WebSocket Perspectives and Vision for the Future - HTML5DevConf Oct 2013 SF


Published on

Updated version of my talk at the great HTML5DevConf event in San Francisco, Oct 2013.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

WebSocket Perspectives and Vision for the Future - HTML5DevConf Oct 2013 SF

  1. 1. WebSocket Perspectives and Vision for the Future Frank Greco - @frankgreco Director of Technology, Kaazing Oct 2013
  2. 2. Outline §  Brief Background on WebSocket §  Layered Approach to Web Protocols §  The Web beyond the Browser – XaaS §  The Internet of Things and WebSocket §  Demos © 2013 Kaazing Corporation
  3. 3. Me… §  §  §  §  §  §  §  Director of Technology @ Kaazing Chairman NYJavaSIG (javasig.com) Largest Java UG in North America 7,500+ members Chair NYHTML5 1,500+ members Email: frank.greco@kaazing.com Twitter: @frankgreco Yell: “Hey Frank!” © 2013 Kaazing Corporation
  4. 4. Welcome HTML5 (aka The New Web) §  §  §  §  §  Users are Demanding more from Apps UI/UX Requirements are more sophisticated Browser Enhancements and Evolution API Explosion Web no longer just about Documents… even partial or pseudo documents The New Web is a Programmatic Foundation for Rich, Reliable and Really Cool Apps © 2013 Kaazing Corporation
  5. 5. Welcome HTML5 (aka The New Web) §  §  §  §  §  Users are Demanding more from Apps UI/UX Requirements are more sophisticated Browser Enhancements and Evolution API Explosion Web no longer just about Documents… even partial or pseudo documents The New Web is a Programmatic Foundation for Rich, Reliable and Really Cool Apps But… © 2013 Kaazing Corporation
  6. 6. HTTP – Not Designed for an Event-Driven World… §  Designed for document transfer -  §  Bidirectional, but half-duplex -  §  Short-lived Request / Response interaction Traffic flows in only one direction at a time Stateless -  Large amounts of metadata resent for each request Yes, HTTP 2.0 will be better, but the Web was not originally designed for “real-time”, event-based services… © 2013 Kaazing Corporation
  7. 7. WebSocket •  •  •  •  •  •  •  •  •  “Real-Time”, bi-directional connectivity IETF Protocol - RFC 6455 – Dec 2011 W3C API Easily add event-based capability to web apps Avoids polling (and resource consumption) Avoids HTTP meta-data overhead Shares port with HTTP (80/443) Peer protocol to HTTP (both use TCP) The Most Important API in “HTML5” © 2013 Kaazing Corporation
  8. 8. WebSocket Standards §  IETF Formal Protocol (RFC 6455) -  -  §  Event-driven JavaScript API Full-duplex communication protocol W3C API – Candidate Recommendation -  §  Java JSR 356 http://www.w3.org/TR/websockets/ Integrates HTTP addressing -  ws://yourcompany.com/collaboration_svc -  wss://anothercompany.com/marketdata_svc Traverses firewalls, proxies, routers securely §  Text and Binary §  Leverages Cross-Origin Resource Sharing (CORS) §  © 2013 Kaazing Corporation
  9. 9. The WebSocket Handshake © 2013 Kaazing Corporation
  10. 10. WebSocket Frames §  §  §  Frames have a few header bytes Data may be text or binary Frames from client to server are masked (XORed w/ random value) to avoid black hats with old proxies §  Use TLS in production – avoids a lot of issues… © 2013 Kaazing Corporation
  11. 11. What WebSocket is Not •  It is not a New AJAX AJAX was a lovable hack •  It is not a Push mechanism WebSocket is full-duplex, bi-directional •  It is not a Messaging system It’s an agnostic wire protocol It’s a low-level transport API •  It is not a Replacement for HTTP HTTP is still great for static, cacheable info © 2013 Kaazing Corporation
  12. 12. WebSocket Projects, OSS, Vendors •  •  •  •  •  •  •  •  •  •  •  •  •  Kaazing Node.js/socket.io/SockJS/engine.io ActiveMQ Tomcat Jetty Oracle Glassfish Java EE – JSR 356 Play Framework – Reactive Apps Rabbit MQ JBoss IIS/ASP .NET 4.5 PHP, Objective-C, Ruby, Python, C/C++, JVM-langs… Many more… © 2013 Kaazing Corporation
  13. 13. For Real-Time, Event-based Web Communication… Legacy HTTP vs. WebSocket Seems like a no-brainer for most apps… © 2013 Kaazing Corporation
  14. 14. HTML5 WebSocket API Make sure WS is open before usage… J © 2013 Kaazing Corporation
  15. 15. HTML5 WebSocket API But… Dealing with WebSocket is like dealing with TCP. It’s a streams-based model. You need to understand how to handle streams-based data over the wire. e.g., How do I do publish/subscribe? © 2013 Kaazing Corporation
