Many enterprise IT folk seem to believe that REST is only suitable for lightweight integration or for relatively simple data manipulation (CRUD). On the contrary, by applying well-understood design patterns, REST can provide capabilities that only traditional enterprise integration tools have been able to provide - high performance, asynchronous messaging, reliability, etc.
This paper presents an overview of best practices and techniques for enabling data discovery at an enterprise scale. The paper is based on real world experience implementing this type of solutions for Global 2000 companies.
You've created web sites and spruced them up with jQuery to improve your user experience. You've played around with WCF Data Services to create lists of data from your server. But what happens when you bring the two of them together. It's like peanut butter and jelly; peas and carrots; well, you get the idea. This talk will describe how to connect your jQuery-based web application with your OData data service. If time permits, we'll also look at binding your OData feed to interesting jQuery plug-ins like jqGrid.
Presentation from DDD Sydney, May 28th, 2016
Buzz word! More buzz words! And another buzz word!! Now that that's out of the way, if you're thinking of heading down the microservices path, then how do you do it? How do you build the services? What do you need to think about if you're starting from scratch? What if you're converting a legacy app? How do we deal with versioning? Do we have to use a NoSQL solution, just because Netflix does? Do we need to use docker/containers? What about the code? Show me the code! Well, that's what this session is all about. Designing and building microservices in .NET and then handling a bunch of other concerns that a microservices approach will force you to think about. Sounds interesting, doesn't it? You betcha.
Organisations are building their applications around microservice architectures because of the flexibility, speed of delivery, and maintainability they deliver. In this session, the concepts behind microservices, containers and orchestration was explained and how to use them with MongoDB.
This paper presents an overview of best practices and techniques for enabling data discovery at an enterprise scale. The paper is based on real world experience implementing this type of solutions for Global 2000 companies.
You've created web sites and spruced them up with jQuery to improve your user experience. You've played around with WCF Data Services to create lists of data from your server. But what happens when you bring the two of them together. It's like peanut butter and jelly; peas and carrots; well, you get the idea. This talk will describe how to connect your jQuery-based web application with your OData data service. If time permits, we'll also look at binding your OData feed to interesting jQuery plug-ins like jqGrid.
Presentation from DDD Sydney, May 28th, 2016
Buzz word! More buzz words! And another buzz word!! Now that that's out of the way, if you're thinking of heading down the microservices path, then how do you do it? How do you build the services? What do you need to think about if you're starting from scratch? What if you're converting a legacy app? How do we deal with versioning? Do we have to use a NoSQL solution, just because Netflix does? Do we need to use docker/containers? What about the code? Show me the code! Well, that's what this session is all about. Designing and building microservices in .NET and then handling a bunch of other concerns that a microservices approach will force you to think about. Sounds interesting, doesn't it? You betcha.
Organisations are building their applications around microservice architectures because of the flexibility, speed of delivery, and maintainability they deliver. In this session, the concepts behind microservices, containers and orchestration was explained and how to use them with MongoDB.
This presentation targets to guiding security expert and developer to protect PaaS deployment to eliminate security threats. This also introduces Threat Modeling.
Here you find some points to think about if you're considering to use a microservice architecture in your next project. In the first part you'll find some management considerations and then some points about technologies and solutions for MS problems.
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.
Microservices Architecture (MSA) - Presentation made at The Open Group confer...Somasundram Balakrushnan
The slides from the Microservices Architecture (MSA) presentation made at The Open Group conference 2015, in San Diego, CA, USA.
The co-chairs of the MSA project, Som B and Ovace M, presented and spoke on their current work and their findings from The Open Group project.
Chcete vědět víc? Mnoho dalších prezentací, videí z konferencí, fotografií i jiných dokumentů je k dispozici v institucionálním repozitáři NTK: http://repozitar.techlib.cz
Would you like to know more? Find presentations, reports, conference videos, photos and much more in our institutional repository at: http://repozitar.techlib.cz/?ln=en
Microservices pattern language (microxchg microxchg2016)Chris Richardson
My talk from http://microxchg.io/2016/index.html.
Here is the video - https://www.youtube.com/watch?v=1mcVQhbkA2U
When architecting an enterprise Java application, you need to choose between the traditional monolithic architecture consisting of a single large WAR file, or the more fashionable microservices architecture consisting of many smaller services. But rather than blindly picking the familiar or the fashionable, it’s important to remember what Fred Books said almost 30 years ago: there are no silver bullets in software. Every architectural decision has both benefits and drawbacks. Whether the benefits of one approach outweigh the drawbacks greatly depends upon the context of your particular project. Moreover, even if you adopt the microservices architecture, you must still make numerous other design decisions, each with their own trade-offs.
A software pattern is an ideal way of describing a solution to a problem in a given context along with its tradeoffs. In this presentation, we describe a pattern language for microservices. You will learn about patterns that will help you decide when and how to use microservices vs. a monolithic architecture. We will also describe patterns that solve various problems in a microservice architecture including inter-service communication, service registration and service discovery.
