Using RESTful Web Services and
Cloud Computing for
Next-Generation Mobile
Applications




                            Jas...
What We’ll Cover



   Evolution of Mobile
   Overcoming the Limitations of Mobile Systems
       Cloud
       REST
 ...
Pre-2000: Basic devices with small
screens, expensive connectivity



2001: 3G Introduced in Europe and
Asia

2002: Blackb...
Modern Mobile Architectures

I used to carry a laptop everywhere
    Now I only carry one if I’m programming.

My smart ph...
Smartphone – a New Era of Consumer Computing


 Smart phones have key coexisting features that
  their predecessors do not...
Leveraging Modern Mobile Architectures


Most smartphones have enabling API's for internet
 connectivity using standard pr...
Existing Smart Phone Input Limitations

Smart Mobile Devices are “Input limited,”
       But sensor and connectivity rich
...
Advanced Mobile Contexts

   Explicit Location Contexts
            Radio beacons that are detectable (Bluetooth, Wifi, ...
Using Context to Overcome Input Limitations


Advanced contexts are external (i.e.)

        Not on the device
        D...
Cloud Computing


                       Web 2.0                      Storage
                        Data


             ...
Cloud to Overcome Classic Mobile Limitations



Traditionally the limitations of Mobile Computing
  have included:
      ...
Some Cloud Computing Options


Storage                       Federated Security
          Amazon S3                   Cu...
REST for Cloud Connectivity


REST = Representational State Transfer(Fielding, 2007)
RESTful Web-Services are advantageous...
Baseline #MobileCloud Archetype




               Authenticated RESTful Invocation




                Synchronous RESTfu...
CLOUD Computing via REST


   Most cloud services have exposed REST interfaces
   Authentication Varies
   Amazon's Clo...
REST Requests

REST HTTP *Invocations* fall into four categories:

         URL only
               Yahoo and Google Geo...
REST Responses


REST HTTP *Responses* fall into three categories:

        URL + Headers
              S3 PUT Bucket
  ...
Guidelines for REST for Mobile Platforms


Stay “Header” centric
   Data in headers are easily processed

Use XML streamin...
RxASM – REST XML As a State Machine

REST State Starts with Headers
 Status Code, Content Type, Content Length

Create a s...
RxASM Example: Google Geocoding State Diagram


                                                Present Tag =
            ...
RxASM Example: Google Geocoding Cocoa Touch




                                       State = OK to
                     ...
Security in the cloud


   Most cloud technologies use some sort of Federated
    Security Model
       Proprietary, Ope...
Key Handling Procedures


   Cloud and Mobile Environments are “Hostile”
              Open Auth handles this, mobile de...
Amazon Authentication


   Amazon issues a public key: identifies the customer
   Amazon issues a private key: used for ...
OAuth Authentication 1of 2


   Service Provider issues an “Unauthorized Request
    Token”
   App requests the service ...
OAuth Authentication 2of 2


   The application creates a GET to the authorize URL
       Twitter: http://twitter.com/oa...
Key Architectural Considerations
                  - Mobile Amazon S3


   Check Connectivity
   Gracefully Handle Tempo...
Key Architectural Considerations
                  - Mobile Amazon EMR


   Configure an S3 Bucket to support the executa...
Summary



   What we covered:
          Mobile friendly REST
          Examples of S3 for file storage.
          How...
Questions?



         Feel free to contact me:
                    Jason H Christensen
                    jason_h_chris...
Upcoming SlideShare
Loading in …5
×

Oopsla 2009 Combining REST and Cloud A Practitioners Report

986 views

Published on

This is the deck I presented at this years OOPSLA, and again at the Cloud Computing Boot Camp. It discusses overcoming input limitations through access to richer information in order to form more advanced contexts. The associated paper is here: http://portal.acm.org/toc.cfm?id=1639950&type=proceeding&coll=portal&dl=GUIDE

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
986
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Oopsla 2009 Combining REST and Cloud A Practitioners Report