  16. 16. What is Missing? Where is the Application-level Protocol? Who handles retries? How do we handle publish/ subscribe semantics? How do we handle market data? How do I handle entitlements? ACL? © 2013 Kaazing Corporation How can we guarantee delivery? What do we do with slow consumers, last value cache, etc? What if the client is not currently active? What about partial data?
  17. 17. But wait… Protocol Layering is Possible! Whoa… Its just like TCP! Huzzah! Browser and Native Applications JMS XMPP AMQP B2B FTP VNC WebSocket TCP Internet WebSocket Gateway © 2013 Kaazing Corporation WebSocket Gateway mktdata etc
  18. 18. Higher Level APIs (over WebSocket) for JavaScript So if you can layer application protocols and APIs over WebSocket, what do you have? •  •  •  •  •  •  •  •  •  •  Easier WebSocket programmability Event-driven applications over the web Event-driven APIs over the web Not necessary to open non-standard ports Web infrastructure now truly “disappears” Reduction in complexity Further opportunities to innovate Mobile + cloud + HTML5/WebSocket Internet of Things -> Web of Things “Imagination is Everything” © 2013 Kaazing Corporation
  19. 19. Higher Level APIs Reduces Complexity Innovation Simplicity is a Useful Abstraction! Simplicity enables Innovation Complexity © 2013 Kaazing Corporation
  20. 20. Anything Else Missing? Other Considerations for the Real-World… Must handle unfriendly network intermediaries Need to handle multiple WS versions Has to work in multiple DMZs What about multiple (and legacy) browser versions? Bandwidth management Concerns about open ports with back-end service Can’t have business logic in the DMZ Need highavailability topology AuthN/AuthZ Native, HTML5 and has to work multiple times hybrid environments Services architecture XaaS integration – the needs to be consistent Web beyond the browser Other language libs Integrate easily with non-messaging services All things you need for a real enterprise app © 2013 Kaazing Corporation
  21. 21. Futures What’s next for WebSocket? © 2013 Kaazing Corporation
  22. 22. Explosion of Open Web APIs §  APIs from everywhere §  Over 10K public APIs and even more Mashups -  -  programmableweb.com/apis/directory Amazon, Facebook, LinkedIn, AT&T, Google, Microsoft, NYTimes, Orange, SalesForce, Telefonica, Twitter, Visa, Vodafone, Bloomberg, NYSE, Thomson-Reuters, etc. §  Over time, more will be event-based – NoREST? §  Mashape.com, APIhub.com §  Enterprise and B2B APIs §  Services… Services… Services… © 2013 Kaazing Corporation
  23. 23. Industry View © 2013 Kaazing Corporation
  24. 24. Event-based XaaS Integration as a Service Monitoring as a Service Governance as a Service Identity as a Service WAN Optimization as a Service Data Center as a Service CDN as a Service Sentiment Analysis as a Service Risk Analytics as a Service Enterprise Messaging as a Service EAI as a Service © 2013 Kaazing Corporation Windows Desktop as a Service Network as a Service Trade Clearance as a Service Database as a Service Security as a Service Testing as a Service Notification as a Service Backup as a Service Auditing as a Service Analytics as a Service Telephony as a Service
  25. 25. History Repeats Itself RPC REST Asynchronous RPC Asynchronous REST Messaging Messaging ESB ISB Enterprise Web •  Can wait for response •  Tight coupling •  Centralized business processes •  Vertical interaction •  Easy to understand (xact) •  Future response •  Loose coupling •  Independent business processes •  More complexity (xact) Did I mention History repeats itself?... © 2013 Kaazing Corporation
  26. 26. Other Event-based (“real-time”) Systems? Music Presentation Communication Logistics Home Security Big Data Health Monitoring Intelligent Appliances © 2013 Kaazing Corporation Remote control Local Transportation Risk Management Monitoring/ Management
  27. 27. Demos Robin Zimmermann Robin.Zimmermann@kaazing.com, @robinzim §  §  §  §  © 2013 Kaazing Corporation Prashant Khanal Software Engineer – Kaazing Prashant.Khanal@kaazing.com Twitter: @ipras §  §  §  §  David Witherspoon Software Engineer – Kaazing David.Witherspoon@kaazing.com Twitter: @dpwspoon
  28. 28. Questions? frank.greco@kaazing.com © 2013 Kaazing Corporation