An IAM for Beginners session led by Dr. Matthias Tristl, Senior Instructor, ForgeRock
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Case Study: University of California, Berkeley and San FranciscoForgeRock
Presented by Dedra Chamberlin Deputy Director, Identity and Access Management University of California, Berkeley and San Francisco, Francesco Meschia IAM Engineer, UC Berkeley and Mukesh Yadav, IAM Engineer, UC San Francisco at ForgeRock Open Stack Identity Summit, June 2013
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Cloud data management enables forward thinking companies to reduce the cost of managing enterprise data and still provide security, compliance, performance and easy access. As content ages, it loses value, but organizations can still monetize their less current data through modern SaaS-based solutions.
Microservices Pattern Language
Microservices Software Architecture Governance, Best Practices and Design Pattern
Decomposition Patterns
Decompose by Business Capability
Decompose by Subdomain
The Role of Blockchain in Future IntegrationsSrinath Perera
We have critically evaluated blockchain-based integration use cases, their feasibility, and timelines. Emerging Technology Analysis Canvas (ETAC), a framework built to analyze emerging technologies, is the methodology of our study. Based on our analysis, we observe that blockchain can significantly impact integration use cases.
In our paper, we identify 30-plus blockchain-based use cases for integration and four architecture patterns. Notably, each use case we identified can be implemented using one of the architecture patterns. Furthermore, we also discuss challenges and risks posed by blockchains that would affect these architecture patterns.
Designing and building RESTful APIs isn’t easy. On its surface, it may seem simple – after all, we’re only marshaling JSON back and forth over HTTP right? However, that’s only a small part of the equation. There are many things to keep in mind while building the systems that act as the key to your system.
In this session, we’ll delve into several best practices to keep in mind when designing your RESTful API. We’ll discuss authentication, versioning, controller/model design, and testability. We’ll also explore the do’s and don’t’s of RESTful API management so that you make sure your APIs are simple, consistent, and easy-to-use. Finally, we’ll discuss the importance of documentation and change management. The session will show examples using ASP.NET Web API and C#. However, this session will benefit anyone who is or might be working on a RESTful API.
This presentation targets to guiding security expert and developer to protect PaaS deployment to eliminate security threats. This also introduces Threat Modeling.
Here you find some points to think about if you're considering to use a microservice architecture in your next project. In the first part you'll find some management considerations and then some points about technologies and solutions for MS problems.
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.
Microservices Architecture (MSA) - Presentation made at The Open Group confer...Somasundram Balakrushnan
The slides from the Microservices Architecture (MSA) presentation made at The Open Group conference 2015, in San Diego, CA, USA.
The co-chairs of the MSA project, Som B and Ovace M, presented and spoke on their current work and their findings from The Open Group project.
Chcete vědět víc? Mnoho dalších prezentací, videí z konferencí, fotografií i jiných dokumentů je k dispozici v institucionálním repozitáři NTK: http://repozitar.techlib.cz
Would you like to know more? Find presentations, reports, conference videos, photos and much more in our institutional repository at: http://repozitar.techlib.cz/?ln=en
Microservices pattern language (microxchg microxchg2016)Chris Richardson
My talk from http://microxchg.io/2016/index.html.
Here is the video - https://www.youtube.com/watch?v=1mcVQhbkA2U
When architecting an enterprise Java application, you need to choose between the traditional monolithic architecture consisting of a single large WAR file, or the more fashionable microservices architecture consisting of many smaller services. But rather than blindly picking the familiar or the fashionable, it’s important to remember what Fred Books said almost 30 years ago: there are no silver bullets in software. Every architectural decision has both benefits and drawbacks. Whether the benefits of one approach outweigh the drawbacks greatly depends upon the context of your particular project. Moreover, even if you adopt the microservices architecture, you must still make numerous other design decisions, each with their own trade-offs.
A software pattern is an ideal way of describing a solution to a problem in a given context along with its tradeoffs. In this presentation, we describe a pattern language for microservices. You will learn about patterns that will help you decide when and how to use microservices vs. a monolithic architecture. We will also describe patterns that solve various problems in a microservice architecture including inter-service communication, service registration and service discovery.
An IAM for Beginners session led by Dr. Matthias Tristl, Senior Instructor, ForgeRock
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Case Study: University of California, Berkeley and San FranciscoForgeRock
Presented by Dedra Chamberlin Deputy Director, Identity and Access Management University of California, Berkeley and San Francisco, Francesco Meschia IAM Engineer, UC Berkeley and Mukesh Yadav, IAM Engineer, UC San Francisco at ForgeRock Open Stack Identity Summit, June 2013
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Cloud data management enables forward thinking companies to reduce the cost of managing enterprise data and still provide security, compliance, performance and easy access. As content ages, it loses value, but organizations can still monetize their less current data through modern SaaS-based solutions.
Microservices Pattern Language
Microservices Software Architecture Governance, Best Practices and Design Pattern
Decomposition Patterns
Decompose by Business Capability
Decompose by Subdomain
The Role of Blockchain in Future IntegrationsSrinath Perera
We have critically evaluated blockchain-based integration use cases, their feasibility, and timelines. Emerging Technology Analysis Canvas (ETAC), a framework built to analyze emerging technologies, is the methodology of our study. Based on our analysis, we observe that blockchain can significantly impact integration use cases.
