Professional Documents
Culture Documents
Exceptwhereotherwiseindicated,entirecontents copyright2010InfoQ.com
Content
[Articles]
ABRIEFINTRODUCTIONTOREST......................................................................................... 1 RESOURCEORIENTEDARCHITECTURE:THERESTOFREST .....................................11 RESTFULHTTPINPRACTICE ................................................................................................21 HOWTOGETACUPOFCOFFEE............................................................................................44 ADDRESSINGDOUBTSABOUTREST...................................................................................66 RESTANTIPATTERNS..............................................................................................................73
[Interviews]
IANROBINSONDISCUSSESREST,WS*ANDIMPLEMENTINGANSOA ....................80 JIMWEBBERON"GUERILLASOA"........................................................................................90 IANROBINSONANDJIMWEBBERONWEBBASEDINTEGRATION ..........................97 MARKLITTLEONTRANSACTIONS,WEBSERVICESANDREST............................... 109 CORBAGURUSTEVEVINOSKIONREST,WEBSERVICES,ANDERLANG ............... 118
Articles
ABriefIntroductiontoREST
Author:StefanTilkov Youmayormaynotbeawarethatthereisdebategoingonabouttherightwaytoimplement heterogeneousapplicationtoapplicationcommunication:Whilethecurrentmainstreamclearly focusesonwebservicesbasedonSOAP,WSDLandtheWS*specificationuniverse,asmall,butvery vocalminorityclaimstheresabetterway:REST,shortforREpresentationalStateTransfer.Inthis article,IwilltrytoprovideapragmaticintroductiontoRESTandRESTfulHTTPapplicationintegration withoutdigressingintothisdebate.Iwillgointomoredetailwhileexplainingthoseaspectsthat,in myexperience,causethemostdiscussionwhensomeoneisexposedtothisapproachforthefirst time.
KeyRESTprinciples
MostintroductionstoRESTstartwiththeformaldefinitionandbackground.Illdeferthisforawhile andprovideasimplified,pragmaticdefinition:RESTisasetofprinciplesthatdefinehowWeb standards,suchasHTTPandURIs,aresupposedtobeused(whichoftendiffersquiteabitfromwhat manypeopleactuallydo).ThepromiseisthatifyouadheretoRESTprincipleswhiledesigningyour application,youwillendupwithasystemthatexploitstheWebsarchitecturetoyourbenefit.In summary,thefivekeyprinciplesare:
Letstakeacloserlookateachoftheseprinciples.
GiveeverythinganID
Imusingthetermthinghereinsteadoftheformallycorrectresourcebecausethisissucha simpleprinciplethatitshouldntbehiddenbehindterminology.Ifyouthinkaboutthesystemsthat peoplebuild,thereisusuallyasetofkeyabstractionsthatmeritbeingidentified.Everythingthat
shouldbeidentifiableshouldobviouslygetanIDontheWeb,thereisaunifiedconceptforIDs: TheURI.URIsmakeupaglobalnamespace,andusingURIstoidentifyyourkeyresourcesmeansthey getaunique,globalID. Themainbenefitofaconsistentnamingschemeforthingsisthatyoudonthavetocomeupwith yourownschemeyoucanrelyononethathasalreadybeendefined,worksprettywellonglobal scaleandisunderstoodbypracticallyanybody.Ifyouconsideranarbitraryhighlevelobjectwithin thelastapplicationyoubuilt(assumingitwasntbuiltinaRESTfulway),itisquitelikelythatthere aremanyusecaseswhereyouwouldhaveprofitedfromthis.IfyourapplicationincludedaCustomer abstraction,forinstance,Imreasonablysurethatuserswouldhavelikedtobeabletosendalinkto aspecificcustomerviaemailtoacoworker,createabookmarkforitintheirbrowser,orevenwrite itdownonapieceofpaper.Todrivehomethispoint:Imaginewhatanawfullyhorridbusiness decisionitwouldbeifanonlinestoresuchasAmazon.comdidnotidentifyeveryoneofitsproducts withauniqueID(aURI). Whenconfrontedwiththisidea,manypeoplewonderwhetherthismeanstheyshouldexposetheir databaseentries(ortheirIDs)directlyandareoftenappalledbythemereidea,sinceyearsof objectorientedpracticehavetoldustohidethepersistenceaspectsasanimplementationdetail. Butthisisnotaconflictatall:Usually,thethingstheresourcesthatmeritbeingidentifiedwith aURIarefarmoreabstractthanadatabaseentry.Forexample,anOrderresourcemightbe composedoforderitems,anaddressandmanyotheraspectsthatyoumightnotwanttoexposeas individuallyidentifiableresources.Takingtheideaofidentifyingeverythingthatisworthbeing identifiedfurtherleadstothecreationofresourcesthatyouusuallydontseeinatypicalapplication design:Aprocessorprocessstep,asale,anegotiation,arequestforaquotetheseareall examplesofthingsthatmeritidentification.This,inturn,canleadtothecreationofmore persistententitiesthaninanonRESTfuldesign. HerearesomeexamplesofURIsyoumightcomeupwith: http://example.com/customers/1234 http://example.com/orders/2007/10/776654 http://example.com/products/4554 http://example.com/processes/salary-increase-234 AsIvechosentocreatehumanreadableURIsausefulconcept,eventhoughitsnota prerequisiteforaRESTfuldesignitshouldbequiteeasytoguesstheirmeaning:Theyobviously identifyindividualitems.Buttakealookatthese: http://example.com/orders/2007/11 http://example.com/products?color=green Atfirst,theseappeartobesomethingdifferentafterall,theyarenotidentifyingathing,buta collectionofthings(assumingthefirstURIidentifiesallorderssubmittedinNovember2007,andthe secondonethesetofgreenproducts).Butthesecollectionsareactuallythingsresources themselves,andtheydefinitelymeritidentification. Notethatthebenefitsofhavingasingle,globallyunifiednamingschemeapplybothtotheusageof
2 InfoQExplores:REST
Linkthingstogether
Thenextprincipleweregoingtolookathasaformaldescriptionthatisalittleintimidating: Hypermediaastheengineofapplicationstate,sometimesabbreviatedasHATEOAS.(Seriously Imnotmakingthisup.)Atitscoreistheconceptofhypermedia,orinotherwords:theideaoflinks. LinksaresomethingwereallfamiliarwithfromHTML,buttheyareinnowayrestrictedtohuman consumption.ConsiderthefollowingmadeupXMLfragment: <order self='http://example.com/customers/1234' > <amount>23</amount> <product ref='http://example.com/products/4554' /> <customer ref='http://example.com/customers/1234' /> </order> Ifyoulookattheproductandcustomerlinksinthisdocument,youcaneasilyimaginehowan applicationthathasretrieveditcanfollowthelinkstoretrievemoreinformation.Ofcourse,this wouldbethecaseiftherewereasimpleidattributeadheringtosomeapplicationspecificnaming scheme,toobutonlywithintheapplicationscontext.ThebeautyofthelinkapproachusingURIs isthatthelinkscanpointtoresourcesthatareprovidedbyadifferentapplication,adifferentserver, orevenadifferentcompanyonanothercontinentbecausethenamingschemeisaglobal standard,alloftheresourcesthatmakeuptheWebcanbelinkedtoeachother. Thereisanevenmoreimportantaspecttothehypermediaprinciplethestatepartofthe application.Inshort,thefactthattheserver(orserviceprovider,ifyouprefer)providesasetoflinks totheclient(theserviceconsumer)enablestheclienttomovetheapplicationfromonestatetothe nextbyfollowingalink.Wewilllookattheeffectsofthisaspectinanotherarticlesoon;forthe moment,justkeepinmindthatlinksareanextremelyusefulwaytomakeanapplicationdynamic. Tosummarizethisprinciples:Uselinkstorefertoidentifiablethings(resources)whereverpossible. HyperlinkingiswhatmakestheWebtheWeb.
Usestandardmethods
Therewasanimplicitassumptioninthediscussionofthefirsttwoprinciples:thattheconsuming applicationcanactuallydosomethingmeaningfulwiththeURIs.IfyouseeaURIwrittenontheside ofabus,youcanenteritintoyourbrowsersaddressfieldandhitreturnbuthowdoesyour browserknowwhattodowiththeURI?
3 InfoQExplores:REST
Itknowswhattodowithitbecauseeveryresourcesupportsthesameinterface,thesamesetof methods(oroperations,ifyouprefer).HTTPcallstheseverbs,andinadditiontothetwoeveryone knows(GETandPOST),thesetofstandardmethodsincludesPUT,DELETE,HEADandOPTIONS.The meaningofthesemethodsisdefinedintheHTTPspecification,alongwithsomeguaranteesabout theirbehavior.IfyouareanOOdeveloper,youcanimaginethateveryresourceinaRESTfulHTTP scenarioextendsaclasslikethis(insomeJava/C#stylepseudosyntaxandconcentratingonthekey methods): class Resource { Resource(URI u); Response get(); Response post(Request r); Response put(Request r); Response delete(); } Becausethesameinterfaceisusedforeveryresource,youcanrelyonbeingabletoretrievea representationi.e.,somerenderingofitusingGET.BecauseGETssemanticsaredefinedinthe specification,youcanbesurethatyouhavenoobligationswhenyoucallitthisiswhythemethod iscalledsafe.GETsupportsveryefficientandsophisticatedcaching,soinmanycases,youdont evenhavetosendarequesttotheserver.YoucanalsobesurethataGETisidempotentifyou issueaGETrequestanddontgetaresult,youmightnotknowwhetheryourrequestneverreached itsdestinationortheresponsegotlostonitswaybacktoyou.Theidempotenceguaranteemeans youcansimplyissuetherequestagain.IdempotenceisalsoguaranteedforPUT(whichbasically meansupdatethisresourcewiththisdata,orcreateitatthisURIifitsnottherealready)andfor DELETE(whichyoucansimplytryagainandagainuntilyougetaresultdeletingsomethingthats notthereisnotaproblem).POST,whichusuallymeanscreateanewresource,canalsobeusedto invokearbitraryprocessingandthusisneithersafenoridempotent. Ifyouexposeyourapplicationsfunctionality(orservicesfunctionality,ifyouprefer)inaRESTfulway, thisprincipleanditsrestrictionsapplytoyouaswell.Thisishardtoacceptifyoureusedtoa differentdesignapproachafterall,yourequitelikelyconvincedthatyourapplicationhasmuch morelogicthanwhatisexpressiblewithahandfuloperations.Letmespendsometimetryingto convinceyouthatthisisnotthecase. Considerthefollowingexampleofasimpleprocurementscenario:
4 InfoQExplores:REST
5 InfoQExplores:REST
6 InfoQExplores:REST
Whyisthisimportant?Essentially,itmakesyourapplicationpartoftheWebitscontributionto whathasturnedtheWebintothemostsuccessfulapplicationoftheInternetisproportionaltothe numberofresourcesitaddstoit.InaRESTfulapproach,anapplicationmightaddafewmillion customerURIstotheWeb;ifitsdesignedthesamewayapplicationshavebeendesignedinCORBA times,itscontributionusuallyisasingleendpointcomparabletoaverysmalldoorthatprovides entrytoauniverseofresourceonlyforthosewhohavethekey. TheuniforminterfacealsoenableseverycomponentthatunderstandstheHTTPapplicationprotocol tointeractwithyourapplication.Examplesofcomponentsthatbenefitfromthisaregenericclients suchascurlandwget,proxies,caches,HTTPservers,gateways,evenGoogle/Yahoo!/MSN,andmany more. Tosummarize:Forclientstobeabletointeractwithyourresources,theyshouldimplementthe defaultapplicationprotocol(HTTP)correctly,i.e.makeuseofthestandardmethodsGET,PUT,POST, DELETE.
Resourceswithmultiplerepresentations
Weveignoredaslightcomplicationsofar:howdoesaclientknowhowtodealwiththedatait retrieves,e.g.asaresultofaGETorPOSTrequest?TheapproachtakenbyHTTPistoallowfora separationofconcernsbetweenhandlingthedataandinvokingoperations.Inotherwords,aclient thatknowshowtohandleaparticulardataformatcaninteractwithallresourcesthatcanprovidea representationinthisformat.Letsillustratethiswithanexampleagain.UsingHTTPcontent negotiation,aclientcanaskforarepresentationinaparticularformat: GET /customers/1234 HTTP/1.1 Host: example.com Accept: application/vnd.mycompany.customer+xml TheresultmightbesomecompanyspecificXMLformatthatrepresentscustomerinformation.Ifthe clientsendsadifferentrequest,e.g.onelikethis: GET /customers/1234 HTTP/1.1 Host: example.com Accept: text/x-vcard TheresultcouldbethecustomeraddressinVCardformat.(Ihavenotshowntheresponses,which wouldcontainmetadataaboutthetypeofdataintheHTTPContenttypeheader.)Thisillustrates whyideally,therepresentationsofaresourceshouldbeinstandardformatsifaclientknows boththeHTTPapplicationprotocolandasetofdataformats,itcaninteractwithanyRESTfulHTTP applicationintheworldinaverymeaningfulway.Unfortunately,wedonthavestandardformatsfor everything,butyoucanprobablyimaginehowonecouldcreateasmallerecosystemwithina companyorasetofcollaboratingpartnersbyrelyingonstandardformats.Ofcourseallofthisdoes notonlyapplytothedatasentfromtheservertotheclient,butalsoforthereversedirectiona serverthatcanconsumedatainspecificformatsdoesnotcareabouttheparticulartypeofclient,
7 InfoQExplores:REST
provideditfollowstheapplicationprotocol. Thereisanothersignificantbenefitofhavingmultiplerepresentationsofaresourceinpractice:If youprovidebothanHTMLandanXMLrepresentationofyourresources,theyareconsumablenot onlybyyourapplication,butalsobyeverystandardWebbrowserinotherwords,informationin yourapplicationbecomesavailabletoeveryonewhoknowshowtousetheWeb. Thereisanotherwaytoexploitthis:YoucanturnyourapplicationsWebUIintoitsWebAPIafter all,APIdesignisoftendrivenbytheideathateverythingthatcanbedoneviatheUIshouldalsobe doableviatheAPI.ConflatingthetwotasksintooneisanamazinglyusefulwaytogetabetterWeb interfaceforbothhumansandotherapplications. Summary:Providemultiplerepresentationsofresourcesfordifferentneeds.
Communicatestatelessly
ThelastprincipleIwanttoaddressisstatelesscommunication.Firstofall,itsimportanttostress thatalthoughRESTincludestheideaofstatelessness,thisdoesnotmeanthatanapplicationthat exposesitsfunctionallycannothavestateinfact,thiswouldrenderthewholeapproachpretty uselessinmostscenarios.RESTmandatesthatstatebeeitherturnedintoresourcestate,orkepton theclient.Inotherwords,aservershouldnothavetoretainsomesortofcommunicationstatefor anyoftheclientsitcommunicateswithbeyondasinglerequest.Themostobviousreasonforthisis scalabilitythenumberofclientsinteractingwouldseriouslyimpacttheserversfootprintifithad tokeepclientstate.(NotethatthisusuallyrequiressomeredesignyoucantsimplystickaURIto somesessionstateandcallitRESTful.) Butthereareotheraspectsthatmightbemuchmoreimportant:Thestatelessnessconstraint isolatestheclientagainstchangesontheserverasitisnotdependentontalkingtothesameserver intwoconsecutiverequests.Aclientcouldreceiveadocumentcontaininglinksfromtheserver,and whileitdoessomeprocessing,theservercouldbeshutdown,itsharddiskcouldberippedoutand bereplaced,thesoftwarecouldbeupdatedandrestartedandiftheclientfollowsoneofthelinks ithasreceivedfromtheserver,itwontnotice.
RESTintheory
Ihaveaconfessiontomake:WhatIexplainedisnotreallyREST,andImightgetflamedfor simplifyingthingsalittletoomuch.ButIwantedtostartthingsalittledifferentlythanusual,soIdid notprovidetheformalbackgroundandhistoryofRESTinthebeginning.Letmetrytoaddressthis,if somewhatbriefly. Firstofall,IveavoidedtakinggreatcaretoseparateRESTfromHTTPitselfandtheuseofHTTPina RESTfulway.Tounderstandtherelationshipbetweenthesedifferentaspects,wehavetotakealook atthehistoryofREST.
8 InfoQExplores:REST
ThetermRESTwasdefinedbyRoyT.FieldinginhisPhDthesis(youmightactuallywanttofollow thatlinkitsquitereadable,foradissertationatleast).Royhadbeenoneoftheprimarydesigner ofmanyessentialWebprotocols,includingHTTPandURIs,andheformalizedalotoftheideas behindtheminthedocument.(ThedissertationisconsideredtheRESTbible,andrightfullyso afterall,theauthorinventedtheterm,sobydefinition,anythinghewroteaboutitmustbe consideredauthorative.)Inthedissertation,Royfirstdefinesamethodologytotalkabout architecturalstyleshighlevel,abstractpatternsthatexpressthecoreideasbehindan architecturalapproach.Eacharchitecturalstylecomeswithasetofconstraintsthatdefineit. Examplesofarchitecturalstylesincludethenullstyle(whichhasnoconstrainsatall),pipeand filter,client/server,distributedobjectsandyouguesseditREST. Ifallofthissoundsquiteabstracttoyou,youarerightRESTinitselfisahighlevelstylethatcould beimplementedusingmanydifferenttechnologies,andinstantiatedusingdifferentvaluesforits abstractproperties.Forexample,RESTincludestheconceptsofresourcesandauniforminterface i.e.theideathateveryresourceshouldrespondtothesamemethods.ButRESTdoesntsaywhich methodstheseshouldbe,orhowmanyofthemthereshouldbe. OneincarnationoftheRESTstyleisHTTP(andasetofrelatedsetofstandards,suchasURIs),or slightlymoreabstractly:theWebsarchitectureitself.Tocontinuetheexamplefromabove,HTTP instantiatestheRESTuniforminterfacewithaparticularone,consistingoftheHTTPverbs.As FieldingdefinedtheRESTstyleaftertheWeboratleast,mostofitwasalreadydone,one mightarguewhetheritsa100%match.Butinanycase,theWeb,HTTPandURIsaretheonlymajor, certainlytheonlyrelevantinstanceoftheRESTstyleasawhole.AndasRoyFieldingisboththe authoroftheRESTdissertationandhasbeenastronginfluenceontheWebarchitecturesdesign, thisshouldnotcomeasasurprise. Finally,IveusedthetermRESTfulHTTPfromtimetotime,forasimplereason:Manyapplications thatuseHTTPdontfollowtheprinciplesofRESTandwithsomejustification,onecansaythat usingHTTPwithoutfollowingtheRESTprinciplesisequaltoabusingHTTP.Ofcoursethissoundsa littlezealousandinfactthereareoftenreasonswhyonewouldviolateaRESTconstraint,simply becauseeveryconstraintinducessometradeoffthatmightnotbeacceptableinaparticular situation.Butoften,RESTconstraintsareviolatedduetoasimplelackofunderstandingoftheir benefits.Toprovideoneparticularlynastyexample:theuseofHTTPGETtoinvokeoperationssuch asdeletinganobjectviolatesRESTssafetyconstraintandplaincommonsense(theclientcannotbe heldaccountable,whichisprobablynotwhattheserverdeveloperintended).Butmoreonthis,and othernotableabuses,inafollowuparticle.
Summary
Inthisarticle,IhaveattemptedtoprovideaquickintroductionintotheconceptsbehindREST,the architectureoftheWeb.ARESTfulHTTPapproachtoexposingfunctionalityisdifferentfromRPC, DistributedObjects,andWebservices;ittakessomemindshifttoreallyunderstandthisdifference. BeingawareaboutRESTprinciplesisbeneficialwhetheryouarebuildingapplicationsthatexposea
9 InfoQExplores:REST
10 InfoQExplores:REST
Articles
ResourceOrientedArchitecture:TheRestofREST
Author:BrianSletten
SeriesIntroduction
Thinkforamoment,ifyoucan,backtoatimebeforetheWeb.Imaginetryingtoexplainthe impendingchangestoyourhaplesscontemporaries.Itislikelytheywouldsimplynotbeableto fathomtheimpactsthattheWeb'semergencewouldhaveonnearlyeveryaspectoftheirlives.In retrospect,itfeelslikeatsunamicaughtusoffguardandforeveralteredthelandscapearoundus. Therealityismorepedestrian,however.Itwasadeliberateseriesoftechnicalchoicesthatbuiltupon eachotherthatyieldedtheresultswehaveexperienced. Now,pauseandreflectupontheideathatyouareprobablyinasimilarpositiontothoseincredulous preWebtypesyouwerejusttryingtoenlighten.Unlessyouhavebeenpayingcloseattention,you areabouttobecaughtoffguardagainasitfeelslikeanewwavecrashesuponoureconomic,social, technologicalandorganizationallandscapes.Whiletheresultingchangeswillfeelliketheyoccur overnight,therealityisthattheyhavebeenintheworksforyearsandarejustnowproducing tangibleresults.ThisnewwaveisaboutaWebthathasevolvedbeyonddocumentsintoWebsof Data,bothpersonalandprivate.Wewillnolongerfocusoninformationcontainers,buton informationitselfandhowitisconnected. Thiswavehasbeenintheworksforyearsandisagainbeingdrivenbythedeliberateadoptionof specificchoicesandtechnologies.Thesechoicesarecombiningtosolvetheproblemscausedbythe inexorablemarchoftechnologicalchange,businessflux,newandvarieddatasourcesandthe ubiquitous,expensiveandfailureproneeffortsthathavecostmillionsanddeliveredinsufficient value.WebServicesandServiceOrientedArchitectures(SOA)weresupposedtobepartofthe answer,buttheeleganceoftheirvisionshavebeenforeverstainedbytheineleganceoftheir technicalsolutions. Thebeautyisthatwearenotstartingfromscratch.Wearebuildinguponthetechnologywehavein placetogrowthesedatawebsorganically.Wecanwrapourdatabases,libraries,servicesandother contentsourceswithanewsetofabstractionsthatwillhelpusoffthetreadmillwehavebeenon. WeareintegratingthepublicWebofDatawithourown,privatelyhelddata.Theincremental adoptionofthesetechnologiesisyieldingnewcapabilitiesthatwill,inturn,unlockfurther capabilities.
11 InfoQExplores:REST
Thisisthefirstarticleinanewseriestohighlighttheevolutionofinformationorientedsystemsthat gotustowhereweareandprovidearoadmaptowherewearegoing.Despitewhatitmayseemon thesurface,thesechoicesareneitheradhocnoresoteric,butratherfoundationaldecisionsbased onalongtraditionofacademiaandappliedengineering. WewillstartbyrevisitingtheREpresentationalStateTransfer(REST)architecturalstyle.Oftquoted andevenmoreoftenmisunderstood,thismannerofbuildingnetworkedsoftwaresystemsallowsus tomergeourdocuments,dataandinformationorientedservicesintoarich,logicalecosystemof namedresources.Fromthere,wewillintroducethevisionoftheSemanticWebandwalkthroughits coretechnologiesrepresentedbyaflexibleandextensibledatamodelandtheabilitytoqueryit.We willseehowtoincorporaterelationaldata,contentfromdocuments,spreadsheets,RSSfeeds,etc. intoarichwebofreusablecontent. Afterwepresentthebasics,wewillwalkthroughavarietyofsuccessfuleffortsbuildingonthese technologiesandthenreturntoreclaimingthevisionpromisedtousbyproponentsofWebServices technologies.WewilldescribeaprocesswherewecanachievesomethingofaUnifiedTheoryof InformationSystems;onethatnotonlyhandles,butembracesthekindoftechnicalandsocial changethathasbeenpainfulandintractabletomanageinthepast. TherehasbeentoomuchhypesurroundingtheSemanticWeb,buttherehavealsobeenasteady streamofquietsuccesses.Thisserieswillbeapragmaticguideintobothnewandfamiliarterritory. Wewillconnectthetechnologiesindeeperwaysthanperhapsyouhaveseenbefore.Wewill highlighteventsandactionsbycompanies,governmentorganizationsandstandardsbodiesthat indicatethatthisishappeninganditwillchangeeverything.Wewillshowhowaverylarge differenceinyoursystemimplementationcanoftenbemadethroughsubtleshiftsinperspective andadoptionofstandardsthataredesignedtofacilitatechange. Thefirststep,istoembraceacommonnamingschemeforallaspectsofourinfrastructure.A ServiceOnlyArchitectureusuallyignoresthedatathatflowsthroughit.Attheendoftheday,our organizationscareaboutinformationfirstandforemost.RESTandtheWebArchitectureputsthis priorityupfrontandlaysthefoundationfortheremainderofourdiscussion.
TheRestofREST
IthasbecomefashionabletotalkabouttheREpresentationalStateTransfer(REST)assomethingofa weaponintheWarOnComplexity.Theenemiesinthiswar,accordingtosome,areSOAPandthe WebServicestechnologystackthatsurroundsit.ThisUsvsThemrhetoricbringspassiontothetable, butrarelymeaningfuldialoguesopeopleremainconfusedastotheunderlyingmessageandwhyitis important.ThegoalisnottoreplaceSOAP;thegoalistobuildbettersystems. RESTisnotevenadirectreplacementforSOAP.Itisnotsomekindoftechnologyofconvenience;a simplesolutionforinvokingWebServicesthroughURLs.Themanagementofinformationresources isnotthesamethingasinvokingarbitrarybehavior.Thisconfusionleadspeopletobuild"RESTful" solutionsthatareneitherRESTful,norgoodsolutions.
12 InfoQExplores:REST
RESTderivesitsbenefitsasmuchfromitsrestrictionsasitdoesitsresultantflexibility.IfyoureadDr. RoyFielding'sthesis(whichyouareencouragedtodo),youwilllearnthattheintentwastodescribe howthecombinationofspecificarchitecturalconstraintsyieldsasetofpropertiesthatwefind desirableinnetworkedsoftwaresystems.Theadoptionofauniforminterface,theinfamousUniform ResourceLocator(URL),contributestothedefinitionofREST,butisinsufficienttodefineit.Likewise, interfacesthatsimplyexposearbitraryservicesviaURLswillnotyieldthesamebenefitswehave seensosuccessfullyintheexplosionoftheWeb.Ittakesaricherseriesofinteractionsandsystem partitioningtogetthefullresults. MostpeopleunderstandthatRESTinvolvesrequestingandsupplyingapplicationstateofinformation resourcesthroughURLsviaasmallnumberofverbs.YouretrieveinformationbyissuingGET requeststoURLs,youcreateorupdateviaPOSTandPUT,andremoveinformationviaDELETE requests. Thissummaryisnotincorrect,butitleavestoomuchout.Theomissionsyielddegreesoffreedom thatunfortunatelyoftenallowpeopletomakethewrongdecisions.Inthisgap,peoplecreateURLs outofverbswhicheliminatesthebenefitofhavingnamesfor"things".TheythinkRESTisjustabout CRUDoperations.Theycreatemagical,unrelatedURLsthatyouhavetoknowupfronthowtoparse, losingthediscoverabilityofthehypertextengine.Perhapsmostunforgivably,theycreateURLstied solelytoparticulardataformats,makingprematuredecisionsforclientsabouttheshapeofthe information. UnderstandingthefullimplicationsofRESTwillhelpyouavoidtheseproblems;itwillhelpyouto developpowerful,flexibleandscalablesystems.Butitisalsothebeginningofanewunderstanding ofinformationandhowitisused.UponthisfoundationofWebarchitecture,theapplicationofthe remainingtechnologiesoftheSemanticWebwillyieldunprecedentedpowerinhowweinteract witheachotherasindividuals,governments,organizationsandbeyond.Thisiswhywebeginwitha deeperdiveintothepartsofRESTthatmanypeopledonotunderstandandthereforedonotdiscuss. Thesetopicsincludetheimplicationsof: URLsasidentifiers FreedomofForm Logicallyconnected,LatebindingSystems HypertextastheEngineofStateTransfer(HATEOS)
URLsasIdentifiers
WehavealreadyestablishedthatmostpeopleknowaboutURLsandREST.Itseemsclearthatthey understandthataURLisusedforinvokingaservice,butitisnotclearthattheygetthelargersense ofaURLasanameforinformation.Namesarehowweidentifypeople,places,thingsandconcepts. Ifwelacktheabilitytoidentify,welacktheabilitytosignify.ImagineAbbottandCostello'sinfamous "Who'sonFirst?"skitonadailybasis.Havingnamesgivesustheabilitytodisambiguateandidentify somethingwecareaboutwithinacontext.Havinganameandacommoncontextallowsustomake
13 InfoQExplores:REST
referencetonamedthingsoutofthatcontext. TheUniformResourceIdentifier(URI)istheparentscheme.Itisamethodforencodingother schemesdependingonwhetherwewantthemtoincluderesolutioninformationornot.Librarians andotherlongtermdatastewardslikenamesthatwillnotchange.AUniformResourceName(URN) isaURIthathasnolocationinformationinit;nothingbutnameisinvolved.Thegoodnewsisthat thesenameswillneverbreak.Thebadnewsisthatthereisnoresolutionprocessforthem.An exampleofaURNisanISBNnumberforabook: urn:isbn:0307346617 Inordertofindmoreinformationaboutthisbook,youwouldhavetofindaservicethatallowsyou tolookupinformationbasedontheISBNnumber. Ifnothingaboutthecontextofoursystemsandinformationeverchanged,wewouldprobably alwayswanttoincluderesolutioninformationinourresourcenamessowecouldresolvethem.But anyonewhohasbeenhandedabrokenlinkknowswewantlongerlivednamesforreallyimportant stuff.LookingatourhistoryofusingURLs,wehavedonesomesillythingswhenwecreatedones suchas: http://someserver.com/cgi-bin/foo/bar.pl http://someserver.com/ActionServlet?blah=blah http://someserver.com/foo/bar.php TheproblemwiththeseURLsisthatthetechnologyusedtoproducearesultisirrelevanttothe consumerofinformation.ThereisnogoodreasontocreateURLslikethat.Thefocusshouldbeon theinformation,notthetechnology.Implementationtechnologieschangeovertime.Ifyouabandon them,forinstance,anysystemthathasalinktothePerl,ServletorPHPbasedURLwillbreak.We willaddresssomeinfrastructuretosolvethisprobleminfuturearticles,fornow,wewilljusttryto makecarefulchoicesinthenameswegiveourinformationresources. Despitebeingfragile,theURLschemedoesallowustodisambiguateinformationreferencesina globalcontext. http://company1.com/customer/123456 isdistinctanddistinguishablefrom http://company2.com/customer/123456 inwaysthatadecontextualizedidentifierlike'123456'isnot. Togroundtheconceptintoalargerinformationsystemsframework,youcanthinkofaURLasa primarykeythatisnotspecifictoaparticulardatabase.Wecanmakereferencestoanitemviaits URLindozensofdifferentdatabases,documents,applications,etc.andknowthatwearereferringto thesamethingbecausewehaveauniquenameinaglobalcontext.Wewillusethispropertyin futurediscussionstodescribeandconnectRESTfulsystemstoothercontentandmetadata.
14 InfoQExplores:REST
FreedomofForm
OurexperienceoftheWebhasbeensomewhatpassivewithrespecttotheshapeofinformation. Whenweclickonalink,weexpectthecontenttocomebackinaparticularform,usuallyHTML.That isfineformanytypesofinformation,butthearchitecturesupportsamuchmoreconversational styleallowingclientstorequestinformationinapreferredform. Tounderstandwhythisisuseful,consideracompany'ssalesreport.Itiseasytoimaginethisbeing usefultoexecutives,salespeople,otheremployees,clientsandinvestorsasanindicationofhowa companyisperforming.Apossiblenameforsuchareportcouldincludetheyearandthequarterin theURL: http://company1.com/report/sales/2009/qtr/3 WemightcontrastthiswithasalesreportforthemonthofMarch: http://company1.com/report/sales/2009/month/3 Botharegood,logicalnamesthatareunlikelytobreakovertime.Itisacompellingvisionthat peoplecouldsimplytypesuchaURLintoabrowserandgettheinformationtheyseekrenderedas HTML.Thereportscouldbebookmarked,emailed,linkedto,etc.;allthethingsweloveaboutthe Web. Theproblemisthattheinformationislockedintoitsrenderedform(untilweintroducetechnologies likeGRDDLandRDFalaterinthisseries!).Weusedtotrytoscrapecontentfrompages,butgaveup indisgust.Asthepagelayoutchanges,ourscriptsbreak.
15 InfoQExplores:REST
Ifyouwereaprogrammerforthiscompanyandwantedtogettotheinformationdirectly,youmight liketorequestitasXML.Youcouldgetbackraw,structureddatathatyoucouldvalidateagainsta schema.HTTPandRESTmakethistrivialaslongastheserverknowshowtorespond.Bypassingin an"Accept:application/xml"headertoyourrequest,youcouldindicateapreference(or requirement)forXML.Onsuccess,youwillgetbackabytestreamwithaMIMEtypeindicatingthat yourrequesthasbeenhonored.Onfailure,theserverwillindicateviaa406Errorthatitcannothelp you.Inthatcase,youmightwanttocontactthedepartmentresponsibleforthisinformationand requesttheyaddthesupportyouneed;somethingtheycandowithoutbreakinganyexistingclients. Ifyouwereabusinessanalyst,youmightthinkthatXMLhassharppointsandcanhurtyou,soyou mightliketorequestitbackasaspreadsheet,aformatthatiseasilyincorporatedintoyourexisting workflows,toolsandprocesses. Thepointisthatthelogicalnameforthereportiseasilyconvertedintovariousformsatthepointit isrequested.Itisequallyeasytorunsystemsthatacceptmodificationsbackinthevariousforms. Theclienthasnovisibilityintohowtheinformationisactuallystored,theyjustknowthatitworks forthem.ThisfreedomiswhollyunderusedbypeoplebuildingRESTfulsystems.Whentheystandup aserviceanddecidethattheywillonlyreturnXML,theymissthepotentialvalueRESThastoan organization. Becausemanydevelopersareeitherunawareofcontentnegotiationorfinditdifficulttotestina browser,theydefinedifferentURLsforthedifferentformats: http://company1.com/report/sales/2009/qtr/3/report.html http://company1.com/report/sales/2009/qtr/3/report.xml http://company1.com/report/sales/2009/qtr/3/report.xls Thisdeveloperconveniencebecomesalimitationonceyouescapetheconfinesofaparticularuse.In essence,wenowhavethreeinformationresources,notonethatcanberenderedindifferentforms. Notonlydoesthisforktheidentityintheglobalcontext,italsoprematurelycommitsotherclientsto aparticularform.IfyoupassareferencetoaURLaspartofaworkflowororchestrationyouare robbingtheupstreamclientsfromthefreedomtochoosetheformofthedata. ThereareseveralwaystotestaproperRESTfulservicewithoutusingabrowser,forexample: curl -H "Accept: application/xml" -O http://company1.com/report/sales/2009/qtr/3 usingthepopularcurlprogram.AnyreasonableHTTPclientwillprovidesimilarcapabilities. Thebenefitsofsupportingarichecosystemofnegotiabledataformsmaynotbeimmediately obvious,butonceyouwrapyourheadaroundit,youwillseeitasalinchpintowardlonglived, flexiblesystemsthatfavortheclient,notthedeveloper.
