You are on page 1of 127

InfoQExplores:REST

Issue#1,March2010 ChiefEditor:RyanSlobojan Editors:FloydMarinescu,KevinHuo,LiuShen Feedback:ryan@infoq.com SubmitArticles:editors@infoq.com

Exceptwhereotherwiseindicated,entirecontents copyright2010InfoQ.com

Content
[Articles]
ABRIEFINTRODUCTIONTOREST......................................................................................... 1 RESOURCEORIENTEDARCHITECTURE:THERESTOFREST .....................................11 RESTFULHTTPINPRACTICE ................................................................................................21 HOWTOGETACUPOFCOFFEE............................................................................................44 ADDRESSINGDOUBTSABOUTREST...................................................................................66 RESTANTIPATTERNS..............................................................................................................73

[Interviews]
IANROBINSONDISCUSSESREST,WS*ANDIMPLEMENTINGANSOA ....................80 JIMWEBBERON"GUERILLASOA"........................................................................................90 IANROBINSONANDJIMWEBBERONWEBBASEDINTEGRATION ..........................97 MARKLITTLEONTRANSACTIONS,WEBSERVICESANDREST............................... 109 CORBAGURUSTEVEVINOSKIONREST,WEBSERVICES,ANDERLANG ............... 118

Articles

ABriefIntroductiontoREST
Author:StefanTilkov Youmayormaynotbeawarethatthereisdebategoingonabouttherightwaytoimplement heterogeneousapplicationtoapplicationcommunication:Whilethecurrentmainstreamclearly focusesonwebservicesbasedonSOAP,WSDLandtheWS*specificationuniverse,asmall,butvery vocalminorityclaimstheresabetterway:REST,shortforREpresentationalStateTransfer.Inthis article,IwilltrytoprovideapragmaticintroductiontoRESTandRESTfulHTTPapplicationintegration withoutdigressingintothisdebate.Iwillgointomoredetailwhileexplainingthoseaspectsthat,in myexperience,causethemostdiscussionwhensomeoneisexposedtothisapproachforthefirst time.

KeyRESTprinciples
MostintroductionstoRESTstartwiththeformaldefinitionandbackground.Illdeferthisforawhile andprovideasimplified,pragmaticdefinition:RESTisasetofprinciplesthatdefinehowWeb standards,suchasHTTPandURIs,aresupposedtobeused(whichoftendiffersquiteabitfromwhat manypeopleactuallydo).ThepromiseisthatifyouadheretoRESTprincipleswhiledesigningyour application,youwillendupwithasystemthatexploitstheWebsarchitecturetoyourbenefit.In summary,thefivekeyprinciplesare:

GiveeverythinganID Linkthingstogether Usestandardmethods Resourceswithmultiplerepresentations Communicatestatelessly

Letstakeacloserlookateachoftheseprinciples.

GiveeverythinganID
Imusingthetermthinghereinsteadoftheformallycorrectresourcebecausethisissucha simpleprinciplethatitshouldntbehiddenbehindterminology.Ifyouthinkaboutthesystemsthat peoplebuild,thereisusuallyasetofkeyabstractionsthatmeritbeingidentified.Everythingthat