In our paper, we identify 30-plus blockchain-based use cases for integration and four architecture patterns. Notably, each use case we identified can be implemented using one of the architecture patterns. Furthermore, we also discuss challenges and risks posed by blockchains that would affect these architecture patterns.
Designing and building RESTful APIs isn’t easy. On its surface, it may seem simple – after all, we’re only marshaling JSON back and forth over HTTP right? However, that’s only a small part of the equation. There are many things to keep in mind while building the systems that act as the key to your system.
In this session, we’ll delve into several best practices to keep in mind when designing your RESTful API. We’ll discuss authentication, versioning, controller/model design, and testability. We’ll also explore the do’s and don’t’s of RESTful API management so that you make sure your APIs are simple, consistent, and easy-to-use. Finally, we’ll discuss the importance of documentation and change management. The session will show examples using ASP.NET Web API and C#. However, this session will benefit anyone who is or might be working on a RESTful API.
REST Architectural Style: A Detail ExplainNguyen Cao
The idea of this talk is to explain the architectural design concepts behind REST APIS and its roles in modern web APIs.This is a presentation at Barcamp Saigon 2012.
50 data principles for loosely coupled identity management v1 0Ganesh Prasad
In the field of Identity and Access Management (IAM), Data is more important than Technology. A poorly designed data model can cause an IAM initiative to fail even with massive investments in technology products. Yet Data usually receives only superficial treatment, and many practitioners seem unaware of the basic principles to follow when designing Identity-based systems.
This presentation is a succinct summarisation of 50 data-related principles that an organisation overlooks at its peril.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
This presentation teach how to design a real-world and pragmatic web API. It draws from the experience Mario Cardinal have gained over the years being involved architecting many Web API. This presentation begins by differencing between a Web and a REST API, and then continue with the design process. We conclude with the core learnings of the session which is a review of the best practices when designing a web API. Armed with skills acquired, you can expect to see significant improvements in your ability to design a pragmatic web API.
Deep-dive into Microservice Outer ArchitectureWSO2
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2016/02/deep-dive-into-microservice-outer-architecture/
Microservices architecture (MSA) promotes loosely coupled services as building blocks for software system architecture. It was first adopted by large internet companies like Netflix and now is popular with enterprise architects everywhere.
You may find yourself asking what the main premises of MSA are and whether it replaces SOA. In this webinar Frank and Srinath will
Compare and contrast MSA with SOA and discuss both their pros and cons
Examine what MSA looks like in practice
Answer questions such as where to use databases, how to use security and how to perform service orchestration and integration
Discuss practical challenges
Presentation I gave at JPoint Meetingpoint (in a slight different version) and GotoCon Amsterdam 2012.
How to get your API or service from using the basic REST principles such as verbs and resources to a complete RESTful service that fully supports "Hypermedia as the engine of application state" (HATEOAS).
More info at www.smartjava.org
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
We already showed you how to build a Beautiful REST+JSON API(http://www.slideshare.net/stormpath/rest-jsonapis), but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.
An introduction to REST and RESTful web services.
You can take the course below to learn about REST & RESTful web services.
https://www.udemy.com/building-php-restful-web-services/
SOA is becoming important for Business Process Management and Enterprises. Now SOA is widely used by Enterprises as it provides seamless environment, flexibility, interoperability, but at the same time security should also consider because the basic SOA framework doesn�t possess any security. It depends upon the respective proprietor for security [1]. In recent times many research work had done for SOA security. Researchers have also proposed various frameworks and models such as FIX [2], SAVT [3] which tries a lot, but cannot achieve any landmark as they are based on XML schema.This proposed novel work contains an inbuilt security module which was based on PKI. At the same time this model will intact the flexibility and interoperability as the security module is embedded by analyzing the nature of WSDL, UDDI, SOAP and XML. These protocols are also compatible with PKI. Proposed Model was implemented in the asp.net environment then experimental results are compared with other security methods such as data mining based web security and automata based web security
A NEW ARCHITECTURE PROPOSAL TO INTEGRATE OPC UA, DDS & TSN.
Suppliers and end users need a complete solution to address the complexity of future industrial automation systems. These systems require:
• Interoperability to allow devices and independent software applications from multiple suppliers to work together seamlessly
• Extensibility to incorporate future large or intelligent systems
• Performance and flexibility to handle challenging deployments and use cases
• Robustness to guarantee continuity of operation despite partial failures
• Integrity and fine-grained security to protect against cyber attacks
• Widespread support for an industry standard
This document proposes a new technical architecture to build this future. The design combines the best of the OPC Unified Architecture (OPC UA), Data Distribution Service (DDS), and Time-Sensitive Networking (TSN) standards. It will connect the factory floor to the enterprise, sensors to cloud, and real-time devices to work cells. This proposal aims to define and standardize the architecture to unify the industry.
A quick overview on REST : what it is and what it is not. REST has strict contraints and many internet Apis are not so REST. It’s also very popular today because RESTfull services can be consumed easily by any client or device. Soap is also still valid in a few circomstaces. It has never been so easy to create Rest-like services in .net since asp.net Web Api.