  1. 1. Using RESTful Web Services and Cloud Computing for Next-Generation Mobile Applications Jason H Christensen Intelligence In Motion Partners OOPSLA 2009, Practitioner Reports
  2. 2. What We’ll Cover  Evolution of Mobile  Overcoming the Limitations of Mobile Systems  Cloud  REST  Baseline Modern Mobile Architecture  Implementers View of Common Component of the Architecture. Also, A big thanks to the following for the great design: Rebecca Vaneyll Hugh Griffith – hgriffith@vfs.com
  3. 3. Pre-2000: Basic devices with small screens, expensive connectivity 2001: 3G Introduced in Europe and Asia 2002: Blackberry email device released (non-TCP technologies) 2005: Nokia introduces N770 internet tablet for GA (no cellular connectivity) 2007: Apple introduces the iPhone Mobile Architectures Timeline
  4. 4. Modern Mobile Architectures I used to carry a laptop everywhere Now I only carry one if I’m programming. My smart phone has one distinct and clear advantage Unlike my Laptop.... My iPhone is:  Always On  Always Connected(internet)  Always With Me
  5. 5. Smartphone – a New Era of Consumer Computing Smart phones have key coexisting features that their predecessors do not:  TCP Application Stack  Multimodal Radio Connectivity  Sensors for Ascertaining Context  Common Programming Language Interfaces
  6. 6. Leveraging Modern Mobile Architectures Most smartphones have enabling API's for internet connectivity using standard protocols. This has ushered in a number of new approaches to applications:  Location Based Services – Japan (circa)2002  Spatial Augmented Reality – GeoVector 2003  Social Tracking/Web 2.0 Integration – Loopt 2007
  7. 7. Existing Smart Phone Input Limitations Smart Mobile Devices are “Input limited,” But sensor and connectivity rich Context can address this “Input limitation” Reduce inputs using “Context Awareness.” Most people are familiar with location contexts(Use the GPS), but there are some that remain untapped.
  8. 8. Advanced Mobile Contexts  Explicit Location Contexts  Radio beacons that are detectable (Bluetooth, Wifi, Zigbee(maybe someday )  provide fine grained interior location  Photo/Audio Contexts  Image processing/Voice to Text contexts for document generation/scientific uses  Social Contexts  Contexts that use social data (twitter relationships for instance) to determine influence/info flow (Social network analysis, corp TIA)  Group Contexts  Same as web 2.0 rankings (iMapMyRide, Yelp AR easter egg)
  9. 9. Using Context to Overcome Input Limitations Advanced contexts are external (i.e.)  Not on the device  Data will be collected from the device  Data will be processed centrally  Context will be returned to the device.
  10. 10. Cloud Computing Web 2.0 Storage Data Security Synchronization What’s in the Cloud? Social Transaction Data Management Processing
  11. 11. Cloud to Overcome Classic Mobile Limitations Traditionally the limitations of Mobile Computing have included:  Minimal Storage  Highly Constrained Processing Environment.  Poor quality multitasking/concurrency support. Let's Look at How Cloud Computing Can Help
  12. 12. Some Cloud Computing Options Storage Federated Security  Amazon S3  Custom  Apple's iDisk  Amazon Processing  Facebook  Custom  OAUTH  Amazon EC2, and  Google EMR  Open Social Synchronization  OpenID  XMPP backed Two-  Microsoft Phase Commit  Yahoo  XMPP backed MOM
  13. 13. REST for Cloud Connectivity REST = Representational State Transfer(Fielding, 2007) RESTful Web-Services are advantageous for mobile devices  REST is HTTP = Stateless and Connectionless:  REST is URL based (standard invocation),  REST can be made Very Succinct.
  14. 14. Baseline #MobileCloud Archetype Authenticated RESTful Invocation Synchronous RESTful Response Secured Push Server Push Notification Asynchronous Response
  15. 15. CLOUD Computing via REST  Most cloud services have exposed REST interfaces  Authentication Varies  Amazon's Cloud Computing Platform(via REST)  S3 for storage  EC2 for Additional computing  EMR for Processor Intensive Task  Most commonly, Roll your own Restful Service  Don’t forget security.  Architect for Mobile, other platforms benefit.
  16. 16. REST Requests REST HTTP *Invocations* fall into four categories:  URL only  Yahoo and Google GeoCoding  Amazon Elastic Map Reduce  URL + Headers  S3 Get Service, Get Bucket Contents  URL + Headers + XML Body  S3 Copy Object,  URL + Headers + File Content  S3 Put Object,