shouldbeidentifiableshouldobviouslygetanIDontheWeb,thereisaunifiedconceptforIDs: TheURI.URIsmakeupaglobalnamespace,andusingURIstoidentifyyourkeyresourcesmeansthey getaunique,globalID. Themainbenefitofaconsistentnamingschemeforthingsisthatyoudonthavetocomeupwith yourownschemeyoucanrelyononethathasalreadybeendefined,worksprettywellonglobal scaleandisunderstoodbypracticallyanybody.Ifyouconsideranarbitraryhighlevelobjectwithin thelastapplicationyoubuilt(assumingitwasntbuiltinaRESTfulway),itisquitelikelythatthere aremanyusecaseswhereyouwouldhaveprofitedfromthis.IfyourapplicationincludedaCustomer abstraction,forinstance,Imreasonablysurethatuserswouldhavelikedtobeabletosendalinkto aspecificcustomerviaemailtoacoworker,createabookmarkforitintheirbrowser,orevenwrite itdownonapieceofpaper.Todrivehomethispoint:Imaginewhatanawfullyhorridbusiness decisionitwouldbeifanonlinestoresuchasAmazon.comdidnotidentifyeveryoneofitsproducts withauniqueID(aURI). Whenconfrontedwiththisidea,manypeoplewonderwhetherthismeanstheyshouldexposetheir databaseentries(ortheirIDs)directlyandareoftenappalledbythemereidea,sinceyearsof objectorientedpracticehavetoldustohidethepersistenceaspectsasanimplementationdetail. Butthisisnotaconflictatall:Usually,thethingstheresourcesthatmeritbeingidentifiedwith aURIarefarmoreabstractthanadatabaseentry.Forexample,anOrderresourcemightbe composedoforderitems,anaddressandmanyotheraspectsthatyoumightnotwanttoexposeas individuallyidentifiableresources.Takingtheideaofidentifyingeverythingthatisworthbeing identifiedfurtherleadstothecreationofresourcesthatyouusuallydontseeinatypicalapplication design:Aprocessorprocessstep,asale,anegotiation,arequestforaquotetheseareall examplesofthingsthatmeritidentification.This,inturn,canleadtothecreationofmore persistententitiesthaninanonRESTfuldesign. HerearesomeexamplesofURIsyoumightcomeupwith: http://example.com/customers/1234 http://example.com/orders/2007/10/776654 http://example.com/products/4554 http://example.com/processes/salary-increase-234 AsIvechosentocreatehumanreadableURIsausefulconcept,eventhoughitsnota prerequisiteforaRESTfuldesignitshouldbequiteeasytoguesstheirmeaning:Theyobviously identifyindividualitems.Buttakealookatthese: http://example.com/orders/2007/11 http://example.com/products?color=green Atfirst,theseappeartobesomethingdifferentafterall,theyarenotidentifyingathing,buta collectionofthings(assumingthefirstURIidentifiesallorderssubmittedinNovember2007,andthe secondonethesetofgreenproducts).Butthesecollectionsareactuallythingsresources themselves,andtheydefinitelymeritidentification. Notethatthebenefitsofhavingasingle,globallyunifiednamingschemeapplybothtotheusageof

2 InfoQExplores:REST

theWebinyourbrowserandtomachinetomachinecommunication. Tosummarizethefirstprinciple:UseURIstoidentifyeverythingthatmeritsbeingidentifiable, specifically,allofthehighlevelresourcesthatyourapplicationprovides,whethertheyrepresent individualitems,collectionsofitems,virtualandphysicalobjects,orcomputationresults.

Linkthingstogether
Thenextprincipleweregoingtolookathasaformaldescriptionthatisalittleintimidating: Hypermediaastheengineofapplicationstate,sometimesabbreviatedasHATEOAS.(Seriously Imnotmakingthisup.)Atitscoreistheconceptofhypermedia,orinotherwords:theideaoflinks. LinksaresomethingwereallfamiliarwithfromHTML,buttheyareinnowayrestrictedtohuman consumption.ConsiderthefollowingmadeupXMLfragment: <order self='http://example.com/customers/1234' > <amount>23</amount> <product ref='http://example.com/products/4554' /> <customer ref='http://example.com/customers/1234' /> </order> Ifyoulookattheproductandcustomerlinksinthisdocument,youcaneasilyimaginehowan applicationthathasretrieveditcanfollowthelinkstoretrievemoreinformation.Ofcourse,this wouldbethecaseiftherewereasimpleidattributeadheringtosomeapplicationspecificnaming scheme,toobutonlywithintheapplicationscontext.ThebeautyofthelinkapproachusingURIs isthatthelinkscanpointtoresourcesthatareprovidedbyadifferentapplication,adifferentserver, orevenadifferentcompanyonanothercontinentbecausethenamingschemeisaglobal standard,alloftheresourcesthatmakeuptheWebcanbelinkedtoeachother. Thereisanevenmoreimportantaspecttothehypermediaprinciplethestatepartofthe application.Inshort,thefactthattheserver(orserviceprovider,ifyouprefer)providesasetoflinks totheclient(theserviceconsumer)enablestheclienttomovetheapplicationfromonestatetothe nextbyfollowingalink.Wewilllookattheeffectsofthisaspectinanotherarticlesoon;forthe moment,justkeepinmindthatlinksareanextremelyusefulwaytomakeanapplicationdynamic. Tosummarizethisprinciples:Uselinkstorefertoidentifiablethings(resources)whereverpossible. HyperlinkingiswhatmakestheWebtheWeb.