Workshop Slides - Introduction to Dependency-Oriented Thinking" Feb 15, 2014,...Ganesh Prasad
This is the full slide pack containing all the slides from my all day workshop on Dependency-Oriented Thinking. If people don't have the patience to read the 264 page document (http://slidesha.re/1cPwPD2), they can flip through this first.
(Deprecated) Slicing the Gordian Knot of SOA GovernanceGanesh Prasad
This document has been superseded by "Dependency-Oriented Thinking: Volume 2 - Governance and Management". Please download that instead: http://slidesha.re/1fEjz7A
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
1. Implementing SOA*
in the
Enterprise using a REST**
Approach
Ganesh Prasad
* SOA = Service-Oriented Architecture ** REST = REpresentational State Transfer
2. Intended Audience
This presentation is addressed to the Enterprise Architect responsible
for setting out a target and roadmap for the middle tier of an
enterprise, what is commonly known as the “SOA direction”.
You, the architect, understand:
- Organisational structure, business drivers, strategies, politics
- Product systems, applications, functionality overlaps and gaps
- Interface and integration complexity
- Qualities of service demanded and currently provided
- Scale, volume and performance
- Costs and risks
You are knowledgeable in a variety of disciplines.
Yet you are also intensely pragmatic. You seek solutions to your
problems without preconceptions and other ideological baggage.
This presentation is about a simple, cost-effective and extremely
practical way to achieve your key deliverable, i.e., an implementable
vision of SOA.
3. Recap: Fundamental Principles of SOA
SOA is an architecture for business and technology components
wherein implicit dependencies are eliminated and all legitimate
dependencies between components are stated as explicit contracts.
SOA can deliver greater connectivity, flexibility and reusability, with
the ultimate business benefits being agility, lower time-to-market and
sustainably lower costs.
The fundamental principles behind SOA are:
1. Explicit Boundaries
2. Shared Contract and Schema, not Class
3. Policy-Driven
4. Autonomous
5. Wire Formats, not Programming Language APIs
6. Document-Oriented
7. Loosely-Coupled
8. Standards-Compliant
9. Vendor-Independent
10. Metadata-Driven
- Ten Principles of SOA, Stefan Tilkov (InfoQ)
http://www.infoq.com/articles/tilkov-10-soa-principles
4. Observation: Web Technology Satisfies SOA Principles
Fact: The Web is a simple, flexible, scalable, low-cost platform for application
development. (Proof: The many millions of Internet/Intranet applications
developed since 1994, when the Web officially began.)
Observation: The Web is not restricted to the transfer of visual HTML markup
for consumption by human users with browsers. It can be used to transfer
non-visual data (XML documents) between computer systems as well.
Insight: SOA objectives are achievable very simply using Web technology.
There is no need to define specialised protocols like SOAP or use specialised
adapters, brokers, registries and other new infrastructure.
SOA Principles
1. Explicit Boundaries
2. Shared Contract & Schema
3. Policy-Driven
4. Autonomous
5. Wire Formats, not APIs
6. Document-Oriented
7. Loosely-Coupled
8. Standards-Compliant
9. Vendor-Independent
10. Metadata-Driven
Web Technology measured against SOA principles
1. URLs define endpoints, abstract away implementations
2. Contract: URLs, HTTP verbs and XML document payloads
3. Client and server can negotiate capabilities*
4. Dependencies on interfaces alone, not implementations
5. Only needs a wire format - HTTP protocol + XML payload
6. (XML) document is the HTTP payload
7. Satisfies many dimensions of loose coupling**
8. No dependence on proprietary/non-standard technology
9. No dependence on vendor-specific features
10. Easy to describe, easy to consume based on description
* E.g., “Accept” and “Content-type” headers
** Location-transparent, interface dependency only, proxyable, can
support asynchronous models (polling and callback)
5. Yes, but is REST truly “Enterprise Class”?
This is really a question of confidence. A new concept (even a sudden return
to basics) does not inspire confidence because it challenges established
“truths”.
As enterprise architects, we are familiar with web technology.
Many important product systems and applications have been built as web
apps, and they work quite well.
But...
“HTTP is a synchronous request/response protocol. We have many enterprise
requirements for asynchronous communication. A synchronous constraint would be too
limiting in our context.”
“HTTP is not a reliable protocol. We already have far more reliable communication
infrastructure in our enterprise, e.g., message queues.”
“I'm frankly skeptical. I don't believe everything can be reduced to a URI.”
“I also think that a CRUD interface is too simplistic to cover all possible use cases when
dealing with resources.”
“A lot of very smart people from large organisations that understand enterprise issues
have worked on SOAP, WSDL and all the WS-* standards. Are you telling me these REST
people know something that they don't?”
6. Reframing situations leads to new insights
Old woman or young?
Practically, asynchronous behaviour refers to either
fire-and-forget, polling or callbacks. Can't these be
implemented with HTTP? Think Design Patterns.
Often, when we say “at-most-once delivery”, we
really mean “at-most-once processing”. That's
idempotence, not reliable messaging – a different
problem. Also, transactional integrity is different
from uncertainty over transaction status. What is the
real problem we are trying to solve?