16 InfoQExplores:REST
LogicallyConnected,LateBindingSystems
Onceyoucommittogood,logicalnamesforyourinformationresources,youwilldiscoversome additionalbenefitsthatfalloutofthesedecisions.Namedreferencescansafelyandefficientlybe passedbackasresultswithoutreturningactualdata.Thishasstrongimplicationsforlargeand sensitivedatasets,butitalsomakespossibletechnicalandarchitecturalmigration. ForthesamereasonspointersareusefulinlanguageslikeCandC++,URLsasreferencestodataare morecompactandefficienttohandofftopotentialconsumersofinformation.Largedatasetssuch asfinancialtransactions,satelliteimagery,etc.canbereferencedinworkflowswithoutrequiringall participantstosuffertheburdenofhandlingthelargecontentvolume. Anyorchestrationthattouchesactualdatamustconsiderthesecurityimplicationsofpassingitonto othersystems.Itquicklybecomesuntenabletoprovideperfectknowledgeofwhoisallowedtodo whatateverystepofaprocess.Ifareferenceispassedfromsteptostep,itisuptotheinformation sourcetoenforceaccess.Somestepsmaynotrequireaccesstothesensitiveinformationandcould thereforebeexcludedfromreceivingitwhentheyresolvethereference. Thismeansthelatebindingresolutioncanfactorinthefullcontextoftherequest.Aparticularuser accessingaresourcefromoneapplicationmighthaveabusinessneedtoseesensitiveinformation. Thesamepersonusingadifferentapplicationmightnothaveabusinessjustificationtothesame data.ARESTfulservicecouldinspectsessiontokensandtheliketoenforcethisaccesspolicy declaratively.Thislevelofspecificityisrequiredtopreventinternalfraud,oftenthebiggestriskin systemsthatdealwithsensitivecontent.Thedetailsofsuchasystemaregoingtobe implementationspecificandarelargelyorthogonaltotheprocessofnamingandresolving logicallynamedcontent. Dependencyonalogicalconnectionallowsclientstobeprotectedagainstimplementationchanges. Whenpopularwebsitesshiftfromonetechnologytoanother,theyareusuallysuccessfulathiding thesechangesfromtheirusers.RESTfulservicesdothesamething.Thisgivesusthefreedomto wraplegacysystemswithlogicalinterfacesandleavetheminplaceuntilthereisabusinessreasonto investinanewimplementation.Whenthathappens,clientscanbeprotectedfrombeingaffected. Inadditiontomediatingtechnologychanges,RESTfulsystemsallowyoutoembraceavariantof Postel'sLaw:BeConservativeinwhatyoudo;beLiberalinwhatyouacceptfromothers.Youcan maintainstrictcontentvalidationofwhatyouacceptandreturn.However,ifyouhaveanexisting clientbasethatisprovidingyoucontentinagivenform,youarefreetoallowotherclientsto providedifferentforms,differentschemas,etc.withoutaffectingtheexistingclients.Systemsthat closelyassociateacontractwithanendpointtendnottohavethisfreedomwhichmakesthemmore brittleandquicklyfragmented.
17 InfoQExplores:REST
HypertextAstheEngineofStateTransfer(HATEOS)
Assystemscomeacrossreferencestoinformationresources,manypeoplethinkthereneedstobe somesortofdescriptionlanguagetoindicatewhatispossibleorshouldbedonewithit.Thereality isthatawellconsideredRESTfulsystemusuallydoesnotrequirethisconcept.Thisisdifficultfor SOAPdeveloperstoaccept,butithastodowiththeconstraintsofthearchitecturalstyle.Because wetreatinformationresourcesasthingstomanipulatethroughauniforminterface(theURL!)and restrictoureffortstoasmallsetofverbs,therereallyisnoneedtodescribetheservice. Ifyoufindyourselfconfusedonthispoint,itisprobablyanarchitecturalsmellthatyouareconflating manipulatingresourceswithinvokingarbitrarybehavior.TheRESTverbsprovidethefullsetof operationstoapplytoaninformationresource.Certainly,youneedtoknowwhatinformationis beingreturnedsoyouknowhowtoprocessit,butthatiswhatMIMEtypesarefor.Whileitisusually preferabletoreuseknowntypes(application/xml,image/png,etc.),manydevelopersdonotrealize thattheycancreatetheirownapplicationspecificdatatypesifnecessary. Inthelargerarcofthisarticleseries,wewilladdresstheproblemsoffindingandbindingarbitrary resourcesusingrichmetadata.Fornow,wewillsimplykeepinmindRoy'sunderscoringofthe importanceof"hypertextastheengineofstatetransfer"(obliquelyreferredtoas"HATEOS"by RESTafarians).Thisisperhapsthemostmisunderstoodportionofthethesis.Togetitsfullimplication, weneedtorevisithowtheWebworks. YoutypeaURLintothebrowseranditissuesanHTTPGETrequestforthatresource.Invariably,the serverrespondswithabytestream,aresponsecode(usually200onsuccess)andaMIMEtype indicatingthattheresponseisHTML.Thebrowserdecidesitknowshowtohandlethistypeand parsestheresultintoadocumentmodelofsomesort.Withinthatmodel,itfindsreferencestoother resources:links,images,scripts,stylesheets,etc.Ittreatseachonedifferently,butitdiscoversthem intheprocessofresolvingtheoriginalresource.Thereisnoservicedescription;thebrowser,asa client,simplyknowshowtoparsetheresult. ThesamemechanismshouldbeemployedforRESTfulservices.TheURLsthemselvesshouldnotbe "magical".AclientshouldnotberequiredtoknowhowtoparseaURLorhaveanyspecial knowledgeofwhatonelevelinthehierarchymeansoveranotherone.RESTfulclientsshould retrievearesource,investigatethereturnedMIMEtypeandparsetheresult.Assuch,aclientshould knowhowtoparsethereturnedtype. Forexample,aclientmightreceiveareferencetothemainRESTfulserviceforthereportingservice wedescribedabove: http://company1.com/report/ Ifrequestedfromabrowser,itcouldreturnanHTMLdocumentthathasreferencesto: http://company1.com/report/sales whichtheusercouldclickthroughtofindalistofyearstobrowse.Thepointisthatthebrowserhas
18 InfoQExplores:REST
nospecialknowledgeoftheURLstructure,butitknowshowtoparsetheresultandpresentthe contenttotheuserinawayshecanexplore. ThesamecanbetrueofotherMIMEtyperesponses.Forexample,requestingthe2009quarterly reportsasXML: http://company1.com/reports/sales/2009/qtr couldyield: <reports> <description>2009 Quarterly Reports</description> <report name="First Quarter" src="http://company1.com/reports/sales/2009/qtr/1"/> <report name="Second Quarter" src="http://company1.com/reports/sales/2009/qtr/2"/>
<report name="Third Quarter" src="http://company1.com/reports/sales/2009/qtr/3"/> </reports> YoucanthinkoftheURLasavectorthroughaninformationspace.Eachlevelpointsyoucloserto theultimateresource.Differentpathscanyieldthesameresults.Theclientwillhavetoknowhowto parsetheseresults,butbygivingtheresponseanidentifiabletype,wecantriggertheappropriate parser.Thestructurecanbespideredbydescendingthroughthereferences,orpresentedtoauser tobrowsethroughsomekindofinterface.ARESTfulinterfacebecomesawayforclientstoaskfor informationbasedonwhattheyknow.Theystartfromaknownordiscoveredpointandbrowsethe informationlikeyoubrowsetheWeb. ThisiswhatHATEOSrefersto.Theapplicationstateistransferredanddiscoveredwithinthe hypertextresponses.JustlikethebrowserneedstoknowaboutHTML,images,soundfiles,etc.,a RESTfulclientwillneedtoknowhowtoparsetheresultsofresolvingaresourcereference.However, theentireprocessissimple,constrained,scalableandflexibleexactlythepropertieswewantfrom anetworkedsoftwaresystem. Manypeoplebuild"RESTful"systemsthatrequiretheclientstoknowbeforehandwhateachlevelin aURLmeans.Shouldtheinformationgetreorganizedontheserverside,clientsofthosesystemswill break.ClientsthattrulyembodyHATEOSaremorelooselycoupledfromtheserversthey communicatewith.
19 InfoQExplores:REST
LookingForward
Westruggledailytosolvetheproblemsofrapidlychangingdomains,technologies,customer demandsandactionableknowledge.Wespendtoomuchtimewritingsoftwaretolinkwhatwelearn towhatweknow.Objectsanddatabaseshavenotkeptpacewiththechangesweexperience.We needanewwayoflookingattheinformationweproduceandconsumethatisextensibleandless fragilethanthesolutionsofthepast.Weneedtechnologytohelpusformconsensus.Weshouldnot havetoachieveconsensusintheformofcommonmodelsbeforewecanuseourtechnologies. Inthisarticle,wehaveintroducedtheseriesandhavebeguntolookathowRESTandWeb technologiescanserveasthebasisofanewinformationorientedarchitecture.Wehaveestablished anamingschemethatallowsustounifyreferencestoallmannerofcontent,servicesand documents.Clientscanleveragethefreedomtonegotiateinformationintotheformtheywant.As theyresolvereferences,theycandiscovernewcontentconnectedthroughnewrelationships. ThisarchitecturalstyleandthetechnologiessurroundingtheSemanticWebcombinenicelytocreate powerful,scalable,flexiblesoftwaresystems.TheircapacitytocreateWebsofDatawillhaveas muchimpactonourlivesastheWebhasalreadyhad.Thiswillbeaninformationsystemsrevolution thatwillturnmuchofwhatweknowonitshead.Itwillnotonlyreducethecostofdataintegration, butitwillenablenewbusinesscapabilitieswecanonlybegintoimagine. Wearemovingintoaworldwhereinformationcanbeconnectedandusedregardlessofwhetherit iscontainedindocuments,databasesorisreturnedastheresultsofaRESTfulservice.Wewillbe abletodiscovercontentandconnectittowhatwealreadyknow.Wewillbeabletosurfacethedata currentlyhiddenbehinddatabases,spreadsheets,reportsandothersilos.Notonlywillwegain accesstothisinformation,wewillbeabletoconsumeitinthewayswewantto. Thisisoneofthemain,modestgoalsoftheSemanticWeb.Achievingit,aswearenowabletodo,is startingtochangeeverything. Link:http://www.infoq.com/articles/roarestofrest RelatedContents JavaOneSemanticWebPanel CoolURIsinaRESTfulWorld AComparativeClarification:Microformatsvs.RDF TheSemanticWebandOntologicalTechnologiesContinuetoExpand SPARQLUpdatetoCompleteRESTfulSOAScenario
20 InfoQExplores:REST
Articles
RESTfulHTTPinpractice
Author:GregorRoth ThisarticlegivesashortoverviewaboutthebasicsofRESTfulHTTPanddiscussestypicalissues thatdevelopersfacewhentheydesignRESTfulHTTPapplications.ItshowshowtoapplytheREST architecturestyleinpractice.ItdescribescommonlyusedapproachestonameURIs,discusseshow tointeractwithresourcesthroughtheUniforminterface,whentousePUTorPOSTandhowto supportnonCRUDoperations. RESTisastyle,notastandard.ThereisneitheraRESTRFC,noraRESTprotocolspecificationnor somethingsimilar.TheRESTarchitecturestylehasbeendescribedinthedissertationofRoyFielding, oneoftheprincipalauthorsoftheHTTPandURIspecification.AnarchitecturestylesuchasREST definesasetofhighlevelarchitecturesdecisionswhichisimplementedbyanapplication. Applicationswhichimplementadedicatedarchitecturestylewillusethesamepatternsandother architecturalelementssuchascachingordistributionstrategiesinthesameway.RoyFielding describedRESTasanarchitecturestylewhichattemptstominimizelatencyandnetwork communication,whileatthesametimemaximizingtheindependenceandscalabilityofcomponent implementations" EventhoughRESTisheavilyinfluencedbytheWebTechnology,intheorytheRESTarchitecturestyle isnotboundtoHTTP.However,HTTPistheonlyrelevantinstanceoftheREST.Forthisreasonthis articledescribesRESTimplementedbyusingHTTP.OftenthisiscalledRESTfulHTTP. TheideabehindRESTfulHTTPistousetheexistingfeaturesandcapabilitiesoftheWEB.RESTdoes notinventnewtechnologies,componentsorservices.RESTfulHTTPdefinestheprinciplesand constrainstousetheexistingWEBStandardsinabetterway.
Resources
ResourcesarethekeyabstractionsinREST.Theyaretheremoteaccessibleobjectsoftheapplication. Aresourceisaunitofidentification.Everythingthatmightbeaccessedorbemanipulatedremotely couldbearesource.Resourcescanbestatic,whichmeansthestateoftheresourcewillnotchange overthetime.Ontheothersideotherresourcescanhaveahighdegreeofvarianceintheirstate overtime.Bothtypesofresourcesarevaildtypes. Forinstance,theclasses,showninFigure1,couldeasilybemappedtosuchresources.Mapping
21 InfoQExplores:REST
Figure1:Exampleanalysismodel Theanalysismodelisagoodstartingpointforidentifyingresources.However,thereisnot necessarilyaonetoonemapping.Forinstance,the<Hotel>.listOccupancy()operationcanalsobe modelledasresources.Furthermoretherecouldalsoberesourceswhichrepresents(partsof)some entities.Theprimarydriversoftheresourcedesignarenetworkingaspectsandnottheobject model. Anyimportantresourceisreachablethroughauniqueidentifier.RESTfulHTTPusesURIstoidentify resources.URIsareprovidingidentificationthatiscommonacrosstheWeb.Theycontaineverything theclientneedstointeractwiththereferredresource. HowtonameResourceIdentifiers? EventhoughRESTfulHTTPdoesnotspecifyhowaURIpathhavetobestructured,inpracticeoften specificnamingschemasfortheURIpathisused.URInamingschemashelptodebugandtrace applications.OftenaURIcontainstheresourcetypenamefollowedbyanidentifiertoaddressa dedicatedresource.SuchaURIwillnotcontainverbswhichindicateabusinessoperationtoprocess. Itisonlyusedtoaddressresources.Figure(a1)showsanexampleURIofaHotelresource. AlternativelythesameHotelcanbeaccessedbyURI(a2).Aresourcecanbereferedbymorethan oneURI. (a1) http://localhost/hotel/656bcee2-28d2-404b-891b (a2) http://127.0.0.1/hotel/656bcee2-28d2-404b-891b (b) http://localhost/hotel/656bcee2-28d2-404b-891b/Room/4 (c) http://localhost/hotel/656bcee2-28d2-404b-891b/Reservation/15 (d) http://localhost/hotel/656bcee2-28d2-404b-891b/Room/4/Reservation/15
22 InfoQExplores:REST
(e) http://localhost/hotel/656bcee2-28d2-404b-891b/Room/4/Reservation/15 v7 (f) http://localhost/hotel/656bcee2-28d2-404b-891bv12 Figure2:Examplesofaddressingresources URIscanalsobeusedbyresourcestoestablishrelationshipsbetweenresourcerepresentations.For instanceaHotelrepresentationwillrefertheassignedRoomresourcesbyusingaURI,notbyusinga plainRoomid.UsingaplainidwouldforcethecallertoconstructaURIbyaccessingtheresource. Thecallerwouldnotbeabletoaccesstheresourcewithoutadditionalcontextknowledgesuchas thehostnameorthebaseURIpath. Hyperlinksareusedbyclientstonavigatethroughtheresources.RESTfulAPIsarehypertextdriven, whichmeansbygettingaHotelrepresentationtheclientwillbeabletonavigatetotheassigned RoomrepresentationsandtheassignedReservationrepresentations. Inpractice,classessuchasshowninfigure1willoftenbemappedinthesenseofbusinessobjects. ThismeanstheURIstayspersistentthroughoutthelifecycleofthebusinessobject.Ifannew resourceiscreated,anewURIwillbeallocated.AfterdeletingtheresourcetheURIbecomesinvalid. TheURI(a),(b),(c)and(d)areexamplesofsuchidentifiers.OntheothersideaURIcanalsobeused toreferringobjectsnapshots.ForinstancetheURI(e)and(f)wouldrefersuchasnapshotby includingaversionidentifierwithintheURI. URIscanalsoaddresses"sub"resourcesasshowninexample(b),(c),(d)and(e).Oftenaggregated objectswillbemappedtosubresourcessuchastheRoomwhichisaggregatedbytheHotel. Aggregatedobjectsdonothavetheirownlifecycleandiftheparentobjectisdeleted,allaggregated objectswillalsobedeleted. However,ifasub"resourcecanbemovedfromoneparentresourcetoanotheroneitshouldnot includetheparentresourceidentifierwithintheURI.ForinstancetheReservation,showninFigure1 canbeassignedtoanotherRoom.AReservationresourceURIwhichcontainstheRoomidentifier suchasshownin(d)willbecomeinvalid,iftheRoominstanceidentifierchanges.Ifsucha ReservationURIisreferredbyanotherresource,thiswillbeaproblem.ToavoidinvalidURIsthe Reservationcouldbeaddressedsuchasshownin(c). NormallytheresourceURIsarecontrolledbytheserver.Theclientsdonothavetounderstandthe resourceURInamespacestructuretoaccesstheresource.ForinstanceusingtheURIstructure(c)or theURIstructure(d)willhavethesameeffectsfortheclient.
UniformResourceinterface
TosimplifytheoverallsystemarchitecturetheRESTarchitecturestyleincludestheconceptofa UniformInterface.TheUniformInterfaceconsistsofaconstrainedsetofwelldefinedoperationsto accessandmanipulateresources.Thesameinterfaceisusedregardlessoftheresource.Iftheclient
23 InfoQExplores:REST
interactswithaHotelresource,aRoomresourceoraCreditScoreresourcetheinterfacewillbethe same.TheUniformInterfaceisindependenttotheresourceURI.NoIDLlikefilesarerequired describingtheavailablemethods. TheinterfaceofRESTfulHTTPiswidelyusedandverypopular.ItconsistsofthestandardHTTP methodssuchasGET,PUTorPOSTwhichisusedbyinternetbrowserstoretrievepagesandtosend data.UnfortunatelyalotofdevelopersbelieveimplementingaRESTfulapplicationjustmeanstouse HTTPinadirectway,whichitisnot.ForinstancetheHTTPmethodshavetobeimplemented accordingtotheHTTPspecification.UsingaGETmethodtocreateortomodifyobjectsviolatesthe HTTPspecification. UniformInterfaceapplied Fielding'sdissertationdoesnotincludeatable,alistorsomethingelsewhichdescribesindetail whenandhowtousethedifferentHTTPverbs.ForthemostmethodssuchasGETorDELETEit becomesclearbyreadingtheHTTPspecification.ThisisnottrueforPOSTandpartialupdates.In practicedifferentapproachesexiststoperformpartialupdatesonresourceswhichwillbediscussed below. Table1listthetypicalusageofthemostimportantmethodsGET,DELETE,PUTandPOST Important Methods TypicalUsage TypicalStatusCodes 200(OK)therepresentationissentinthe response 204(nocontent)theresourcehasanempty representation 301(MovedPermanently)theresourceURIhas beenupdated retrievea representation GET retrievea representationif modified(caching) 303(SeeOther)e.g.loadbalancing 304(notmodified)theresourcehasnotbeen modified(caching) 400(badrequest)indicatesabadrequest(e.g. wrongparameter) 404(notfound)theresourcedoesnotexits 406(notacceptable)theserverdoesnotsupport therequiredrepresentation 500(internalservererror)genericerrorresponse yes yes Safe? tent
Idempo
24 InfoQExplores:REST
Important Methods
TypicalUsage
Safe? tent
Idempo
DELETE
deletetheresource
400(badrequest)indicatesabadrequest 404(notfound)theresourcedoesnotexits 409(conflict)generalconflict 500(internalservererror)genericerrorresponse 503(ServiceUnavailable)Theserveriscurrently unabletohandletherequest 200(OK)ifanexistingresourcehasbeenupdated 201(created)ifanewresourceiscreated 301(MovedPermanently)theresourceURIhas beenupdated 303(SeeOther)e.g.loadbalancing
no
yes
PUT
createaresourcewith 400(badrequest)indicatesabadrequest clientsidemanaged 404(notfound)theresourcedoesnotexits instanceid 406(notacceptable)theserverdoesnotsupport updatearesourceby therequiredrepresentation no replacing 409(conflict)generalconflict updatearesourceby replacingifnotmodified 412(PreconditionFailed)e.g.conflictby (optimisticlocking) performingconditionalupdate 415(unsupportedmediatype)received representationisnotsupported 500(internalservererror)genericerrorresponse 503(ServiceUnavailable)Theserveriscurrently unabletohandletherequest
yes
25 InfoQExplores:REST
TypicalUsage
Safe? tent no
Idempo
(autogenerated) instanceid
createasubresource 301(MovedPermanently)theresourceURIhas beenupdated partialupdateofa 303(SeeOther)e.g.loadbalancing resource 400(badrequest)indicatesabadrequest no partialupdatea 404(notfound)theresourcedoesnotexits resourceifnotmodified 406(notacceptable)theserverdoesnotsupport (optimisticlocking) therequiredrepresentation 409(conflict)generalconflict 412(PreconditionFailed)e.g.conflictby performingconditionalupdate 415(unsupportedmediatype)received representationisnotsupported 500(internalservererror)genericerrorresponse 503(ServiceUnavailable)Theserveriscurrently unabletohandletherequest Table1:ExampleofaUniformInterface
Representations
Resourceswillalwaysbemanipulatedthroughrepresentations.Aresourcewillneverbetransmitted overthenetwork.Insteadrepresentationsofaresourcearetransmitted.Arepresentationconsistsof dataandmetadatadescribingthedata.ForinstancetheContentTypeheaderofaHTTPmessageis suchametadataattribute. Figure3showshowtoretrievearepresentationbyusingJava.ThisexampleusestheHttpClientof theJavaHTTPlibraryxLightwebwhichismaintainedbytheauthor. HttpClient httpClient = new HttpClient();
26 InfoQExplores:REST
representationoftheHotelresource.Thereturnedrepresentation,showninFigure4,alsoincludesa ContentTypeheaderwhichindicatesthemediatypeoftheentitybody. REQUEST: GET /hotel/656bcee2-28d2-404b-891b HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6
classification=Comfort&name=Central&RoomURI=http%3A%2F%2Flocalhost%2 Fhotel%2F 656bcee2-28d2-404b-891b%2FRoom%2F2&RoomURI=http%3A%2F%2Flocalhost%2F hotel%2F6 56bcee2-28d2-404b-891b%2FRoom%2F1 Figure4:RESTfulHTTPinteraction Howtosupportspecificrepresentations? Sometimesonlyareducedsetofattributesshouldbereceivedtoavoidtransferringlargedatasets. Inpractice,oneapproachtodeterminetheattributesofarepresentationistosupportaddressing specificattributesasshowninfigure5. REQUEST: GET /hotel/656bcee2-28d2-404b-891b/classification HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded
RESPONSE:
27 InfoQExplores:REST
classification=Comfort Figure5:Attributefiltering TheGETcall,showninfigure5,requestsonlyoneattribute.Torequestmorethanoneattributethe requiredattributescouldbeseparatedbyusingacommaasshowninfigure6. REQUEST: GET /hotel/656bcee2-28d2-404b-891b/classification,name HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded
classification=Comfort&name=Central Figure6:Multiattributefiltering Anotherwaytodeterminetherequiredattributesistouseaqueryparameterwhichliststhe requiredattributesasshowninfigure7.Queryparameterwillalsobeusedtodefinequery conditionsormorecomplexfilterorquerycriteria. REQUEST: GET /hotel/656bcee2-28d2-404b-891b?reqAttr=classification&reqAttr=name HTTP/1.1 Host: localhost
28 InfoQExplores:REST
classification=Comfort&name=Central Figure7:QueryString Intheexamplesabovetheserveralwaysreturnsarepresentationwhichisencodedbythemedia typeapplication/xwwwformurlencoded.Essentiallythismediatypeencodesanentityasalistof keyvaluepairs.Thekeyvalueapproachisveryeasytounderstand.Unfortunatelyitwillnotfitwell, ifmorecomplexdatastructureshavetobeencoded.Furthermorethismediatypedoesnotsupport abindingofscalardatatypessuchasInteger,BooleanorDate.ForthisreasonoftenXML,JSONor Atomisusedtorepresentresources(JSONalsodoesnotdefinethebindingoftheDatetype). HttpClient httpClient = new HttpClient();
String jsonString = response.getBlockingBody().readString(); JSONObject jsonObject = (JSONObject) JSONSerializer.toJSON(jsonString); HotelHotel= (Hotel) JSONObject.toBean(jsonObject, Hotel.class); Figure8:RequestingaJSONrepresentation Bysettingtherequestacceptheader,theclientisabletorequestforaspecificrepresentation encoding.Figure8showshowtorequestarepresentationofthemediatypeapplication/json.The returnedresponsemessageshowninfigure9willbemappedtoaHotelbeanbyusingthelibrary
29 InfoQExplores:REST
JSONlib. REQUEST: GET /hotel/656bcee2-28d2-404b-891b HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/json
RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 263 Content-Type: application/json; charset=utf-8
{"classification":"Comfort", "name":"Central", "RoomURI":["http://localhost/hotel/656bcee2-28d2-404b-891b/Room/1", "http://localhost/hotel/656bcee2-28d2-404b-891b/Room/2"]} Figure9:JSONrepresentation Howtosignalerrors? Whathappensiftheserverdoesnotsupporttherequiredrepresentation?Figure10showsaHTTP interactionwhichrequestsforaXMLrepresentationoftheresource.Iftheserverdoesnotsupport therequiredrepresentation,itwillreturnaHTTP406responseindicatingtorefusetoservicethe request. REQUEST: GET /hotel/656bcee2-28d2-404b-891b HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: text/xml
RESPONSE:
30 InfoQExplores:REST
HTTP/1.1 406 No match for accept header Server: xLightweb/2.6 Content-Length: 1468 Content-Type: text/html; charset=iso-8859-1
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/> <title>Error 406 No match for accept header</title> </head> <body> <h2>HTTP ERROR: 406</h2><pre>No match for accept header</pre> ... </body> </html> Figure10:Unsupportedrepresentation ARESTfulHTTPserverapplicationhastoreturnthestatuscodeaccordingtotheHTTPspecification. Thefirstdigitofthestatuscodeidentifiesthetypeoftheresult.1xxindicatesaprovisionalresponse, 2xxasuccessfulresponse,3xxaredirect,4xxaclienterrorand5xxaservererror.Misusingthe responsecodeoralwaysreturninga200response,whichcontainsanapplicationspecificresponsein thebodyisabadidea. Clientagentsandintermediariesalsoevaluatetheresponsecode.ForinstancexLightweb's HttpClientpoolspersistentHTTPconnectionsbydefault.AfteranHTTPinteractionapersistentHTTP connectionwillbereturnedintoaninternalpoolforreuse.Thiswillonlybedoneforhealthy connection.Forinstanceconnectionswillnotbereturnedifa5xxstatuscodeisreceived. Sometimesspecificclientsrequireamoreprecisestatuscode.Oneapproachtodothisistoaddan XHeader,whichdetailstheHTTPstatuscodeasshowninfigure11. REQUEST: POST /Guest/ HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6
31 InfoQExplores:REST
RESPONSE: HTTP/1.1 400 Bad Request Server: xLightweb/2.6 Content-Length: 55 Content-Type: text/plain; charset=utf-8 X-Enhanced-Status: BAD_ADDR_ZIP
AddressException: bad zip code 99566 Figure11:Enhancedstauscode Oftenthedetailederrorcodeisonlynecessarytodiagnoseprogrammingerrors.AlthoughaHTTP statuscodeisoftenlessexpressivethanadetailederrorcode,inmostcasestheyaresufficientfor theclienttohandletheerrorcorrectly.Anotherapproachistoincludethedetailederrorcodeinto theresponsebody
PUTtingorPOSTing?
IncontrasttopopularRPCapproachestheHTTPmethodsdonotonlyvaryinthemethodname. PropertiessuchasidempotencyorsafetyplayanimportantroleforHTTPmethods.Idempotency andsafetyvariesforthedifferentHTTPmethods. HttpClient httpClient = new HttpClient();
String[] params = new String[] { "firstName=Forest", "lastName=Gump", "street=42 Plantation Street", "zip=30314",
32 InfoQExplores:REST
"city=Baytown", "state=LA", "country=US"}; IHttpRequest request = new PutRequest(gumpURI, params); IHttpResponse response = httpClient.call(request); Figure12:PerformingaPUTmethod Forinstancefigure12and13showaPUTinteractiontocreateanewGuestresource.APUTmethod storestheenclosedresourceunderthesuppliedRequestURI.TheURIwillbedeterminedonthe clientside.IftheRequestURIreferstoanalreadyexistingresource,thisresourcewillbereplacedby thenewone.ForthisreasonthePUTmethodwillbeusedtocreateanewresourceaswellasto updateanexistingresource.However,byusingPUT,thecompletestateoftheresourcehastobe transferred.TheupdaterequesttosetthezipfieldhastoincludeallotherfieldsoftheGuest resourcesuchasfirstNameorcity. REQUEST: PUT Hotel/guest/bc45-9aa3-3f22d HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Content-Length: 94 Content-Type: application/x-www-form-urlencoded
RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 36 Content-Type: text/plain; charset=utf-8 Location: http://localhost/guest/bc45-9aa3-3f22d
33 InfoQExplores:REST
Theguestresourcehasbeenupdated. Figure13:HTTPPUTinteraction ThePUTmethodisidempotent.Anidempotentmethodmeansthattheresultofasuccessful performedrequestisindependentofthenumberoftimesitisexecuted.Forinstanceyoucan executeaPUTmethodtoupdatetheHotelresourceasmanytimesasyoulike,theresultofa successfulexecutionwillalwaysbethesame.IftwoPUTmethodsoccursimultaneously,oneofthem willwinanddeterminethefinalstateoftheresource.TheDELETEmethodisalsoidempotent.Ifa PUTmethodoccursconcurrentlytoaDELETEmethod,theresourcedwillbeupdatedordeleted,but nothinginbetween. IfyouarenotsureiftheexecutionofaPUTorDELETEwassuccessfulandyoudidnotgetastatus codesuchas409(Conflict)or417(ExpectationFailed),reexecuteit.Noadditionalreliability protocolsarenecessarytoavoidduplicatedrequest.Ingeneraladuplicatedrequestdoesnotmatter. ThisisnottrueforthePOSTmethod,becausethePOSTmethodisnotidempotent.Takecareby executingthesamePOSTmethodtwice.Themissingidempotencyisthereasonwhyabrowser alwayspopsupawarningdialogwhenyouretryaPOSTrequest.ThePOSTmethodwillbeusedto createaresourcewithoutdetermininganinstancespecificidontheclientside.Forinstancefigure 14showsaHTTPinteractiontocreateaHotelresourcebyperformingaPOSTmethod.Typicallythe clientsendsthePOSTrequestbyusingaURIwhichcontainstheURIbasepathandtheresourcetype name. REQUEST: POST /HotelHTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Content-Length: 35 Content-Type: application/x-www-form-urlencoded; charset=utf-8 Accept: text/plain
classification=Comfort&name=Central
34 InfoQExplores:REST
Content-Type: text/plain; charset=utf-8 Location: http://localhost/hotel/656bcee2-28d2-404b-891b theHotelresourcehasbeencreated Figure14:HTTPPOSTinteraction(create) OftenthePOSTmethodwillalsobeusedtoupdatepartsoftheresource.ForinstancesendingaPUT requestswhichcontainsonlytheclassificationtoupdatetheHotelresourceviolatesHTTP.Thisisnot trueforthePOSTmethod.ThePOSTmethodisneitheridempotentnorsafe.Figure15showssucha partialupdatebyusingaPOSTmethod. REQUEST: POST /hotel/0ae526f0-9c3d HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Content-Length: 19 Content-Type: application/x-www-form-urlencoded; charset=utf-8 Accept: text/plain
classification=First+Class
RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 52 Content-Type: text/plain; charset=utf-8 theHotelresourcehasbeenupdated(classification) Figure15:HTTPPOSTinteraction(update) PartialupdatecanalsobeperformedbyusingthePATCHmethod.ThePATCHmethodisaspecialized methodtoapplypartialmodificationstoaresource.APATCHrequestincludesapatchdocument whichwillbeappliedtotheresourceidentifiedbytheRequestURI.However,thePATCHRFCisin draft.
35 InfoQExplores:REST
UsingHTTPcaching
ToimprovethescalabilityandtoreducetheserverloadRESTfulHTTPapplicationscanmakeuseof theWEBInfrastructurecachingfeatures.HTTPrecognizescachingasanintegralpartoftheWEB infrastructure.ForinstancetheHTTPprotocoldefinesspecificmessageheaderstosupportcaching.If theserversetssuchheaders,clientssuchasHTTPclientsorWebcachingproxieswillbeableto supportefficientcachingstrategies. HttpClient httpClient = new HttpClient(); httpClient.setCacheMaxSizeKB(500000);
// ... sometime later re-execute the request response = httpClient.call(request); classification = response.getBlockingBody.readString(); Figure16:Clientsidecachinginteraction Forinstancefigure16showsarepeatedGETcall.Bysettingthecachemaxsizelargerthan0the cachingsupportoftheHttpClientisactivated.Iftheresponsecontainsfreshnessheaderssuchas ExpiresorCacheControl:maxage,theresponsewillbecachedbytheHttpClient.Theseheaderstell howlongtheassociatedrepresentationisfreshfor.Ifthesamerequestisperformedwithinthis periodoftime,theHttpClientwillservetherequestusingthecacheandavoidarepeatednetwork call.Onthenetwork,showninfigure17,onlyoneHTTPinteractionintotaloccurs.Caching intermediariessuchasWEBproxiesimplementthesamebehaviour.Inthiscasethecachecanbe sharedbetweendifferentclients. REQUEST: GET /hotel/656bcee2-28d2-404b-891b/classification HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6
36 InfoQExplores:REST
Accept: text/plain
RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Cache-Control: public, max-age=60 Content-Length: 26 Content-Type: text/plain; charset=utf-8 comfort Figure17:HTTPresponseincludinganexpireheader Theexpirationmodelworksverywellforstaticresources.Unfortunately,thisisnottruefordynamic resourceswherechangesinresourcestateoccurfrequentlyandunpredictably.HTTPsupports cachingdynamicresourcesbyvalidationheaderssuchasLastModifiedandETag.Incontrasttothe expirationmodel,thevalidationmodeldonotsaveanetworkrequest.However,executinga conditionalGETcansafeexpensiveoperationstogenerateandtransmitaresponsebody.The conditionalGETshowninfigure18(2.request)containsanadditionalLastModifiedheaderwhich holdsthelastmodifieddateofthecachedresponse.Iftheresourceisnotchanged,theserverwill replywitha304(NotModified)response. 1. REQUEST: GET /hotel/656bcee2-28d2-404b-891b/Reservation/1 HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded
1. RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 252 Content-Type: application/x-www-form-urlencoded Last-Modified: Mon, 01 Jun 2009 08:56:18 GMT
37 InfoQExplores:REST
2. REQUEST: GET /hotel/0ae526f0-9c3d/Reservation/1 HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded If-Modified-Since: Mon, 01 Jun 2009 08:56:18 GMT
2. RESPONSE: HTTP/1.1 304 Not Modified Server: xLightweb/2.6 Last-Modified: Mon, 01 Jun 2009 08:56:18 GMT Figure18:Validationbasedcaching
Donotstoreapplicationstateontheserverside
ARESTfulHTTPinteractionhastobestateless.Thismeanseachrequestcontainsallinformation whichisrequiredtoprocesstherequest.Theclientisresponsiblefortheapplicationstate.ARESTful serverdoesnothavetoretaintheapplicationstatebetweenrequests.TheServerisresponsiblefor theresourcestatenotfortheapplicationstate.Serversandintermediariesareabletounderstand therequestandresponseinisolation.Webcachingproxiesdohavealltheinformationtohandlethe messagescorrectlyandtomanagetheircaches. Thisstatelessapproachisafundamentalprincipletoimplementhighscalable,highavailable applications.Ingeneralstatelessnessenablesthateachclientrequestcanbeservedbydifferent servers.Aservercanbereplacedbyanotheroneforeachrequest.Astrafficincreases,newservers areadded.Ifaserverfails,itwillberemovefromthecluster.Foramoredetailedexplanationonload balancingandfailoverrefertothearticleServerloadbalancingarchitectures.
38 InfoQExplores:REST
SupportingnonCRUDoperations
OftendeveloperswonderhowtomapnonCRUD(CreateReadUpdateDelete)operationsto resources.ItisobviouslythatCreate,Read,UpdateandDeleteoperationswillmapverywellto resourcemethods.However,RESTfulHTTPisnotlimitedtoCRUDorientedapplications.
