The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
Icsoc16a.ppt
1. Are REST APIs for Cloud Computing
Well-Designed? An Exploratory Study
Fabio Petrillo1,3,4, Philippe Merle2, Naouel Moha1, Yann-Gaël Guéhéneuc3
1 Université du Québec à Montréal
2 Inria Lille - Nord Europe
3 École Polytechnique de Montréal, QC, Canada
4 Federal University of Rio Grande do Sul, RS, Brazil
The 14thInternational Conference on Service Oriented Computing (ICSOC’2016)
October 10-13, 2016 - Banff, Alberta, Canada
1
2. Previous ICSOC Editions
2
• ICSOC’12: Specification and Detection of SOA Antipatterns
• ICSOC’13: Detection of SOA Patterns
• ICSOC’14: Detection of REST Patterns and Antipatterns: A
Heuristics-based Approach
• ICSOC’15: Are RESTFul APIs Well-designed? Detection of their
Linguistic (Anti)Patterns
• ICSOC’16: Are REST APIs for Cloud Computing Well-designed ?
3. Context
3
• Cloud computing = model to offer and access computational
resources and services
• REST APIs for offering such computational resources
Web Services
4. • Wide variety of Cloud APIs
• Cloud APIs are difficult to design and therefore to
understand and use
Problem
• Well-designed REST APIs may
attract client developers
• Quality factors:
understandability and reusability 4
5. • Best practices to make REST APIs understandable and
reusable
• BUT scattered in the litterature
• BUT not studied on real-world APIs 5
Solution
6. 6
• CRUD function names should not be used in URIs
• Lowercase letters should be preferred in URI paths
Examples of Best Practices
7. Outline
7
• Contributions on REST APIs for Cloud Computing
• Contrib 1 : Catalog of Best Practices
• Contrib 2 : Exploratory Study
• Results
• Conclusion and Future work
8. Outline
8
• Contributions on REST APIs for Cloud Computing
• Contrib 1 : Catalog of Best Practices
• Contrib 2 : Exploratory Study
• Results
• Conclusion and Future work
9. 9
Contributions
Goal: To evaluate the conformance of Cloud APIs with best
practices
Contrib 1: Catalog of 73 best practices on design of REST APIs
Contrib 2 : Study of the conformance of three different and
well-known REST APIs with our best practices’ catalog
10. Outline
10
• Contributions on REST APIs for Cloud Computing
• Contrib 1 : Catalog of Best Practices
• Contrib 2 : Exploratory Study
• Results
• Conclusion and Future work
11. 11
State of Art
REST API
7 main
studies
Massé
(2011)
Select
categories
5 cate-
gories
Contrib 1 : Catalog of Best Practices
14. Outline
14
• Contributions on REST APIs for Cloud Computing
• Contrib 1 : Catalog of Best Practices
• Contrib 2 : Exploratory Study
• Results
• Conclusion and Future work
15. 15
Study
Objects:
RQ1. What are the main services provided by cloud REST APIs?
RQ2. How many best practices are followed by cloud REST APIs?
RQ3. What best practices are adopted by all APIs?
RQ4. What best practices are adopted by none of the APIs?
Commercial Open source Standard
17. Outline
17
• Contributions on REST APIs for Cloud Computing
• Contrib 1 : Catalog of Best Practices
• Contrib 2 : Exploratory Study
• Results
• Conclusion and Future work
18. Google and OpenStack API have a good support for all services while OCCI has
yet some lacks
RQ1. What are the main services provided by cloud REST APIs?
18
Results
19. RQ2. How many best practices are followed by cloud REST APIs?
19
Results
20. • Set of practices forming a “consensus”
• Only 32% (24/73) of practices
Ø No agreement on the main good practices
Ø Majority of practices are adopted at least by one API
Ø Overall, APIs are well-designed
RQ3. What best practices are adopted by all APIs?
20
Results
21. • Set of practices forming a “negative consensus”
• Only 14% (10/73) of practices not followed
Ø Further work required to analyse why
RQ4. What best practices are adopted by none of the APIs?
21
Results
22. • The best practices were representative
• Other characteristics should be investigated
• Largest study on the design of REST APIs
Ø BUT we cannot generalise our results
22
Results : Threats to Validity
Does these good practices apply universally to all cloud
services?
23. Outline
23
• Contributions on REST APIs for Cloud Computing
• Contrib 1 : Catalog of Best Practices
• Contrib 2 : Exploratory Study
• Results
• Conclusion and Future work
24. 24
Conclusion
• Well designing REST APIs is difficult
• Catalog of 73 best practices for REST APIs design
• Evaluation of the use of these practices in three sets of
APIs
• First study evaluating and comparing the design of the
REST APIs
25. 25
Future Work
• Apply this study to more cloud APIs (Amazon Web Services,
Apache’s CloudStack, etc.)
• Automate the procedure
• Lexical and semantical analysis
• Contribute to the improvement of OCCI specifications
27. Cloud APIs reach
an acceptable level of maturity
when considering good practices pertaining to
the design in terms of understandability and
reusability
27
28. Are REST APIs for Cloud Computing
Well-Designed? An Exploratory Study
Fabio Petrillo1,3,4, Philippe Merle2, Naouel Moha1, Yann-Gaël Guéhéneuc3
1 Université du Québec à Montréal
2 Inria Lille - Nord Europe
3 École Polytechnique de Montréal, QC, Canada
4 Federal University of Rio Grande do Sul, RS, Brazil
The 14thInternational Conference on Service Oriented Computing (ICSOC’2016)
October 10-13, 2016 - Banff, Alberta, Canada
28