The URI abstraction is analogous to the file
abstraction in Unix. Unix treats everything as a file,
even processes (/proc/43437) and hardware devices
(/dev/mouse). That abstraction more than just
works. It makes the design of Unix elegant.
A CRUD interface isn't necessarily simplistic. It's
polymorphic. Each resource responds differently to
the same request. We know that polymorphism,
more than inheritance, gives OO its power.
The smartness of committees: Everybody but
Copernicus knew the Earth was the centre of the
universe. Everybody but Columbus knew the Earth
was flat. Who were these upstarts anyway?
7. What REST is not
Despite sharing the basic technology, REST is more than just
traditional web application development. There are principles that an
application must adhere to, to be considered RESTian. Many, perhaps
most, web applications that have been built so far consciously or
unconsciously violate REST principles. Indeed, complacency around
REST (“We've been doing this for years”) can prevent exploitation of
its benefits.
REST is not a set of hard-and-fast rules or a set of DOs and DON'Ts. It
is not a methodology. It is considered an architectural style, which
makes it too abstract for some. Nevertheless, it has a discipline that
must be understood and applied before its benefits can be realised.
REST is not a product one can purchase from a vendor. It is not even
an Open Source product. However, RESTian applications can be
implemented using commodity products from any source. The only
software component required is typically a programmable (dynamic)
web server, ideally with XML processing capability.
8. High Level Overview of a RESTful System
URI
URI
URI
URI URI
URI URI
1. The System is modelled as a set of uniquely
identifiable resources and collections thereof, based
on how it needs to appear to external parties.
2. URIs are used
to uniquely
identify resources.
3. URIs are used to
hyperlink resources
together into a
'resource graph'.4. Regardless of the nature of the application domain (Banking,
Insurance, Airlines, etc.), consumers of the system's services do
not use specialised verbs to interact with it. Generally speaking,
four standard verbs corresponding to Create, Retrieve, Update
and Delete are sufficient, although a limited superset is also
possible. If this seems too fine-grained, remember that the
resources on which they act can be defined to be arbitrarily
coarse-grained.
Service
Consumer
Create
Retrieve
Delete
Update
5. The resource graph is only a logical representation of the actual domain model that is
exposed to external parties (service consumers). This representation is mapped back to
domain objects as part of the SOA implementation. This is how loose coupling is achieved.
The actual domain model is never exposed to external parties, only its representation as a
resource graph supporting a few standard operations. That is the RESTful service contract.
Domain
Model
Implementation
9. Semantics of HTTP Verbs in REST
GET means Retrieve Details when applied to a specific resource
http://www.xyz.com/customers/76772374 <= retrieve details of this customer
GET means List when applied to a collection
http://www.xyz.com/customers <= retrieve list of customers
GET can also mean Search (selective retrieval) when appropriate
parameters are passed
http://www.xyz.com/customers/?postcode=2345 <= search for customers in this area
DELETE is applied to a specific resource, not to a collection
http://www.xyz.com/customers/76772374 <= delete this customer
DELETE only means the resource will no longer be accessible
through this URI after this operation. Further attempts to access
this URI will result in a 404 error (resource not found). The actual
domain entity may still exist (say in an archived fashion) and may
be accessible by back-end applications that don't use the REST
interface.
10. Semantics of HTTP Verbs in REST
POST and PUT have more nuanced semantics.
PUT means “Create or Update” and always refers to a particular
resource, not to a collection. If the resource does not already exist, it is
created and the given URI is associated with it from then on, provided
the data payload satisfies the correctness and completeness
requirements for resource creation. If the resource already exists, the
associated data payload determines which attributes of the resource
must be updated.
http://www/xyz.com/customers/76772374 <= change billing address
<billing-address>
... <= payload specifying attribute for update
</billing-address>
POST means Create (Insert) and is normally applied to collections. A URI
is generated by the system, associated with the newly-created resource
and returned as part of the response to this request. POST is also a
catch-all verb and may be used to handle odd cases that don't neatly fit
the semantics of the other verbs.
http://www.xyz.com/customers/ <= create a new customer
<customer-details>
... <= payload with full details of customer
</customer-details>
11. Idempotence and Safety of HTTP Verbs in REST
Non-idempotent (hence
unsafe) operations
Idempotent (but
unsafe) operations
Safe (hence
idempotent)
operations
POST
PUT
DELETE
GET
Venn Diagram showing the inter-relationship between Idempotence* and Safety**, and where the
HTTP verbs used by REST lie within this area.
*An idempotent operation has the same effect when it is performed multiple times as when it is performed exactly once.
**A safe operation has no side-effects. Queries/reads/retrievals are the canonical safe operations.
All safe operations are idempotent, but the reverse is not necessarily true.
12. HTTP Status Codes and their Meanings
REST is not just about 4 verbs to formulate requests. The status codes
of responses convey many nuances of meaning.
