from a lunchtime talk at Adastral Park, 18 March 2008. Won't make much sense on their own, I'm afraid.

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

REST: putting the web back in to web services

  1. 1. REST Putting the web back into web services
  2. 2. The Web (for humans)
  3. 3. The Web (for machines)
  4. 4. SOAP
  5. 5. Web Services Standards Overview Dependencies © innoQ Deutschland GmbH. All Rights Reserved. The poster may also contain references to other company, organisation, brand and product names. These company, organisation, brand and product names are used herein for identification purposes only and may be the trademarks of their respective owners. Messaging Specifications SOAP 1.1 Interoperability Business Process Specifications Management Specifications Presentation SOAP 1.2 SOAP Message Transmission Optimization Mechanism Issues Specifications WS-Notification Business Process Execution WS-Choreography Model Web Service Choreography Web Service Choreography Management Using Web Management Of WS-BaseNotification WS-Management Metadata Resource Security Language for Web Services 1.1 Overview Interface Description Language Services (WSDM-MUWS) Web Services (WSDM-MOWS) AMD, Dell, Intel, Microsoft and Sun WS-Topics (BPEL4WS) · 1.1 · BEA Systems, IBM, (WSCI) · 1.0 · W3C 1.0 1.0 Microsystems 1.0 · W3C (CDL4WS) · 1.0 · W3C WS-BrokeredNotification Microsoft, SAP, Sun Microsystems, SAP, BEA Systems OASIS OASIS Published Specification Web Services for Remote Working Draft Candidate Recommendation Basic Profile Siebel Systems · OASIS-Standard and Intalio · Note OASIS-Standard OASIS-Standard Portlets (WSRP) WS-Addressing – Core 1.1 WS-I Business Process Execution Language for Web Services WS-Choreography Model Overview defines the format Web Service Choreography Interface (WSCI) describes Web Service Choreography Description Language Web Service Distributed Management: Management Using Web Service Distributed Management: Management Of WS-Management describes a general SOAP-based 2.0 WS-Addressing – WSDL Binding 1.1(BPEL4WS) provides a language for the formal and structure of the (SOAP) messages that are exchanged, how Web Service operations can be choreographed in the (CDL4WS) is to specify a declarative, XML based language Web Services (WSDM-MUWS) defines how an IT resource Web Services (WSDM-MOWS) addresses management of protocol for managing systems such as PCs, servers, OASIS Final Specification specification of business processes and business interaction and the sequence and conditions in which the messages context of a message exchange in which the Web Service that defines from a global viewpoint the common and connected to a network provides manageability interfaces the components that form the network, the Web services devices, Web services and other applications, and other protocols using Web Services. are exchanged. participates. complementary observable behaviour, where message such that the IT resource can be managed locally and from endpoints, using Web services protocols. manageable entities. Committee Draft WS-Addressing – SOAP Binding exchanges occur, and when the jointly agreed ordering remote locations using Web services technologies. Basic Profile – The Basic Profile 1.1 provides rules are satisfied. Web Services for Remote Portlets (WSRP) defines a WS-Eventing implementation guidelines for how related set of non- proprietary Web Service specifications should be used Business Process Execution Business Process Management XML Process Definition set of interfaces and related semantics which standardize interactions with components providing user-facing WS-Enumeration together for best interoperability. Language for Web Services 2.0 Language (BPML) Language (XPDL) Service Modeling Language markup, including the processing of user interactions with that markup. (BPEL4WS) · 2.0 1.1 IBM, BEA, BMC, Cisco, Dell, HP, Intel, Metadata Specifications 2.0 OASIS, BEA Systems, IBM, Microsoft, SAP, Microsoft, Sun Final Siebel Systems · Committee Draft Final Draft Draft Specification Basic Profile 1.2 Business Process Execution Language for Web Services Business Process Management Language (BPML) XML Process Definition Language (XPDL) provides an WS-Policy 2.0 (BPEL4WS) provides a language for the formal provides a meta-language for expressing business XML file format that can be used to interchange process Servcie Modeling Language (SML) is used to model WS-I specification of business processes and business interaction processes and supporting entities. models between tools. complex IT services and systems, including their structure, WS-PolicyAssertions Working Group Draft protocols using Web Services. Security constraints, policies, and best practices. WS-PolicyAttachment Basic Profile – The Basic Profile 1.2 builds on Basic Profile Messaging 1.1 by incorporating Basic Profile 1.1 errata, requirements WS-Discovery from Simple SOAP Binding Profile 1.0, and adding support for WS-Addressing and MTOM. WS-MetadataExchange Universal Description, Discovery and Integration Web Service Description Language 1.1 Basic Profile Web Service Description Language 2.0 