Figure19:RESTfulHTTPResources ForinstancethecreditScoreCheckclassshowninfigure19providesanonCRUDoperation creditScore(...)whichconsumesanaddress,calculatesthescoreandreturnsit.Suchanoperation canbeimplementedbyaCreditScoreResourcewhichrepresentstheresultofthecomputation. Figure20showstheGETcallwhichpassesovertheaddresstoprocessandretrievesthe CreditScoreResourcerepresentation.Thequeryparametersareusedtoidentifythe CreditScoreResource.TheGETmethodissafeandcacheablewhichfitsverywelltononfunctional behaviouroftheCreditScoreCheck'screditScore(...)method.Theresultofthescorecalculationcan becachedforaperiodoftime.Asshowninfigure20theresponseincludesacacheheadertoenable clientsandintermediariestocachetheresponse. REQUEST: GET /CreditScore/?zip=30314&lastName=Gump&street=42+Plantation+Street&
39 InfoQExplores:REST
RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 31 Content-Type: application/x-www-form-urlencoded Cache-Control: public, no-transform, max-age=300 scorecard=Excellent&points=92 Figure20:NonCRUDHTTPGETinteraction ThisexamplealsoshowsthelimitoftheGETmethod.AlthoughtheHTTPspecificationdoesnot specifyanymaximumlengthofaURL,practicallimitsareimposedbyclients,intermediariesand servers.ForthisreasonsendingalargeentitybyusingaGETqueryparametercanfailcausedby intermediaryandserverswhichlimitstheURLlength. AnalternativesolutionisperformingaPOSTmethodwhichwillalsobecacheable,ifindicated.As showninfigure21firstaPOSTrequestwillbeperformedtocreateavirtualresource CreditScoreResource.Theinputaddressdataisencodedbythemimetypetext/card.After calculatingthescoretheserversendsa201(created)responsewhichincludestheURIofthecreated CreditScoreResource.ThePOSTresponseiscacheableifindicatedasshownintheexample.By performingaGETrequestthecreditscorewillbefetched.TheGETresponsealsoincludesacache controlheader.Iftheclientreexecutesthesetworequestsimmediately,allresponsescanbeserved bythecache. 1. REQUEST: POST /CreditScore/ HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Content-Length: 198 Content-Type: text/x-vcard
40 InfoQExplores:REST
Accept: application/x-www-form-urlencoded
BEGIN:VCARD VERSION:2.1 N:Gump;Forest;;;; FN:Forest Gump ADR;HOME:;;42 Plantation St.;Baytown;LA;30314;US LABEL;HOME;ENCODING=QUOTED-PRINTABLE:42 Plantation St.=0D=0A30314 Baytown=0D=0ALA US END:VCARD
1. RESPONSE: HTTP/1.1 201 Created Server: xLightweb/2.6 Cache-Control: public, no-transform, max-age=300 Content-Length: 40 Content-Type: text/plain; charset=utf-8 Location: http://localhost/CreditScore/l00000001-l0000005c
41 InfoQExplores:REST
Content-Type: application/x-www-form-urlencoded Cache-Control: public, no-transform, max-age=300 scorecard=Excellent&points=92 Figure21:NonCRUDHTTPPOSTinteraction Therearealsosomevariantsofthisapproach.Insteadofreturninga201responsea301(Moved Permanently)redirectresponsecouldbereturned.The301redirectresponseiscacheablebydefault. Anothervariantwhichavoidsasecondrequestistoaddtherepresentationofthenewlycreate CreditScoreResourcetothe201response.
Conclusion
MostSOAarchitecturessuchasSOAPorCORBAtrytomaptheclassmodel,suchasshowninFigure 1,moreorlessonetooneforremoteaccess.Typically,suchSOAarchitecturesarehighlyfocusedon transparentmappingofprogramminglanguageobjects.Themappingiseasytounderstandandvery traceable.Howeveraspectssuchasdistributionandscalabilityarereducedtoplayingasecondrole. Incontrast,themajordriveroftheRESTarchitecturestyleisdistributionandscalability.Thedesign ofaRESTfulHTTPinterfaceisdrivenbynetworkingaspects,notbylanguagebindingaspects.RESTful HTTPdoesnottrytoencapsulateaspects,whicharedifficulttohidesuchasnetworklatency, networkrobustnessornetworkbandwidth. RESTfulHTTPapplicationsusetheHTTPprotocolinadirectwaywithoutanyabstractionlayer.There arenoRESTspecificdatafieldsuchaserrorfieldsorsecuritytokenfields.RESTfulHTTPapplications willjustusethecapabilityoftheWEB.DesigningRESTfulHTTPinterfacesmeansthattheremote interfacedesignerhastothinkinHTTP.Oftenthisleadstoanadditionalstepwithinthedevelopment cycle. However,RESTfulHTTPallowsimplementingveryscalableandrobustapplications.Especially companieswhichprovidewebapplicationsforaverylargeusergroupsuchasWebMailingor SocialNetworkingapplicationscanbenefitfromtheRESTarchitecturestyle.Oftensuchapplications havetoscaleveryhighandveryfast.Furthermore,suchcompaniesoftenhavetoruntheir applicationonalowbudgetinfrastructurewhichisbuiltonwidelyusedstandardcomponentsand software.
Abouttheauthor
GregorRoth,creatorofthexLightwebHTTPlibrary,worksasasoftwarearchitectatUnitedInternet group,aleadingEuropeanInternetServiceProvidertowhichGMX,1&1,andWeb.debelong.His areasofinterestincludesoftwareandsystemarchitecture,enterprisearchitecturemanagement,
42 InfoQExplores:REST
objectorienteddesign,distributedcomputing,anddevelopmentmethodologies.
Literature
RoyFieldingArchitecturalStylesandtheDesignofNetworkbasedSoftwareArchitectures SteveVinoskiRESTEyefortheSOAGuy SteveVinoskiPresentation:SteveVinoskionREST,ReuseandSerendipity StefanTilkovABriefIntroductiontoREST WikipediaFallaciesofDistributedComputing GregorRothServerloadbalancingarchitectures GregorRothAsynchronousHTTPandCometarchitectures JSONlib xLightweb Link:http://www.infoq.com/articles/designingrestfulhttpappsroth RelatedContents 80legsIsaWebCrawlingService PracticalAdviceforSOAImplementers RPCanditsOffspring:Convenient,YetFundamentallyFlawed HTTPStatusReport BuildingScalableWebServices
43 InfoQExplores:REST
Articles
HowtoGETaCupofCoffee
Author:JimWebber,SavasParastatidis&IanRobinson Weareusedtobuildingdistributedsystemsontopoflargemiddlewareplatformslikethose implementingCORBA,theWebServicesprotocolsstack,J2EE,etc.Inthisarticle,wetakeadifferent approach,treatingtheprotocolsanddocumentformatsthatmaketheWebtickasanapplication platform,whichcanbeaccessedthroughlightweightmiddleware.WeshowcasetheroleoftheWeb inapplicationintegrationscenariosthroughasimplecustomerserviceinteractionscenario.Inthis article,weusetheWebasourprimarydesignphilosophytodistilandsharesomeofthethinkingin ourforthcomingbookGET/connectedWebbasedintegration(workingtitle).
Introduction
Theintegrationdomainasweknowitischanging.TheinfluenceoftheWebandthetrendtowards moreagilepracticesarechallengingournotionsofwhatconstitutesgoodintegration.Insteadof beingaspecialistactivityconductedinthevoidbetweensystemsorevenworse,anafterthought integrationisnowaneverydaypartofsuccessfulsolutions. Yet,theimpactoftheWebisstillwidelymisunderstoodandunderestimatedinenterprisecomputing. EventhosewhoareWebsavvyoftenstruggletounderstandthattheWebisn'taboutmiddleware solutionssupportingXMLoverHTTP,norisitacrudeRPCmechanism.Thisisashamebecausethe Webhasmuchmorevaluethansimplepointtopointconnectivity;itisinfactarobustintegration platform. Inthisarticlewe'llshowcasesomeinterestingusesoftheWeb,treatingitasapliantandrobust platformfordoingverycoolthingswithenterprisesystems.Andthereisnothingthattypifies enterprisesoftwaremorethanworkflows
WhyWorkflows?
Workflowsareastapleofenterprisecomputing,andhavebeenimplementedinmiddleware practicallyforever(atleastincomputingterms).Aworkflowstructuresworkintoanumberof discretestepsandtheeventsthatprompttransitionsbetweensteps.Theoverarchingbusiness processimplementedbyaworkflowoftenspansseveralenterpriseinformationsystems,making workflowsfertilegroundforintegrationwork.
44 InfoQExplores:REST
Starbucks:Standardgenericcoffeedeservesstandardgenericintegration
IftheWebistobeaviabletechnologyforenterprise(andwider)integration,ithastobeableto supportworkflowstoreliablycoordinatetheinteractionsbetweendisparatesystemstoimplement somelargerbusinesscapability. Todojusticetoarealworldworkflow,we'dnodoubthavetoaddressawealthoftechnicaland domainspecificdetails,whichwouldlikelyobscuretheaimofthisarticle,sowe'vechosenamore accessibledomaintoillustratehowWebbasedintegrationworks:GregorHohpe'sStarbuckscoffee shopworkflow.Inhispopularblogposting,GregordescribeshowStarbucksfunctionsasadecoupled revenuegeneratingpipeline:
WhileGregorprefersEAItechniqueslikemessageorientedmiddlewaretomodelStarbucks,we'll modelthesamescenariousingWebresourcesaddressableentitiesthatsupportauniform interface.Infact,we'llshowhowWebtechniquescanbeusedwithallthedependabilityassociated withtraditionalEAItools,andhowtheWebismuchmorethanXMLmessagingovera request/responseprotocol! We'llapologiseinadvancefortakinglibertieswiththewayStarbucksworksbecauseourgoalhere isn'ttomodelStarbuckscompletelyaccurately,buttoillustrateworkflowswithWebbasedservices. Sowithbeliefdulysuspended,let'sjumpin. StatingtheObvious Sincewe'retalkingaboutworkflows,itmakessensetounderstandthestatesfromwhichour workflowsarecomposed,togetherwiththeeventsthattransitiontheworkflowsfromstatetostate. Inourexample,therearetwoworkflows,whichwe'vemodelledasstatemachines.Theseworkflows runconcurrently.OnemodelstheinteractionbetweenthecustomerandtheStarbucksserviceas showninFigure1theothercapturesthesetofactionsperformedbyabaristaasperFigure2. Inthecustomerworkflow,customersadvancetowardsthegoalofdrinkingsomecoffeeby interactingwiththeStarbucksservice.Aspartoftheworkflow,weassumethatthecustomerplaces anorder,pays,andthenwaitsfortheirdrink.Betweenplacingandpayingfortheorder,the customercanusuallyamenditby,forexample,askingforsemiskimmedmilktobeused.
45 InfoQExplores:REST
GETandHEADarespecialcasessincetheydon'tcausestatetransitions.Insteadtheyallowus toinspectthecurrentstateofaresource.
46 InfoQExplores:REST
47 InfoQExplores:REST
integrationthesameoccurs,excepttheservicesandtheirconsumersnotonlyhavetoagree ontheinteractionprotocols,butalsoontheformatandsemanticsoftherepresentations.
Figure5Ordercreated,awaitingpayment The201CreatedstatusindicatesthatStarbuckssuccessfullyacceptedtheorder.TheLocationheader givestheURIofthenewlycreatedorder.Therepresentationintheresponsebodycontains confirmationofwhatwasorderedalongwiththecost.Inaddition,thisrepresentationcontainsthe URIofaresourcewithwhichStarbucksexpectsustointeracttomakeforwardprogresswiththe customerworkflow;we'llusethisURIlater. NotethattheURIiscontainedina<next/>tag,notanHTML<a/>tag.<next/>isheremeaningfulin thecontextofthecustomerworkflow,thesemanticsofwhichhavebeenagreedapriori. We'vealreadyseenthatthe201Createdstatuscodeindicatesthesuccessfulcreationofaresource. We'llneedahandfulofotherusefulcodesbothforthisexampleandforWebbasedintegrationin general: 200OKThisiswhatweliketosee:everything'sfine;let'skeepgoing.201CreatedWe'vejust createdaresourceandeverything'sfine.
48 InfoQExplores:REST
202AcceptedTheservicehasacceptedourrequest,andinvitesustopollaURIintheLocation headerfortheresponse.Greatforasynchronousprocessing. 303SeeOtherWeneedtointeractwithadifferentresource.We'reprobablystillOK. 400BadRequestWeneedtoreformattherequestandresubmitit. 404NotFoundTheserviceisfartoolazy(orsecure)togiveusarealreasonwhyourrequestfailed, butwhateverthereason,weneedtodealwithit. 409ConflictWetriedtoupdatethestateofaresource,buttheserviceisn'thappyaboutit.We'll needtogetthecurrentstateoftheresource(eitherbycheckingtheresponseentitybody,ordoinga GET)andfigureoutwheretogofromthere. 412PreconditionFailedTherequestwasn'tprocessedbecauseanEtag,IfMatchorsimilarguard headerfailedevaluation.Weneedtofigureouthowtomakeforwardprogress. 417ExpectationFailedYoudidtherightthingbychecking,butpleasedon'ttrytosendthatrequest forreal. 500InternalServerErrorTheultimatelazyresponse.Theserver'sgonewrongandit'snottelling why.Crossyourfingers UpdatinganOrder OneofthenicethingsaboutStarbucksisyoucancustomiseyourdrinkinamyriadofdifferentways. Infact,someofthemoreadvancedcustomerswouldbebetterofforderingbychemicalformula, giventhenumberofupgradestheydemand!Butlet'snotbethatambitiousatleastnottostart with.Instead,we'lllookatanotherstorycard:
49 InfoQExplores:REST
tochangetheorderbeforethebaristaprocessesit.Tofindoutifwecanchangetheorder,weask theresourcewhatoperationsit'spreparedtoprocessusingtheHTTPOPTIONSverb,asshownon thewireinFigure6. Request OPTIONS/order/1234HTTP1.1Host:starbucks.example.org Figure6AskingforOPTIONS FromFigure6weseethattheresourceisreadable(itsupportsGET)andit'supdatable(itsupports PUT).Aswe'regoodcitizensoftheWeb,wecan,optionally,doatrialPUTofournewrepresentation, testingthewaterusingtheExpectheaderbeforewedoarealPUTlikeinFigure7. Request PUT/order/1234HTTP1.1Host:starbucks.example.comExpect:100Continue Figure7Lookbeforeyouleap! Ifithadnolongerbeenpossibletochangeourorder,theresponsetoourlookbeforeyouleap requestinFigure7wouldhavebeen417ExpectationFailed.Butheretheresponseis100Continue, whichallowsustotrytoPUTanupdatetotheresourcewithanadditionalshotofespresso,as showninFigure8.PUTtinganupdatedresourcerepresentationeffectivelychangestheexistingone. InthisinstancePUTlodgesanewdescriptionwithan<additions/>elementcontainingthatvital extrashot. AlthoughpartialupdatesarethesubjectofdeepphilosophicaldebateswithintheRESTcommunity, wetakeapragmaticapproachhereandassumethatourrequestforanadditionalshotisprocessed inthecontextoftheexistingresourcestate.Assuchthereislittlepointinmovingthewholeresource representationacrossthenetworkforeachoperationandsowetransmitdeltasonly. Response 100Continue Response 200OKAllow:GET,PUT
50 InfoQExplores:REST
Figure9Successfullyupdatingthestateofaresource CheckingOPTIONSandusingtheExpectheadercan'ttotallyshieldusfromasituationwherea changeattheservicecausessubsequentrequeststofail.Assuchwedon'tmandatetheiruse,andas goodWebcitizenswe'regoingtohandle405and409responsesanyway. OPTIONSandespeciallyusingtheExpectheadershouldbeconsideredoptionalsteps. EvenwithourjudicioususeofExpectandOPTIONS,sometimesourPUTwillfail;afterall,we'reina racewiththebaristaandsometimesthoseguysjustfly! Ifwelosetheracetogetourextrashot,we'lllearnaboutitwhenwetrytoPUTtheupdatestothe resource.TheresponseinFigure10istypicalofwhatwecanexpect.409Conflictindicatesthe resourceisinaninconsistentstatetoreceivetheupdate.Theresponsebodyshowsthedifference betweentherepresentationwetriedtoPUTandtheresourcestateontheserverside.Incoffee termsit'stoolatetoaddtheshotthebarista'salreadypouringthehotmilk.
51 InfoQExplores:REST
ThereareanumberofpatternsforconsistentstateupdatesusingtheWeb.HTTPPUTisidempotent, whichtakesmuchoftheintricateworkoutofupdatingstate,buttherearestillchoicesthatneedto bemade.Here'sourrecipeforgettingupdatesright: 1.Asktheserviceifit'sstillpossibletoPUTbysendingOPTIONS.Thisstepisoptional.Itgivesclients aclueaboutwhichverbstheserversupportsfortheresourceatthetimeofasking,butthereareno guaranteestheservicewillsupportthosesameverbsindefinitely. 2.UseanIfUnmodifiedSinceorIfMatchheadertohelptheserverguardagainstexecutingan unnecessaryPUT.You'llgeta412PreconditionFailedifthePUTsubsequentlyfails.Thisapproach dependseitheronslowlychangingresources(1secondgranularity)forIfUnmodifiedSinceor supportforETagsforIfMatch. 3.ImmediatelyPUTtheupdateanddealwithany409Conflictresponses.Evenifweuse(1)and(2), wemayhavetodealwiththeseresponses,sinceourguardsandchecksareoptimisticinnature. TheW3Chasanonnormativenoteondetectinganddealingwithinconsistentupdatesthatargues forusingETag.ETagsareourpreferredapproach. Afterallthathardworkupdatingourcoffeeorder,itseemsonlyfairthatwegetourextrashot.So fornowlet'sgowithourhappypath,andassumewemanagedtogetouradditionalshotofespresso. Ofcourse,Starbuckswon'thandourcoffeeoverunlesswepay(anditturnsoutthey'vealready hintedasmuch!),soweneedanotherstory:
52 InfoQExplores:REST
Thereareafewaspectstothenextelementworthpointingout.Firstisthatit'sinadifferent namespacebecausestatetransitionsarenotlimitedtoStarbucks.Inthiscasewe'vedecidedthat suchtransitionURIsshouldbeheldinacommunalnamespacetofacilitatereuse(oreveneventual standardisation). Then,there'stheembeddedsemanticinformation(aprivatemicroformat,ifyoulike)intherel attribute.Consumersthatunderstandthesemanticsofthehttp://starbucks.example.org/payment stringcanusetheresourceidentifiedbytheuriattributetotransitiontothenextstate(payment)in theworkflow. Theuriinthe<next/>elementpointstoapaymentresource.Fromthetypeattribute,wealready knowtheexpectedresourcerepresentationisXML.Wecanworkoutwhattodowiththepayment resourcebyaskingtheserverwhichverbsthatresourcesupportsusingOPTIONS.
Innocuousastheyseem,simplelinksliketheoneofFigure10arethecruxofwhattheREST communityratherverboselycallsHypermediaastheengineofapplicationstate.Moresimply,URIs representthetransitionswithinastatemachine.Clientsoperateapplicationstatemachines,likethe oneswesawatthebeginningofthisarticle,byfollowinglinks. Don'tbesurprisedifthattakesalittlewhiletosinkin.Oneofthemostsurprisingthingsaboutthis modelisthewaystatemachinesandworkflowsgraduallydescribethemselvesasyounavigate throughthem,ratherthanbeingdescribedupfrontthroughWSBPELorWSCDL.Butonceyourbrain hasstoppedsomersaulting,you'llseethatfollowinglinkstoresourcesallowsustomakeforward progressinourapplication'svariousstates.Ateachstatetransitionthecurrentresource representationincludeslinkstothenextsetofpossibleresourcesandthestatestheyrepresent.And becausethosenextresourcesarejustWebresources,wealreadyknowwhattodowiththem. Ournextstepinthecustomerworkflowistopayforourcoffee.Weknowthetotalcostfromthe <cost/>elementintheorder,butbeforewesendpaymenttoStarbuckswe'llaskthepayment resourcehowwe'remeanttointeractwithit,asshowninFigure11.
53 InfoQExplores:REST
transitionsfromtheavailablesetandbuildsthenextrepresentation.Theprocessthe howofgettingtoagoalisdiscoveredonthefly;whatgetswiredtogetheraspartofthat processis,however,agreedupfront. Consumerstypicallyagreethesemanticsofrepresentationsandtransitionswithaservice duringdesignanddevelopment.Butthere'snoguaranteethatasserviceevolves,itwon't confronttheclientwithstaterepresentationsandtransitionstheclienthadneveranticipated butknowshowtoprocessthat'sthenatureofthelooselycoupledWeb.Reaching agreementonresourceformatsandrepresentationsunderthesecircumstancesis,however, outsidethescopeofthisarticle. Ournextstepistopayforourcoffee.Weknowthetotalcostofourorderfromthe<cost>element embeddedintheorderrepresentation,andsoournextstepistosendapaymenttoStarbuckssothe baristawillhandoverthedrink.Firstlywe'llaskthepaymentresourcehowwe'remeanttointeract withit,asshowninFigure11. Request OPTIONS/payment/order/1234HTTP1.1Host:starbucks.example.com Figure11Figuringouthowtopay Theresponseindicateswecaneitherread(viaGET)thepaymentorupdateit(viaPUT).Knowingthe cost,we'llgoaheadandPUTourpaymenttotheresourceidentifiedbythepaymentlink.Ofcourse, paymentsareprivilegedinformation,sowe'llprotectaccesstotheresourcebyrequiring authentication2. Request PUT/payment/order/1234HTTP1.1 Host:starbucks.example.com ContentType:application/xml ContentLength:... Authorization:Digestusername="JaneDoe" realm="starbucks.example.org nonce="..." uri="payment/order/1234" qop=auth nc=00000001 cnonce="..." reponse="..." opaque="..." <paymentxmlns="http://starbucks.example.org/"> Response Allow:GET,PUT
54 InfoQExplores:REST
<cardNo>123456789</cardNo> <expires>07/07</expires> <name>JohnCitizen</name> <amount>4.00</amount> </payment> Response 201Created Location:https://starbucks.example.com/payment/order/1234 ContentType:application/xml ContentLength:... <paymentxmlns="http://starbucks.example.org/"> <cardNo>123456789</cardNo> <expires>07/07</expires> <name>JohnCitizen</name> <amount>4.00</amount> </payment> Figure12Payingthebill Forsuccessfulpayments,theexchangeshowninFigure12isallweneed.Oncetheauthenticated PUThasreturneda201Createdresponse,wecanbehappythepaymenthassucceeded,andcan moveontopickupourdrink. Butthingscangowrong,andwhenmoneyisatstakewe'dratherthingseitherdidn'tgowrongor arerecoverablewhentheydo3.Anumberofthingscanobviouslygowrongwithourpayment: Wecan'tconnecttotheserverbecauseitisdownorunreachable; Theconnectiontotheserverisseveredatsomepointduringtheinteraction; Theserverreturnsanerrorstatusinthe4xxor5xxrange.
Fortunately,theWebhelpsusineachofthesescenarios.Forthefirsttwocases(assumingthe connectivityissueistransient),wesimplyPUTthepaymentagainuntilwereceiveasuccessful response.Wecanexpecta200responseifapriorPUThadinfactsucceeded(effectivelyan acknowledgementofanoopfromtheserver)ora201ifthenewPUTeventuallysucceedsinlodging thepayment.Thesameholdstrueinthethirdcasewheretheserverrespondswitha500,503or 504responsecode. Statuscodesinthe4xxrangearetrickier,buttheystillindicatehowtomakeforwardprogress.For example,a400responseindicatesthatwePUTsomethingtheserverdoesn'tunderstand,and shouldrectifyourpayloadbeforePUTingitagain.Conversely,a403responseindicatesthatthe serverunderstoodourrequestbutisrefusingtofulfilitanddoesn'twantustoretry.Insuchcases
55 InfoQExplores:REST
we'llhavetolookforotherstatetransitions(links)intheresponsepayloadtomakealternative forwardprogress.
56 InfoQExplores:REST
Figure13Atomfeedfordrinkstobemade StarbucksisabusyplaceandtheAtomfeedat/ordersisupdatedfrequently,sothebaristawillneed topollittostayuptodate.Pollingisnormallythoughtofasofferinglowscalability;theWeb, however,supportsanextremelyscalablepollingmechanismaswe'llseeshortly.Andwiththe sheervolumeofcoffeesbeingmanufacturedbyStarbuckseveryminute,scalingtomeetloadisan importantissue. Wehavetwoconflictingrequirementshere.Wewantbaristastokeepuptodatebypollingthe orderfeedoften,butwedon'twanttoincreasetheloadontheserviceorunnecessarilyincrease networktraffic.Toavoidcrushingourserviceunderload,we'lluseareverseproxyjustoutsideour servicetocacheandservefrequentlyaccessedresourcerepresentations,asshowninFigure14.
57 InfoQExplores:REST
Ofcourse,cachingcankeepoldordersaroundlongerthanneeded,whichishardlyidealfora highthroughputretailerlikeStarbucks.Tomakesurethatcachedordersarecleared,theStarbucks serviceusestheExpiresheadertodeclarehowlongaresponsecanbecached.Anycachesbetween theconsumerandservice(should)honourthatdirectiveandrefusetoservestaleorders4,instead forwardingtherequestontotheStarbucksservice,whichhasuptodateorderinformation. TheresponseinFigure13setstheExpiresheaderonourAtomfeedsothatdrinksturnstale10 secondsintothefuture.Becauseofthiscachingbehaviour,theservercanexpectatmost6requests perminute,withtheremainderhandledbythecacheinfrastructure.Evenforarelativelypoorly performingservice,6requestsperminuteisamanageableworkload.Inthehappiestcase(from Starbucks'pointofview)thebarista'spollingrequestsareansweredfromalocalcache,resultingin noincreasednetworkactivityorserverload. Inourexample,weuseonlyonecachetohelpscaleoutourmastercoffeelist.RealWebbased scenarios,however,maybenefitfromseverallayersofcaching.TakingadvantageofexistingWeb cachesiscriticalforscalabilityinhighvolumesituations.
58 InfoQExplores:REST
Figure15Atomentryforourcoffeeorder TheXMLinFigure15isinterestingforanumberofreasons.First,there'stheAtomXML,which distinguishesourorderfromalltheotherordersinthefeed.Thenthere'stheorderitself,containing alltheinformationourbaristaneedstomakeourcoffeeincludingourallimportantextrashot! Insidetheorderentry,there'salinkelementthatdeclarestheeditURIfortheentry.TheeditURI linkstoanorderresourcethatiseditableviaHTTP.(Theaddressoftheeditableresourceinthiscase happenstobethesameaddressastheorderresourceitself,butitneednotbe.) Whenabaristawantstochangethestateoftheresourcesothatourordercannolongerbechanged, theyinteractwithitviatheeditURI.SpecificallytheyPUTarevisedversionoftheresourcestateto theeditURI,asshowninFigure16.
Figure16ChangingtheorderstatusviaAtomPub
59 InfoQExplores:REST
ThebaristacaneasilycheckthepaymentstatusbyGETtingthepaymentresourceusingthepayment URIintheorder.
60 InfoQExplores:REST
areusefulandunlikelytochange. Analternativeapproachinourexamplewouldbetoexposea/paymentsfeedcontaining (noninferable)linkstoeachpaymentresource.Thefeedwouldonlybeavailableto authorisedsystems. UltimatelyitisuptotheservicedesignertodeterminewhetherURItemplatesareasafeand usefulshortcutthroughhypermedia.Ouradvice:usethemsparingly! Ofcourse,noteveryoneisallowedtolookatpayments.We'drathernotletthemorecreative(and lessupstanding)membersofthecoffeecommunitycheckeachothers'creditcarddetails,solikeany sensibleWebsystem,weprotectoursensitiveresourcesbyrequiringauthentication. Ifanunauthenticateduserorsystemtriestoretrievethedetailsofaparticularpayment,theserver willchallengethemtoprovidecredentials,asshowninFigure17. Request Response
401UnauthorizedWWWAuthenticate:Digest GET/payment/order/1234HTTP1.1 realm="starbucks.example.org",qop="auth", Host:starbucks.example.org nonce="ab656...",opaque="b6a9..." Figure17Unauthorisedaccesstoapaymentresourceischallenged The401status(withhelpfulauthenticationmetadata)tellsusweshouldtrytherequestagain,but thistimeprovideappropriatecredentials.Retryingwiththerightcredentials(Figure18),weretrieve thepaymentandcompareitwiththeresourcerepresentingthetotalvalueoftheorderat http://starbucks.example.org/total/order/1234. Request Response 200OK ContentType:application/xml ContentLength:... <payment xmlns="http://starbucks.example.org/"> <cardNo>123456789</cardNo> <expires>07/07</expires> <name>JohnCitizen</name> <amount>4.00</amount> </payment>
61 InfoQExplores:REST
story:
BecauseeachentryinourordersfeedidentifiesaneditableresourcewithitsownURI,wecanapply theHTTPverbstoeachorderresourceindividually.ThebaristasimplyDELETEstheresource referencedbytherelevantentrytoremoveitfromthelist,asinFigure19. Request DELETE/order/1234HTTP1.1Host:starbucks.example.org Figure19Removingacompletedorder WiththeitemDELETEdfromthefeed,afreshGETofthefeedreturnsarepresentationwithoutthe DELETEdresource.Assumingwehavewellbehavedcachesandhavesetthecacheexpirymetadata sensibly,tryingtoGETtheorderentrydirectlyresultsina404NotFoundresponse. YoumighthavenoticedthattheAtomPublishingProtocolmeetsmostofourneedsfortheStarbucks domain.Ifwe'dexposedthe/ordersfeeddirectlytocustomers,customerscouldhaveusedAtomPub topublishdrinksorderstothefeed,andevenchangetheirordersovertime. Response 200OK
Evolution:AfactofLifeontheWeb
Sinceourcoffeeshopisbasedaroundselfdescribingstatemachines,it'squitestraightforwardto evolvetheworkflowstomeetchangingbusinessneeds.ForexampleStarbucksmightchoosetooffer afreeInternetpromotionshortlyafterstartingtoservecoffee: JulyOurnewStarbucksshopgoesliveofferingthestandardworkflowwiththestatetransitionsand representationsthatwe'veexploredthroughoutthisarticle.Consumersareinteractingwiththe
62 InfoQExplores:REST
Becausetherepresentationsstillincludetheoriginaltransitions,existingconsumerscanstillreach theirgoal,thoughtheymaynotbeabletotakeadvantageofthepromotionbecausetheyhavenot beenexplicitlyprogrammedforit. SeptemberConsumerapplicationsandservicesareupgradedsothattheycanunderstandanduse thefreeInternetpromotion,andareinstructedtofollowsuchpromotionaltransitionswhenever theyoccur. Thekeytosuccessfulevolutionisforconsumersoftheservicetoanticipatechangebydefault. Insteadofbindingdirectlytoresources(e.g.viaURItemplates),ateachsteptheserviceprovides URIstonamedresourceswithwhichtheconsumercaninteract.Someofthesenamedresourceswill notbeunderstoodandwillbeignored;otherswillprovideknownstatetransitionsthatthe consumerwantstomake.Eitherwaythisschemeallowsforgracefulevolutionofaservicewhile maintainingcompatibilitywithconsumers.
TheTechnologyyou'reabouttoenjoyisextremelyhot
Handingoverthecoffeebringsustotheendoftheworkflow.We'veordered,changed(orbeen unabletochange)ourorder,paidandfinallyreceivedourcoffee.Ontheothersideofthecounter Starbuckshasbeenequallybusytakingpaymentandmanagingorders. WewereabletomodelallnecessaryinteractionshereusingtheWeb.TheWeballowedustomodel somesimpleunhappypaths(e.g.notbeingabletochangeaninprocessorderoronethat'salready beenmade)withoutushavingtoinventnewexceptionsorfaults:HTTPprovidedeverythingwe neededrightoutofthebox.Andevenwiththeunhappypaths,clientswereabletoprogresstowards theirgoal. ThefeaturesHTTPprovidesmightseeminnocuousatfirst.Butthereisalreadyworldwideagreement anddeploymentofthisprotocol,andeveryconceivablesoftwareagentandhardwaredevice understandsittoadegree.Whenweconsiderthebalkanisedadoptionofotherdistributed computingtechnologies(suchasWS*)werealisetheremarkablesuccessthatHTTPhasenjoyed,
63 InfoQExplores:REST
andthepotentialitreleasesforsystemtosystemintegration. TheWebevenhelpednonfunctionalaspectsofthesolution.Wherewehadtransientfailures,a sharedunderstandingoftheidempotentbehaviourofverbslikeGET,PUTandDELETEallowedsafe retries;bakedincachingmaskedfailuresandaidedcrashrecovery(throughenhancedavailability); andHTTPsandHTTPAuthenticationhelpedwithourrudimentarysecurityneeds. Althoughourproblemdomainwassomewhatartificial,thetechniqueswe'vehighlightedarejustas applicableintraditionaldistributedcomputingscenarios.Wewon'tpretendthattheWebissimple (unlessyouareagenius),nordowepretendthatthatit'sapanacea(unlessyouareanunrelenting optimistorhavecaughtRESTreligion),butthefactisthattheWebisarobustframeworkfor integratingsystemsatlocal,enterprise,andInternetscale.
Acknowledgements
TheauthorswouldliketothankAndrewHarrisonofCardiffUniversityfortheilluminating discussionsaroundconversationdescriptionsontheWeb.
AbouttheAuthors
Dr.JimWebberisdirectorofprofessionalservicesforThoughtWorkswhereheworksondependable distributedsystemsarchitectureforclientsworldwide.Jimwasformerlyaseniorresearcherwiththe UKEScienceprogrammewherehedevelopedstrategiesforaligningGridcomputingwithWeb ServicespracticesandarchitecturalpatternsfordependableServiceOrientedcomputingandhas extensiveWebandWebServicesarchitectureanddevelopmentexperience.Asanarchitectwith HewlettPackard,andlaterArjunaTechnologies,Jimwastheleaddeveloperontheindustry'sfirst WebServicesTransactionsolution.Jimisanactivespeakerandisinvitedtospeakregularlyat conferencesacrosstheglobe.Heisanactiveauthorandinadditionto"DevelopingEnterpriseWeb ServicesAnArchitect'sGuide"heisworkingonanewbookonWebbasedintegration.Jimholdsa B.Sc.inComputingScienceandPh.D.inParallelComputingbothfromtheUniversityofNewcastle uponTyne.Hisblogislocatedathttp://jim.webber.name. SavasParastatidisisaSoftwarePhilosopher,thinkingaboutsystemsandsoftware.Heinvestigates theuseoftechnologyineResearchandisparticularlyinterestedinCloudComputing,knowledge representationandmanagement,andsocialnetworking.He'scurrentlywithMicrosoftResearch's ExternalResearchteam.Savasenjoysbloggingathttp://savas.parastatidis.name. IanRobinsonhelpsclientscreatesustainableserviceorientedcapabilitiesthatalignbusinessandIT frominceptionthroughtooperation.HehaswrittenguidanceforMicrosoftonimplementing serviceorientedsystemswithMicrosofttechnologies,andhaspublishedarticlesonconsumerdriven servicecontractsandtheirroleinthesoftwaredevelopmentlifecyclemostrecentlyinThe ThoughtWorksAnthology(PragmaticProgrammers,2008)andelsewhereonInfoQ.Hespeaks regularlyatconferencesonsubjectsthatincludeRESTfulenterprisedevelopmentandthetestdriven
64 InfoQExplores:REST
65 InfoQExplores:REST
Articles
AddressingDoubtsaboutREST
Author:StefanTilkov Invariably,learningaboutRESTmeansthatyoullendupwonderingjusthowapplicabletheconcept reallyisforyourspecificscenario.Andgiventhatyoureprobablyusedtoentirelydifferent architecturalapproaches,itsonlynaturalthatyoustartdoubtingwhetherREST,orratherRESTful HTTP,reallyworksinpractice,orsimplybreaksdownonceyougobeyondintroductory,Hello, Worldlevelstuff.Inthisarticle,Iwilltrytoaddress10ofthemostcommondoubtspeoplehave aboutRESTwhentheystartexploringit,especiallyiftheyhaveastrongbackgroundinthe architecturalapproachbehindSOAP/WSDLbasedWebservices.