1xx – Informational
100 Continue
101 Switching Protocols
2xx – Successful
200 OK
201 Created
202 Accepted
203 Non-authoritative Information
204 No Content
205 Reset Content
206 Partial Content
3xx – Redirection
300 Multiple Choices
301 Moved Permanently
302 Found
303 See Other
304 Not Modified
305 Use Proxy
306 (unused)
307 Temporary Redirect
4xx – Client Error
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Operation Not Permitted
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URI Too Long
415 Unsupported Media Type
416 Request Range Not Satisfiable
417 Expectation Failed
5xx – Server Error
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
14. What would RESTful Internet Banking look like?
The Customer resource:
http://www.xyz.com/customers/76772374 <= A particular customer, uniquely identified
http://www.xyz.com/customers <= The set of all customers
The Account resource:
http://www.xyz.com/customers/76772374/accounts <= This customer's accounts
http://www.xyz.com/accounts/675653-767973 <= A particular account (may be jointly held)
Account List Query:
GET => http://www.xyz.com/customers/76772374/accounts
may return many records in this form (note the hyperlink):
<account-list>
<account href=”http://www.xyz.com/accounts/675653-767973”
account-number=”675653-767973”
account-balance=”5042.74”/>
...
</account-list>
This data may be processed or displayed, and also used for further queries (below):
Account Statement Query:
GET => http://www.xyz.com/accounts/675653-767973 <= use hyperlink from previous query
15. What would RESTful Internet Banking look like?
Updates:
Change of Address (Idempotent but not Safe):
PUT => http://www.xyz.com/customers/76772374 <= update a particular customer's details
<address street-number=”23/56” street-name=”Rest Mews” suburb=”Epping” post-code=”2121” />
Funds Transfer (Inherently neither Idempotent nor Safe):
GET => http://www.xyz.com/transfers/?new
Returns a confirmation URI (one-time access only):
http://www.xyz.com/transfers/R5YU780A32JK9Y
Perform the transfer using this one-time URI:
POST => http://www.xyz.com/transfers/R5YU780A32JK9Y <= cannot be re-accessed, ensuring idempotence
<transfer-request from-account=”657653-767973” to-account=”876456-676786” amount=”1000.00”/>
Returns 202 Accepted (HTTP Status) the first time if successful, or an error status if not.
Accidentally repeating the transfer request will return a 405 (Operation Not Permitted) response
because the URI, being one-time, is no longer accessible after the first successful POST.
This is REST's simple way of ensuring idempotent operations.
17. Caching and Performance Optimisation in REST
Because GET is safe (and idempotent), it can be cached, improving performance.
Caveats:
1. GET must never be implemented with side-effects:
GET http://www.xyz.com/accounts/675653-767973?action=delete <= This is not RESTful usage
2. Time-sensitive data must support negotiation around expiry:
Send “If-modified-since” HTTP header along with the GET request
If content remains unchanged, server responds simply with “304 Not Modified” header
and does not re-send the data
If content has changed, server responds with “200 OK” response, a “Last-Modified” header
and the new data
Etags are another way to determine if content has changed.
Etags are like a hash or digest of the content that indicates whether content has changed or
not. A caching proxy can send a lightweight HEAD request to the origin server. If the Etag in
the header has not changed, the proxy can safely serve up the response from its own cache
without hitting the origin server with the full request.
Comparison with SOAP: Note that because SOAP-based service operations are arbitrarily named,
there is no automated way to determine whether they are safe and idempotent. Hence it is not
possible for infrastructural components like caching proxies to seamlessly improve performance
without special (read: application-aware) configuration.
18. Enterprise Queueing vs REST – which is more performant?
Enterprise Message Queueing products are highly optimised for performance
and support both vertical and horizontal scalability. At high levels of scalability
though, such infrastructure can be quite expensive.
A standard web server is moderately scalable, but a load-balanced web server
farm is much more scalable, especially for stateless interactions. Since REST is
a stateless architecture, adequate performance for most applications is
achievable with inexpensive commodity hardware.
The justification for enterprise queueing products is therefore much lower with
a REST model.
19. Asynchronous Communications using REST
REST uses HTTP, which is a synchronous request/response protocol.
How can we use RESTful techniques to support asynchronous
interactions? E.g., Long-running processes when service consumer
cannot afford to “block” on the response.
Three standard patterns (independent of REST):
- Fire-and-forget (service consumer does not wait for a response)
- Polling (service consumer periodically polls the status)
- Callback (service provider calls consumer back when done)
20. How REST implements Asynchronous Interactions – 1
Fire-and-Forget (Reliable one-way
messaging)
Service
Consumer
Load
Balancer
Active
Web Server
POST
202 Accepted
<data/>
Active
Web Server
Failed
Web Server
Heartbeat
Heartbeat
Heartbeat
Response
Response
Timeout
...
...
POST
<data/>
202 Accepted
Choose
physical
server based
on LB
algorithm
Merely an
acknowledgement
of the request, not
the response
Web Server Farm
A single web server is less reliable and available than enterprise queueing infrastructure.
But a load-balanced web server farm approaches queueing infrastructure in availability.
Reliable one-way messaging (fire-and-forget) can thus be implemented simply and
21. How REST implements Asynchronous Interactions – 2
Polling
Service
Consumer
Service
Provider URI
Status Query
URI
POST
Status Query URI
GET
404 Not found
GET
404 Not found
GET
200 OK
...
<data>
...
