Your SlideShare is downloading. ×
Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012

1,228
views

Published on


0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,228
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
33
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Exploring REST Purity and Pragmatism Samisa Abeysinghe Vice President Engineering
  • 2. REST• General idea – It is simple – Widely used – “cool” & state of the art – And ideal for SOA & the enterprise True?
  • 3. YesSimple Cool REST is…Popular Used
  • 4. From Theory to Practice• Can simplicity meet complexity?• Can REST be used in enterprise?
  • 5. REST for Enterprise Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  • 6. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  • 7. REST Principles Verbs CRUD and more (PUT, GET,POST,DELETE Names … HEAD, OPTIONS) Representations URI, XRI HTML, XML or Binary(http://acme.com/ (text/html, text/xml, customers) image/png) Resources
  • 8. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  • 9. Services vs APIs• Services are what you develop• APIs are what you expose – “The interface” – How can you consume the service?
  • 10. RESTful APIs• REST (REpresentational State Transfer) – An architectural style based on transferring representations of resources from a server to a client• RESTful Web services – Web services built on the REST principles – Also called a RESTful Web API – http://en.wikipedia.org/wiki/Representational_sta te_transfer#RESTful_web_services
  • 11. The Interface Matters• It is not the implementation that matter• But the interface – And got to be managed and maintained systematically
  • 12. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  • 13. Manage Life-CyclesService API
  • 14. Tools for Life-Cycle Management
  • 15. Tools for Life-Cycle Management
  • 16. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  • 17. Securing RESTful Services Confidentiality Integrity HTTPS HTTPS Security Authentication Non RepudiationHTTP Basic/Digest Auth., 2-legged OAuth Mutual Auth., OAuth
  • 18. Security Using OAuthhttp://pathberiya.blogspot.com/2011/02/2-legged-oauth-to-secure-restful.html
  • 19. Access TokensApplication User Key Key Used when Used when an applications are end user is calling each using an other application
  • 20. Application/User Key Generation Sequence
  • 21. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  • 22. Business Models
  • 23. Business RequirementsTiers Metering Throttling Billing Monitoring Usage Tier limitsPlatinum Pay for use Trends metering enforcement Capacity SLA & policy Continuous Gold Budget metering enforcement improvement Status Capacity Silver Prioritization Estimates tracking planning
  • 24. Monitoring Tools
  • 25. Insights & Continuous Improvement
  • 26. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  • 27. Closing Remarks• REST is simple, cool, popular and used• Need to look beyond coolness to use REST for real• Think of REST as a way to expose APIs• Pay attention to good governance• Make informed security architecture decisions• Focus on monitoring, analysis and insights based continuous improvements
  • 28. Resources• http://wso2.com/products/api-manager/• http://wso2.com/products/governance-registry/• http://wso2.com/products/business-activity-monitor/• http://sanjiva.weerawarana.org/2012/08/api-management- missing-link-for-soa.html• http://sumedha.blogspot.com/search/label/API
  • 29. WSO2 Engagement Model• QuickStart• Development Support• Development Services• Production Support• http://wso2.com/support
  • 30. Thank you!bizdev@wso2.com