1.RESTmaybeusableforCRUD,butnotforrealbusinesslogic
ThisisthemostcommonreactionIseeamongpeoplewhoareskepticalaboutRESTbenefits.After all,ifallyouhaveiscreate/read/update/delete,howcanyoupossiblyexpressmorecomplicated applicationsemantics?Ihavetriedtoaddresssomeoftheseconcernsintheintroductoryarticleof thisseries,butthispointdefinitelymeritscloserdiscussion. Firstofall,theHTTPverbsGET,PUT,POST,andDELETEdonothavea1:1mappingtotheCRUD databaseoperations.Forexample,bothPOSTandPUTcanbeusedtocreatenewresources:they differinthatwithPUT,itstheclientthatdeterminestheresourcesURI(whichisthenupdatedor created),whereasaPOSTisissuedtoacollectionorfactoryresourceanditstheserverstaskto assignaURI.Butanyway,backtothequestion:howdoyouhandlemorecomplexbusinesslogic? Anycomputationcalc(a,b)thatreturnsaresultccanbetransformedintoaURIthatidentifiesits resulte.g.x=calc(2,3)mightbecomehttp://example.com/calculation?a=2&b=3.Atfirst,this seemslikeagrossmisuseofRESTfulHTTParentwesupposedtouseURIstoidentifyresources, notoperations?Yes,butinfactthisiswhatwedo:http://example.com/sum?augend=2&addend=3 identifiesaresource,namelytheresultofadding2and3.Andinthisparticular(obviouslycontrived) example,usingaGETtoretrievetheresultmightbeagoodideaafterall,thisiscacheable,you canreferenceit,andcomputingitisprobablysafeandnotverycostly. Ofcourseinmany,ifnotmostcases,usingaGETtocomputesomethingmightbethewrong approach.RememberthatGETissupposedtobeasafeoperation,i.e.theclientdoesnotaccept anyobligations(suchaspayingyouforyourservices)orassumeanyresponsibility,whenallitdoesis
66 InfoQExplores:REST
2.Thereisnoformalcontract/nodescriptionlanguage
FromRPCtoCORBA,fromDCOMtoWebServiceswereusedtohavinganinterfacedescriptionthat liststheoperations,theirnames,andthetypesoftheirinputandoutputparameters.HowcanREST possiblybeusablewithoutaninterfacedescriptionlanguage? Therearethreeanswerstothisveryfrequentlyaskedquestion. Firstofall,ifyoudecidetouseRESTfulHTTPtogetherwithXMLaverycommonchoicethe wholeworldofXMLschemalanguages,suchasDTDs,XMLSchema,RELAXNGorSchematronare stillavailabletoyou.Arguably,95%ofwhatyouusuallydescribeusingWSDLisnottiedtoWSDLat all,butratherconcernedwiththeXMLSchemacomplextypesyoudefine.ThestuffWSDLaddson topismostlyconcernedwithoperationsandtheirnamesanddescribingthesebecomespretty boringwithRESTsuniforminterface:Afterall,GET,PUT,POSTandDELETEarealltheoperationsyou have.WithregardstotheuseofXMLSchema,thismeansthatyoucanuseyourfavoritedatabinding tool(ifyouhappentohaveone)togeneratedatabindingcodeforyourlanguageofchoice,evenif yourelyonaRESTfulinterface.(Thisisnotanentirelycompleteanswer,seebelow.) Secondly,askyourselfwhatyouneedadescriptionfor.Themostcommonalbeitnottheonly usecaseforhavingsomedescriptionistogeneratestubsandskeletonsfortheinterfaceyoure describing.Itisusuallynotdocumentation,sincethedescriptionine.g.WSDLformattellsyou nothingaboutthesemanticsofanoperationitjustlistsaname.Youneedsomehumanreadable documentationanywaytoknowhowtocallit.InatypicalRESTapproach,whatyouwouldprovideis documentationinHTMLformat,possiblyincludingdirectlinkstoyourresources.Usingtheapproach ofhavingmultiplerepresentations,youmightactuallyhaveselfdocumentingresourcesjustdoan HTTPGETonaresourcefromyourbrowserandgetanHTMLdocumentcontainingdataaswellasa listoftheoperations(HTTPverbs)youcanperformonitandthecontenttypesitacceptsand delivers. Finally,ifyouinsistonusingadescriptionlanguageforyourRESTfulservice,youcaneitherusethe WebApplicationDescriptionLanguage(WADL)orwithinlimitationsWSDL2.0,whichaccording toitsauthorsisabletodescribeRESTfulservices,too.NeitherWADLnorWSDL2areusefulfor describinghypermedia,thoughandgiventhatthisisoneofthecoreaspectsofREST,Imnotatall suretheyresufficientlyuseful.
67 InfoQExplores:REST
3.Whowouldactuallywanttoexposesomuchoftheirapplications implementationinternals?
Anothercommonconcernisthatresourcesaretoolowlevel,i.e.animplementationdetailone shouldnotexpose.Afterall,wontthisputtheburdenofusingtheresourcestoachievesomething meaningfulontheclient(theconsumer)? Theshortansweris:No.TheimplementationofaGET,PUToranyoftheothermethodsona resourcecanbejustassimpleorcomplicatedastheimplementationofaserviceorRPCoperation. ApplyingRESTdesignprinciplesdoesnotmeanyouhavetoexposeindividualitemsfromyour underlyingdatamodelitjustmeansthatinsteadofexposingyourbusinesslogicinan operationcentricway,youdosoinadatacentricway. Arelatedconcernisthatnotenablingdirectaccesstoresourceswillincreasesecurity.Thisisbased onanoldfallacyknownassecuritybyobscurity,andonecanarguethatinfactitstheotherway round:Byhidingwhichindividualresourcesyouaccessinyourapplicationspecificprotocol,youcan nolongereasilyusetheinfrastructuretoprotectthem.ByassigningindividualURIstomeaningful resources,youcane.g.useApachessecurityrules(aswellasrewritinglogic,logging,statisticsetc.) toworkdifferentlyfordifferentresources.Bymakingtheseexplicit,youdontdecrease,youincrease yoursecurity.
4.RESTworkswithHTTPonly,itsnottransportprotocolindependent
Firstofall,HTTPismostemphaticallynotatransportprotocol,butanapplicationprotocol.Ituses TCPastheunderlyingtransport,butithassemanticsthatgobeyondit(otherwiseitwouldbeof littleuse).UsingHTTPasameretransportisabusingit. Secondly,abstractionisnotalwaysagoodidea.Webservicestaketheapproachoftryingtohide manyverydifferenttechnologiesunderasingleabstractionlayerbutabstractionstendtoleak. Forexample,thereisahugedifferencebetweensendingamessageviaJMSorasanHTTPrequest. Tryingtodumbwidelydifferentoptionsdowntotheirleastcommondenominatorservesnoone.An analogywouldbetocreateacommonabstractionthathidesarelationaldatabaseandafilesystem underacommonAPI.Ofcoursethisisdoable,butassoonasyouaddressaspectssuchasquerying, theabstractionturnsintoaproblem. Finally,asMarkBakeroncecoined:Protocolindependenceisabug,notafeature.Whilethismay seemstrangeatfirst,youneedtoconsiderthattrueprotocolindependenceisimpossibletoachieve youcanonlydecidetodependonadifferentprotocolthatmayormaynotbeonadifferentlevel. Dependingonawidelyaccepted,officiallystandardizedprotocolsuchasHTTPisnotreallyaproblem. Thisisespeciallytrueifitismuchmorewidespreadandsupportedthantheabstractionthattriesto replaceit.
68 InfoQExplores:REST
5.Thereisnopractical,clear&consistentguidanceonhowtodesignRESTful applications
TherearemanyaspectsofRESTfuldesignwheretherearenoofficialbestpractices,nostandard wayonhowtosolveaparticularproblemusingHTTPinawayconformingtotheRESTprinciples. Thereislittledoubtthatthingscouldbebetter.Still,RESTembodiesmanymoreapplicationconcepts thanWSDL/SOAPbasedwebservices.Inotherwords:whilethiscriticismhasalotofvaluetoit,its farmorerelevantforthealternatives(whichbasicallyofferyounoguidanceatall). Occasionally,thisdoubtcomesupintheformofeventheRESTexpertscantagreehowtodoit.In general,thatsnottrueforexample,ItendtobelievethatthecoreconceptsIdescribedherea fewweeksagohaventbeen(norwilltheybe)disputedbyanymemberoftheRESTcommunity(if wecanassumethereissuchathing),notbecauseitsaparticularlygreatarticle,butsimplybecause thereisalotofcommonunderstandingoncepeoplehavelearnedalittlemorethanthebasics.Ifyou haveanychancetotryoutanexperiment,trywhetheritseasiertogetfiveSOAproponentstoagree onanythingthantryingtogetfiveRESTproponentstodoso.Basedonpastexperienceandlong participationinseveralSOAandRESTdiscussiongroups,IdtendtobetmymoneyontheRESTfolks.
6.RESTdoesnotsupporttransactions
Thetermtransactionisquiteoverloaded,butingeneral,whenpeopletalkabouttransactions, theyrefertotheACIDvarietyfoundindatabases.InanSOAenvironmentwhetherbasedonweb servicesorHTTPonlyeachservice(orsystem,orwebapp)implementationisstilllikelytointeract withadatabasethatsupportstransactions:nobigchangehere,exceptyourelikelytocreatethe transactionexplicitlyyourself(unlessyourservicerunsinanEJBcontaineroranotherenvironment thathandlesthetransactioncreationforyou).Thesameistrueifyouinteractwithmorethanone resource. Thingsstarttodifferonceyoucombine(orcompose,ifyouprefer)transactionsintoalargerunit.In aWebservicesenvironment,thereisatleastanoptiontomakethingsbehavesimilarlytowhat peopleareusedtofrom2PCscenariosassupportede.g.inaJavaEEenvironment:WSAtomic Transaction(WSAT),whichispartoftheWSCoordinationfamilyofstandards.Essentially,WSAT implementssomethingverysimilarorequaltothe2PCprotocolspecifiedbyXA.Thismeansthat yourtransactioncontextwillbepropagatedusingSOAPheaders,andyourimplementationwilltake careofensuringtheresourcemanagershookintoanexistingtransaction.Essentially,thesame modelinEJBdeveloperisusedtoyourdistributedtransactionbehavesjustasatomicallyasalocal one. Therearelotsofthingstosayabout,orratheragainst,atomictransactionsinanSOAenvironment: Loosecouplingandtransactions,especiallythoseoftheACIDvariety,simplydontmatch.The
69 InfoQExplores:REST
7.RESTisunreliable
ItsoftenpointedoutthatthereisnoequivalenttoWSReliableMessagingforRESTfulHTTP,and manyconcludethatbecauseofthis,itcantbeappliedwherereliabilityisanissue(whichtranslates toprettymucheverysystemthathasanyrelevanceinbusinessscenarios).Butveryoftenwhatyou wantisnotnecessarilysomeinfrastructurecomponentthathandlesmessagedelivery;rather,you needtoknowwhetheramessagehasbeendeliveredornot. Typically,receivingaresponsemessagesuchasasimple200OKincaseofHTTPmeansthatyou knowyourcommunicationpartnerhasreceivedtherequest.Problemsoccurwhenyoudontreceive aresponse:Youdontknowwhetheryourrequesthasneverreachedtheothersside,orwhetherit hasbeenreceived(resultinginsomeprocessing)anditstheresponsemessagethatgotlost. Thesimplestwaytoensuretherequestmessagereachestheothersideistoresendit,whichisof courseonlypossibleifthereceivercanhandleduplicates(e.g.byignoringthem).Thiscapabilityis calledidempotency.HTTPguaranteesthatGET,PUTandDELETEareidempotentandifyour applicationisimplementedcorrectly,aclientcansimplyreissueanyofthoserequestsifithasnt receivedaresponse.APOSTmessageisnotidempotent,thoughatleasttherearenoguarantees intheHTTPspecthatsayitis.Youareleftwithanumberofoptions:Youcaneitherswitchtousing PUT(ifyoursemanticscanbemappedtoit),useacommonbestpracticedescribedbyJoeGregorio, oradoptanyoftheexistingproposalsthataimtostandardizethis(suchasMarkNottinghamsPOE, YaronGolandsSOARity,orBilldehrasHTTPLR). Personally,Ipreferthebestpracticeapproachi.e.,turnthereliabilityproblemintoanapplication designaspect,butopinionsonthisdifferquiteabit. Whileanyofthesesolutionsaddressagoodpartofthereliabilitychallenge,thereisnothingorat least,nothingthatImawareofthatwouldsupportdeliveryguaranteessuchasinorderdelivery forasequenceofHTTPrequestsandresponses.Itmightbeworthpointingout,though,thatmany existingSOAP/WSDLscenariosgetbywithoutWSReliableMessagingoranyofitsnumerous predecessors,too.
70 InfoQExplores:REST
8.Nopub/subsupport
RESTisfundamentallybasedonaclientservermodel,andHTTPalwaysreferstoaclientandaserver astheendpointsofcommunication.Aclientinteractswithaserverbysendingrequestsand receivingresponses.Inapub/submodel,aninterestedpartysubscribestoaparticularcategoryof informationandgetsnotifiedeachtimesomethingnewappears.Howcouldpub/subbesupported inaRESTfulHTTPenvironment? Wedonthavetolookfartoseeaperfectexampleofthis:itscalledsyndication,andRSSandAtom Syndicationareexamplesofit.AclientqueriesfornewinformationbyissuinganHTTPagainsta resourcethatrepresentsthecollectionofchanges,e.g.foraparticularcategoryortimeinterval.This wouldbeextremelyinefficient,butisnt,becauseGETisthemostoptimizedoperationontheWeb. Infact,youcaneasilyimaginethatapopularweblogserverwouldhavescaleupmuchmoreifithad toactivelynotifyeachsubscribedclientindividuallyabouteachchange.Notificationbypollingscales extremelywell. Youcanextendthesyndicationmodeltoyourapplicationresourcese.g.,offeranAtomfeedfor changestocustomerresources,oranaudittrailofbookings.Inadditiontobeingabletosatisfya basicallyunlimitednumberofsubscribingapplications,youcanalsoviewthesefeedsinafeedreader, similarlytoviewingaresourcesHTMLrepresentationinyourbrowser. Ofcourse,thisisnotasuitableanswerforsomescenarios.Forexample,softrealtimerequirements mightrulethisoptionout,andanothertechnologymightbemoreappropriate.Butinmanycases, themixtureofloosecoupling,scalabilityandnotificationenabledbythesyndicationmodelisan excellentfit.
9.Noasynchronousinteractions
GivenHTTPsrequest/responsemodel,howcanoneachieveasynchronouscommunication?Again, wehavetobeawarethattherearemultiplethingspeoplemeanwhentheytalkaboutasynchronicity. Somerefertotheprogrammingmodel,whichcanbeblockingornonblockingindependentlyofthe wireinteractions.Thisisnotourconcernhere.Buthowdoyoudeliverarequestfromaclient (consumer)totheserver(provider)wheretheprocessingmighttakeafewhours?Howdoesthe consumergettoknowtheprocessingisdone? HTTPhasaspecificresponsecode,202(Accepted),themeaningofwhichisdefinedasTherequest hasbeenacceptedforprocessing,buttheprocessinghasnotbeencompleted.Thisisobviously exactlywhatwerelookingfor.Regardingtheresult,therearemultipleoptions:Theservercanreturn aURIofaresourcewhichtheclientcanGETtoaccesstheresult(althoughifithasbeencreated specificallyduetothisrequest,a201Createdwouldprobablybebetter).Ortheclientcanincludea URIthatitexpectstheservertoPOSTtheresulttoonceitsdone.
71 InfoQExplores:REST
10.Lackoftools
Finally,peopleoftencomplainaboutthelackoftoolsavailabletosupportRESTfulHTTP development.Asindicatedinitem#2,thisisnotreallytrueforthedataaspectyoucanuseallof thedatabindingandotherdataAPIsyouareusedto,asthisisaconcernthatsorthogonaltothe numberofmethodsandthemeansofinvokingthem.RegardingplainHTTPandURIsupport, absolutelyeveryprogramminglanguage,frameworkandtoolkitontheplanetsupportsthemoutof thebox.Finally,vendorsarecomingupwithmoreandmore(supposedly)easierandbettersupport forRESTfulHTTPdevelopmentintheirframeworks,e.g.SunwithJAXRS(JSR311)orMicrosoftwith theRESTsupportin.NET3.5ortheADO.NETDataServicesFramework.
Conclusion
So:IsREST,anditsmostcommonimplementation,HTTP,perfect?Ofcoursenot.Nothingisperfect, definitelynotforeveryscenario,andmostofthetimenotevenforasinglescenario.Ivecompletely ignoredanumberofveryreasonableproblemareasthatrequiremorecomplicatedanswers,for examplemessagebasedsecurity,partialupdatesandbatchprocessing,andIsolemnlypromiseto addresstheseinafutureinstallment.IstillhopeIcouldaddresssomeofthedoubtsyouhaveand ifIvemissedthemostimportantones,youknowwhatthecommentsarefor. Link:http://www.infoq.com/articles/tilkovrestdoubts RelatedContents RESTandtransactions? FinancialTransactionExchangeatBetFair.com Shoulddeveloperswritetheirowntransactioncoordinationlogic? FileSystemTransactionsstillaproblemarea? EricNewcomerOnDifferenceBetweenRESTfulvs.WebServiceTransactions
72 InfoQExplores:REST
Articles
RESTAntiPatterns
Author:StefanTilkov WhenpeoplestarttryingoutREST,theyusuallystartlookingaroundforexamplesandnotonlyfind alotofexamplesthatclaimtobeRESTful,orarelabeledasaRESTAPI,butalsodigupalotof discussionsaboutwhyaspecificservicethatclaimstodoRESTactuallyfailstodoso. Whydoesthishappen?HTTPisnothingnew,butithasbeenappliedinawidevarietyofways.Some ofthemwereinlinewiththeideastheWebsdesignershadinmind,butmanywerenot.Applying RESTprinciplestoyourHTTPapplications,whetheryoubuildthemforhumanconsumption,foruse byanotherprogram,orboth,meansthatyoudotheexactopposite:YoutrytousetheWeb correctly,orifyouobjecttotheideathatoneisrightandoneiswrong:inaRESTfulway.For many,thisisindeedaverynewapproach. Theusualstandarddisclaimerapplies:REST,theWeb,andHTTParenotthesamething;RESTcould beimplementedwithmanydifferenttechnologies,andHTTPisjustoneconcretearchitecturethat happenstofollowtheRESTarchitecturalstyle.SoIshouldactuallybecarefultodistinguishREST fromRESTfulHTTP.Imnot,soletsjustassumethetwoarethesamefortheremainderofthis article. Aswithanynewapproach,ithelpstobeawareofsomecommonpatterns.Inthefirsttwoarticlesof thisseries,Ivetriedtooutlinesomebasiconessuchastheconceptofcollectionresources,the mappingofcalculationresultstoresourcesintheirownright,ortheuseofsyndicationtomodel events.Afuturearticlewillexpandontheseandotherpatterns.Forthisone,though,Iwanttofocus onantipatternstypicalexamplesofattemptedRESTfulHTTPusagethatcreateproblemsandshow thatsomeonehasattempted,butfailed,toadoptRESTideas. LetsstartwithaquicklistofantipatternsIvemanagedtocomeupwith: 1. TunnelingeverythingthroughGET 2. TunnelingeverythingthroughPOST 3. Ignoringcaching 4. Ignoringresponsecodes 5. Misusingcookies
73 InfoQExplores:REST
TunnelingeverythingthroughGET
Tomanypeople,RESTsimplymeansusingHTTPtoexposesomeapplicationfunctionality.The fundamentalandmostimportantoperation(strictlyspeaking,verbormethodwouldbeabetter term)isanHTTPGET.AGETshouldretrievearepresentationofaresourceidentifiedbyaURI,but many,ifnotallexistingHTTPlibrariesandserverprogrammingAPIsmakeitextremelyeasytoview theURInotasaresourceidentifier,butasaconvenientmeanstoencodeparameters.Thisleadsto URIslikethefollowing: http://example.com/some-api?method=deleteCustomer&id=1234 ThecharactersthatmakeupaURIdonot,infact,tellyouanythingabouttheRESTfulnessofa givensystem,butinthisparticularcase,wecanguesstheGETwillnotbesafe:Thecallerwilllikely beheldresponsiblefortheoutcome(thedeletionofacustomer),althoughthespecsaysthatGETis thewrongmethodtouseforsuchcases. Theonlythinginfavorofthisapproachisthatitsveryeasytoprogram,andtrivialtotestfroma browserafterall,youjustneedtopasteaURIintoyouraddressbar,tweaksomeparameters,and offyougo.Themainproblemswiththisantipatternsare: 1. ResourcesarenotidentifiedbyURIs;rather,URIsareusedtoencodeoperationsandtheir parameters 2. TheHTTPmethoddoesnotnecessarilymatchthesemantics 3. Suchlinksareusuallynotintendedtobebookmarked 4. Thereisariskthatcrawlers(e.g.fromsearchenginessuchasGoogle)causeunintendedside effects NotethatAPIsthatfollowthisantipatternmightactuallyendupbeingaccidentallyrestful.Hereis anexample: http://example.com/some-api?method=findCustomer&id=1234 IsthisaURIthatidentifiesanoperationanditsparameters,ordoesitidentifyaresource?Youcould arguebothcases:Thismightbeaperfectlyvalid,bookmarkableURI;doingaGETonitmightbe safe;itmightrespondwithdifferentformatsaccordingtotheAcceptheader,andsupport sophisticatedcaching.Inmanycases,thiswillbeunintentional.Often,APIsstartthisway,exposinga readinterface,butwhendevelopersstartaddingwritefunctionality,youfindoutthatthe
74 InfoQExplores:REST
illusionbreaks(itsunlikelyanupdatetoacustomerwouldoccurviaaPUTtothisURIthe developerwouldprobablycreateanewone).
TunnelingeverythingthroughPOST
Thisantipatternisverysimilartothefirstone,onlythatthistime,thePOSTHTTPmethodisused. POSTcarriesanentitybody,notjustaURI.AtypicalscenariousesasingleURItoPOSTto,and varyingmessagestoexpressdifferingintents.ThisisactuallywhatSOAP1.1webservicesdowhen HTTPisusedasatransportprotocol:ItsactuallytheSOAPmessage,possiblyincludingsome WSAddressingSOAPheaders,thatdetermineswhathappens. OnecouldarguethattunnelingeverythingthroughPOSTsharesalloftheproblemsoftheGET variant,itsjustalittlehardertouseandcannotexplorecaching(notevenaccidentally),norsupport bookmarking.ItactuallydoesntendupviolatinganyRESTprinciplessomuchitsimplyignores them.
Ignoringcaching
Evenifyouusetheverbsastheyareintendedtobeused,youcanstilleasilyruincaching opportunities.TheeasiestwaytodosoisbysimplyincludingaheadersuchasthisoneinyourHTTP response: Cache-control: no-cache Doingsowillsimplypreventcachesfromcachinganything.Ofcoursethismaybewhatyouintendto do,butmoreoftenthannotitsjustadefaultsettingthatsspecifiedinyourwebframework. However,supportingefficientcachingandrevalidationisoneofthekeybenefitsofusingRESTful HTTP.SamRubysuggeststhatakeyquestiontoaskwhenassessingsomethingsRESTfulnessisdo yousupportETags?(ETagsareamechanismintroducedinHTTP1.1toallowaclienttovalidate whetheracachedrepresentationisstillvalid,bymeansofacryptographicchecksum).Theeasiest waytogeneratecorrectheadersistodelegatethistasktoapieceofinfrastructurethatknowshow todothiscorrectlyforexample,bygeneratingafileinadirectoryservedbyaWebserversuchas ApacheHTTPD. Ofcoursetheresaclientsidetothis,too:whenyouimplementaprogrammaticclientforaRESTful service,youshouldactuallyexploitthecachingcapabilitiesthatareavailable,andnotunnecessarily retrievearepresentationagain.Forexample,theservermighthavesenttheinformationthatthe representationistobeconsideredfreshfor600secondsafterafirstretrieval(e.g.becausea backendsystemispolledonlyevery30minutes).Thereisabsolutelynopointinrepeatedly requestingthesameinformationinashorterperiod.Similarlytotheserversideofthings,goingwith aproxycachesuchasSquidontheclientsidemightbeabetteroptionthanbuildingthislogic yourself.
75 InfoQExplores:REST
CachinginHTTPispowerfulandcomplex;foraverygoodguide,turntoMarkNottinghamsCache Tutorial.
Ignoringstatuscodes
UnknowntomanyWebdevelopers,HTTPhasaveryrichsetofapplicationlevelstatuscodesfor dealingwithdifferentscenarios.Mostofusarefamiliarwith200(OK),404(Notfound),and500 (Internalservererror).Buttherearemanymore,andusingthemcorrectlymeansthatclientsand serverscancommunicateonasemanticallyricherlevel. Forexample,a201(Created)responsecodesignalsthatanewresourcehasbeencreated,theURI ofwhichcanbefoundinaLocationheaderintheresponse.A409(Conflict)informstheclientthat thereisaconflict,e.g.whenaPUTisusedwithdatabasedonanolderversionofaresource.A412 (PreconditionFailed)saysthattheservercouldntmeettheclientsexpectations. Anotheraspectofusingstatuscodescorrectlyaffectstheclient:Thestatuscodesindifferentclasses (e.g.allinthe2xxrange,allinthe5xxrange)aresupposedtobetreatedaccordingtoacommon overallapproache.g.aclientshouldtreatall2xxcodesassuccessindicators,evenifithasntbeen codedtohandlethespecificcodethathasbeenreturned. ManyapplicationsthatclaimtobeRESTfulreturnonly200or500,oreven200only(withafailure textcontainedintheresponsebodyagain,seeSOAP).Ifyouwant,youcancallthistunneling errorsthroughstatuscode200,butwhateveryouconsidertobetherightterm:ifyoudontexploit therichapplicationsemanticsofHTTPsstatuscodes,youremissinganopportunityforincreased reuse,betterinteroperability,andloosercoupling.
Misusingcookies
UsingcookiestopropagateakeytosomeserversidesessionstateisanotherRESTantipattern. CookiesareasuresignthatsomethingisnotRESTful.Right?No;notnecessarily.Oneofthekey ideasofRESTisstatelessnessnotinthesensethataservercannotstoreanydata:itsfineifthere isresourcestate,orclientstate.Itssessionstatethatisdisallowedduetoscalability,reliabilityand couplingreasons.Themosttypicaluseofcookiesistostoreakeythatlinkstosomeserversidedata structurethatiskeptinmemory.Thismeansthatthecookie,whichthebrowserpassesalongwith eachrequest,isusedtoestablishconversational,orsession,state. Ifacookieisusedtostoresomeinformation,suchasanauthenticationtoken,thattheservercan validatewithoutrelianceonsessionstate,cookiesareperfectlyRESTfulwithonecaveat:They shouldntbeusedtoencodeinformationthatcanbetransferredbyother,morestandardizedmeans (e.g.intheURI,somestandardheaderorinrarecasesinthemessagebody).Forexample,its preferabletouseHTTPauthenticationfromaRESTfulHTTPpointofview.
76 InfoQExplores:REST
Forgettinghypermedia
ThefirstRESTideathatshardtoacceptisthestandardsetofmethods.RESTtheorydoesntspecify whichmethodsmakeupthestandardset,itjustsaysthereshouldbealimitedsetthatisapplicable toallresources.HTTPfixesthematGET,PUT,POSTandDELETE(primarily,atleast),andcastingallof yourapplicationsemanticsintojustthesefourverbstakessomegettingusedto.Butonceyouve donethat,peoplestartusingasubsetofwhatactuallymakesupRESTasortofWebbasedCRUD (Create,Read,Update,Delete)architecture.Applicationsthatexposethisantipatternarenotreally unRESTful(ifthereevenissuchathing),theyjustfailtoexploitanotherofRESTscoreconcepts: hypermediaastheengineofapplicationstate. Hypermedia,theconceptoflinkingthingstogether,iswhatmakestheWebawebaconnectedset ofresources,whereapplicationsmovefromonestatetothenextbyfollowinglinks.Thatmight soundalittleesoteric,butinfacttherearesomevalidreasonsforfollowingthisprinciple. ThefirstindicatoroftheForgettinghypermediaantipatternistheabsenceoflinksin representations.ThereisoftenarecipeforconstructingURIsontheclientside,buttheclientnever followslinksbecausetheserversimplydoesntsendany.Aslightlybettervariantusesamixtureof URIconstructionandlinkfollowing,wherelinkstypicallyrepresentrelationsintheunderlyingdata model.Butideally,aclientshouldhavetoknowasingleURIonly;everythingelseindividualURIs, aswellasrecipesforconstructingtheme.g.incaseofqueriesshouldbecommunicatedvia hypermedia,aslinkswithinresourcerepresentations.AgoodexampleistheAtomPublishing Protocolwithitsnotionofservicedocuments,whichoffernamedelementsforeachcollectionwithin thedomainthatitdescribes.Finally,thepossiblestatetransitionstheapplicationcangothrough shouldbecommunicateddynamically,andtheclientshouldbeabletofollowthemwithaslittle beforehandknowledgeofthemaspossible.AgoodexampleofthisisHTML,whichcontainsenough informationforthebrowsertoofferafullydynamicinterfacetotheuser. IconsideredaddinghumanreadableURIsasanotherantipattern.Ididnot,becauseIlikereadable andhackableURIsasmuchasanybody.ButwhensomeonestartswithREST,theyoftenwaste endlesshoursindiscussionsaboutthecorrectURIdesign,buttotallyforgetthehypermediaaspect. SomyadvicewouldbetolimitthetimeyouspendonfindingtheperfectURIdesign(afterall,their juststrings),andinvestsomeofthatenergyintofindinggoodplacestoprovidelinkswithinyour representations.
IgnoringMIMEtypes
HTTPsnotionofcontentnegotiationallowsaclienttoretrievedifferentrepresentationsofresources basedonitsneeds.Forexample,aresourcemighthavearepresentationindifferentformatssuchas XML,JSON,orYAML,forconsumptionbyconsumersimplementedinJava,JavaScript,andRuby respectively.OrtheremightbeamachinereadableformatsuchasXMLinadditiontoaPDFor JPEGversionforhumans.Oritmightsupportboththev1.1andthev1.2versionsofsomecustom
77 InfoQExplores:REST
Breakingselfdescriptiveness
ThisantipatternissocommonthatitsvisibleinalmosteveryRESTapplication,eveninthose createdbythosewhocallthemselvesRESTafariansmyselfincluded:breakingtheconstraintof selfdescriptiveness(whichisanidealthathaslesstodowithAIsciencefictionthanonemightthink atfirstglance).Ideally,amessageanHTTPrequestorHTTPresponse,includingheadersandthe bodyshouldcontainenoughinformationforanygenericclient,serverorintermediarytobeableto processit.Forexample,whenyourbrowserretrievessomeprotectedresourcesPDFrepresentation, youcanseehowalloftheexistingagreementsintermsofstandardskickin:someHTTP authenticationexchangetakesplace,theremightbesomecachingand/orrevalidation,the contenttypeheadersentbytheserver(application/pdf)triggersthestartupofthePDFviewer registeredonyoursystem,andfinallyyoucanreadthePDFonyourscreen.Anyotheruserinthe worldcouldusehisorherowninfrastructuretoperformthesamerequest.Iftheserverdeveloper addsanothercontenttype,anyoftheserversclients(orservicesconsumers)justneedtomakesure theyhavetheappropriateviewerinstalled. Everytimeyouinventyourownheaders,formats,orprotocolsyoubreaktheselfdescriptiveness constrainttoacertaindegree.Ifyouwanttotakeanextremeposition,anythingnotbeing standardizedbyanofficialstandardsbodybreaksthisconstraint,andcanbeconsideredacaseofthis antipattern.Inpractice,youstriveforfollowingstandardsasmuchaspossible,andacceptthat someconventionmightonlyapplyinasmallerdomain(e.g.yourserviceandtheclientsspecifically developedagainstit).
Summary
EversincetheGangofFourpublishedtheirbook,whichkickstartedthepatternsmovement,many peoplemisunderstooditandtriedtoapplyasmanypatternsaspossibleanotionthathasbeen ridiculedforequallyaslong.Patternsshouldbeappliedif,andonlyif,theymatchthecontext. Similarly,onecouldreligiouslytrytoavoidalloftheantipatternsinanygivendomain.Inmanycases, therearegoodreasonsforviolatinganyrule,orinRESTterminology:relaxanyparticularconstraint. Itsfinetodosobutitsusefultobeawareofthefact,andthenmakeamoreinformeddecision. Hopefully,thisarticlehelpsyoutoavoidsomeofthemostcommonpitfallswhenstartingyourfirst RESTprojects. ManythankstoJavierBotanaandBurkhardNeppertforfeedbackonadraftofthisarticle.