</data>
202 Accepted Merely an
acknowledgement of the
request, not the
response
Repeated
Polling
<data/>
22. How REST implements Asynchronous Interactions – 3
Callback
Service
Consumer
Service
Provider URI
Callback
Subscription
URI
POST
Callback Subscription URI
202 Accepted
Merely an
acknowledgement
of the request, not
the response
POST
Callback URI
202 Accepted
Callback
URI
POST
<data>
...
</data>
Notification
Service
...
<data/>
23. Reliable Messaging/Guaranteed Delivery using REST
In many cases, even if we say we want guaranteed delivery, we are
really concerned about the uncertainty surrounding transaction status.
1. “Guaranteed Delivery” is a chimera when we also want
acknowledgements of the delivery. This reduces to the “Two-Army
Problem” of networking theory which is proven to be unsolvable.
2. “At-Most-Once Delivery” is in fact a requirement for “At-Most-Once
Processing” (i.e., Idempotence).
3. Uncertainty is less of a problem if idempotence can be guaranteed.
If in doubt, retry the request!
24. Enterprise Queueing vs REST – which is more “reliable”?
Service
Consumer
Service
Provider
Request Queue
Response Queue
1. The Service
Consumer places a
request message
on the Request
Queue.
2. The Service
Provider pulls the
request message
off the Request
Queue.
3. The Request Queue confirms to the
Service Consumer that the message has
been delivered.
4. The Service Provider
processes the
message (e.g.,
updates a resource in
a non-idempotent
way).
5. The Service
Provider places
either a Success or
Failure message on
the Response Queue.
6. The Service
Consumer pulls the
status message
(Success/Failure) off
the Response Queue.
7. The Response Queue confirms to the
Service Provider that the message has been
delivered.
The two queues guarantee message delivery and even confirm delivery to the application at the other end. However,
the possibility of a fatal error between steps 2 and 4, or between steps 4 and 5, means that end-to-end guarantees of
the business transaction are not possible.
In the first case (fatal error between steps 2 and 4), the message is not acted upon and the resource is not updated.
In the second (fatal error between steps 4 and 5), the message is acted upon, the resource updated, but no status
message is placed on the Response Queue.
In either case, the Service Consumer fails to receive a response, hence is uncertain whether the transaction was
processed or not. Since the operation is non-idempotent, it cannot be safely retried.
Hence guaranteed message delivery alone is not a solution to the critical requirement of an Exactly
Once business transaction.
Enterprise Message Queueing infrastructure is expensive, but ironically does not address this business requirement.
REST addresses the business requirement through the POST-Exactly-Once pattern which guarantees idempotence and
makes uncertainty a non-issue. It is also inexpensive.
Even with reliable queues, round-trip reliability is impossible to achieve
The Service
Consumer wants to
be certain about
the status of their
service request,
whether success or
failure. Is this
possible using
reliable queueing?
25. How REST implements Idempotent Operations
Service
Consumer
Service
Provider URI
One-Time URI
GET
One-time URI
200 OK
The consumer is asking for a
one-time URI. This is an
idempotent operation and can
safely be done any number of
times, as long as only one of the
returned URIs is POSTed to.
POST
<data>
...
</data>202 Accepted
...
405 Operation Not Permitted
The first time the
POSTed data is
received and
processed, the URI is
marked “used” and
will no longer be
valid.
The URI is no longer
accessible. This indicates
that a previous POST
was successful.
POST
Even if we assume
that the consumer
does not receive the
acknowledgement of
the transaction,
there is no danger of
a duplicate update if
the POST is retried.
Idempotence is
guaranteed by the
one-time URI.
The POST-Once-Exactly (POE) Pattern
Many enterprise requirements for “guaranteed delivery” (where the concern is not timeliness but the impact of
erroneous retries due to uncertainty) can be satisfied by ensuring idempotence. A focus on the real underlying issue
makes REST an attractive and less expensive solution compared to strong queueing infrastructure.
Besides, the point-to-point guaranteed delivery of queueing systems does not provide round-trip guarantees, which
idempotence addresses (next slide).
<data>
...
</data>
The one-time
URI may be
persisted in case
a crash occurs
between the
POST and the
receipt of its
response.
26. REST and the Presentation/Service Divide
Traditionally, this is the way we have viewed Presentation and the Service
Tier:
Presentation
Support
(Web server)
Business Logic
Non-visual interface
Visual interface
But this is the REST model:
Browser
Application
RESTful
Resource
GET (Accept: text/html)
GET (Accept: application/xml)
HTML response
XML response
Browser
Other
Application
The same resource can return various representations of itself, both visual and
non-visual. In effect, a web app can itself provide a service interface.
The resource responds with
a representation of itself
that suits what the service
consumer says it wants
through the “Accept” HTTP
header.
27. How does REST compare in terms of infrastructure
cost and development effort?
SOAP/WS-*:
● Application Server
● SOAP Engine
● ESB/Broker
● Message Queues
● Legacy/Infrastructure Adapters
● Registry/Repository
● Specialised Dev Tools
● Specialised Management Tools
$$$ + development effort
REST:
● Any programmable Web Server,
e.g., Tomcat or Apache/PHP (Full-
fledged JEE App Servers are
overkill)
● Legacy/Infrastructure Adapters
● DNS Server
● Standard Web + XML Dev Tools
● Standard Web Management Tools
Most infrastructure already exists.