Usestandardmethods
Therewasanimplicitassumptioninthediscussionofthefirsttwoprinciples:thattheconsuming applicationcanactuallydosomethingmeaningfulwiththeURIs.IfyouseeaURIwrittenontheside ofabus,youcanenteritintoyourbrowsersaddressfieldandhitreturnbuthowdoesyour browserknowwhattodowiththeURI?

3 InfoQExplores:REST

Itknowswhattodowithitbecauseeveryresourcesupportsthesameinterface,thesamesetof methods(oroperations,ifyouprefer).HTTPcallstheseverbs,andinadditiontothetwoeveryone knows(GETandPOST),thesetofstandardmethodsincludesPUT,DELETE,HEADandOPTIONS.The meaningofthesemethodsisdefinedintheHTTPspecification,alongwithsomeguaranteesabout theirbehavior.IfyouareanOOdeveloper,youcanimaginethateveryresourceinaRESTfulHTTP scenarioextendsaclasslikethis(insomeJava/C#stylepseudosyntaxandconcentratingonthekey methods): class Resource { Resource(URI u); Response get(); Response post(Request r); Response put(Request r); Response delete(); } Becausethesameinterfaceisusedforeveryresource,youcanrelyonbeingabletoretrievea representationi.e.,somerenderingofitusingGET.BecauseGETssemanticsaredefinedinthe specification,youcanbesurethatyouhavenoobligationswhenyoucallitthisiswhythemethod iscalledsafe.GETsupportsveryefficientandsophisticatedcaching,soinmanycases,youdont evenhavetosendarequesttotheserver.YoucanalsobesurethataGETisidempotentifyou issueaGETrequestanddontgetaresult,youmightnotknowwhetheryourrequestneverreached itsdestinationortheresponsegotlostonitswaybacktoyou.Theidempotenceguaranteemeans youcansimplyissuetherequestagain.IdempotenceisalsoguaranteedforPUT(whichbasically meansupdatethisresourcewiththisdata,orcreateitatthisURIifitsnottherealready)andfor DELETE(whichyoucansimplytryagainandagainuntilyougetaresultdeletingsomethingthats notthereisnotaproblem).POST,whichusuallymeanscreateanewresource,canalsobeusedto invokearbitraryprocessingandthusisneithersafenoridempotent. Ifyouexposeyourapplicationsfunctionality(orservicesfunctionality,ifyouprefer)inaRESTfulway, thisprincipleanditsrestrictionsapplytoyouaswell.Thisishardtoacceptifyoureusedtoa differentdesignapproachafterall,yourequitelikelyconvincedthatyourapplicationhasmuch morelogicthanwhatisexpressiblewithahandfuloperations.Letmespendsometimetryingto convinceyouthatthisisnotthecase. Considerthefollowingexampleofasimpleprocurementscenario:

4 InfoQExplores:REST

Youcanseethattherearetwoservicesdefinedhere(withoutimplyinganyparticular implementationtechnology).Theinterfacetotheseservicesisspecifictothetaskitsan OrderManagementandCustomerManagementservicewearetalkingabout.Ifaclientwantsto consumetheseservices,itneedstobecodedagainstthisparticularinterfacethereisnowayto useaclientthatwasbuiltbeforetheseinterfaceswerespecifiedtomeaningfullyinteractwiththem. Theinterfacesdefinetheservicesapplicationprotocol. InaRESTfulHTTPapproach,youwouldhavetogetbywiththegenericinterfacethatmakesupthe HTTPapplicationprotocol.Youmightcomeupwithsomethinglikethis:

5 InfoQExplores:REST

Youcanseethatwhathavebeenspecificoperationsofaservicehavebeenmappedtothestandard HTTPmethodsandtodisambiguate,Ihavecreatedawholeuniverseofnewresources.Thats cheating!,Ihearyoucry.Noitsnot.AGETonaURIthatidentifiesacustomerisjustasmeaningful asagetCustomerDetailsoperation.Somepeoplehaveusedatriangletovisualizethis:

Imaginethethreeverticesasknobsthatyoucanturn.Youcanseethatinthefirstapproach,you havemanyoperationsandmanykindsofdataandafixednumberofinstances(essentially,as manyasyouhaveservices).Inthesecond,youhaveafixednumberofoperations,manykindsof dataandmanyobjectstoinvokethosefixedmethodsupon.Thepointofthisistoillustratethatyou canbasicallyexpressanythingyoulikewithbothapproaches.