Core Metadata Specifications Reliability Security Specifications Transaction Resource 2.0 WS-I Working Group Draft Web Service Description Language 2.0 SOAP Binding Basic Profile – The Basic Profile 2.0 is an update of WS-I BP that includes a profile of SOAP 1.2. WS-Policy WS-PolicyAssertions Specifications WS-Security WS-SecurityPolicy Specifications Specifications Security Specifications 1.1 1.1 WS-Security 1.5 1.1 BEA Systems, IBM, Microsoft, W3C IBM, Microsoft, SAP OASIS RSA Security, VeriSign WS-Coordination Web Services WS-Security: SOAP Message Security Attachments Profile Working Draft Public Draft WS-ReliableMessaging OASIS-Standard Public Draft 1.1 Resource Framework (WSRF) 1.0 1.1 OASIS WS-Security: Kerberos Binding 1.2 WS-I OASIS Working Draft WS-Policy describes the capabilities and constraints of WS-PolicyAssertions provides an initial set of assertions WS-Security is a communications protocol providing a WS-SecurityPolicy defines how to describe policies related OASIS Final Specification the policies on intermediaries and endpoints (e.g. business to address some common needs of Web Services Committee Draft means for applying security to Web Services. to various features defined in the WS-Security specification. WS-Security: SAML Token Profile Messaging OASIS-Standard Reliability Metadata rules, required security tokens, supported encryption applications. WS-Coordination describes an extensible framework for providing algorithms, privacy rules). protocols that coordinate the actions of distributed applications. Web Services Resource Framework (WSRF) defines a family of WS-Security: X.509 Certificate Token Profile Attachments Profile – The Attachment Profile 1.0 specifications for accessing stateful resources using Web Services. complements the Basic Profile 1.1 to add support WS-ReliableMessaging describes a protocol that allows WS-Business Activity WS-Security: Username Token Profile for interoperable SOAP Messages with attachments-based Web Services. Web services to communicate reliable in the presence of software component, system, or network failures. It defines WS-Security: WS-Security: 1.1 WS-BaseFaults (WSRF) WS-SecurityPolicy a SOAP binding that is required for interoperability. SOAP Message Security Username Token Profile OASIS 1.2 WS-PolicyAttachment WS-Discovery 1.1 1.1 Working Draft OASIS WS-Trust 1.2 Microsoft, BEA Systems, Canon, OASIS OASIS Working Draft Simple SOAP W3C Intel and webMethods WS-Reliable Messaging Public Review Draft Public Review Draft WS-Business Activity provides the definition of the business activity coordination type that is to be used with the extensible coordination WS-Federation WS-BaseFaults (WSRF) defines a base set of information Binding Profile W3C Member Submission Draft Policy Assertion (WS-RM Policy) framework described in the WS-Coordination specification. that may appear in fault messages. WS-BaseFaults defines an WS-SecureConversation 1.0 WS-Security: SOAP Message Security describes WS-Security: Username Token Profile describes how XML schema type for base faults, along with rules for how 1.1 WS-I WS-PolicyAttachment defines two general-purpose WS-Discovery defines a multicast discovery protocol for OASIS enhancements to SOAP messaging to provide message integrity and confidentiality. Specifically, this specification a Web Service consumer can supply a Username Token as a means of identifying the requestor by username, and WS-Atomic Transaction this base fault type is used and extended by Web Services. Final Specification Simple SOAP Binding Profile – The Simple SOAP Binding mechanisms for associating policies with the subjects to which they apply; the policies may be defined as part of existing metadata about the subject or the policies may dynamic discovery of services on ad-hoc and managed networks.
  6. 6. WS-*
  7. 7. WS-
  8. 8. Drawing: Paul Downey (
  9. 9.
  10. 10. Photo: Steven Mofacko (
  11. 11. REST
  12. 12. RFC2616
  13. 13. UNIVERSITY OF CALIFORNIA, IRVINE Architectural Styles and the Design of Network-based Software Architectures DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Information and Computer Science by Roy Thomas Fielding Dissertation Committee: Professor Richard N. Taylor, Chair Professor Mark S. Ackerman Professor David S. Rosenblum 2000
  14. 14. Principles of REST • Addressable resources • Generic Interface • Stateless messages • Representations
  15. 15. Resource
  16. 16. Noun
  17. 17. URI
  18. 18.
  19. 19. Action
  20. 20. Verb
  21. 21. HTTP operation
  22. 22. Create Read Update Delete
  23. 23. Careful! POST GET Safe Idempotent PUT DELETE
  24. 24. Representation
  25. 25. Format
  26. 26.
  27. 27. That’s all very well, but...
  28. 28. Response status • 200 OK • 404 Not found • 201 Created • 405 Method Not Allowed • 202 Accepted • 500 Internal Server Error • 400 Bad Request • 503 Service Unavailable • 403 Forbidden • etc...
  29. 29. Security • SSL • HTTP Basic • HTTP Digest • Shared key digest • Custom
  30. 30. Why? • Simplicity • Consistency • Interoperability • Testability • Web infrastructure
  31. 31. !quot;#$quot;%&'()quot;%'*%+,-.%.,#/%(-*%0' !quot;#