78 InfoQExplores:REST
79 InfoQExplores:REST
Interview
IanRobinsondiscussesREST,WS*and ImplementinganSOA
InthisinterviewfromQConSanFrancisco2008,IanRobinsondiscussesRESTvs.WS*,REST contracts,WADL,howtoapproachcompanywideSOAinitiatives,howanSOAchangesacompany, SOAandAgile,toolsupportforREST,reuseandforeseeingclientneeds,versioningandthefutureof RESTbasedservicesinenterpriseSOAdevelopment. IanRobinsonisaPrincipalConsultantwithThoughtWorks,wherehespecializesin thedesignanddeliveryofserviceorientedanddistributedsystems.Hehaswritten guidanceforMicrosoftonimplementingintegrationpatternswithMicrosoft technologies,andhaspublishedarticlesonbusinessorienteddevelopment methodologiesanddistributedsystemsdesign. InfoQ:Hi.MynameisRyanSlobojanandIamherewithIanRobinson.Ian,whatdoyoucurrently considertobethebesttechnicaloptionforcreatingaserviceorientedarchitecture?WS*or REST? IanRobinson:Ithinkitisalwaysgoingtodepend;wearealwaysgoingtohaveheterogeneous environmentswithintheenterprise.Therearelikelytechnologiesthatarealreadyinplace, applicationsthatarealreadyinplacethatuseWS*,anditisunlikelythatwewouldwanttoreplace thosejusttoimposesomekindofuniformsolution.Alotofthestacksofferakindofhomogenous developmentenvironment.Andifwearedevelopingtheinternalsofanapplicationortheinternals ofaservicewecancertainlytakeadvantageofalotofthoseWS*compliantapplicationsand interfaces.Ithinkoncewearelookingfortremendousreachandscalability,whenwearelookingto extendacrossorganizationalboundaries,thenwemightwanttolookatmoreRESTfulsolutions.We willhavetechnologiesateitherend,technologystacksthathavesimpleHTTPclients,wecantake advantageofthose,wearenothavingtoworrysomuchaboutincompatibilitiesbetweendifferent versionsofaWS*specification.SoIthinkreallybeingabletotakeadvantageofsomeoftheweb's infrastructure,someofthescalabilitythatisinherentinthatinfrastructuremightguideustowards adoptingaRESTfulsolutionforthosepartsofourSOA. InfoQ:Oneoftheotherquestionswhichcomestomindishowdoyouviewthenotionofcontracts withinaRESTscenario? IanRobinson:Ithinkcontracts,asweareusedtothemfromthewebservicesstack,aren't necessarilyasapplicableinaRESTfulenvironmentoraRESTfulsolution.Nonethelesscontractsare there,arepresentinoneformoranother,andit'sprobablyworthinvestigatingthoseindetail.But
80 InfoQExplores:REST
firstIwilljusttalkalittlebitaboutthosewebservicescontracts:WSDLandWSPolicy.Togetherthey aretypicallysaidtocompriseawebservicecontract.WSDLexposestheendpointsandthe operationsthatcanbeperformedatthoseendpoints.AndWSPolicyassertssomeofthe qualityofservicecharacteristicsthatmightbeassociatedwiththatservice. WSDLinparticularseemstoencouragearemoteoperationviewoftheworld.It'sverystatic,very upfrontwearekindofcommittingveryearlytothewayinwhichwewanttoconsumeaservice.Ina RESTfulsolutiontypicallywhatwearetryingtodoisguideaclienttowardsitsgoal.Sotheclient makesarequestofourserviceandwe'llserveupsomekindofrepresentation,itmightbea representationofanorderforexample.Itmaybethatwewanttoprogressthatorderthrough severalstates,ideallywhatwewanttodoinsidethatrepresentationisadvertisesomeofthe possibletransitionstothenextstageorthenextstateinprocessingthatorder.Sowe'renot necessarilyhavingtoadvertiseupfrontinsomeexternalcontractwhatisthatwecandowithan order,therepresentationitselfoffersupseveralopportunitiestomanipulatethatorder.Sothisis that"hypermediaasthelevertoapplicationstate"constraintwithinREST. Soreallythecontractsarebeingexposedgraduallyinarathermoredynamicfashion.Wearestill treatingwiththeclientoverthecourseofseveralrequestsandresponses.Butweareenablingthat clienttomakedecisionsontheflyastowhereitwantstogonext.OneofthethingsthatIthinkwe reallywanttotryandadheretohereiscarefuluseofmediatypesorMIMEtypes.Soahandfulof goodmediatypeswithintheirprocessingmodel,basicallyadvertisewhatisahyperlink,whatare thosehypermedialeversthatareavailablewithinthatparticularmediatype. Soifwearebuildingrathergenericclientsthatcanhandletheseparticularmediatypes,thenthey canbegintoidentifythosepossiblestatetransitions,thosepossibleontheflyelementsofthe contractandbegintoactonthemthereandthen.Sowecanstartlayeringsomeapplicationspecific intelligenceontopofsomeverygenericRESTclientsandweareusingmediatypestoguidethose clientstogetherwiththeparticularrepresentationsthatweareservingup.Weareusingthoseto guidethoseclientstowardsthesuccessfulcompletionoftheirgoals.Doesthatmakesense? InfoQ:Yes,itdoes.SowhatareyourthoughtsonWADL,WebApplicationDescriptorLanguage? IanRobinson:WecoulduseWADL.WADLeffectivelyallowsustodescribesomeoftheoperations thatwecouldperformagainstanyparticularresource.WecouldusethatinaWSDLlikewayto providesomestaticupfrontdescriptionoftheservice.OrwecouldactuallyuseWADLtoannotate someofthoserepresentationsastheycomebackandsay"Lookhereistoday'scontractforthis order.Herearethethingsthatyoucandowiththisordertodaywiththisparticularrepresentation". WehaveactuallyusedWADLtoannotatethatrepresentationandprovidesomekindofcontractlike semanticsonthefly.Ithinkthatisapreferablesolution.Obviouslywe'vetalkedaboutothermedia types,thingslikeRDFhasarichprocessingmodelthatallowsusagaintoidentifyparticularlinksand thesemanticsattachedtothoselinkssothatwecouldinterrogatearepresentationandthenbegin toprogressit,inmakingfurtherrequestsoftheservice. InfoQ:HowwouldyouapproachalargescalecompanywideSOAproject?
81 InfoQExplores:REST
IanRobinson:AnapproachwehaveusedsuccessfullyinthepastatThoughtworks,thisisan approachIhaveusedwithanumberofcompanieswheretheyoftenhaveaverysuccessfulpedigree inmainframeapplicationdevelopmentandinothermorerecentkindsofapplicationdevelopment aswell,buttheydon'tnecessarilyhaveanyexperienceatSOA.Nonethelessthereareverystrong pressuresforsomesignificantchangetotakeplace,marketconditionsarechanging,theyarefinding thattheirexistingapplicationsaredifficulttochange,expensivetochangesoallofthisleadsthemto believethattheyneedsomekindofSOAsolution. There'sanobviousneedthere;theyhavealotofexperienceinotherkindsofapplication development;andtheyareawarethatthere'salotofSOAexperienceouttherebuttheydon't necessarilypossesitatthispointintime.Whatdotheydo?Howdotheygetstarted?Whatweare tryingtodoisprovidesomekindofacceleratedroutetowardsidentifyinganddevelopingservices, andthendeliveringthemintotheenterprisesoastodeliververyrealsignificantbusinessvalue, valuethatmeetsthatcompany'sstrategicgoals.Sotypicallywhatwedoispresentaveryverysimple map,ideallyIwouldliketobeabletodrawthatupforyou,butitbasicallyprogressesfromleftto rightandonthelefthandsideIjustdrawfewboxesthatrepresentsomeofthoseorganizational units,theirkeygoals,whatisittheyaretryingtoachieve,what'simpedingthem...Inthemiddleof ourmapwediagramcapabilities,andthenoverontherighthandsidewedescribeservicesandthen specifictechnicalimplementationsofthoseservices. AndIsay"Whatwearegoingtodotogetheroverthecourse,say,ofacoupleofmonthsisweare goingtobeginpopulatingthismapwithdetail,wearegoingtostartattachingveryspecificartifacts topartsofthismap".Sowearegoingtostarttryingtounderstandwhosomeofthekeystakeholders hereare,whataretheirkeygoals,whataretheytryingtoachieve,what'smotivatingthem?Andwe aregoingtodothatthroughanumberofworkshopexercises,thingslikethat.Andfromthatweare thengoingtostarttryingtoidentifysomekeyorcorecapabilitiesthatbelongtoyourorganization. Whatkindofcapabilitiesorwhatabilitiesdoyouneedtobeabletofurnishinordertomeetsomeof thosekeygoals?Soagainyouwanttodrawthoseoutasquicklyaspossible,doingjustenoughwork togetsomekindofsenseoftheoverallscopeoftheengagement.Thenwearegoingtostarttrying toassignthosecapabilitiestoservices. Wesaythatservicesarehostsforoneormorebusinesscapabilities.Andthenwecanbeginmaking somedecisionsabouthowweactuallywanttoimplementthoseservices,whatspecifictechnologies, whatarchitecturalapproachesdowewanttotake,inordertoimplementthoseservices.Soboiled downtoitscore,Italkaboutstories,capabilities,servicesandcontracts.StoriesItakefromthings likeBehaviourDrivenDevelopment,andusingstoriesandthestoryformattodescribearole"I wanttoachievethis,sothat"andthenIdescribesomekindofvalueattachedtoachievingthat goal,soidentifyingarole,agoalandavalueattachedtothatgoal. Weusethatkindofstoryformatveryoftenwithpeoplewithstrategicresponsibilitiesatthe beginningofaninitiative.We'llaskthemreallytotryanddescribesomeoftheirkeybusinessgoals, andthevaluethattheyattachtothem.Andthen,asacomplementtothat,wetryandderivewhat sortofcapabilitiesarethatthatcompanypossessesorneedstofurnishinordertomeetthosegoals. Sowhatwearetryingtocreateisacapabilitymap,verysimple,oftenthiskindofhierarchical description,butit'sadescriptionreallyofwhatitisthatthecompanydoesorwhatitistryingto
82 InfoQExplores:REST
achieve.Andthenthatbecomesthebasisforawholebunchofotherconversationsbothwith strategicstakeholdersandsomeoftheoperationalstaff. Whichofthesecapabilitiesarecoretoyourbusiness?Whichofthemdifferentiatethem,or differentiateyoufromyourcompetitors?Whichofthemdoyoudowelltoday,andwhichofthemdo youdobadly?Arethereanythatyoucouldoutsource?Andwhatareyourkindofqualityofservice expectationsaroundthesecapabilities?Andwearenotatthismomentintimetalkingabouthowwe implementthem,butifyouneedtobeabletosourcepartsforsecondhandcars,what'sthe turnaroundtimeonthatkindofexpectedprovisionofthatserviceorthatkeycapability?Sowecan askallofthesequestions,wecanbegintoderivesomekindofqualityofservicecharacteristics. Thenwearebeginningtohoneinonsomeofthekeycapabilities,thethingsthatareveryvery significant,veryimportanttothiscompany,orthingsthattheyarenotcurrentlydoingwellbutwhich nonethelesstheyoughttobedoingbetter.Wecanthenstarttoidentifyservices,startassigning thosecapabilitiestoservices.Andthenwecanstartmakingsomedecisionsabouthowtoactually buildtheseservices.Nowoftenthattakesplaceinanenvironmentwherethereisawholebunchof inflightprojects,soagainaspartofthisveryquickstartwayofapproachinganSOAinitiative,we starttotryandmapsomeofthosekeycapabilitiesandperhapssomeofthecandidateservicesthat we'veidentifiedtoinflightprojectssowearebeginningtocreatethissharedunderstanding betweenseveralteams,severaldifferentgroupsofstakeholders,wearetryingtobringthem togetherwithinthisverysimplemap,andhelpthemunderstandtheseveraldependenciesbetween differentprojectstreams. Thisisreallyaniterativeexercise,soasIsaywe'llgothroughanumberofworkshopstoidentify someveryhighlevelsandkeycapabilitiesandwemightimmediately,followingonfromthat,tryto identifysomecandidateservicesandstarttryingtodeliververyquicklysomeworkingsoftwarethat helpssatisfysomeofthoseservicebehaviors.Butwe'llconstantlybegoingback,engagingmore stakeholders,drillingdownanddiscussingmoreofthosecapabilitiesindetail.Butagainit'sa conversationaroundwhatisityouaretryingtoachieve,whyisitimportanttoyou,whatkindof qualityofservicecharacteristicsdoyouattachtothesethings?Sothisisthebasisofthekindof conversationthatcanjoinupseveraldifferentpartieswithintheorganization,someofthose businessstakeholders,someofthosetechnicalstakeholders.Sothecapabilitiesbecomethis ubiquitouslanguageandthentheservicesandtheserviceimplementationsarereally implementationdetails.Nowwecanbegintosharesomeofthatwiththatgroupofstakeholders, butreallyIseethelinkasbeingreallythoseconversationsaroundthecapabilities. InfoQ:OneofthequestionsthatcomestomindishowdoesimplementingaSOAchangean organizationwhichdidnotpreviouslyhaveone?Howdoesitchangetheflowofworkwithinan organizationandcapabilities? IanRobinson:Ithinkoneofthefirsteffectsreallyisawholebunchofpeoplewhohavenot necessarilytalkedtooneanothertoomuchactuallycomingtogetherandcreatingashared understandingofwhatitistheyaretryingtodo,andwhyit'simportant,anddoingitinsomevery simplepracticalterms.Wearenotusingstrictlytechnicallanguageatthispointintime.Sowe're creatingthissharedunderstanding,andoftenthat'sarealbreathoffreshairforsomeofthese
83 InfoQExplores:REST
organizationswheretheyhavebeenlockedinverysiloedefforts,thereisalotofrepeatedor duplicatedeffortacrosstheorganization.Wearebeginningtoidentifysomeofthatandwe're helpingpeoplebridgesomeofthosegaps. Aswestartactuallydeliveringworkingsoftware,wearealsotryingtoencouragethoseteamsto collaborate,toidentifydependenciesandresponsibilities.Thisteamoverheremighthavesomevery realresponsibilitiestoyourteamoverthere,howcanwecommunicatethoseandhowcanwe continuallyenforcethoseresponsibilities.Andoneofthewaysthatweliketodothatistoactually sharetests.Soyourteamcouldactuallycreateasuiteofteststhatassertsomeoftheexpectations thatyouhaveofmyservicethisisthewayinwhichyouwanttointeractwithit. Thesearethepartsoftheservicethatareimportanttoyou.Andyougiveusthosesuitesoftests, andwemightincorporatethemintoourcontinuousintegrationenvironment,sowehavethisvery practicalprogrammaticassertedbehavior.Soweareactuallygettingtheseprogrammaticcontracts beingexchangedbetweenteams.Wearealsotryingtoencourageteamstobemorelonglived,so theylivewithaservicefromitsinceptionthroughtoitsoperationratherthanacoreteambeing dedicatedsolelytodevelopmentandthenhandingovertosomeothersupportfunction. Nowagainthat'softenquiteasignificantorganizationalchange,it'snotalwayseasilyaccomplished andit'snotalwaysappropriate,buttryingtoencourageteamstohavethislongoveralldutyofcare tothelifetimeofthesystemandtotakeaccountoftheseveraldifferentpartiesthataregoingtobe responsibleforthatsystemandthinkingaboutthatalittleearlierinthedevelopmentlifecycle.So againtherearethosekindsofverypracticalchangesthatwebegintoseetakeplacewithinan organizationaspeoplearecomingtogetheraroundthesesharedgoalsandaswearethinkingofvery practicalwaysofcommunicating,exchangingunderstandingandcreatingtheseprogrammatic contractsbetweenteams. InfoQ:Oneofthethoughtswhichcomestomindwhilelisteningtowhatyouaresayingisthatalot ofwhatyouaredescribingsoundsalotlikeanAgileimplementation.DoyouseeagoodSOA architecturewithinanorganizationandAgilebeingnecessarilyintertwined? IanRobinson:Yes,butIwanttocaveatthatquiteabit.TherearethreetermsthatI'mquitewaryof, particularlyaroundSOAinitiatives:thosetermsareAgile,integrationandbusinessprocess.So,I thinkit'sakindofopenquestioneventoday:canwecreateorganizationalorenterpriseagilityusing Agileprojectmanagementorsoftwaredeliverymethods?Sopeopleoftensay:canwedoAgileSOA? Sometimesthat'saCIOisveryskeptical,sayingtherigorsofSOAdon'tseemtogowiththis,seeming gunghoattitudethatAgilehas,howcanthetwocometogether?Andsometimesit'sakindof dogmaticAgilepractitionerworryingthatthekindofprotractedexercisesthatseemnecessaryto SOAcan'tbemadeAgileandthereforetheyarealmostquestioningSOA'srighttoexist. SocanwedoAgileSOA?Tomethat'sthewrongquestion.Bettertoask:whatcanwedotobetter meetanorganization'skeystrategicgoals?Whateverisappropriateisappropriate.NowasAgile practitioners,we'vegotawholebunchofactivities,practices,principlesthatwecanbringtothe table.Someofthemaremoreappropriatethanothers,someofthemhavetobemodified.Because wearedealingoftenwithteamsatadistance,projectsworkingwithindifferenttimestreams,it's verydifficulttocoordinateallofthosethings.Wecan'talwaysjustpourourknowledgeoutontoa
84 InfoQExplores:REST
bunchofcardsaroundatable,weareoftendealingwithascalewherethat'snotpracticalor possible. Nonetheless,therearesomekeythingsthatwetakeawayfromAgile,thisdesiretohaveinsight, daytodayorminutetominuteinsightintooursystems,andthewaytheyarebehaving,desireto haveverystrictandclosefeedbackloops.SoI'moftenlookingforstrategiesandtechniquesand practicesthatcanencouragethosethingsandthat'sanattitudethatIbringfromAgile,butwhether ornotIamdoingAgileSOAtomeisanecumenicalmatter,Iamnotoverlyinterestedwhetherornot IamdoingAgileSOA.IsaidacoupleofothertermsthatIamwaryofaswell,integration.SoIoften seeorganizationswithsomekindofintegrationgroup,ortheyaretalkingveryoftenaboutdoing integration. Integrationtomeisabitofabadsmell,itsuggeststhatwhatyouaretryingtodoafterthefactis gluetogetherabunchofsystemsandfixupabunchofbaddecisions.SoIprefertotalkabout intrinsicinteroperability,thoughIcanbarelysaytheword,andwithinaRESTfulsolutionthatisoften leadingtoserendipitousreuse.Butintrinsicinteroperability,evenworsethesecondtime,over integration.NowIrecognizethatintegrationisabsolutelynecessary.There'sawholeloadof integrationactivitythattakesplacedaytodayandveryoftenwhenwearebuildingoutaservicea lotoftheinternalimplementationsofthatservicemightbeabunchofintegrationactivities.Butlet's notprizeintegrationassomethingthatwedosuccessfullyanditmakestheworldabetterplace. AndthelasttermthatIamwaryof,andagainIrecognizethatitisnecessary,butit'sthisterm "businessprocess".Businessprocesstome,itseemsanoverlyformalterm,it'satermthatisusedby abunchofspecialistsbutit'snotnecessarilymeaningfultothosepeopleonthegroundwhoare actuallyachievingacompany'sgoalsdaytoday.There'sawholebunchofadhocactivities, collaborationsthattakeplace.Ifyouareofaparticularstrategicmind,youmighttryanddivine businessprocessesoroverlaythisformalityontopofthem.Butifwetalktooquicklyaboutbusiness processesweenduptalkingabouttheseratherfragileassembliesorsequencesorworkflows.And wesay"Wellthisisthewaytheworldistodayandthisisthewayitoughttobe". Infactabusinessprocessagainisoftenanimplementationdetailofoneofthosecapabilities.Today weimplementthecapabilitytosourcesecondhandpartsforyourcar,somehurriedstaffinthecall centerhavetogothroughafilingcabinet,that'sthebusinessprocesstoday.Tomorrowwemight automateit,buttheyareimplementationdetails.SoagainIrecognizethatitisaveryimportantterm, butifIamlookingforanAgileSOAsolutionthatisorientedaroundintegrationandbusiness processes,IthinkIamslightlyofftrack.IfIamtryingtodelivertosomeofthosesignificantgoals, providingsolutionsthatarecapableofevolving,wherewe'vegotrapidfeedbackandminuteto minuteinsightintothebehaviorsofoursystem,that'sgood.Ifwearedoingintegrationinsideofour servicesthat'sabsolutelynecessaryintegrationbutprotectingalltheotherconsumersofthatservice fromthatkindofmessydetail,that'sgood.Andifwearetalkingaboutbusinessprocessesasapure implementationdetailofsomeofthosekeycapabilities,againthat'sfine. InfoQ:Canyoutalkaboutthecurrentstateoftoolsupportfordeveloperswhowanttogetgoing withRESTbasedwebservicesandframeworksandtoolsandbestpractices? IanRobinson:Ok,sothestateoftoolsupportfordoingRESTfuldevelopment.Well,thebasetools
85 InfoQExplores:REST
arethereinmostdevelopmentlanguagesHTTPclientsandwaysofhostingsolutionssotheyare listeningtoanHTTPendpointaswell...Letmehaveathinkaboutthat.Iamnotoverlyfamiliarwith awidevarietyoftools,andIwouldsayIsupposethereisn'tterrifictoolsupportinawaythatthere iswiththeWS*stack.Sotypicallyasadeveloperwhatwewantwhenwearedevelopingaweb service,issomeWSDLthatwecanthenusetoautogeneratesomekindofproxy. IfsomeoftherepresentationsthatweareservingupinaRESTfulmannerconformtosomeXML schema,thenit'slikelywehavegotsomekindofautomatedtoolsupportforproducingthose stronglytypedrepresentationsinourownlanguageforserializinganddeserializing.Idon'tthink that'sabsolutelynecessary,Imuchpreferto,againifweareusingXML,toXPathoutthepartsofthe messagethatIamreallyreallyinterestedinanddiscardalltherest.AndI'dprobablyadoptthat approachevenwhenusingthewebservicesstack.Soagainmypreferenceisnottoautogenerate proxiesandclientsagainstaparticularversionoftheschema,butinsteadjusttoparseoutthebitsof themessagethatIamreallyinterestedin,andIwouldadoptexactlythesameapproachinaRESTful solution. WhatIhavedonealittleworkonrecentlyisaverysimpleDSLforexpressingaclient'sexpectations withregardtoaparticularmessageorrepresentation.SothatDSLitlooksalittlelikeYAMLbasically abunchofnestedtermstogetherwithatype,Iexpectthistobeastring,Iexpectthistobean integer.ButitisveryconcisebutthenfromthatIcangenerateawholebunchofthings,Ican generateabunchofXPathassertionssothatIcanvalidateincomingmessagesifIwantorIcan validatethemonthewayout.Icangenerateserializersanddeserializersthatarededicatedto satisfyingmyexpectationswithregardtothekindofmessagesthatyouareproducing.Icanalsouse ittogenerateagraphthat,withregardtothisparticularschema,thisgraphbeginstodescribesome oftheexpectationsthatdifferentclientshaveofthatschema. SoIambuildingupeffectivelythiskindofsocialnetworksforcontracts.Soallthesedifferent artifactswecangenerateoffthetopofsomethingproducedwiththisDSL.It'ssomethingthatIam playingwithatthemoment,butthatseemstometobeawayofbeingabletoexpressmy expectationsofamessageandthencreatetypeclassesthatarereallydedicatedtothose expectations,towardsservicingthoseexpectations.SoI'vekindofgotabitofftrackintermsofyour questionaroundRESTtoolsupport.IndevelopingsomesolutionsrecentlywithAtomandAtomPub, whatI'vereallywantedtoensureisthattheprotocolandthewayinwhichthoseclientsare interactingwiththosefeedsisbeingadheredto,soIwanttocreateawholebunchofunittests aroundtheservicethatisgeneratingthosefeeds. AndIwanttobeabletoassertthatspecificHTTPheadersarecomingback,certainresponsecodesin responsetoaparticularstimulus.WhatIfound,andIwasdoingthisonthe.Netframework,whatI foundwasthatyoucanveryquicklygetintothatHTTPcontext,butforeverytest,whatyouare havingtodoisactuallyinstantiateaserviceoverHTTPandcommunicatewithit.SowhatIhavedone isjustcreateasimplewrapperaroundthatHTTPcontext,it'saninterfacethatIown,andthenIcan mockitoutandobviouslysetexpectationswithregardtothatmock.AndthenI'vegotaseparate bunchofteststhatjustassertthatspecificimplementationsofthatinterfaceactuallydelegateto the.Netframework.Oneofthethingsthatwewanttobedoingistestingtheprotocol;likeIsaid, that'sintermsofstatuscodes,headers,thatkindofstuff.
86 InfoQExplores:REST
InfoQ:Howcanyouachievereuse,andhowcanaproviderforeseetheneedsofitsclients? IanRobinson:GoingbacktosomethingthatMartinsaidinthekeynotethismorning,ourexperience isthatreuseoftenhappensafterthefact.Let'sdoonethingwellweunderstandthespecific contextinwhichthisparticularlypieceoffunctionalityistowork,let'sdelivertothat.Thenwebegin toidentifyopportunitiesforreuse.Ifwehaveasuiteofunitteststhenwehaveabedrockofasserted behaviorthatwillallowustoevolveapieceofsoftwaretowardsamoregenericsolution.Soasnew usecasescomealong,weareidentifyingthoseopportunitiesforreuse,wecanevolveoursoftware quiterapidlyandthatsuiteoftestshelpsensurethatourexistingobligationsarebeingsatisfied. WhatwehavedoneatThoughtworkswithanumberofclientsonanumberofprojectsisthenwe'll extendthis,andit'ssomethingthatItalkedaboutearlierinfact,whereby,ifwearetalkingabout reusingaspectsofservices,partsofservices,thenwe'lloftenhaveclientorconsumerteamsgiveus asuiteofteststhatdescribetheirexpectationswithregardtoourserviceor,ifweareearlierinthe softwareortheservicedevelopmentlifecycle,thentogethertheseteamswillhelpestablish obligationsandexpectations.Youneedthisofme,youneedtoseethishappen,howcanwe describethatasacontractbetweenthetwoofus,andhowcanwethenturnthatcontractinto perhapsasuiteoftests,perhapsagainXPathorSchematron,thatsay"yousendmethismessageor ifIsendyouthismessagethisisthekindofresponsethatIexpect". AndthesearethepartsoftheresponsethatIamparticularlyinterestedin.So,whenyougiveme thatsuiteoftestsyouarebasicallycommunicatingtomeyourexpectationsandthenitmaybethat anotherclientorconsumercomesalongandgivesmeasimilarsuiteoftests,andgraduallyI'm buildingupmyoverallaggregatesetofobligations,soI'mbeginningtolearn.Thisoftentakesplace withinacontrolledenvironment,withintheenterprise,it'snotnecessarilyanInternetscalesolution. ButI'mbeginningtounderstandwhatmyobligationsarewithrespecttoseveraldifferentpartiesand thenifIwanttoevolvemyservice,wellI'mfreetodosojustaslongasIdon'tbreakanyofthose expectations. Onyoursidewhatyou'repromisingis,youknow,you'veadvertisedanenormousschemaactually weareinterestedinthesefivedifferentfields,whatwe'repromisingisthatweareonlygoingto consumethosefivefieldsandwearegoingtothrowanythingelseaway.Soyou'refreetochange everythingelseaslongasyoucontinuetoprovidethosefivefields,sothepromiseonyoursideis youarenotimportingormakinguseofstuffthatyouarenottellingmeabout.Andthenasaservice providerI'mquitefreetochangemyschematoevolveitaslongasIdon'tbreakanyofthoseexisting obligationsandinfactIcanmakeachangethatisostensiblyabreakingchangebutaslongasitis notactuallybreakinganyofmyextantclients,whocares?Sotheversioning...There'sdefinitely versioningtakingplacehere,butitisoftenataslowerpace. Idon'tnecessarilyneedtoversionifIknowthatI'mgoingtocontinuetosatisfyallthoseexisting clients.It'swhenIidentifyarealbreakingchangeandIneedtocommunicatethattoyou,weneedto beabletoidentifysomewayofmovingforwards.ThatmightbethatIprovideanalternative implementationthatsupportsyouforthenext6months,itmightbethatyouhavetobegintomake somechangesnow. InfoQ:Youhadmentionedversioning.Whatdoyouconsidersomeofthebestapproacheswith
87 InfoQExplores:REST
regardstoversioning? IanRobinson:Ithinkit'sfirstlyaboutprovidingaplatformforevolution.SowithXMLschemawecan provideforextensibilitypoints,wecandesignschemaswithextensibilityinmind.That'softenquite cumbersome,andthemessagesasthey'veevolvedovertimeactuallybegintolookratherawkward andarenotnecessarilyasexpressiveastheymightbe.I'vetalkedalittlearoundwhatwe'recalling consumerdrivencontractsandthefactthattheyhelpmeunderstandwhenachangeisreallya breakingchangeandwhenwhat'saseemingbreakingchangeactuallydoesn'treallydisturbthe universeatall.So,thereareveryrealdemandsforaversioningstrategywithinanorganization. Youknowthesethingscanoftenbeverylonglived,andwe'veseenmainframeapplicationsthat havelivedfortwentyyearsormore,itwillbewonderfulifthekindsofsolutionsthatweare producingtodaycouldhaveasimilarlifetime.It'salmostinevitablethattheyaregoingtochangeand thereforewedoneedtostartthinkingaboutthoseversioningstrategies.Idon'tthinkthereis actuallyagreatversioningstoryinalotoftoolsetstodayandinalotoftheframeworksandIthinkit isaproblemthatisbeginningtomakeitselffelt,andIthinkalotofthosetechnologystacksandalot ofsolutionsandtheframeworksarebeginningtoaddressthat.ButItryandtakeaverycautious approach,basicallyhavingconsumersonlyconsumewhat'sabsolutelyimportanttothem,discard therest,havethemtrytocommunicatesomeofthoseexpectationstoaprovider,andthathelpsthe providerunderstandwhentheyarefreetochange,butatsomepointwedoneedtoversion,and that'sthepointwherewemighthavetotakeadvantageofsomeofthoseextensibilitypointsthatwe haveprovidedfor,itmightbethatwehavetoprovideawhollynewinterface. InfoQ:WhatdoyouseeasthefutureofRESTbasedwebservicesinenterpriseSOAdevelopment? IanRobinson:Ithinkwearelearningtodaythatalotoftheenterprisesolutionsthatwehavebuiltin thepastareverymuchconfinedtotheenterprise,andwehaveoftenabusedorcompletely disregardedsomeofthebenefitsthatthingssuchasHTTPandthelargerwebinfrastructurehaveto offerus.Wearealsodiscoveringtodaythatalotofthevaluethatwewanttogeneratewithinan organizationisdependantuponitsinteractionsanditscollaborationswithotherorganizations.Sofar morecommunicationacrossorganizationalboundaries.Partsofthewebservicesstackinhibitthat kindofcrossorganizationalgrowth.Wehaveaproliferationofspecificationsandoftenfora particularspecificationthereareseveraldifferentversions. Wearefindingitincreasinglydifficulttogetthatkindofintrinsicinteroperabilityacross organizationalboundariesusingthewebservicesstack.RESTfulsolutionscanhelpusextendour reachinthisregard.Wearetakingadvantageofaconstrainedinterface,butwearebeginningto surfaceanddescribearichpoolofresourcesandwearehelpingidentifyeachofthoseresourcesand makethemavailabletoourclientsandtootherorganizations.Andwearehelpingguidethose clientstowardssuccessful,thesuccessfulconclusionoftheirgoals.Sowetalkedaboutthatearlierin termsofservinguprepresentationsthathelpaclientachieveitsgoalsandwearebeginningto advertisewhatthenextstepintheprocessis. Now,Ithinkthatwecanlearnfromthatevenifwewanttoimportsomeofthoselessonsintothe wayinwhichwearebuildingsolutionsontopofthewebservicesstack.Identifyingresourcesinand ofitselfisaveryusefulexercise,soadoptingkindofresourceorientedthinkingoftenhelpusidentify
88 InfoQExplores:REST
thingswhicharesignificanttoacompany,whichgeneratevalueonbehalfofacompany,givethema name.Oftenthosethingsareotherwiseburiedawayinsomeimplementationdetailwe're beginningtosurfacethem,givethemnames,makethemaddressable.Theideathatprocessesare notdefinedonceandforall,thattheymightgraduallyevolveoverthecourseofalonglived conversation,interactionacrossorganizationalboundaries. Again,howcanweguideclients,howcanweadvertisewhatispossibletodotoday,wemightbe advertisingsomethingcompletelydifferenttomorrow,wemightbeintroducingforexamplesome kindofadvertisingcampaigninthemidstoftheordinaryprocessandifaclientcanrecognizethose additionalelementsofthatprocess,thatwe'readvertisingonthefly,theymightbeabletotake advantageofthat.Butclientsthatdon'trecognizeitcanstillmeettheircoregoalofgeneratingan order.So,Ithinkweareseeingsolutionstodaythatareemergingthatarebeginningtotake advantageofsomeofthisthinking,beginningtointroducesomeRESTfulideasacrossabroader rangeofsolutionsandthatisthekindofinfluencethatIwouldliketohaveinthenextfewyears. ViewFullVideo http://www.infoq.com/interviews/robinsonrestwssoaimplementation RelatedContents HowRelevantIsContractFirstDevelopmentUsingAngleBrackets? RESTTheGood,theBadandtheUgly QuestforTrueSOA InfoQMinibook:CompositeSoftwareConstruction Presentation:ScottDavisonRealWorldWebServices
89 InfoQExplores:REST
Interview
JimWebberon"GuerillaSOA"
Inthisinterview,recordedatQConLondon,JimWebber,ThoughtWorksSOApracticeleadertalksto StefanTilkovaboutGuerillaSOA,alightweightapproachtoSOAthatdoesnotrelyonbig middlewareproducts,amessageorientedarchitecturalstylecalledMESTanditsdifferencestoREST, andtheSOAPServiceDescriptionLanguage(SSDL). Dr.JimWebberistheSOAPracticeleadforThoughtWorks,whereheworksonWeb Servicesbasedsystemsforclientsworldwide.HehasextensiveWebServices architectureanddevelopmentexperienceandwastheleaddeveloperwith HewlettPackardontheindustry'sfirstWebServicesTransactionsolution.Jimisis coauthorofthebook"DevelopingEnterpriseWebServicesAnArchitect'sGuide." InfoQ:ThisisStefanTilkovatQConandIaminterviewingJimWebber.Canyoutellusabitabout yourself? Jim:Iworkforasmallconsultingorganizationcalled"ThoughtWorks",whoyoumayhaveheardof, andIdoalotofSOAandWebservicesworkforthem,particularlywithanemphasisondependable systems.Maybeit'sbecauseIamapessimist,butIlookforthosekindsofsituationswhenthingsgo wrongandfigureoutwaysofmitigatingthatkindofrisk. InfoQ:SothetitleofyourtalkhereatQConis"GuerillaSOA".Canyoutellusalittlebitabout whatthatissupposedtomean? Jim:AlotofSOAprojectsIhaveseen,havebeensomewhatakintomobilizinganarmy.Youhave hundredsofconsultants,awholebunchofarmamentsintheformofhuge,sophisticated middlewareplatforms.Thewholethingisveryheavyweightandcumbersome.Ifeelthatwhenyou aregoingforthatkindofbig,upfrontSOAdeployments,youlosealotofopportunitiestoprioritize, todeliverbusinessprocessesbasedonyourbusinessprioritiesandyourbusinessvalues.TheGuerilla SOAaspecttriestoturnthataroundalittle,sowe'relookingformuchmorelightweight engagements,ifyou'dlikeinmilitaryterms.Wewanttoaddressspecificdiscretebusinessproblems, organizedbyprioritiesaccordingtothebusinessstakeholderandgetthoseprocessesimplemented rapidlyinanincrementalwaywithlotsoffeedback.Sowecanactuallystarttoprioritizeacrossthe businesswhichprocessisthemostvaluable,whichonesaremostheavilyusedandimplement thosefirstwithouthavingtowaitforabigprogramofworktobeestablished,toputtheenterprise servicebusinplaceorotherkindoftechnicaldependencies.Soitiskindofalmosta,tongueincheek really,butahitandrun,deliveroften,andincrementallykindofSOAoption. InfoQ:Soisthissomethingthatisonlyusableinsmallerscenariosordoesitscaleuptobig
90 InfoQExplores:REST
deploymentsorbigscenarios? Jim:Thenicethingisthatitworksineitherbecauseyouhavespecificprioritiesthatthebusiness givesyouatanygiventimeandyoufocusonthose,andaslongasthebusinesscankeepcomingto youandsaying"Inowneedthatthisprocessimplemented"thenyoucanscaleupadinfinitumuntil thepointwhereyouautomatedalloftheprocessesofagivendomaininagivenbusiness,soitscales fairlywell. InfoQ:Itsoundsalittledifferentthantheapproachprioritizedbysomeofthevendors,Ithink.So isthisapproachcompatiblewithlargescalemiddlewareproductsaswell? Jim:Ithinktheapproachhelpsusthetodecoupledependenciesbetweenwhatthebusinesspeople wantandthetoolswehaveavailable.SoalthoughIpokefunattheESBsandsoon,Iwould absolutelyusethosetoolswhereitmakessensetometoimplementtheprocessthatIhavebeen instructedtoautomate.Ifitdoesn'tmakesensethenIwon'tusethemandIwilluseothertools.I willuseanythingfromsimpleJavaappsrightthewaythroughtofullmessagebroker, store&forwardbasedarchitectureswhereitmakessensewithinmycurrentcontext.Butthe importantthingisthatIdon'tletmycurrentdevelopmentcontextbleed.Idon'tletthose abstractionsleakintootherdevelopmentprojects.Weliketokeepeachprocessthatweare implementingrelativelyisolatedsothatthentheserviceecosystemgrowsandcanbereused.Ithas thisemergentbehaviorthatweneverexpected.Ontheotherhandifwealloweverythingtobleed togetherinabigSOAplatformyoutendtogettightcouplingandthatrestrictsyouroptionsfor evolutionfurtherdownthelineanditrestrictsyouroptionsforthiskindofinterestingemergent behavior,whichmeandyouasgeekscouldbutthebusinesspeoplecouldn'tseebecausetheyhave thismuchbroaderviewofprocessesasawhole. InfoQ:Soyoumentionedtightcouplingasarisk.Canyouelaborateonthat? Jim:Sure.Itistheclassicscenario.IfI'vegottwosystemswhicharetightlybound,IchangeoneIrisk breakingtheother.WesawthisbackinthedaywithCORBAapplicationswherewetightlycoupled throughIDLandweseeittodayinWebserviceswherewetightlycouplethroughanotherIDLcalled WSDL.IfwearesharingtypesystemsandIwanttochangemytypesysteminmyprogramthatcan havearipplethrougheffectwhichisgoingtohurtyou.SowhenIcometoyouandsay"I'mgoingto makechanges"yourfirstreactionis"No,becauseyou'regoingtobreakme!"andthenwegetinto thisparalysis,whereneitherofuscanmakeprogressbecausewe'resoscaredofdamagingeach other.Thenyouneedstronggovernanceandsoonandsomeonetocomewithastrongarmand makebothpartiesmove.It'sareluctanthighfrictionenvironmenttobeinandyethadwedecided nottosharetechnicalabstractionsatthatlevelchancesarethatwe'dbemuchfreertoevolveand innovatelocallywithoutdisturbingorbreakinganyoneelsegloballybecausetheabstractionsweuse internallywouldbedifferenttotheabstractionswesharewithotherservicesaroundtheecosystem. InfoQ:Sowhatwouldbeanalternativetothatapproach? Jim:Analternativetotheapproachofsharingtypesystem,forexample? InfoQ:YesyousaidthatweactuallyhavethesameproblemswehadwithCORBAbutwenowhave
91 InfoQExplores:REST
themwithadifferenttypeoftechnology.Doyouhaveanideaofwhatwecoulddoinstead? Jim:Insteadofsharingtypes,Ithinkweshouldstarttosharebusinessmessages,orschemasfor businessmessages,ownednotbythetechnicalpeople,butbythebusinesspeople.Thatgivesmeas adeveloperofaserviceaninterfacewhichIcanmakesurethatIadheretoandhonoracontractin myserviceimplementation.Youcanalsoseethatcontractinyourserviceimplementationandyou canunderstandthatyou'regoingtogetthesekindsofmessagesinandout.Thepointbeingatthe technicalabstractionsthatyouareusingtoimplementthattype,youmayhavesomeinteresting classhierarchy,areneverexposed,soIcanneverbindtothemsowenevergetcoupledatthatlevel. Thecouplingwehaveisjustonthemessageswedependon.Youlookatmyservice'scontract,you seethemessagesthatcomeinandoutatmyserviceandsomewheredeepinthebowelsofmy service,Ikindofhavewaysofextractingtheinformationandusingittodosomeprocessingandyou soinyourservice.Inbetweenwehavethisveryneutralintegrationdomain,whichisjustthe businessmessagesasrecognizedbythebusinessstakeholders.Anotherbenefitofthatisthatthe businessstakeholderscantellyouwhenyou'vegotthingsrightandwhenyou'vegotthingswrong, whichistremendouslydifficultifyouareusinglowerlevelabstractionslikethetypesystem.Because thebusinessguysknowthatthismessageusedtogetsentbyfaxfromSydneytoLondonandthey knewthesemanticsofthatandifyoucanshowthemthesamethinginyourautomatedelectronic workflowstheycansay:"Yes.That'sright!"orperhapsevenmorevaluable:"Noyouhavegotit wrong!Stop!Doitthisway!"Soyoudon'tgooffonatangentbuildingasolutiontowhatyouthinkis theproblem,youbuildasolutiontotheactualproblem. InfoQ:Soyoumentionedservicesandmessagesastwoabstractions?Whataboutoperations? Jim:OperationsareanabstractionwhichIdonotbelieveexistsinaserviceorientedarchitecture. TheymaywellexistinyourimplementationofaservicebutthatisnothingthatIwanttosharewith you.Thisisatechnicaldetailwhichismybusinessinsidemyimplementation.WhenIthinkaboutan SOA,Iliketothinkaboutthenotionofletterboxes.SoallIcandoisdeliveramessagetoyouandat somepointyoumightopenit,readit,think:"Yes,Iunderstandwhatthatmessageis."andthenyou willgoawayandprocessitornot.IfIsendyouanonsensemessageyoumaybegracefulenoughto faultandtellmeso,butliterallywedon'thaveanytightcouplingintheformofanoperation abstraction.Ican'tinvokeyoubecauseforallIknowyouareina3rdpartysysteminadifferent organizationsoIdon'thavethatstrength.Youarenotalocalobjecttome,wedon'thaveacallstack, Ican'tpokeyou.AllIcandoisrequest:"Couldyoupossiblyhavealookatthismessageandmaybeif itsuitsyoudosomeprocessingonit",ratherthanthemoretightlycoupledoperationabstraction. InfoQ:Soforthistoworkalloftheinformationthattheotherpartyneedstoprocessthis informationhastobewithinthatmessage? Jim:Absolutely.AndthisisfromastyleofarchitecturewhichwecalledMESTorMessageExchange, whichwasadeliberatepayingofrespecttoRESTwheresomeofourinspirationcamefrom,insofar asthisletterboxisauniforminterfacethroughwhichwepokemessages.Ifwe'dmapitontoHTTPit wouldbeaPOST.YoucanalsouseSMTPSENDorwhateverelseyouchoose.Themessagewould contain2things:itwouldcontainthebusinesspayloadwhichiseffectivelythepurchaseorder,the invoice,thosekindsofthingsthatbusinesspeopleprocessanditwouldcontainsomemetadata,
92 InfoQExplores:REST
potentiallycontainssomemetadataoranyway,whichsetstheprocessingcontextforthatpayload. Soitmaysetsecuritycontext,itmaysettransactioncontext,thatkindofthing.TheMESTideais thatI'mdeliveringyouamessage;youaregoingtogoaway,setthecontextofprocessingthat message,examinethatmessage,findwhetheritmakessense,goawayandprocessthatmessage. Endofstory.Atsomepointlateramessagecomesintomyletterbox,Iopenitandsay:"Ok.That's fromStefan."AndIknowwhatthismeans.It'sactuallycorrelatedsomehow,typicallywith WSAddressingRelatesToandsoon,withthatmessageIsenthimearlier.NowIcangointomy implementationandfinishtheprocessingIwasdoing,whichoriginallycausedthemessagetobe senttoyou.Andthat'sareallynicedecoupledwayofdoingthings.I'mnotbindingtoyoudirectly; theonlythingsI'mbindingtoinatechnicalsensearemessageswhichareinmystack,inmyprocess space,whichisverysafetobindto,whereasifwegobacktotheoperationabstraction,ifI'mbound toyouandinvokingandforsomereasonyou'redownbecausethenetworkisdownoryou'reina differentcompanyandthefirewallrulessuddenlygotrestrictivesuddenlyIbreak,Igetthishorrible "Internettimedout"exceptionorsomethingmeaningless;whereasifI'mjusttreatingmessages goingupanddowninmystackasthethingsIusedtocauseprocessingorthingsthatIcreatedasa sideeffectofprocessing,it'sactuallyarobustpatternforimplementingindividualservicesaswellas anicedecoupledscalablepatternforbuildingupserviceecosystems. InfoQ:AsyoumentionedREST,Ijusthavetoaskhowdoyoucomparethetwo,MESTandREST? Wherearethecommonalitiesandwherearethedifferences? Jim:Sure.Commonalitiesareprettyobvious:uniforminterface,soRESThasfiveoperationseach resourceimplements;inMESTeveryservicehasoneinterfacewhichiseffectivelypokeamessagein here.DifferencesareMESTisverymuchmoreakintotraditionalMOM;it'saboutpassingmessages oversometransport,whereasRESTusesthehypermediaengine.Theyarekinsbecausetheyboth aimforlargescalablesystems,butwhereasRESTfulsystemstendtolookliketheweb,MESTy systemstendtolooklikeTCP.Justmakeconnection,postthemessage,closeconnection,thatkindof thing.SotherearesimilaritiesandIthinkbothmodelshavebeenprovenout.Tongueincheek,I'd sayTCPhappenstobeslightlybiggerthanthewebsomaybetheMETSsolutionismorescalable,but I'mnottoupsettheRESTjihadistsatthispoint. InfoQ:WhatyoudescribedactuallyseemstofitverynicelywiththeideasbehindSOAPandyou alsomentionedWSAddressing.Itjustdoesn'texactlyseemtomatchWSDL. Jim:Right.WSDLisanIDL.WSDL'sabstractionsareoperations.Ithassomeotherdrawbacksinsofar asit'squiteaverboseIDL.Ithinkthedifficultycomeswhenyoustarttogetpast"StockQuote"web servicesandyouneedtobeabletohaveaconversation,alonglivedconversationwithaservice, whichWSDLdoesn'thavetheabstractionstosupport.Thelongestconversationyouhavewitha WSDLdescribedserviceisrequests/response.Sometimeagothisstartedtobecomequiteachafing limitationformeandsomeotherguys,SavasParastatidisandsomeoftheguysworkingatCSIROin Sydney,Australia;wedecidedwearegoingtodosomethingaboutit.Andthisiswhenwewrote SSDL.SSDLhasaspectrumofpossibilities;atoneendisjustalessverbosereplacementforWSDL2, it'scompletelyisomorphictothecapabilitiesthatWSDL2givesyou,andattheotherendit'sa supersetonwhat'savailableinWSCDL,WSBPELandWSDL.