  17. 17. REST Responses REST HTTP *Responses* fall into three categories:  URL + Headers  S3 PUT Bucket  URL + Headers + File Content  S3 Get Object  URL + Headers + XML  S3 Get Bucket Contents  Google Maps Geo call  Elastic Map Reduce
  18. 18. Guidelines for REST for Mobile Platforms Stay “Header” centric Data in headers are easily processed Use XML streaming, i.e. SAX/expat for memory optimization Balance Memory and Processing Favor Attributes Raw Data can be encoded and passed directly using HTTP.
  19. 19. RxASM – REST XML As a State Machine REST State Starts with Headers Status Code, Content Type, Content Length Create a state representation of the XML tags and attributes. Allows us to only extract essential data, and discard the superfluous, easing both memory and processing
  20. 20. RxASM Example: Google Geocoding State Diagram Present Tag = HTTP 200 Processing AddressDetails XML Accuracy > 8 OK to Use Pending Coordinates Response Received Present Tag = Coordinates HTTP and in Error FoundCharacters Processing Aborted Grab Char’s Stop Processing
  21. 21. RxASM Example: Google Geocoding Cocoa Touch State = OK to Use Pending Coordinates State= Lat Lon Pending State = Found Characters
  22. 22. Security in the cloud  Most cloud technologies use some sort of Federated Security Model  Proprietary, OpenID, or Open Auth  Amazon S3 uses a proprietary scheme  Public Key/Private Key  Private Key to sign certain headers.  Most Social Nets use Open Auth, except Facebook uses FBConnect.
  23. 23. Key Handling Procedures  Cloud and Mobile Environments are “Hostile”  Open Auth handles this, mobile devices must use 3-Legged OAuth  Public Keys - properties file(j2me) or defaults bundle(cocoa touch)  Private Keys - “sandboxed” keystore  This does two things, one is it decouples applications for evolution concerns.  It adds one more level of “privacy” since applications are restricted to their keystore instance(s)
  24. 24. Amazon Authentication  Amazon issues a public key: identifies the customer  Amazon issues a private key: used for signing  Create the string to sign(s3-dg p.13)  StringToSign = HTTP-Verb n Content-MD5 n Content-Type n Date n CanonicalizedAmzHeaders n /Bucket/Resource(up to query string)  Sign the string using the private key and HMAC- SHA1  Base64 encode the result and append to the Authorization Header.
  25. 25. OAuth Authentication 1of 2  Service Provider issues an “Unauthorized Request Token”  App requests the service providers “Request Token Url”  For Twitter :http://www.twitter.com/oauth/request_token.  The service provider responds with a request token and secret in the body:  oauth_token=ab3cd9j4ks73hf7g&oauth_token_secret=xyz4992 k83j47x0b  At this point the consumer needs to get client permission
  26. 26. OAuth Authentication 2of 2  The application creates a GET to the authorize URL  Twitter: http://twitter.com/oauth/authorize  The user is then taken to an embedded html page and authenticates with the site.  The site then redirects the user back to the application using the callback method.  The application can now access authenticated resources using the generated “Access Key.”
  27. 27. Key Architectural Considerations - Mobile Amazon S3  Check Connectivity  Gracefully Handle Temporary Redirects  Support Continue  Use Chunked Gets(dg p. 127)  Consider Network Type  Time Versus Bandwidth  The Amazon AUTH Token uses the Date header.  This Header is “Volatile”, use x-AmzDate instead
  28. 28. Key Architectural Considerations - Mobile Amazon EMR  Configure an S3 Bucket to support the executable files(java jars**)  When ready to invoke  Put the input file on S3 in a predetermined location  Invoke the EMR request with:  Check for and grab the output  Poll S3 using a HEAD request  Configure a Push Server **other languages are supported but require streaming
  29. 29. Summary  What we covered:  Mobile friendly REST  Examples of S3 for file storage.  How federated identity is used in cloud computing.
  30. 30. Questions?  Feel free to contact me: Jason H Christensen jason_h_christensen@jasonc411.com Slideshare: jasonc411 Twitter: jasonc411 http://jasonc411.com Photo Credits Iphone – (adapted from) http://images.apple.com/iphone/home/images/buystrip-iphone-20090608.png Clouds – (adapted from) http://en.wikipedia.org/wiki/File:Cumulus_mediocris.jpg Servers – (adapted from) http://www.hp.com/products1/servers/carrier_grade/images/G7400001082007.gif Amazon aws - http://media.amazonwebservices.com/logo_aws.gif Twitter logo - https://s3.amazonaws.com/twitter_production/a/1256597179/images/twitter_logo_header.png

×