Much less development effort
28. Infrastructural components required for REST
Programmable Web Server/Servlet Engine
CICS
Transaction
Gateway
Web container
Hibernate/
JDBC
JMS
IMS
Resource
Adapter
Mainframe
CICS
IMS
Queue
Database
DO
DO
DO
Java
Domain
Objects
Resource
Collections
Individual
Resources
GET
PUT
DELETE
GET
POST
Service export
(loosely-coupled
mapping)
REST Service
Interface
Service
Implementation
Client App
HTTP
Client
library
Browser
HTTP
Native
Protocols
Servlet, Restlet,
JSR 311
annotations
Legacy
Resources
If using Java, a web container is sufficient to host domain objects. There is no need for an
EJB container. The domain model represented by these domain objects may be translated
to the REST service interface using servlets, restlets or the newer JSR 311 annotations.
Client applications need an HTTP Client library to consume these services.
29. Industry support for REST
New Java standard to expose REST services through annotations:
JSR 311
REST implementations:
IBM – Project Zero (PHP based REST server)
Microsoft – Astoria (.NET implementation)
Sun – Jersey (JSR 311 implementation)
WSO2 – Mashup Server (JavaScript-based server)
REST APIs:
Amazon eCommerce API
eBay Developer API
Yahoo! Web Service API
30. But why is REST so much simpler than SOAP/WS-*?
From one angle, any SOA implementation is just a means of moving
XML documents around, because XML documents formalise the
contract between components in a technology-neutral way.
SOAP/WS-* defines one kind of “plumbing” to move XML document
payloads around.
REST defines another kind of plumbing. The only known
implementation of REST is based on HTTP. This has proven to be
sufficient for virtually every enterprise use case.
SOAP places unnecessary emphasis on transport-neutrality. Transport-
neutrality is a feature with no practical benefit. The downsides of
transport neutrality are (1) a failure to exploit the many useful
features of the HTTP protocol and (2) a necessity to reinvent the same
features at a higher level of the stack.
New infrastructural components are required to understand and speak
the SOAP protocol. Such components already exist for the REST
protocol (HTTP), i.e., web servers.
31. “Things should be as simple as possible, but no
simpler” - Albert Einstein
Salesman: “This machine will cut your work in half.”
Customer: “Fine, I'll take two!”
REST is not for the intellectually lazy. It demands rigour in design.
The XML documents corresponding to the various service contracts
must be carefully designed. The data modelling effort remains
significant.
But fortunately, that is the only major component in designing and
building RESTian systems.
REST provides much simpler plumbing, so the complexity of the
infrastructure and the related configuration effort are dramatically
reduced.
In other words, REST makes SOA simpler by eliminating needless
complexity.
32. What REST will not do for you
Tasks that still need to be done:
Need for domain data modelling does not go away
Need for service contract does not go away, must decide
what resource abstractions to expose
No built-in security model, need to leverage SSL or IPSec
at wire protocol level or implement bespoke end-to-end
security model at payload level.
No built-in reliability model, must rely on design patterns
to achieve same outcome (e.g., idempotence)
Governance tasks still remain, although REST, being
“web style”, is inherently more federation-friendly
33. Conclusion
SOA design need not be hard. There are a few simple and
basic principles that need to be applied consistently
(fundamentally, it's about loose coupling between
systems).
These principles are harder to apply with the SOAP/WS-*
model.
The REST style involves an order of magnitude less
complexity than SOAP/WS-*. Everything is simpler – the
conceptual model, the infrastructural components, the
tooling, the metadata required, the level of governance,
etc.
The biggest impediment to the adoption of REST:
“Fear of the unknown”
34. References and further reading
1. How I explained REST to my wife
http://tomayko.com/articles/2004/12/12/rest-to-my-wife
2. REST for Toddlers (HTTP Status Codes explained)
http://diveintomark.org/archives/2006/12/07/rest-for-toddlers
3. REST Eye for the SOA Guy
http://dsonline.computer.org/portal/site/dsonline/
menuitem.9ed3d9924aeb0dcd82ccc6716bbe36ec/index.jsp?&
pName=dso_level1&path=dsonline/2007/01&file=w1tow.xml&xsl=article.xsl (or do a Google search on the title)
4. A Brief Introduction to REST
http://www.infoq.com/articles/rest-introduction
5. The Lost Art of Separating Concerns
http://www.infoq.com/articles/separation-of-concerns
6. Common REST mistakes
http://www.prescod.net/rest/mistakes/
7. Sample REST APIs from the real world:
a. Blinksale (a Paypal-like service):
http://www.blinksale.com/api
b. Backpack (a Travellers guide):
http://www.backpackit.com/api/
c. Assembla (Development and Issue Management Tool vendor):
https://www.assembla.com/wiki/show/breakoutdocs/Assembla_REST_API
d. WSO2 Registry (and Repository):
http://wso2.org/projects/registry
e. Mule Galaxy SOA Governance Tool:
http://www.mulesource.com/products/galaxy.php