93 InfoQExplores:REST
Soweareabletodescribelonglivedconversationsbetweenmultiplewebservicesinastructured way,inawaythatwecanverifythatthatconversationwon'tdeadlocksowecanputitthrough modelcheckersandsoon;sowecanactuallygetawholelotofstaticanalysisabouthowendtoend systemsaregoingtolookandstillsupportthisnotionofquiteintricateconversationswithaservice. AtypicalmessageexchangepatterninSSDLmightbetworequests,followedbysevenresponses, followedbyanotherrequest,anoptionalresponse,andthreemorerequests.Andwecanbuild arbitraryconversationpatternsinit,whichisreallygoodwhenyouthinkthatmostwebservicesare goingtobeusedtohostbusinessprocessesandmostbusinessprocessesareworkflowswhichhave thiskindofmorechattyorconversationalkindofinteractionpatternwhichisreallydifficultto captureinWSDLbeinglimitedtorequestsandresponses.SoSSDLgivesyouthiscapabilityto describeworkflowseffectivelywhichIthinkisgoingtobeoneofthesweetspotsoftheSOAweb servicesgoingforward. InfoQ:SoisSSDLastandard? Jim:No.SSDLwasaneffortbysomeacademicresearchersandpractitionerstoseewhatacontract metadatalanguagewouldlooklike,ifwewerefreedfromthetyrannyoftheoperationabstraction. Rightnowit'sbeeninthecommunityforacoupleofyears,it'sgotsomeprettygoodfeedback,alot ofthewebservicesguysknowaboutitandhavecommentedfavorablyaboutit,butitdoesn'thave thebackingofanyofthelargevendors,althoughsomeofthepeopleinvolvedinitnowworkfor largevendorsandlargeresearchorganizations,thereisnothingofficial.Ourhopeoriginallywas maybewecanjustinspiresomethinkinginthevendorsthatareprovidingtools,sothevendorscan giveustoolsthatdothisworkflowytypestuff.Andthat'shappening,therehasbeensomediscussion inthecommunity,butnowtokeepmomentumgoingthecommunityitselfhasstartedtodevelop tools. InfoQ:ArethereanyimplementationsofSSDLyet? Jim:Yes.WhenwefirstreleasedSSDLSavasParastatidisofMicrosofthadasimpleSSDLtoolthat woulddosomebasiccontractgeneration,validationandsoon.ButmorerecentlyPatrickFornasier ofUniversityofNewSouthWalesinSydneyhasbuiltacompleteSSDLstackontopofWindows communicationfoundation.Currentlythatstackwhichisfabulous,it'sareallyneatpieceof engineering;itlookslikeWCF,itbehaveslikeWCF,sotheprogrammingexperienceisconsistentand friendlyandfamiliarnowcurrentlyitonlyimplementsthepartofSSDLwhichlookslikeWSDL,but theframeworkisextensibleenoughsothatyoucanthenimplement,whichwebelievetobethe highervalueaspectsofSSDL,thepicalculusbasestuffthatenablesyoutodescribechoreographies. Patrickhasbeenkindenoughtoopensourcethatandasofacoupleofweeksagothereisnowa SourceForgeprojectwherepeoplecancontributeandhopefullythattoolkitwillgoontobecome richerandricherandinmyultimatefantasyscenarioitjustbecomesadefactostandardthatpeople usewhentheyaregoingtobuildWCFwebservices. InfoQ:AnyhopeofasimilarthingforJavayet? Jim:It'ssomethingwehavebeenthinkingabout(mycolleaguesatThoughtWorksinSydney,Josh Grahamandthoseguys).WhatwasmeanttodoitinfactwhenIndigowasbeingbuiltwehadthe firstskeletonofaprojectcalledDingoakindoftongueincheekversionofIndigowhichwewere
94 InfoQExplores:REST
goingtomakeSSDLcentricandthathaslanguishedalittlebecausewewouldhavedayjobstodo. MyhopeisthatSoya,whichistheWCFSSDLtoolkitsstartstogetsomemomentumfolksontheJava side,maybefolkslikeArjen[Poutsma]whohaveseenSSDLandhavespokenfavorablyaboutitmay justbuilduptheJavaasideofthestackortheguysintheRubycommunitymayjustbuildup somethingontheRubysideofthestack.Soit'soptimism,maybeunfounded. InfoQ:Whatdoyouseetheindustrymovingtowardswithregardstotheseissues?Doyouthink thattheRPCabstractionortheRPCstyleisgoingtostillremainthemostwidespreadstyleordo youthinkthattheideasaregoingtobecomemoreimportant? Jim:Ithinkasadeveloper,mydaytodayworkisreallyconstrictedbythefactthatthetoolsI'm givenallreinforcetheRPCmindsetandIhavetofightreallyquitehardtobeattheRPCmindset downandtrytomakethesecurrenttoolsbehaveinamoremesssagyway;overtheyearswe've developedabunchofpatterns,forexample,forusingtoolslikeAxiswhichareveryRPCcentricand beingabletoabstractawaythatthere'sRPCinterfacehereandturnintoamoremessagepassing kindofsystem.Idon'tthinkmostdeveloperswhoareunderthecoshwillhavethetimenecessarily ortheinclinationtodothatandwhenthevendorscomealongandsay:"Yes.JusttakeyourEJBs,put themthroughthismachineandoutcomesyourWSDLandthereisaSOA."Ithinktheyfindthat appealingbecausetheyhavegotamillionotherthingstheyhavetodo,soIdon'tnecessarilydespair ofthefactthatweweren'tevermovedtowardamoreasynchronousmessagingenvironment.Ithink maybewe'llgetburnedafewtimeswithsomefamouswebservicesfailureswhereRPCstyle implementationbuiltoutasystemwhichisnotveryevolvable,whichishighfrictionandsoon, beforepeoplestarttothink:"Yes,Ineedbettertooling."Youseetentativeeffortsinthisarea,like theSpringWebServicesstackforexample.That'sgoingtobeabitrudeforalotofdevelopersbut youcanseethesamekindofmessagyideas:"HereisalumpofXML,dealwithit!"startingto percolatenowintomoremainstreamframeworkssocautiouslyoptimisticthatitmaynotbeableak RPCfuture. InfoQ:WhenyoumentionedthatRESThasthisuniforminterfacewithasetofoperationsand MESTsimilarlyhasoneoperation.Isthisreallyanoperationwithapplicationmeaning?Isn'tjust anoperationthatissouniformthatitseizestomeananythingatall? Jim:Absolutely.Andthat'sthebeautyofit.Youforgetthatit'stherebecauseit'sjustameansof transferringamessagefromasendertoarecipientwiththeimplicitrequestorhopethatthe recipientwouldprocessthatmessageinsomemeaningfulwayinhiscontext.SoifIcouldgetaway havingauniforminterfacewhichhaszerologicaloperationsIwouldbehappywiththat. UnfortunatelymyownmentalcrutchwasIthoughtservicesimplementanoperation"processthis messageformeplease"andittakes"message"asitsparameteranditreturns"message"asaresult. Soformethatwaskindofacrutch. InfoQ:ButintheRESTworldtheideabehindthatuniforminterfaceseemstobethatyoucan actuallyoptimizetheinfrastructurebasedonthoseoperationssoyoucandosomethingdifferent foraGETthanyoudoforaPOST.TodosomethingsimilarontheMESTworldyouwouldhaveto lookinsidetheXMLanddefinesomewherewhatdifferenttypesofXMLmessagesyouexchange. Jim:Absolutely.IntheRESTworldyouaretypicallytakingadvantageofexistingwebinfrastructureso
95 InfoQExplores:REST
youcandoidempotentGETs,youcancachetheresultsfromidempotentGETsandsoonandget performanceoptimizationsinthatway.Inamessagingworldyoucan't,becauseweseethe mechanismoftransferbetweentwoservicestobeapipe,thatmaybeaHTTPpipe,thatcommonly istodayinwhichcasemaybethetransportdoesoptimizationsbutwearespecificallydecouplingthe notionofthemessagefromthewayit'stransportedandyoucanimplementoptimizationstothe transportlevelbutthatdoesn'taffectthemessagepayloadandviceversasothoseissuesare decoupledintheMESTworld.Ofcourse,Ishouldusethisopportunitytodrawoutaninconsistency withintheRESTcamp:theyassumealotofRESTpractitionersaremakinguseofthevaluable featuresthatthewebprovides,whenthefactisthatmostpeoplenowaretunnelingXMLoverHTTP ortunnelingmethodplusparametersinaURL,andthat'sanevenmorehorribleformofRPCthan youcanevenachievewithSOAPandWSDL.InthatcaseatleastSOAPandWSDLRPCyoucantool supporttogeneratestubsandskeletonswhichissomethingyoucan'tdowithRESTRPC.Trade market,justinventedthat.MarkBakerhasbeenverygoodatadvocatingthebenefitsofREST,and yetnowthatisinthehandsofdevelopersthatsamekindofdegenerativebehaviorthatbuggedweb services,isnowbuggingtheRESTcommunity.It'sgoingtobeaninterestinglearningcurveforREST peopletogetonwhentheyrealizetheyhavetostartmarkingresourcesascacheabletoexploitthe web;theyhavetohavestructured,readableURLsinordertoidentifyresourcesinsomesane meaningfulwaywithintheirapplicationcontext.Andtheycan'tjustuseHTTPasanXMLtunnel becausetherearenobenefitstothat,overandaboveanyotherRPCtechnology.. InfoQ:WhenRESTpeoplecriticizetheWSDLfolks,theypointtoWSDL2.0,andsayeverythingis betterthereandactuallyWSDL2.0canbeusedinsomewaytodescribeREST.DoyouthinkWSDL 2.0isanimprovementoverWSDLwithregardstotheRPCcentricity? Jim:Absolutely.IreallythinkthatWSDL2.0isbetterthanWSDL1.1.HoweverI'myettoseeany servicesbeingbuiltusingWSDL2.0.ThecyclebetweenWSDL1.1andWSDL2.0hasbeensomany years.InfactIwasworkingintheUKwhenIrememberemailingtheWSDLworkinggroupsaying: "Let'scallthis2.0."andthatmusthavebeenatleastthreeyearsagoandthatisalongtimetowait betweenreleases;myconcernforWSDLasmuchasIhaveconcernforWSDL,whichisn'tverymuch, isthatithasbeensuchalongcyclethatWSDL2.0hasbeenindangerofbeingirrelevantorstillborn becauseWSDL1.1doesthesamethings.Anymatterofcleanersyntax,morestronglydefinedMEPs andsoonreallydoesn'tdealwithwhatmostdevelopersaredealingwithnow,whichisthe operationabstractionwhichWSDL1.1coversreasonablywell. ViewFullVideohttp://www.infoq.com/interviews/jimwebberqconlondon RelatedContents GETDetailsOnUpcoming.NetAccessControlService SOATransactionsUsingtheReservationsPattern SOAMeetsFormalMethods RESTTruerToTheWebThanWS*
96 InfoQExplores:REST
Interview
IanRobinsonandJimWebberon WebbasedIntegration
Inthisinterview,recordedatQConLondon2009,IanRobinsonandJimWebbertalktoStefanTilkov abouttheWebasaplatformforintegration,theusefulnessofvariousdegreesofRESTfulHTTPand thebenefitsofRESTintheoryandpractice. IanRobinsonisaPrincipalConsultantwithThoughtWorks,wherehespecializesin thedesignanddeliveryofserviceorientedanddistributedsystems.Dr.JimWebber istheGlobalHeadofArchitectureforThoughtWorkswhereheworkswithclientson deliveringdependableserviceorientedsystems.IanandJimarecurrently coauthoringabookonWebfriendlyenterpriseintegration. InfoQ:WelcometothisinterviewwithIanRobinsonandJimWebber,hereatQConLondon2009. Asusual,we'dliketostartoffwithyouverybrieflyintroducingyourself.Jim,whydon'tyoustart? JW:I'mJimWebber,IworkforThoughtWorksintheUKandI'mcurrentlywritingalongwithmy friendIanhereareallyfantasticbookonintegrationusingtheweb. IR:MynameisIanRobinson,IalsoworkforThoughtWorks,asadeveloper.Iworkwithdistributed andconnectedsystemsandI'malsowritingabookwithJim.Hopefullyit'sthesameone! JW:Whydon'tyoutellusmoreaboutthatfantasticbook? InfoQ:Ifyoutalkaboutthisbookyoumentioned,thetitleisWebBasedIntegration.Isthisthe samethingasRESTorisitsomethingdifferent?Canyoubrieflyexplainwhatyoumeanbythis? Giveustheelevatorpitchonthat? JW:Sure.RESTislikethetrademarkofthehighpriestessesoftheRESTafarianKingdomand unfortunately,we'renotordainedinthatchurch.Weareusing"web"becauseit'sabitmore encompassing,it'sawholebunchoftechniquesthatweseeusedoutthereonthebigwideInternet, someofwhicharen'tnecessarilyaspleasantorlovelyorperformantorscalableorsensibleasREST, buthaveutilityoutsideofthatparticulararchitecturalstyle.We'reabitmorebroadlytrawlingthe webforinterestingtechniques. IR:Idon'tthinkeitherofusareRESTauranteursmuchasIthinkpeoplesomepeoplethinkwhenJim standsupandgetsveryangry,butwearebroaderinourapproach.We'rejustlookingforsomevery
97 InfoQExplores:REST
pragmaticapproachestoproblemsthatwecomeacrossmonthin,monthoutwiththatkindofstuff wearedoing. InfoQ:Ipersonallyrememberthatafewyearsago,whenyoumentionedREST,yougotreally strangelooksandpeoplewonderedwhatyouweretalkingaboutandthisobviouslyhaschanged. Atleastpeopletalkaboutitalotthesedaysandthetracksarevisitedverywellandandthe conferencesessionsarepacked.Whatdoyouthinkisthecurrentstateofactualadoptionin practice?Dopeopleuseit,actually? IR:Yes,weuseit.Weuseitquitealot;orusewebbasedapproaches,someofwhicharemore RESTfulthanothers.It'snotnecessarilyacrosstheboardineverythingthatwedo,butweare introducingjustverylightweightwaysofworkingwiththewebwithsomeofourclientsand gradually,workingourwayoutofthatthatkindofRESTfulstack,butbeginningtosplitthingsup intoresourcesandaddressthemandthenconnectthemandthenactuallystarttodriveapplications bywayofhypermedia.Yes,weareseeinganadoptioninmanydifferentareas. JW:I'dconcurwiththat.Ithinkinquiteareversaloffortune,ifyoulike,fromafewyearsago,where RESTwouldbelaughedoutofanyseriousaustereenterprise,oftennowit'snotatallcomedictogo toaclientandtakeawebbystandpointasyouareyourdefault.Indeed,mycurrentclients,whoare veryinterestedinmassivelyhighperformancesystemswouldhavepotentiallygonewithtraditional nterprisemiddlewareifwehaven'tdonesomeempiricalexperimentationandfoundthatasimpler webbyapproachwasactuallyjustaswellsuitedfortheirneeds.Havingdonethoseempiricaldata pointsitsortofemboldensyoualittleyoukindoffiguredoutthatthewebstuffworksquitewell onceinonescenario,andthenagaininanotherscenario,anditemboldsyoutodefaulttothatwhen youaretalkingaboutdistributedsystemsintegration. InfoQ:Arethesedifferentdegreesifyoumaycallthemthat,thedifferentdegreesof RESTfulnessorofadoptionoftheRESTthings,isthisalsothewaythatyouintroduceRESTorthe webbasedintegrationapproachintoacompany?Doyoustartwiththefirststepandthen graduallyaddmoreandmorefromthatRESTstuff? JW:Sure.IthoughLenardRichardsonhasabrilliantscale,achartofRESTfulnessindecibelsandof ROYsorsomethingIdon'tknow!Leonardpartitionsitfromlevel0,whichisbasicallytunneling, throughtolevel3,whichisthehypermediastuff,andIthinkthatinternallyismymentalmodel.I tendnottosharethatmentalmodelwithpeople,becausetheygetfixatedthenonthekindof"REST inside"stickerthattheywanttoapply.Instead,whenI'mdesigningsystemsandbuildingsystems,I'm justtryingtothinkaboutfitnessforpurposeandoften,atthemoment,I'mfindingthatfitnessfor purposetendstofallonthelowerendofLeonard'sscale.Theyarekindofwebaware,butnot necessarilyhypermediacentricservices. IR:IthinkLeonard'smodelisactuallyausefulwayoftalkingtoclientsaboutRESTbecausehestarts offsaying"Takeanyproblemthesimplestwaytosolveitistobreakitdownintosmallerchunks". Whatdowedo?Wejustidentifylotsofresourcesandgivethemaddresses.So,he'snotnecessarily talkingaboutRESTfulthingsinthefirstinstance,heisjusttalkingabouthowtobreakupaproblem. Thenheissaying"Ifwedothesamethingoverandoveragain,let'sjustdoitinanuniformway" that'shissecondlevel,justusethoseuniformmethods.
98 InfoQExplores:REST
Thenhisthirdthingis"Ifwearedoingsomethinginterestingorspecialized,thendoitinaspecialized way"that'swherehestartstotalkabouthypermedia.Youcanactuallytalktoclients,talktoother people,justaboutbreakingproblemsdownintosimplechunks,doingthesamekindofthingsinthe samewayoverandoveragainandthenspecializinganywaynecessary.Ithinkthat'sanicewayof talkingaboutit.Then,youcanlayeronsomeveryparticularthingsaboutRESToraboutusingthe web.It'sausefulwayofgettingthatconversation. InfoQ:DoyouthinksomeofthethingsthatthepeopleconsideranabuseofHTTParealsovalid stepsonthatpath?Isitjustsomethingthatyouhavetodoorisitavoidable?Doyouhavetoat sometimetunnelmethodinvocationsthroughGETtochangesomethingoristhisjustsomething younevercanjustify? JW:Theangrymaninsidemeoftennottoodeeplyburiedinsidemewouldliketotearyourhead fromyourshouldersatthispointandinsistthattheseareterribilybadideas.However,inthereal world,wearefindingtechniquesliketunnelingverbsandURIsareusedincertainhopefullybounded contexts,sometimeslessbounded,whichmakesthemdangerous.Certainly,inaboundedcontext, whatenablesmetogetsomerapidtacticalsolutiontomarketquickly,I'mwillingtoacceptthem. It'sakindofstickingclusterapproachIconfessandwealwaysintendtogobackandredressthose, butIthinkhavingthekindofarchitecturalIcallitarchitectgasmanddesigningtheworld'smost brilliantRESTfulhypermediacachedsuperthingmaybenotthesimplestthingthatcouldwork immediately.Maybewecouldtakethosekindofuglysteps,liketunneling,togetusrollingtodayand thenasoursystemvolumeexpands,asitsrequirementsbecomemoresophisticated,asit encompassesmoresystems,asitsreachgrows,thenwecanthinkaboutmigratingthattomore RESTfulpartterns,whicharedemonstrablysuitableforthatkindofsystem. IR:Wereallywanttoexploitalargeinstalledinfrastructure.Thingssucceedbecausethewebis alreadyoutthere,butwealsobegintoacceptsomeoftheconstraintsthatarethere,aswell,some additionalconstraintsthatarejustthereinthewayinwhichthewebhasgrown.Thoseconstraints existnow,likethebrowsertendstoacceptonlytwoverbs,GETandPOST,andveryoften,we'llend upbuildingsolutionsthatjusthavetoadheretothoseconstraints,whetherornotwe'reparticularly fondoftunnelingstuff. JW:ThatappliestosomeoftheintermediariestheRESTarchitecturalstyleispreachedasiftheweb isthisperfectutopia,whereeverythingunderstandsthefullextentoftheHTTPuniforminterface andpragmatically,that'snottrue.Therearejustsomeactorsoutthereontheweb,whichdon't understandsomeverbs,eventhoughHTTPsuggeststhattheyreallyshould.That'sthelimitingtoout thinkingabout,forexamplethecurveofcachematuritythatMarkNottinghamissuchafanoftelling usabout. Thoseconstraintsposerealchallengesatusatwebscalebecausethewebdoesn'tbehavetheway thatRESTdescribesthatitshouldbehave,sowehavetotakesomepragmaticshortcutstomake systemswork.ThereisvalueinREST,butthereismorevalueinhavingworkingsystems. InfoQ:IactuallythinkthatRoyFieldingwouldverymuchagreewithyouthatHTTPandthecurrent webisnotaperfectRESTimplementationit'ssomethinghekeepssayingallthetime.
99 InfoQExplores:REST
JW:Good,becauseotherwiseI'dgetlynchedbyhisposse. IR:Andyet,nonetheless,it'ssuccessful.Wecanworkourwaythroughthat. InfoQ:IjustnoticedthatwehaveusedthetermRESTwithoutreallyexplainingit,sotheremay stillbesomepeoplewhodon'tknowwhatwe'retalkingabout.Canyoujustgiveusa60second introtowhatisREST? IR:It's"pickyourpathtoadventureforinterestingbusinessprocessesontheweb".Wewantto realizesomegoalhavingacoupleofdifferentthingscooperating,wegettodothatbyservingup someHTMLorsomeXMLandtheclientortheconsumercanbegin,givenasetofgoals"I'mtrying toachievethisthingorthat",itcanbegintopickitspaththroughtheserverlandscapepickingupon linksinsidethoserepresentationsandworkingitswaytowardsthegoal. JW:ThatwasreallycuteI'mgonnastealthat,we'llhavetoeditthistomakeitsoundlikeithad beenmyidea.It'saboutthenotionofserversleavingbreadcrumsforclientstofollow.It'sleading theclientthroughthebusinessprocessestheserversimplement.Wetendtogetboggeddowninthe kindofuniforminterfaceandHTTPandallthatstuffandreallytheheartofitistheservertakesyou bythehandandguidesyougentlythroughabusinessprocess. InfoQ:Youmentionedsomestuffthat'smissingandallandthat'sproblematicintheinfrastructure, suchasthebrowserlimitationtoGETandPOSTandthenthecaches,intermediariesandotherstuff ignoringorblockingsomeofthosemethods.Doyouthinkthereareotherthingsthataremissing currentlyinthecurrentwebspace?Istherestuffthatweshouldhavetousethismoreeffectively? Ifso,whatwouldthatbe? JW:Experienceisthemainingredientwhichismissinghere,althoughthewebitselfisareally maturetechnology.Ithinkweareonlynowlearninghowtodirectitsparticularcharacteristics towardsintegratedsystems.Thewebhasbeenbrilliantasamechanismforconnectinghumans, particularlyinrecentyears,whenhumanshavetakentothewebintheirmilionstointeractwith pokesandtweetsandallthatkindofstuff. Asdistributedsystemengineerswestilllackthatlevelofexperiencefordoingthesamethingswith computers.Wehaven'tquitefiguredoutyetinanyrobustwayhowtoextendhypermedia,for example,betweensystems.Forme,thatwouldbethekeythingthatI'dsayit'slacking.I'mhappyto workaroundquirksintheinfrastructure,differencesofopinionaroundthecommunity,butIthink reallyweneedtojustexperimentwiththisstuff,learnhowtomakeitsing. IR:Thingsevenatthelevelofclientlibrarybeingabletosurfacehypermediainarelativelycommon orstandardway.I'mthinkingIgetarepresentationback,butIjustwantalinkquerythatallowsme toidentifyallofthehypermediaandthen,basedonwhateveritisIamtryingtoachieverightnow,I canchoosetodereferenceinthoseURIswhateverpursuethathypermedia. InfoQ:WhatarethegoodplacestouseRESTandthewebandwhataretheplaceswhereyou shouldavoidusingthatstuff? IR:Wheneveryouwantrealreachforyourapplications,thenIthinkRESTandthewebarean
100 InfoQExplores:REST
attractiveproposition.It'sarelativelylowbarriertoentryforanybodytobeabletoconsumeyour applicationorworkwithit.WhereasifwearejustworkingwithinEnterpriseboundarieswhether it'sagoodideaornotwearefreetocreateourownidiom.Ifwearenevergoingtohavetoexplain thattoanybodyelse,wecouldinventsomethingfromthegroundup,butthemomentwewantto crossanyofthoseorganizationalboundarieslet'sstartlookingforsufficientlysophisticatedbut nonethelesslowestcommondenominatorwayofworkingandcooperating. JW:Icantakethatstagefurtherandstartlookingatsomeofthearchitecturaltradeoffsthatpresent themselveswhenyou'reconsideringthisuseoftechnologyandmyfavoriteforthewebis"Canyou tradelatencyforscalability?"Thewebisn'talowlatencysystem,butit'shugelyscalable,particular thewayyouconfederateloadontheweb.Ifyoucanaffordlatenciesofseconds,minutes,probably abouthours,days,weeks,thewebisgoingtoscalereallywell. Butifyoucan'taffordhighlatency,thenprobablylookingatawebinspiredsolutionisthewrong thingandGodwillstrikemeforsayingthis,butsomeproprietarytransportsubstratewith millisecondlatenciesorbettermaywellbethethingyouneed.However,I'veoftenfoundparticularly techieswillalwaysinsistthattheyneedthemillisecondtransportsubstrateupfrontwithoutreally holisticallyunderstandingthekindofbusinessproblemthey'relookingat,andthebusinessproblem maywellcallforsomethingmuchmoresensible,likeseconds,inwhichcasethewebcouldbea sensiblelowceremonywayofachievingthesamegoal. Geekslikeussufferterriblyfromthesinofpridebecausewealwayswantthecoolest,fastest,lowest latency,shiniestbrassknobsononsystemandthewebisreallynotaboutthat.Thewebislike "humdrumgetonanddoit".Tradelatencyforscalabilityanydayoftheweekandifitcomesoutin termsofscalabilitywithhighlatency,gowiththeweb. IR:Ithinkthereisamoregeneralissuefordistributedsystemsdevelopmentaswell.Itasksusto thinkalittlemoreaboutourtoleranceforlatency,forinconsistency.We'vebeenaccommodating thesethingsforcenturies.Icansendahorsegallopingoffromonetowntoanotherwithanorder andsometerriblethingscanhappeninthatinterveningperiod.We'veinventedbusinessprotocols thatcanhandleallofthatandIthinkthiskindofworkisforcingustolookatthoseandtosurface thoseprotocolssemanticsagaininsteadofalwaysdependinguponthelowlatencysubstrateand tryingtodelegateeverythingtothetechnology. JW:That'sinterestingbecausethewebasadistributedplatformabsolutelyinsiststhatwedealwith distribution.Fromsomanyyearsincomputingsciencenow,we'vebeentoldabstractionisagreat thingandweshouldabstractawayallofthathardcomputingsciencestufftothebackroomboffins andweshouldforgetaboutitinlivinghappybusinesswebsiteland.Actually,youcan'tdothat Waldotoldusthatyearsagoandhe'sbeenwoefullyignoredbythecomputingcommunity,butwhen youdecidetobuildawebbaseddistributedsystem,thewebdoesn'thidethatdistributionfromyou. Infact,itgivesyouusefulinformationtocoordinatedistributedinteractionsand,forexample,touse themessengerhorsemetaphor,toknowwhenyourhorseisbeingrobbedbyahighwaymanat gunpointandtotakesomecorrectiveformofcompensatingactivities.Asaformertransactionsguy,I seethewebasabigcoordinationplatformakindoftwophaseconsensusgonenuts. IR:Justgetoverthefactyoucan'thaveaGod'seyeviewofyoursuccess.
101 InfoQExplores:REST
JW:ApartfromapparentlySirTimhecanseethewholeweballthetime.Seriously,youposta blog,heknowsitheiswatchingyou.Heiswatchingallofyourightnowthroughawebcam. InfoQ:Asyoumentionedtransactions,oneofthecritiquesthatIhearmostoftenaboutRESTis thattherearesomanyenterprisefeaturesmissingfromit.Inwebservicesyouhavethe transactionprotocols:WSCoordinationwithAtomicTransactionsandWSBusinessActivityandall thatstuff.Doyouperceivethatassomethingthat'slacking?Doweneedatransactionsprotocol onHTTPthat'sRESTful? JW:No,nextquestion.Idon'tthinkso.Ithinkwe'relearningthekindofscalesthatthewebworksat, theclassictwophasetransactionsaren'treallysuitable.AnyonethatlistenstoWernerVogelstalk aboutthiseventualconsistencystuff,anyonewho'sreadsomeofGregorHohpe'stuffabouthow Starbucksdoesn'tusetwophasecommit,anyonethathasactuallyappliedanyfleetingthought aboutthisunderstandsthatparticularlytwophasetransactionscan'tworkontheweb.Youtradeoff consistencyforscalabilityandtheweb'sallaboutscalability,potentiallyeventualconsistency. Ifit'snottoomuchofablatantplugforthebook,chapter12discussesthis.Actually,wedobakeoff atchapter11nowwescotchthechapterssothatwecankeepupwithStefan'sprolificpaceof writinginhisequivalentGermanbook.Weactuallydobakeoff,ifyoulike,infactweuseWS* techniquesforthingslikesecurity,transactions,reliablemessagingandsoon.Weshowthe equivalentpatternsandstrategiesthatweuseinaplainoldwebbyHTTPworld.Wedon'tclaimthat we'reRESTful,wearejustsaying,forexampletransactionsyoudon'treallyneedbecausetheweb givesyouallofthiscoordinationallthetime. It'skindofperversethatthewebbeingthissynchronousstepwisetextbasedprotocolitshouldn't reallyworkatglobalscale,butitdoesbecauseforeachinteractionIhavewiththeresourceonthe web,Igetsomemetadatatellingmewhetherornotthatinteractionwassuccessful.So,Icanelectto followtheadventurerouteifyoulike,Icanelecttokeepgoingfollowingresourcesandmaking forwardprogressorintheeventofapieceofmetadatathatsuggestthatmyprocessingisfailing,I canperhapstakeanotherroutethroughasetoflinkedresourcesandotherprocesseswhereIcould makealternativeprogress.That,forme,isamuchmoresensiblewayofdealingwithundesirable outcomes,tryingtowrapeverythinginabighawkingtransaction. IR:"Youareconfrontedbyadwarfwithanaxe.Whatdoyouwanttodonext?"Imean,evenwith theWS*protocols,Idon'tthinkweshouldbetemptedtousethemallthetimetotryand coordinateandinvolveanumberofdifferentservicesinsomekindoftransactionalcontext.Itmay bethatyouactuallywanttousethatbehindsomecoarsegrainedboundaryandsomeinternal implementationofservice,evenifweareexposingitacrossthewebinaRESTfulmannerthatthe internalimplementationmightdependuponsomeofthoselowerlevelprotocols.Ithinkthat'sfine. Ifwearepreparedtotoleratetheexpenseoflockinganumberofresources.Weareseekingacoarse grainedboundarywherewedon'tnecessarilyhavetodothatatthatlevel. JW:Thatdoesn'tcomeforfree,right?Thattakesexplicitcleverdesigndecisionstogetrightbecause atthelowestlevels,ifyouareusingoneoftheselegacyrelationaldatabases,youaregoingtohave tothinkaboutthesethingsyes,IsaiditandIsticktoit,too!butyouaregoingtohavetodesign explicitlyandbeverywaryaboutyourabstractionboundariesforthosekindofdetailsdon't
102 InfoQExplores:REST
inadvertentlyleak.Iftheyleaktotheweb,youarescrewed! IR:Onceyoustartgivingsomebodyakeytoyourbackdoor,they'llbeinthere. InfoQ:Reporter:Now,thatwe'vedealtwithtransactions,whatdoyouthinkabouthavinga BPM/BPELlikethingforREST?Doweneedsomethinglikethat? JW:Doesn'tthewebalreadyhavethatbuiltinitslinks?Thewebhasallthischoreographystufffor free. InfoQ:Doesit?I'mnotsure.Thisisarealhonestquestion.Thoseenginesnevermindthe programlanguageusedtoprogramthem,butthoseenginesdealwiththingslikecoordinating multiplerequeststomultiplesystemswheretheanswersgetdeliveredasynchronouslyandthey coordinatethemagainanddosomethingelse.Thatseemslikeausefulcapability.Shouldn'twe havethesamethingfortheRESTfulworld? JW:Itisausefulcapability.Thenotionofknowinganoutcomethatyouwanttogettoandmaybe somerulesthatwillhelpyoutogetthereisafinething.It'sonlywhenyoutieitupinan inflammatorylanguagelikeBPM,thatitraisesmyhacklesbecausethatcomeswithalotofbaggage. We'veallseenthekindofpointandclickwareBPMproductareandwerunscreamingfromthem becausetheyaredangerousthings.Thehardestpointinusingthewebisthecoordinatingfromthe clientside.Ifwecouldsolvethatproblem,thewebwouldbeamuchmoreamenablesolution,butI completelyagreethatweneedsomekindofclientsidecoordination,butIdon'tthinkitshouldbeof thesameveinoftheproductsandsolutionswe'veseentoday.SomethinglikePrologorarules engine.mightactuallybeabetterwayofdealingandorchestratingprocessesontheweb. IR:Thatcanbeaninternalimplementationissueforaclientorforaserver,whateverroletheyare playingatthatpointintime.It'snotunreasonabletosayinordertorealizeagoal,youmight anticipateafewofthestepsthatyouaregoingtohavetogothrough.Ifyourserverisgivingyou backarepresentation,offersupasetofopportunities,youareapplyingsomeintelligencetothatto pickyourpath,whichdoesalsosuggestthatthereisanoutofbandmechanismaswell,sothatwe canbegintocommunicatewhatisthatyoumightexpecttoreceive.Itprovidessomereasonably standardinterpretationsofthingssuchas"rel"attributesandstufflikethat. JW:Thatoutofbandintelligencecouldbeamicroformat.Itprobablyshouldbebecausetheyare lowceremonyandlovely. IR:Yes,butmanyprocessesareverysimple,sequential,ordrivenbyevents.It'srelativelysimpleto implementtheminthesimplestfashion.Itdoesn'tnecessarilydependupontherulesengineor someworkflowengineoranythinglikethat. InfoQ:Let'sgettosomepracticalthings.Wetalkedabouttheoreticaladvantagessolet'stalk practice.Whatkindoftoolsdoyourecommendtopeoplewhoactuallyareconvincedandwantto buildsomethingRESTful?Fromthedifferenttechnologiesspacesthatwehave,whatareyour favoritetoolstobuildHTTPRESTfulsystems? JW:IconfessI'mthefondestofverysimpletools.I'mcurrentlyworkingonsomeratherhigh
103 InfoQExplores:REST
performancesystemsandithappenstobeinJava,whichisfine.Wehave,ofcourse,severalchoices inJavawecouldgetwithRestlet,wecouldgetwithJAXRSserversimplementationbothofwhichare substantiallysophisticatedFrameworksthattakeoutalotofplumbingforus.Inthiscasewewent withservletsbecausetheyweresufficientforustogetthejobdoneinaverylowceremonyway.Flip side:ifyouareonthe.NETplatform,forexample,you'vegottheWebInvokeandtheWebGetstuff fromWCFthatyoucoulduseoryoucouldjustuseaHTTPhandler. IR:OraHTTPlisteneraswell,whichisactuallywhatWCFusesunderhoodifyouareselfhosting HTTP.Youcandropdowntothatandagain,it'sverysimpletobuildthingsontopofthat. JW:Theratherslipperyansweristhatyoutakeyourpick.Ifyouarecomfortablewithusingahighly abstractedFrameworklikeWCForJAXRS,ifyoucontainthatinyourbusinessdomainmorereadily thanyou'repreparedtotamesomethinglikeservlets,whichisveryHTTPrequest/responsecentric, thenit'syourcall.Usewhatmakesbestsensetoyou! IR:OneofthethingsI'moftenlookingatishowI'mgoingtocommunicatesomethingaroundthe applicationprotocolandtypically,Iwanttocommunicateitbywayoftests.Testsareausefulpiece ofdocumentation.ByapplicationprotocolI'msayingIwanttobeabletodescribetoyouhowyou canexpectmyservicetobehaveifyousubmitthisrepresentationtothisendpoint,invokethis method,thenyoumightexpecttogetbackthiskindofrepresentation,thismediatype,thesestatus codes,thisHTTPheaders.Allofthosethingsformpartofthatapplicationprotocolweare establishingsomelittlecontractbetweenourselves.YouseealotofthisstuffintheAtomPubspec, forexample. WhatI'dliketobeabletodoistoassertallofthatinatest.OneofthethingsI'moftenlookingforis canIdothatwithoutalwayshavingtospinupaninstanceofmyserviceorcommunicatewithitover thewire,soI'moftenlookingforveryverylightweightabstractionthatallowsmetocreate expectationsagainstallofthoseHTTPartifacts,withoutactuallyhavingtostartupaninstanceinthe service.Iknowyou'vedoneitwithsomeofthemockcontextinSpring.JW:Withservletsandsome oftheSpringmocksit'sactuallyareallynicewayofnothavingtodothefullbringupservicewait20 hoursforTomcattocomeupkindofthingverylightweight,verypragmatic. IR:WhereaswhatI'vedoneoccasionallyiscreateverythinwrappersaroundthingssuchasarequest orresponse.IcantestindependentlythattheyactuallydodelegatetowhateverruntimeI'musing, butthenIcanbasicallywritemytestsagainstthoseormockinstancesofthoserequestsand responses. InfoQ:Youmentionedtheword"contract".HowdoyouseecontractsrelatingtoREST?Becausein thewebservicesworld,thecontractisreallyattheheartofeverything.It'sthegreatWSDL descriptionthatJimisaverybigfanofasIknowthatactuallyreallydescribesveryformallyand verycompletelywhatmethodsyourserviceexposes.Howareyousupposedtointeractwitha servicethathasnoformaldescription?Howcouldyoupossiblyworkwithsomethingwithout havingthatWSDLfile? JW:YouhaveaninformaldescriptionandthenyouhaveabunchofIan'sfabulousconsumerdriven contracts.
104 InfoQExplores:REST
IR:I'mthinkingthatveryoftenthemediatypeisexpressingsomekindofcontract,ismakingsome promisesaboutthekindofrepresentationyoucanexpecttogetback.Themoreinterestingmedia typesactuallycontainalotofthosemoreprotocollikerulesaswell.Again,Ithinkatthingslike AtomPubthatnotonlytellyouwhatkindofstuffyouaregoingtogetback,buttheytellyousomeof themethodsthatyoucanexpecttobeabletoinvokeandthestatuscodesthatyoucanexpecttoget back.Therearecontractshere,theyarejustbeingshiftedaroundandIthinkweshouldbelooking formediatypesthatmakeveryclearwhatisthatwecanexpecttodo,howwecanexpecttosurface orinterrogatetheserepresentationsforhypermediaandhowitconnectsustohypermediainorder toprogressanapplication. InfoQ:Isitperhapstosaythathypermediaformatsassumetheroleofcontracts? JW:Yes.Inanutshell,yes.Infact,afriendandformercolleagueofoursGeorgeMalamidisonce saidtome"Thewebalreadyhasacontractlanguageit'scalledHTML."I'mstillscaredwhenIsay thatsentence.Georgeisaverysophisticatedthinkerinthesecircles,butIhaveatendencytobelieve heisright.I'mjustscaredtomaketheleaptowhereheis. InfoQ:Let'sassumeyouhavemanagedtoconvincesomepeoplethatRESTisagoodthing,but they,intheirturn,wanttoconvincetheircoworkerstoactuallystartit.Doyouhave recommendations?HowdoyougoaboutevangelizingRESTinyourcompany?What'sthebestway todothat? JW:Ican'tevangelizeit.Ithinkithastobeaboutasolutiontoaproblemwithinacontext.Oneof thesystemsI'vebeeninvolvedwithinthelastyearorsowasoriginallypennedtobebasedonJMS. That'sgreat,IlikeJMS,it'salovelyidea,buttheinitialdesignwasdonewithoutreallyanyholistic thoughttotheenvironmentinwhichthesystemwasgoingtobedeployed.JMS,lovelyasitis,hasits complexities.Whatweactuallyfoundwasfortheloadsthatwewantedtoputthroughthesystem, bydoingasmallspike,fewdaysworthofspiking,theHTTPwasquitegoodenoughforwherewe neededtobe. Thathadsomanybenefitsintermsofimprovingoursoftwaredelivery,itwasalotfaster,easierto writeHTTPthingsthenitwasJMS,theyareeasytotestwithtoolslikePosterorcurl,thedeliveryof thatparticularsystemwasgoodandthereisamanatthebackoftheroomsmilingaboutit,because hewasinvolvedwithitanditwaslovelyandIfeelthathadwegonedowntheJMSroutewewould havetoworksomuchhardertosurfacethissystemfortestingparticularlytoourQAs.Thefactthat ourQAscouldbringinFirefoxwiththePosterpluginandprobethesystem,maybesomereally advancedbutaccessibleexploratorytestingandtheybrokeusinwonderfulwaysthatwehadn't expectedbecauseofthesystemsurfacearea,whichisopentothemandthatmesmilealot. IR:Itopensouttoalargerconstituency,doesn'tit? JW:Yes,soareachthingagain. IR:Farmorepeoplehavingvisibleinsightintothewayinwhichthesystemisworkingorthewayin whichitexposesitselftotheworld.Andtheyareseeingitinwayswithwhichtheyareveryfamiliar theyarelookingatitinabrowser,thingslikePosterandstufflikethat.It'scurious:westartedallof
105 InfoQExplores:REST
thissayingthat,infact,wearemoreinterestedintalkingaboutwebby,WebberythingsandtheREST andthenwecontinuetotalkverymuchaboutREST,andIthinktoevangelizeRESTwithinan organizationisoccasionallynottheappropriatethingtodo.Ialwaysgetfrustratedwhenpeoplesay "WewantSOA".SOAisanotheroneofthosewordsthatshouldbeundererasure.Weshouldjust starttalkingaboutwhatitisthatwearetryingtodoandtalkaboutitinfamiliarwaysbecausevery fewpeoplearen'tnowfamiliarwiththeweb.Wecanjusttalkaboutsomeofthesimplethingsthat wedowiththewebandsay"Imagineifyourapplicationcouldalsoworklikethis." JW:ThereisthedangeraswhathappenedwithSOAthatitbecomesboundupinproductssuchto anextentwhereitbecomes"IcansellyouanSOA""No,youcan't"andIthinkweareseeing alreadythisRESTmonikerbeingappliedtosoftwareproducts.Itreallyconfusesthediscussion becausepeoplethinktheycanjustpluginREST,theycanjustbuyRESTplatformandtheyare suddenlyRESTful.Thenalltheyaredoingistickthe"RESTinside"boxandtheyhaven'treallygiven anycriticalthoughttowhythatmightbeusefultotheirbusiness.It'sjusttheseniorITdecision makersandthevendorsconcludeonadecisionwhichisnotnecessarilyinthebusiness'sbest interestanditisrarelyinthebestinterestofthedevelopmentteamwhoaretryingtoservicethat business. IR:It'sraretobeabletoinsertsomekindofadapterandtakeaWS*applicationandsuddenly surfaceitasaRESTfulapplicationandexpectittobearichandusefulRESTfulapplication. JW:That'sadangerousRESTapplicationbecausetheunderlyingimplementationisn'tdesignedto havesuchasurfaceareaortobeloadedinthatway,thedesigntobeloadedinamessagecentricor RPCishway. IR:Ithinktherethishugeinandofitselfthinkingofthingsintermsofresourcesandtotrytolayer resourcesontopofsomethingthat'sbeendesignedaroundanentiredifferentparadigm.Youare missinganopportunitytodiscoversomethinginterestingaboutyourbusiness,aboutyourprocess. Discussingintermsofresources,oftensurfacesthevalueinherentindoingsomething.Searchresults inandoffthemselvesareusefultocompanieslikeGoogle.It'soneofthewaysinwhichthey monetizewhatitisthattheyaredoing.Surfacingasearchresultasaresourceisagoodwayof thinkingandtalking. InfoQ:AudienceQuestion:RESTliesontopofHTTP,whichishasquiteoldspecifications.We've beenusingthatforafewyearsandmaybewouldRESTbecutbacktowhattheHTTPspecification wasmeanttobelike.WeareusingtheHTTPverbsinamoreinterestingway,despitetheway we'vebeenusingthatforthepast20years,maybe,andstillwehavebrowsersorclientswhichdo notimplementHTTPspecificationfully.Weknow,forinstance,it'sverydifficulttouseFlexwith RESTthat'squitescary!Whatdoyouseeinfrontofyou?Doyouseethatweneedanew specification,anupdate,sothatwecouldalsoaddressproblemsthatwedidn'thavewhenwe wereusingHTTPaswehavedone,butmaybenowweneedalsomorepowerfromHTTP?Ordo youseethatin12yearsallthebrowserswillimplementthecurrent1.1specificationandwewill behappyforthenext20years? JW:Theprimaryreasonwhythehumanwebdoesn'tsupportthefullgamletofHTTPverbsit'sthat HTMLdoesn'tsupportit,soweareleftwithGETandPOSTsupport,whichisaprettylimited
106 InfoQExplores:REST
vocabulary.I'mnottooworriedbythisbecausetomethebrowserarealreadydead.It'sthemost frequent,buttheleastinterestingagentontheweb.I'mmuchmoreinterestedinwhathappens whencomputersinteractratherthanwhenhumanspointbrowsersatwebserversandrightnow, thatinfrastructurecreaksattheseamswhenhumanspushit,butit'sgoodenoughforthemto facebookeachotherorwhateveritisthatkidsdonowadays,soI'mreallynotworriedaboutit.What actuallyworriesmemoreissomeofthefuturedirectionsthatsomeoftheworkinggroupsinthe W3Careheadingtowards,whichiseffectivelytryingtorewiretheweb.Rightnow,theweb infrastructureasitis,hasgotthismagictippingpointwhereitisgloballyavailable,ithasglobal reach. I'mconcernedifsomefolksatW3CcomethroughandforexampleHTML5.0somehowmakesitout intothewild,thatwegotthisweirdparadoxhalfthewebistheoriginalwebandhalfthewebis thisnewwebandit'sallgotwebsocketsandit'sallveryconfusingandit'snotallmarkuplanguage anymoreandthat'swhattroublesmemost.Rightnow,I'mlookingforthebrowserprovidersto innovateI'mcomfortablewiththat,I'mnotpassionateaboutit,butcomfortablewithit.I'mlooking fortheW3CtonurturethewebinamoreevolutionarymannerandI'mnotlookingforsomeoneto becomeSirTimthe2nd.Unfortunately,I'mconcernedthatsomepeopleinW3Carelookingthat wayhandsoff! InfoQ:Audiencequestion:Lately,weareseeing,evenhereintheconference,thatinprogramming therewasLispalongtimeagoandthenweweregoingsomuchlikewearetryingtodomore abstractionsandwegotoobjectsandbigstuffcomponents.Nowweseethatpeoplearegoing backtofunctionalprogramming.Thesamethinghasbeenwiththeweb:wegotthissimpleHTTP specification,westartedtobuildalotofabstractions,SOAPandBPEL,andthenwegobackto simplicity,toREST.Isitlikeatrendnowtogobacktosimplicityordoesithappenallthetimethis wayinsoftware,togobackandforth? JW:I'mnotoldenoughtoanswerthatquestion.Ianhasseenseveralofthesecycles,sohemight haveaproperanswer. IR:Fromthepointofviewofnostalgiadrivendevelopment,whereeverytextbeginswell,wouldn'tit beniceifwecoulddoittheoldway.Asyouweretalkingaboutsimplicityandtherebeingadrive towardssimplicity,IthinkoneofthebenefitsofRESTevangelismwhenitdoestakeplaceisnot actuallytoinsistonsimplicity,buttoinsistontheconstraints,tosurfaceandrecognizethe constraintsalloveragain.Alotofapplicationshavebeenbuiltonoraroundthewebthatabusethe web'sinfrastructureandthewayinwhichitworks.GoodRESTevangelismissurfacingand emphasizingsomeofthoseconstraintsandsayingthatifyouworkwithorunderthoseconstraints, youwillrealizegreaterreach,betterperformance.Thatisapartialanswerfromme. JW:Youareright.Wedidputabstractionafterabstractionontoourdistributedsysteminfrastructure andyouknowwhat:ithasn'tworkedoutthatwellforus.Someofthelargestandmostsophisticated distributedsystemsontheplanethaven'tbeenallthatlargeorsophisticatedandthenthiskindof crappyprotocolcomesalongthatinsistsonbeingsynchronous,andinsistsonbeingtextdrivenand itscalesglobally.That'sshockinganddoesnotmakesensetousasengineers.That'stheweb paradoxit'stherubbishestthingontheplanet,butit'sscaledandformethatiswhat'shitthereset
107 InfoQExplores:REST
buttonbecauseIwastotallyupforXMLbasedprotocolsthatdoallsortsoffunkystuff. IputmynametosomeOASISworkandsomeotherstuffinthetransactionsphaseGodforbid!, buttobefair,wethoughtwehadthebestofintentions,wethoughtthisstuffwasgoingtobeuseful anditmaystillbeusefulincertainboundedcontext,butwhatthewebandHTTPhaveshownusis thatifyouwanttoscaleandreachoutglobally,youhavetohavesomethingthat'sdumb.Dumb protocolsarethebaselinethroughwhicheveryonecaninteractandgettingthatinteractionseems tobenowwhat'scriticalinearly21stcenturycomputing.SoYes,backtobasics. ViewFullVideo http://www.infoq.com/interviews/robinsonwebberrest RelatedContents RESTisastyleWOAisthearchitecture HATEOASasanenginefordomainspecificprotocoldescription HowRelevantAreTheFallaciesOfDistributedComputingToday? Presentation:TransformingSoftwareArchitecturewithWebasPlatform Presentation:REST:APragmaticIntroductiontotheWeb'sArchitecture
108 InfoQExplores:REST
Interview
MarkLittleonTransactions,WebServicesand REST
Inthisinterview,recordedatQConLondon2008,RedHatDirectorofStandardsandTechnical DevelopmentManagerfortheSOAplatformMarkLittletalksaboutextendedtransactionmodels, thehistoryoftransactionstandardization,theirroleforwebservicesandlooselycoupledsystems, andthepossibilityofanendtotheWebservicesvs.RESTdebate. DrMarkLittleisTechnicalDevelopmentManagerfortheJBossSOAPlatform,Red Hat'sDirectorofStandardsandrepresentativeontheJavaExecutiveCommittee.He hasover20yearsofexperienceworkingintheareaofreliabledistributedsystems. WhileatRedHat/JBossMarkhasbeentheleadoftheJBossESBandJBoss TransactionsproductsaswellasworkingfromtheofficeoftheCTO. InfoQ:ThisisStefanTilkovatQCon2008,andIaminterviewingMarkLittle.WelcomeMark!Can youtellusalittlebitaboutyourselfandwhatyoudo? Mark:IamaTechnicalDevelopmentManagerforRedHat'sSOAplatform,whichbasicallymeansI aminvolvedinallourSOAstrategy.Ihavevariousgroupsreportingtomelikeworkflow,transactions, ESB.IamalsoaDirectorofStandards,soIamalsoresponsibleforparticipationinW3Cgroups, OASISandJCP. InfoQ:Ok,soifIreadyournamesomewheretheonethingthatpopsupinmymind,theonething Iassociateyouwithistransactions.Ithinkyouhavealonghistoryinbeinginvolvedwithstandards aroundtransactions.Canyougiveusalittlebackground;canyouactuallydefinetheterm transactionforus,giveusalittlerefresherthere? Mark:So"Transaction"isatermthatismisusedprobablyahundredandonedifferentwaysinour industry.It'sprobablybettertobeabitmoreexplicitandsayit'satomictransactions.Anatomic transactionhasitshistorybackinthe'60s,andit'shard,it'slikeit'safaulttolerancemechanism.It's basedonworkthatwasdonearoundthattimeinthe'60sonspheresofcontrol.Basicallyanatomic transactionisasphereofcontrol,it'sanactivitythatguaranteesthatworkdonewithinthescopeof thattransactioniseitheralldone,orit'snotdoneatall,yougetnopartialfailures. Atypicalexamplewouldbeabankaccountsystem.Supposeyouaretransferringmoneyfroma currentaccounttoahighinterestaccount,andonewayofdoingthatwithoutusingtransactions wouldbetoremovemoneyfromthecurrentaccount,soyouareholdingthemoneyandthen deposititintothesavingsaccount.Ifyouhaveacrashofthesystematdoingthis,thendependingon
109 InfoQExplores:REST
wherethecrashhappens,youmayloseyourmoney.Ifyoutakethemoneyoutofthecurrent accountbutithasn'tquitebeenputintothehighinterestaccountyet,whereisit?Obviouslythe bankhopefullywouldhaveinformationaboutwhereitis,andtheycandosomekindofmoney resolution,butthatcouldtakedaystoactuallysortoutandmeanwhileyouhaven'tgotyourmoney, youcan'tpayyourbills.Ifyouaretodothattransferwithinanatomictransaction,thentheatomic transactionwouldguaranteethatiftherewasacrashthemoneygoesbackintothecurrentaccount, thetransactionsystemwoulddothat,ordependingonwherethecrashis,itwouldguaranteethatit wouldeventuallyturnupinthehighinterestaccount,hopefullywithinamatterofsecondsor minutesatmost.Anditwoulddothatitselfautomatically,therewillbenorequirementformanual intervention. InfoQ:Oneofthetopicsthatcomeupoftenindiscussionsaboutwebservicesiswhetherornot theyneedtransactions.Maybewecanstartbyaquickdescriptionofwhatisactuallyavailablefor webservicesinthetransactionsspace. Mark:Webservicestransactionsdevelopmenthasbeengoingonforalmostaslongaswebservices hasbeendeveloped.SoIstarteddoingworkaroundthatin1999,whichisprettycloseafterSOAP wasfirstreleased.Whatwewerelookingatthenandwhatwehavecontinuedtolookatoverthe interveningeightornineyearsisactuallyanumberofdifferentapproachesfortransactionsinthe web.So,traditionalatomictransactionsthatIdescribedearlierhavesomeinbuiltassumptions abouthowtheywillworkandtheenvironmentinwhichtheywillwork,soprettymuchtheyassume theywillworkinacloselycoupledenvironmentthatcanbetrustedandtheylastforseconds, millisecondshopefully,butseconds,maybeattheutmostminutes.Onthewebthosekindsof interactionstypicallydon'thappen,youknowyoumightbebookinganightout,orbuyingabook fromAmazonandyoumightbedoingthatoverthecourseofhoursordays.Andtodoallofthat withinthescopeatthetoplevelofanatomictransaction,justdoesn'twork.Sowewerestarting withhowdowedotransactionsthatarespecificforwebservicesorfortheselongduration interactions.Andtherewasalotofworkthatwasdonebackinthe'80sandearly'90sonwhatis knownasextendedtransactions. Thereisarangeofextendedtransactions.Basicallytheprincipleaboutextendedtransactionsisto relaxtheverypropertiesthatareinherentwithinanatomictransaction,soifyougoandlookatthe literaturethenyou'llfindthatanotheracronymthatisputaroundatomictransactionsisalsoknown asACIDtransactions.ThatisACIDAforatomic,everythinghappensornothinghappens,Cfor consistent,thestateofthesystemmovesfromoneconsistentstatetoanother,Iforisolation,soyou can'tseedirtydataandDfordurable,sothatiftheworkhappensitismadepersistentevenifthere isacrash,you'lleventuallygetthesamestate.Extendedtransactionsrelaxthoseproperties,soyou mightrelaxatomicity,sowhenanextendedtransactionoracertaintypeofextendedtransaction terminates,youmaysay"IwanttocommitbutIdon'twanttocommittwooutofthreeofthese participants,Iwanttocommitthatone,buttheothertwoIactuallywanttoundo".Another extendedtransactionmodelmightrelaxisolation.Andthereasonforrelaxingthedifferent propertiesistocaterforthetypeofusecasesthatyouwant,andthat'swhythereisalotofdifferent extendedtransactionsmodels.Thereisnoonemodelthatactuallyfitseverythingyoucouldever wanttodo.
110 InfoQExplores:REST
Sothat'swhatwehavebeendoingoverthelasteightyears,wehavebeenlookingatextended transactionworkthathasbeendoneandtryingtocomeupwithawayofallowingpeopletodevelop extendedtransactionmodelsthataregoodfortheirparticularusecase,ratherthantryasa transactionindustryhasdonetwentyyearspriortothis,shoehorntheACIDtransactioninto absolutelyeverything,let'shavetargetedmodels,targetedimplementations,andwehavegotthere. SoithastakeneightornineyearstogettherebutfinallyinOASISthere'stheWSTXtechnical committee,whichhasdefinedaframework,WSCoordination,whichallowsyoutoplugindifferent intelligences,sothiswouldbethedifferenttypesofextendedtransactionmodels. Outofthebox,thestandardprovidestwoextendedtransactionmodels,becauseoftheusecases thatwecurrentlyhavethatweneedtoadopt.OneisBusinessActivity,whichisfortheselong runningunitsofwork,theotherisAtomicTransaction,sodespitewhatIsaidearlieraboutatomic transactionsnotbeinggoodforwebservices,ifyoucanrecallthatbackwhenwebserviceswhere firststartingandeventhroughtotoday,peopleareusingthemforinteroperability,asmuch,ifnot actuallymorethanforInternetscalecomputing. So,atomictransactionintheWSTXspecisreallythereforinteroperabilitybetweenheterogonous systemsrunningoncloselycouplednetworks.YoucoulduseitacrosstheInternet,there'sabsolutely nothingtopreventyoufromdoingthat,buttherearereallygoodreasonswhyyoushouldn't. TheAtomicTransactionsspecinWSTXhasgivenustransactionindustryinteroperabilitybetween obviouslyRedHat,IBM,Microsoft,andacoupleofothercompanies.Allheterogeneoustransaction protocolswithinaboutayearandahalfofthespec'sbeingfinalized,probablylessactually,whereas ifyouarelookingwhenwelasttriedtodothis,whichwasintheOMGwithintheObjectTransaction Servicework,thatreallytookusabouttenyears.Sothereweredefinitelybenefitsfordoingitinweb services. InfoQ:Soyouhavesomepracticenow,somaybeit'snowonderittookyoulessthantenyearsto start. Mark:Yes,youareright,wedidlearnfromourpreviousmistakes. InfoQ:SoyousaidthatontheInternetyouwouldneveruseatomictransaction,whichispretty obvious,butIbelievesomepeoplewouldclaimthatevenifyouhavetheidealsofbuildinga serviceorientedarchitecturethenloosecouplingbecomesadesignprincipleevenifyoustay withinthecompany'sboundaries.Wouldyoualsosaythatifloosecouplingisoneofyourgoals, atomictransactionsisnotagoodmatchforthat? Mark:Yes,Iwould,butsomepeoplestillwanttodoit.Soyoucanmakerecommendationsbut ultimatelyiftheywanttodoitthennothinginWSAtomicTransactionwillpreventthem. InfoQ:ManypeoplesaytransactionsandSOA,transactionsandloosecouplingdon'tmixatall. Whatarethebenefits,howwouldyouactuallyadvocatetheusageofthoseprettycomplicated standardstopeoplewhousethem? Mark:IthinksomeofthiscomesbacktowhatIsaidatthestartabouttheuseoftheword "transaction",alotofpeoplewhentheyseetransactiontheyimmediatelyassumeACIDtransactions,
111 InfoQExplores:REST
twophasecommit,databasetransactions,howeverthey'verunintotransactionsbefore.Andinthat casetheyareright,Iwouldnotrecommendtocustomerstouseatomictransactionsacrossthe Internetorwithinthecorporatefirewallifwhattheyaretryingtoachieveisaserviceoriented architecturebasedsystem. Butifyoulookatextendedtransactions,likeIsaidabouttherelaxationofdifferentproperties,you aregoingtoactuallyseethattherearecertainonesthatareactuallygoodforSOAbased applications,theyprovideyoutheguaranteesthatyoumightwantbuttheydon'tprovidethe restrictionsthatACIDtransactionsrequire.Soifyouactuallylookatsomeoftheworkthatwedidin WSCAF,thewebservicescompositeapplicationframework,whichpredatedWSTX,there'soneof thetransactionmodelsthere,thatunfortunatelywedidn'tadoptintoWSTX,whichisactuallymuch morerelevanttoSOAbasedimplementations. It'stheWSBusinessProcessModel,andIthinkweactuallystartedthatbackin2003,andsincethen companieslikeMicrosoftandobviouslyRedHat,andothercompanies,aretalkingaboutverysimilar thingswhereyounolongerhavethisnotionofglobalconsistency,there'snonotionof"everybody hasthesamestate",becauseinalargescalesystemyoucan'tguaranteethat.Well,youcan guaranteeit,butitmighttakeyouuntiltheheatdeathoftheuniversetomakesurethatitisthe case.AndthatisexactlywhatWSBPdid,assumedthattherewerethesedomainsofconsistencyand inbetweenthemtheremightbedomainsofinconsistency,uptoacertainlevelorevenfuzzierthan that.SoforpeoplelookingtousetransactionsinaSOAbasedenvironmentIwouldsuggestthatthey don'tcomeintoitwiththepreconceivednotionthattransactionequalsACIDtransactionsoratomic transaction."Transaction"istoooverused,thereareextendedtransactionmodelsouttherethat canbeofbenefittoyourapplication. InfoQ:OneofthethingsyouhavebrieflytoucheduponisthatitisactuallyWSCoordination,and WSAtomicTransactionandWSBusinessActivity,whichareessentiallytheMicrosoftdriven standards,thathavebeenincorporated.Isthatacorrectviewofthis?BecauseIactually rememberthattherewasasortofasusualinthewebservices,orwhatusedtobeintheweb servicesspacetherewasawallbetweentwodifferentfractions,maybeyoucangiveussome backgroundonthat? Mark:So,theworkactuallyonextendedtransactionbeingstandardized,startedbackin1997,inthe OMGwithArjuna,thecompanythatwaswithusatthatpoint,andIBMandafewothercompanies workingonsomethingcalledtheAdditionalStructuringMechanismsfortheOTS,rollsofthetongue, whichisshorthandtotheCORBAActivityService.Thatwasdevelopingaframeworkessentiallya pluggablecoordinator,whereyoucouldaddtheintelligenceforyourspecifictransactionmodels.If youmapthattowhatwehaveinWSTXyou'llseethatthereisalmostaonetoone:thepluggable frameworkandtheOMGspecisessentiallyWSCoordination.Andtheintelligenceswerethe differentprotocols.SoforWSTransactionsthereisanequivalentmappingintheOMGspec. Whenweactuallystartedtodoworkonthewebservicestransactionsbackinthe1999wewere workingwithIBMonessentiallytakingthismodelandadaptingittowebservices.Butyouareright, atthatpointthewebserviceswarsbetweenMicrosoftandIBMfightingSun,Oracleandprettymuch everybodyelse,theykickedoff,andIBMandMicrosoftwenttheirownway,buildingonthiswork,
112 InfoQExplores:REST
andwewentourownwayagainbuildingonthesamekindofframework,andwhatcameoutofit wasWSTfromIBMandMicrosoftin2001,andWSCAFwhichcameoutin2002.Eventually everybodykindofkissedandmadeup,andwehadtheOASISWSTXTCthatformed,butthe principleinputtothatwasstillWSTandWSCAF,despitethefactthatIamacoauthoronbothof thoseoriginalspecsandobviouslythestandardsaswell,WSCAFwasstillbetterIthink.Itwasmuch moreSOAbasedandmuchless"CORBAwithanglebrackets",ifyoulike.Andit'sdiedadeathnow, butyestheTXoneistheonethatwearestuckwith. InfoQ:SoundslikeaVHS/BetaMaxstory. Mark:ItisandtheBetaMaxwasthebetterone.Don'tevenmentionBlueRay! InfoQ:Giventhatwebservicessupportforsomelevelofsupporttransactions,wouldyousee thisasoneofthebenefitsoverREST?Youknowthereisonecontinuoustopicthatcomesup. Mark:SowedidaddtransactionstoRESTwhenIwasworkingatHPin2000,weactuallydidsome workontryingtostandardizeatransactionbased,RESTbasedprotocol.Andwediditandlooking backIamnotsureifitwasahundredpercentREST,Iactuallythinkit'sprobablyninetyfivepercent REST,butanyway.Thereasonwedidthatisbecauseweactuallyhadcustomerswhowerecomingto usandsay"Thiswebservicesstuffisalittlebittoonewforusatthemoment.Wearenottoosure"; itwasAxis1.0days,Axisdidn'tperformverywell,I'mnotevensureifitdoesthesedays. "Wewouldliketodosomethingaboutcoordinatingmultipleupdatestowebservers,weareusing HTTP,sorrymultiplewebservers,weareusingHTTP,canyoudosomethingforus?"Andwedidit, wediditforthesecustomers,butitnevergotprogressedandwhenIleftHPitprettymuchfolded, wentontheshelf,becausewebserviceswerebigoratleastweregettingbig,andithasn'treally beenanypushattransactionsbackintovanillawebifyouwant,orRESTorHTTP.Ithinkthat's becausepeoplearedivertedtowardswebservices;it'snotbecauseIdon'tthinktherequirementis nolongerthere,Ihavecomeacrossafewcompaniesoverthelastfiveorsixyearswhohaveasked similarquestions,butthey'vegoneeventuallyeitherfornotusingtransactionsatallandchancingto luck,ortheyhavegonewithwebservices.SoIthinktheneedisthere,Idon'tthinkit'sahugeneed, butthenthereisn'tahugeneedfortransactionsanywhere. Ithinkthatitwouldbeniceiftherewasastandard,IthinkthisisoneoftheproblemswithRESTover HTTPatthemoment,inthatalthoughit'sastandardthereisnogenerallyagreedupon standardizationofprotocolsthatmightsitontop,liketransactions,likegroupcommunications,that sortofthings.AndhopefullyifwecanputtheseRESTandwebserviceswarsbehindusandkissand makeupthenmaybewecanactuallytakesomeofthebenefitsofbothsystemsandstandardize thingsinRESToverHTTP.That'ssomecustomersareactuallycryingoutfor. InfoQ:WhatisyouropinionabouttheRESTvs.webserviceswar?Whileweareatitwemightas welladdressit?Whatisyouropiniononthat? Mark:Ithinkit'sgoingwaytoolongandIthinkit'sbecomeverypolarizedinsomesectorswhenit shouldn'thave.TherearecertainlygoodreasonsforusingRESToverHTTP,soobviouslythereisa distinctionbetweenRESTandwhatIwouldliketocallRESToverHTTP,whichisonewayofdoing
113 InfoQExplores:REST
REST. Therearealsogoodreasonswhyyoumightwanttousewebservices.AndIthinkforwebservicesit reallyistheinteroperabilityandthefactthateverybodyhasgottogetherandwehavestandardize thesehighlevelapplicationprotocolsthatsitontop.Idon'tthinkit'saneither/orsituation,itmight beincertaincases,itmightbethatitreallydoesmakesensetouseRESTeverywhereinaparticular deployment,butIthinkingeneralandifyoulookbackoverlikefortyoddyearsofdistributive systemsdevelopment,therehasneverbeenaglobalpanaceafordistributedsystems.Onething doesnotworkwellforabsolutelyalldistributedsystemorcomponentwithindistributedsystemlike youmightcomeupwith. RPChasworkedvery,verywellsincethe'70s,andwearerevisitingthatoverthelasttenyearsorso, butRPCisn'tdead,peoplearesayingRPCisdead,itisnot,ifyouactuallylookaroundRPCisrunning alotofbackendinfrastructuralsystemsthatarealwaysgoingtobeRPCbased.Sowhenpeople comeandsay"Youneedtochangethistomessageoriented"thatisnotgoingtobuythose companiesanything,theyarehappywithwhattheyhavegot.AndIthinktheRESTandwebservices warsshouldprettymuchjustend;let'sagreethattherearegoodthingsandbadthingsaboutboth, andlet'stryandusethemtogetherifwecan.Ithinktheycanactuallybeusedwelltogether,the worktomergethemtogetherandmakethemworkefficientlytogetherhasn'tbeendone,Ithinkit couldbedone,andlet'sjustgetonwithit,let'sjuststoptoomuchfighting. InfoQ:Couldyoubecomealittlemorespecific,sowhatisgoodinwebservicesthatshouldbe adoptedintheRESTfulwordandwhatisgoodintheRESTfulworldthatshouldbeadoptedinthe webservicesworld?Istheresuchalist? Mark:Transactions. InfoQ:Whichnobodyneeds. Mark:Yeah,thereisn'tahugeneedfortransactions,butthereisaneedfortransactions.Security, highavailability,WSRXforinstance,youcanbuildonthattodohighavailabilityservices.Froma RESTperspective,theuniforminterfacedoesmakealotofsenseinmanycases.Ithinkoneofthe problemsthatwehavewithwebservicesisWSDL,tobeperfectlyhonest.CertainlywhenIstarted doingworkaroundwebservicesbackin1999/2000WSDLwasstillinitsinfancyandwhenwewere developingspecsandactuallydoingimplementationinHP,weweredevelopingonSOAPoverHTTP andbackportingtheWSDLafterwardsbecausetheWSDLreallygotintheway,andIthinkitstill doestoday.SogettingawayfromWSDLandlookingatthebenefitsthatauniforminterfacecan provideratherthanaspecificinterface,andalsotrynottoabusetransports,sosayingthatSOAP overHTTPisthesameasSOAPoverTCP/IPbecauseHTTPismostobviouslyatransport,it'smost obviouslynotatransport. InfoQ:Youmentionedthatitisnowtimetogobeyondthewarsbetweendifferentfacts.Imean that'sprobablysomethingthathasbeengoingonforyearsindifferentareas,it'sbeenCOMvs. CORBA,andit'sbeenthesekindofwebservicesversusthatkindofwebservicesandnowit'sREST versuswebservices.Giventhelastdebatewhatwouldbeyoursuggestion,whatdoyouthink shouldbeworkedupon,whatarethethingsthatweshouldaddresstogetthosetwotounite,kiss
114 InfoQExplores:REST
andmakeup? Mark:Ithinkthatthewebservicesguys,andIkindofincludemyselfinthisgroup,needtorealize thatcertainlyinteractionsacrosstheInternetthatarebasedonHTTParemorelikelytobeREST basedthannot.AndbridgingbetweenwebservicesandHTTPorRESToverHTTPIshouldsay,should beaddressedinamoreefficientmanner.Weshouldn'ttrytobastardizeHTTPanymoreasatransport, weshouldtryandworkwithitratherthanagainstit,andIdon'tthinkwearereallydoingthatatthe moment.WebservicesusesHTTPforareallygoodreason,andit'ssothatyoucantunnelthrough firewalls. Andthat'stherealreason.IwasatthefirstOMGmeetingwhereSOAPwasbroughttolife,anditwas oneofthedebatesaboutwhyitwasthere.Ithinkwekindofprogressedthatwearedoingitforthe samereasonsoverthelastsevenoreightyears.ButIthinkthatasawebservicescommunitywecan domoretoembraceRESTthanwearecurrentlydoing.Ithinkweshould.Idon'tthinkthereis anythingtechnicallythatwouldpreventusfromdoingthat.Ifyouactuallylookatthewaytheweb works,thereisnothingthatshouldpreventusfrombeingabletousetruewebprotocolswith nothingelselaidontopofthem,toactuallytalkbetweenwebserversacrossdifferentcontinents. LikeIsaidbeforeabouttheextendedtransactionsstuffthat'stheWSBPspecthatImentioned whichhasthisnotionoflooselycoupleddomainsofconsistencywithinconsistenciesbetweenthem, that'skindofverysimilarinthatwhathappenswithinthecorporatefirewallmightwellbea combinationofCORBA,REST,webservices,DCOM,JavaRMI...whateveryouwant.Butbetweenthe corporatefirewalls,IthinkitshouldmorelikelytrytobenotRESTweshouldactuallyworkwiththat ratherthantryandfightit. InfoQ:Wouldyousaythatalotoftheargumentsthatweredismissedwithinsixtysecondsfiveor sixyearsagothattheRESTpeoplemadearenowbeingacceptedprettymuchbyeverybodyinthe webservicesworld?ImeanIpersonallyseelotsofpeoplelikeyou,peoplewhowritethe standards,whoareinvolvedatleastconcedingthatRESTisagoodsolutionformanycases?I distinctlyrememberfiveyearsagowhenitwassaidthatitwasonlyusableforbrowsers,for humantowebserverinteraction,nomachinetomachinecouldeverpossiblyworkwithinHTTP. Thatseemstohavechanged? Mark:Ithaschanged. InfoQ:Coulditbethattheywerejustright? Mark:TospeakpersonallyIdidtransactionsoverRESTbackin2000,it'snotlikeIcertainlyhada epiphanymomentsixmonthsago.Ithinkafewotherpeoplehavebeenkindofcomingaroundto this,andyeswhetheryouwanttosaythattheysuddenlyrealizedthatwhatotherpeoplewere sayingwasrightorwhethertheyalwaysknewitwasright,andtheyjusthaddifferentmastersatthat timewhowouldn'tletthemsaywhatwasreallygoingthroughtheirmind,Iobviouslycan'tspeakfor everybody. InfoQ:Oneofthebasicprinciplesofwebservicesisthisprotocolindependence,isthe independenceofparticulartransportprotocol,whichisoneofthebigelementsinthesalespitch
115 InfoQExplores:REST
forwebservices.Doesn'tthatmaketheoptionofconsolidatingHTTPthewayitwassupposedto beusedimpossible.IstherereallyawaytoconsolidatewebservicesinRestfulHTTP? Mark:Ithinkthereis.Iamnotnecessarilysurethatit'sSOAPoverREST.Ithinkthatagaingoingback towhatweweredoingwithtransactionsonRESTbackinHP,wewereactuallyworkingtobridge webservicestransactionstoRESTfultransactions.Andyoucoulddoit.Iliketothinkthatifwebeen allowedtofinishitmaybeitwouldhavebeenoneofthoselittlegemsthatwouldhavegrownand maybeunifiedpeoplearoundthatfactthatwebservicesandRESTcanbeusedtogether.Idobelieve thatwecandoit,I'mnotsuggestingthatitiseasy,butifyoulookbackattheamountoftimeand effortthathasbeenwastedinthesefightsthatwe'vehadfromindividualstobigcorporations,I wouldliketothinkthatifwe'dactuallyspentthattimeactuallytalkingandtryingtogetthesethings resolvedinareasonablemannerwecouldhavebeentherebynow. InfoQ:Therearelotsofrumorsgoingonatthemomentaboutthosetwocompaniesthathappen tohavemergedrecently,whichhappentobeJBossandRedHat.Canyougiveusalittlebitof backgroundonthat?Tellusalittlebitaboutwhethereverythingisjustniceandallthoserumors arejustcrazylittlethingsthatweshouldn'tbelieve?Areyouwillingtotalkaboutthat? Mark:RedHatacquiredJBossinJuly2006.Itdefinitelywasn'tasmoothtransitionbutIcertainly didn'texpectasmoothtransition.Butthatwasn'tbecauseitwasJBossanditwasRedHat,Ihave beeninvolvedinmoreacquisitionsinmycareerthatIcaretoremember,andnoneofthemhave beenparticularlysmooth.Soitdidn'tcomeasabigsurprisetome,Ithinkoneofthebigproblems thoughwhichisprobablyspecifictotheJBoss/RedHatacquisitionwastheculturewithinJBoss becauseofitshistoryofhavingtofightagainsttheman,whowasIBMorwhowasOracle,itwas muchmorecombativethanRedHat.BeingassimilatedintoacompanylikeRedHat,thathada differentkindofculturelikethat,didcausefriction. Iwon'tgointospecificsbutthingslikebeingaveryprivatecompanyaswell,variousmailingliststhat peoplewouldtalkwithinJBosstoeachotherthroughoutthewholecompanyanduseverycolorful language,forastartyouprobablywouldn'twanttodothatinapubliccompanyanyway,butalsoit canoffend...thelargerthesizeofthecompanythemorechanceitisitwouldoffendsomebody. Therewerethosekindofthingsyouhavetobecarefulaboutwhatyousay,yourleveloffreedomhas gonedownabitasaresult,butobviouslyit'sabiggercompany,ithasmoremoney,hasabigger reach,sotherearetradeoffs. Ithinkoverallithasbeenagoodthing,Ithink.Somepeoplehaveleftforonereasonoranother, sometimesbecausetheydidn'tliketheculturechange,othersbecausetheywantedtostaywiththe startupmentalityandnotgotoabigcompany,sotheygonetootherstartups.Therearestilltheodd cultureclashwithinRedHatandIthinkquiteafewpeople,oldtimeRedHatpeopleseeJBossguys asupstartsandbrashandtroublemakers,andtreatthemabitlikethataswellandthatdoesn'tgo downwellwithsomeindividualswhoarebrashandupstarts.Theypushback.Thereisalotoftoand throwbutIthinktheanalogyisprobablyteenagesonversusfortyyearsoldfather,JBossisgoing throughpubertyandthefatheristheonewhohasbeenthereanddoneitbefore. ViewFullVideo
116 InfoQExplores:REST
117 InfoQExplores:REST
Interview
CORBAGuruSteveVinoskionREST,WebServices, andErlang
Inthisinterview,recordedatQConSanFrancisco2007,CORBAGuruSteveVinoskitalkstoStefan TilkovabouthisappreciationforREST,occasionswhenhewouldstilluseCORBAandtheroleof descriptionlanguagesfordistributedsystems.Othertopicscoveredincludethebenefitsofknowing manyprogramminglanguages,andtheusefulnessofofErlangtobuilddistributedsystems. SteveVinoskiisamemberoftechnicalstaffatVerivue,astartupinWestford,MA, USA.Recognizedasoneoftheworld'sleadingexpertsonCORBA,hewaspreviously chiefarchitectandFellowatIONATechnologiesforadecade,andpriortothatheld varioussoftwareandhardwareengineeringpositionsatHewlettPackard,Apollo Computer,andTexasInstruments. InfoQ:I'mherewithSteveVinoski,oneofmychildhoodheroes.Whatareyouuptothesedays? Steve:Ican'treallysaywhatmycompanydoes.IleftIONATechnologiesinFebruaryandthenew companyisinstealthmode,sothefoundersdon'twantanydetailsaboutittobeleakedout,butI cantellyouthatI'mhavingalotoffun.It'slikeabreathoffreshair.Thisisverydifferentcompared totenyearsatIONAandI'mhavingalotoffun. InfoQ:Canyoutellusifit'sinanywayrelatedtomiddlewareorsomenewkindofDistributed Objects? Steve:No,it'satotallydifferentindustry.Istartedlifeasahardwareengineersotherearesome hardwareguysinvolvedanditissortofbacktosomeofmyroots.I'mnotworkingonthehardware, butthereismiddlewareworkinvolved.I'vegonefrombeingavendortobeingauser. InfoQ:Onecouldsaythatmaybethisisreflectedinthestatementsonyourblog,whichis fortunatelyavailableagain.Yousaidsomenottoonicethingsaboutvendors,middleware,WS* andESBs.Canyouelaborateabit? Steve:IthinkifyougobackandreadmycolumnsfromInternetComputingbackfouryearsago(in factthefirstRESTcolumnIwrotewasfiveyearsago)someofthemhavebeenlikethis:"Thisisa goodwayofdoingthingsusingWSDLasanabstraction".Someoftheothercolumnssaid:"Thisisnot reallystandardized;therearetoomanyspecs,andalltheusualvendorwarsandclashes".Ihaven't reallybeenkindtoitallalongbutIcouldn'treallysaywhatIreallyfeltbeingpartofIONAbecause thatwastheirbusiness.IthinkoncethatweightwasliftedfrommeIbecameabletosaywhatIreally felt.It'snottoofarofftowhatIsaidbeforeit'sjustthatnowitiscompletelyhonest,Ihaveno agenda.
118 InfoQExplores:REST
InfoQ:Ifyouwerenowanarchitectinalargecompanyfacedwithdesigninganarchitecturefora setofsystemsoralargedistributedsystem,whatwouldyouchose? Steve:IwouldlookatRESTtobeginwith.IfyoulookatSOAitismoreaboutbusiness,aboutculture. It'sallabouthowdowegetourbusinesstoworktogether,howdowemakethingsworktogether andmakesharedcomponentsthatwecanallreuseandhowcanweavoidduplicatingeffortand stufflikethat.It'smoreaboutculturethanitisabouttechnicalarchitecture.Somepeopletalkabout technicalSOA,buttechnicalSOAreallydependsontheproductthatyou'reusingbecauseevery productisdifferent.SOAisn'tspecificenoughfromatechnicalperspectivetomakethemalllookthe same.ThenyouturnaroundandlookatRESTanditisawholenewarchitecturalstyle;it'sallabout constraintsandwhatyougetfromapplyingthoseconstraints.Someonehasgonetoalltheeffortof applyingabunchofconstraintstoadistributedsystemandgettingthedesirablepropertiesasa resultofdoingthat.WhyshouldIgoandthinkIcandoanybetter?Theworkhasbeendoneforme, andit'salsodefinedlooselyenoughthatifIhavetotweakthoseconstraints,Icandothat.Justfrom apureengineeringcostperspectiveitmakessensetolookatRESTinmyopinion. InfoQ:Sowhatwouldbetheusecaseswhereyou'duseCORBA? Steve:IwoulduseCORBAifIhadtotalktosomethingalreadywrittenandusingCORBA.Istarted workingwithCORBAin1991anditisstillaroundandIjustgotaroyaltycheckfromthebookthat MichiHenningandIwroterecently.IsnotasmuchasitusedtobebutI'mnotgoingtoturnitdown. ThereareindustriesthatstilluseCORBAandthoseinterfacesarenotgoingtogoawaytomorrow, theyaregoingtobearoundforprobably5or10years.IfIhadtotalktosomethingthatwasbuilt usingCORBAI'duseCORBA.IfIwasdoingsomeverysmallscalesystemthatthedeveloperswere familiarwiththeapproach,Iwoulduseit,butifIhadtobuildanenterprisescalesystemIwouldlook atREST. InfoQ:Ifwearetotalkaboutonedifference,onetopicthatcomesupofteninthediscussions aboutRESTisthatthereisnodescription,nocontractapartfromtheonedefinedintheREST dissertation,whichisthegenericone.Don'tyouperceivethisasaproblembecauseCORBAisso stronginthisregardwithIDL?Isthissomethingthat'smissing? Steve:I'vehadalotofthoughtaboutthatasyoumightimagine.InCORBAthere'sobviously differentlayers,differentareasthatonecanworkon.I'veworkedonprettymucheverythingbut whenIwasworkingonCORBAI'vefocusedmostlyonIDLandmappingittolanguages.Forwhatit was,Ithinkwedidareasonablejob.IknowtherearealotofpeoplewhohaveaproblemwithC++ mapping,butitiswrittenforverystrongC++programmers.Ipersonallydon'thaveanyproblems withit.There'saproblemifyouhavetodefinesomethinginIDLjusttoknowhowtouseit.That doesn'treallywork.NoonetakesanIDLandsays:"Here'sthismethod,IcallthisandIpassthis.Ijust lookattheIDLandIknowwhattodo". Nobodydoesthat.IDLisreallyforcodegeneration.IfIwanttoknowhowtouseaservicewhetherit hasIDLornot,Igotalkandtalktothedevelopers,ifthey'renearby;ifthey'renotIlookattheir documentation.SoifyouthinkabouttheRESTservicesofAmazonorGoogleoranyothersite.They havedocumentationontheweb,Igolookontheweb,IreaditandIfigureitout.Idon'tknowif havinganIDLwouldhelp.Theinterfaceisfixedit'sHTTPverbs.Youhavetodealwithdata
119 InfoQExplores:REST
definitionsandthedatadefinitions,themediatypesareusuallydefinedbyregisteredIANAtypes;if youwanttoknowhowthedatalooksyougoandlookatthosemediatypesorMIMEtypes.Idon't seeitasbeingthesamekindofproblemastheCORBAstyleofDistributedObjects. InfoQ:OneofthemainargumentsIhearisthatifyouuseatypicalstaticallytypedlanguagelike JavaorC++thenfromthecodegenerationstepwhatyougetistypesafetywhenyoubuildup thoseobjectsthatyouexchangewhenyoucallthoseimplementations.Ifyoudon'thavea descriptionlanguagethatcangeneratethecode,youdon'thaveyourcodecompletioninyourIDE andallthestuffthatwe'vegottenusedto. Steve:Isupposedthereissomethingtothat,butIdon'tuseIDEs.I'vebeenhavingadiscussionwith aformercolleagueofmineaboutthatinmyblogcommentswheretheysaid"Youshouldbeusing IDEsandeverything".I'vealwaysusedEmacs.I'vetriedusingEclipseanditdoessomethingsnicely butIguessI'mjustan"olddog".Whenitcomestothetypesafetyproblemyoucancallit pseudotypesafetyatbest,becauseIcantakeamessagethatwassupposedlytypesafeinmyclient applicationandsendittoyourserverandyourservercanbecompiledwithcompletelydifferent definitionsandstillbeabletoreadthosebitsoffthewireandsomehowtheylookliketheyfityour messagedefinition,wherethetwodefinitionscouldbecompletelydifferent.Similarlyyourobjector serviceorwhateveritisthatI'mgettingtypesafetyfromusinganIDLcouldhavecompletely differenttypeinrealitythanwhatIhaveinmyclient,becauseitisalldistributed.Yourversions changeatadifferentratethanwhatminechangeat...it'ssortofpseudotypesafetyatbest.ButI thinkthatwholethingturnsthewholeequationbecauseyou'rebuildingadistributedsystem,you're notbuildingalocalprogramanddistributingit,butyou'rebuildingadistributedsystemandyou happentobewritingpiecesofitwiththelanguagethatyou'vechosen.Ithinkthefocusshouldbeon thedistributedsystemandmakingaparticularlanguageeasiertouseinthatcontextisthewrong focus.Iknowalotofpeopledisagreewithme. InfoQ:Youspentquitesometimediscussingdynamiclanguages.Canyouelaboratealittlebiton that?Iwouldn'thaveexpecteditfromanoldC++programmertosuddenlyswitchtoRuby. Steve:By"old"youmeanthatI'vebeenusingitsince1988,right?NotthatI'mold...I'vebeenaC++ programmerforalongtime,butI'vealsobeenadynamiclanguagefanforalongtime.Mydegreeis inElectricalEngineeringbutI'venevertakenanyformofcomputerscienceclasses.IalwaysfeltIhad tolearncomputerscienceonmyownandbackwhenIwasteachingmyselfdifferentlanguages,C& C++primarily,Ididn'thaveanyoneelsearoundtobounceideasoffbecauseIwasinahardware group.WhenIjoinedApolloComputerin1987Istartedworkingwithsomesoftwarepeople,but theywereprimarilyembeddeddevelopersmostlyusingAssemblylanguageandsomeusingC.I startedusingC++andthatjustfreakedthemout.Cwasradicaltobeusedinthatenvironment,and C++wascompletelyoffthecharts. Ididn'thaveanyonetobouncetheseideasoff.MaybeIwasmissingsomething,Ishouldbelooking atallkindsoflanguages,notjustthese.SoIjuststudiedlanguagesconstantlyonmyown.Ilookedat prettymucheverything.NotthatIdevelopedrealapplicationsinthem,butatleastIreadbooks aboutit.IalsogotinvolvedwithUnixearlyon.TherewasahardwaretestmachinethatIhadtouse; IhadBerkeleyUnixrunningonitsoIlearntUnixonmyown.LearningallthetoolsofUnix,thegreps
120 InfoQExplores:REST
andthesedsandtheawks,andwhenLarryWallcameoutwithPerlIlookedatitandIsaid"Well there'sthisallthisotherstuffI'velearnedbutit'sallinonelanguage".In1988IportedPerlto DomainOS,whichisitsApollo'soperatingsystemandIthinkifyoustillfindmynameinthePerl sourcefordoingthat.ThedynamiclanguagestuffgoeswaybacktothesameyearIstartedusingC++. It'snotanewthing;I'vedoneitallalong. InfoQ:WhenyoumentionedthatinsteadofusingCORBAyouwouldnowuseREST,isthesame trueforthelanguagethingaswell?WouldyounowratheruseRubyoranotherdynamiclanguage insteadofC++orJava? Steve:Idotendtolookatthoselanguagesfirst;sometimestheyarenottherightlanguage.WhatI liketodoistakemultiplelanguagesandjusthavethematmyfingertipsandlookataproblemand say:"What'stheeasiestwaytosolvethis?Whatlanguagewouldmakethiseasiesttosolve?"Not onlytosolvebuteasiesttomaintaingoingforward,easiesttoextend.Ilookattheproblemdomain,I lookatthelanguagesyouhaveinyourtoolboxandchosetherightone.WhileIpreferdynamic languagesjustbecausetheyaresocapable,theyareverybrief;youcanwriteprogramsthatareat leastanorderofmagnitudesmallerthanJava,C++orCandstilldothesamething.Theyarefast. Peopletendtosaytheyareslowbutthat'snotusuallytrue.Someareslower,somearen't.Pythonis veryfast.Idon'truleourJavaorC++.I'mnotabigJavafan,tobehonest,becauseifIwanttouse somethinglikethatIthinkIwillgotoC++.IfIwantsomethingthat'stotallydifferentthanC++Igoto thedynamiclanguageside.JavaformeistooclosetoC++tomakethatmuchofadifference. InfoQ:YouspentalotoftimeplayingwithErlangrecently.Idon'tknowwhetherplayingisthe rightword,butIsawyouimplementingTimBray'sWideFinder.Canyougiveusalittle backgroundbothontheWideFinderideaingeneralandonyourexperiencewithErlang? Steve:I'vebeenlookingatErlangforacoupleofyearsactually.Ihaven'tbeenusingitforacoupleof years,butprobablytwoyearsagoIstartedseeingreferencestoit.Usuallysomeonesays"There's thislanguageyoushouldlookatit"andmyinitialreactionis"OkIwilltakealook".IfIdon'tseean immediateuseforit,I'llgetbacktomyrealwork.Thatiswhathappened,butitsortofintriguedme becauseofthereliabilityandconcurrencyaspectsthatithas.Beingalongtimemiddleware developerIspentalotoftimetryingtomakesurethatthingsareproductionhardened.Getting messagesfromheretothere,translatingdata,that'stheeasypart. It'swhenthethinghastostayup,ithastofailoverincaseofproblemswithoneofthenodes,oryou needfaulttolerance,allthereliabilityissues,andthenthewholeconcurrencythingwhichiswhere youspendalotoftimejustfiguringout...I'vegotalockthispieceofdata,sharedacrossthese threadsandifImissonebadthingsaregoingtohappen.Thosearetwohardproblemsareas middlewaredevelopersdealwithconstantly.IlookatErlanganditissortofbuiltin.Thatmaybear moreinvestigationsoIsortofkeptlookingatit.WhenIwasatIONAIwasworkingontheadvanced messagequeuingprotocolimplementationthatApacheisworkingon;it'scalledtheQpidproject.I wasworkingonthatandsomeoneaskedmetolookatmakingitfaulttolerant.Isaid"Ifyouare goingtomakeitfaulttolerantyoushouldbedoingitinErlang,itwouldsavealotoftrouble." TwoweekslateracompanycalledRabbitMQcomesupwithanErlangversionofAMQP.Theyhad obviouslybeenworkingonitforawhile.It'sstillaroundandpeopleareusingit.IguessIwasn'ttoo
121 InfoQExplores:REST
farofthemarkthere.WhenitcametoTim'sWideFinder...TimBrayworksforSunandhewanted toanalyzehisweblog;probablyaquartergigabyteofdataforthesmallestlog,alotofdatato analyze.Hethoughtat"Sunhasthisnewmachinecomingout.HowcouldImakeuseofalanguage likeErlangtoparallelizetheanalysisofthisdata?"HewroteanErlangprogramandhewasvery unhappywithit.Ifyougobackinhisblogyoucanseehe'squiteunhappyandhethinksErlangisnot whatit'scrackeduptobe. IsawthatandIthoughtthatmaybeIcandoalittlebitbetter.Istartedworkingonit,otherpeoplein theErlangcommunitywereworkingonit.Wejustsawthetimedropping.IthinkTim'sinitialstab wasat3040secondstoanalyzethisparticulardataset.Igotitdownto23seconds.ArealErlang persontookitoverandhegotitdowntoaround.8seconds.Ithinknowthefastestimplementation ofTim'ssystemisinsomethingcalledOCaml,whichisanotherfunctionallanguage,Pythonis numbertwoandErlangisnumberthree.AlotofpeoplesaythatErlangcan'tdofileIOandthatit's reallybadatthat,butobviouslyitmustbeokatthatbecauseitispullinginthesehugedatafilesand itanalysesthemonthetoptenhitsonTim'swebsite. InfoQ:Doyouseethisassomethingthatwillcontinuetohappen,thatlanguagesbecomemore powerfulinsteadofageneralpurposelanguagewithahugesetoflibraries,toolsormiddleware thatsitsbelowitoraddstoit?Isthisatrendthatlanguagesincludefeaturesthatweexpecttobe inlibraries? Steve:There'sacoupleofthingsthataregoingoninthewholeconcurrencythingwiththe multicoresystems...whenyouhavetwocoresyoucantakeanyoldapplication,throwitonthat machineandit'sgoingtodook.Whenyouhaveeightcoresitgetsalittlemoreinterestingbecause youcanseethatsomeofthemarekindofidlemaybewhenyourunyourapplication.Ifyoudon't havetherightlanguagetotakeadvantageofthatthanyourapplicationscanuseoneofthecores. There'snothingtheoperatingsystemcandotohelpyoubecauseit'snotgoingtotakeyour applicationandbreakitupforyou.Youhavetoexplicitlygoinandmakeitmultithreaded.Threads inlanguageslikeJavaandC++arefairlyheavyweight.Eventhoughtheyarelighterthanprocess, theyarestillheavyweight.IttakessomethinglikeErlangorlanguageslikethattheyhavevery,very lightweightthreadssoit'sabletorun5060.000threadsonmyMacbookproeasily.Itisavery differentstyleoflanguage. Thenthere'salsotheobjectorientedversusfunctionalandthereseemstobearesurgencein functionallanguagesrightnow.Idon'tknowwhythatis;itmaybebecausetheyaresosmalllikeyou candosomuchstuffinjustafewlinesofcode.AndevenlanguageslikeRubyandPythonhave functionalaspectstothem;thatmaybewhat'sdrivingit.Ithinkthere'sabitofresurgencein languagedesignandpeoplelookingatlanguages.TherehasalwaysbeenCastheAssemblylanguage forhigherlevellanguages;notonlyC++butotherslikePython,PerletcareallbuiltontopofC. There'salotgoingoninJava.JavaisliketheassemblinglanguagefortheJVM,itbecomestheVMfor anumberoflanguages,likeScala,Groovy,andJython.Peoplearemovingintothesetwodirections, it'sthesamedirectioninfact:buildingsmallerlanguagesbettersuitedtospecificproblemsontopof thesegeneralpurposelanguagesunderneath. InfoQ:Ofallthoselanguagesthatyoumentionedwhichonewouldyourecommend?
122 InfoQExplores:REST
Steve:Ithinkthepastdecadeortwotherehasbeenasearchforthelanguage.Alotofpeoplefelt C++wasmaybethelanguagethatpeopleshouldbeusing;thenJavacamealongandalotofpeople latchedontoJava.I'vemetmanyprogrammerswhoseemthatalltheyknowisJava.Ifyoustart recommendingtothemthatmaybetheyshouldstartlookingatotherlanguagessomeofthemget argumentativeandtheysay"Javacandoitall!"Ithinkifyouweretotalktothepeoplewhobuilt theselanguagestheywouldneverclaimthattheirlanguagecandoitall.Allthroughthis,therehave beenthemultilanguagecommunitiesthathavebeenrollingalongworkingontheseotherlittle languages.Erlangistwentyoneyearsold,Smalltalkhasbeenaroundforeverandpeoplestilluseit.I thinkbecauseofthewaythatnolanguagecandoitalldevelopersreallyoweittothemselvesto learnmultiplelanguagesandbeabletointegratethem. Whenyouhavethatchoice,whenyouhaveatoolboxfulloflanguagesandyouhaveaproblemand solveitintwolinesofRubyversustwohundredlinesofJavait'sareallynicefeeling.Itjustmakes youabetterdeveloperbecauseyoustarttoseehowidiomsindifferentlanguagescanbeapplied andyoulearnfromdifferentlanguages.InPythontherearelistcomprehensionswhichareverycool; there'sonelinethatcandoallkindofstuffiteratingoveralist.Erlanghasthesamething.Yougoto Erlangandyousay"That'salistcomprehensionthat'salmostthesamesyntacticallyanddoesthe samethings".It'snotlikeeverylanguageisawholedifferentworldthatyouhavetocompletelystart fromscratch.Youlearnone,youseesomeofitsidioms,youstarttolearnanother,andyousee similarthings. SwitchingfromaOOlanguagetoafunctionallanguageisgoingtobealittlebitdifferent.Languages likeRubyandPythoninparticularcrossthoseboundariesandusingthoseyoucangetalotofwork doneandalsoexpandyourownhorizonatthesametime.Intermsofconcurrency,ifyou'rewriting middlewareIthinkyouoweittoyourselftolookatErlang.Thelanguageitselfhastheprimitives, thentherearelibrariescalledtheOpenTelecomPlatformthatcomewithit,thatbuildonthose primitivestomakereliablesoftwarealmostsimple.It'sneversimple,butcomparedtowhatyouhave todo,jumpingthroughhoopsinotherlanguages,it'skindofanobrainer.Sothereisnotone language,lookatallofthem. ViewFullVideo http://www.infoq.com/interviews/vinoskiqconinterview RelatedContents HowRelevantIsContractFirstDevelopmentUsingAngleBrackets? RESTTheGood,theBadandtheUgly QuestforTrueSOA Presentation:ScottDavisonRealWorldWebServices EviWareReleasesv2.0ofsoapUI,aWebServicesTestSuite
123 InfoQExplores:REST
InfoQExplores:REST
Issue#1,February2010 ChiefEditor:RyanSlobojan Editors: Feedback:feedback@infoq.com SubmitArticles:article@infoq.com Cooperation:Cooperation@infoq.com Exceptwhereotherwiseindicated,entire contentscopyright2010InfoQ.com
ChiefEditor:RyanSlobojan RyanSlobojanisamanagingdirectoratRoundTripNetworks,whichfocuses onthefulllifecycleofonlineapplicationsincludingboththeapplicationitself andtheinfrastructurethatitrunson.Hehasworkedwithawiderangeof technologies,butconsidersJavatobehismostindepthareaofknowledge, andhasbecomeimpressedwiththeimpactthatAgileandLean methodologieshaveuponthesoftwaredevelopmentprocess.Heenjoysthe dualchallengesofworkingwithnewcustomersandnewtechnologies,andis constantlyscouringthetechnologylandscapefornewandinteresting technologieswhicharebeingused.
124 InfoQExplores:REST