6 InfoQExplores:REST

Whyisthisimportant?Essentially,itmakesyourapplicationpartoftheWebitscontributionto whathasturnedtheWebintothemostsuccessfulapplicationoftheInternetisproportionaltothe numberofresourcesitaddstoit.InaRESTfulapproach,anapplicationmightaddafewmillion customerURIstotheWeb;ifitsdesignedthesamewayapplicationshavebeendesignedinCORBA times,itscontributionusuallyisasingleendpointcomparabletoaverysmalldoorthatprovides entrytoauniverseofresourceonlyforthosewhohavethekey. TheuniforminterfacealsoenableseverycomponentthatunderstandstheHTTPapplicationprotocol tointeractwithyourapplication.Examplesofcomponentsthatbenefitfromthisaregenericclients suchascurlandwget,proxies,caches,HTTPservers,gateways,evenGoogle/Yahoo!/MSN,andmany more. Tosummarize:Forclientstobeabletointeractwithyourresources,theyshouldimplementthe defaultapplicationprotocol(HTTP)correctly,i.e.makeuseofthestandardmethodsGET,PUT,POST, DELETE.

Resourceswithmultiplerepresentations
Weveignoredaslightcomplicationsofar:howdoesaclientknowhowtodealwiththedatait retrieves,e.g.asaresultofaGETorPOSTrequest?TheapproachtakenbyHTTPistoallowfora separationofconcernsbetweenhandlingthedataandinvokingoperations.Inotherwords,aclient thatknowshowtohandleaparticulardataformatcaninteractwithallresourcesthatcanprovidea representationinthisformat.Letsillustratethiswithanexampleagain.UsingHTTPcontent negotiation,aclientcanaskforarepresentationinaparticularformat: GET /customers/1234 HTTP/1.1 Host: example.com Accept: application/vnd.mycompany.customer+xml TheresultmightbesomecompanyspecificXMLformatthatrepresentscustomerinformation.Ifthe clientsendsadifferentrequest,e.g.onelikethis: GET /customers/1234 HTTP/1.1 Host: example.com Accept: text/x-vcard TheresultcouldbethecustomeraddressinVCardformat.(Ihavenotshowntheresponses,which wouldcontainmetadataaboutthetypeofdataintheHTTPContenttypeheader.)Thisillustrates whyideally,therepresentationsofaresourceshouldbeinstandardformatsifaclientknows boththeHTTPapplicationprotocolandasetofdataformats,itcaninteractwithanyRESTfulHTTP applicationintheworldinaverymeaningfulway.Unfortunately,wedonthavestandardformatsfor everything,butyoucanprobablyimaginehowonecouldcreateasmallerecosystemwithina companyorasetofcollaboratingpartnersbyrelyingonstandardformats.Ofcourseallofthisdoes notonlyapplytothedatasentfromtheservertotheclient,butalsoforthereversedirectiona serverthatcanconsumedatainspecificformatsdoesnotcareabouttheparticulartypeofclient,

7 InfoQExplores:REST

provideditfollowstheapplicationprotocol. Thereisanothersignificantbenefitofhavingmultiplerepresentationsofaresourceinpractice:If youprovidebothanHTMLandanXMLrepresentationofyourresources,theyareconsumablenot onlybyyourapplication,butalsobyeverystandardWebbrowserinotherwords,informationin yourapplicationbecomesavailabletoeveryonewhoknowshowtousetheWeb. Thereisanotherwaytoexploitthis:YoucanturnyourapplicationsWebUIintoitsWebAPIafter all,APIdesignisoftendrivenbytheideathateverythingthatcanbedoneviatheUIshouldalsobe doableviatheAPI.ConflatingthetwotasksintooneisanamazinglyusefulwaytogetabetterWeb interfaceforbothhumansandotherapplications. Summary:Providemultiplerepresentationsofresourcesfordifferentneeds.

Communicatestatelessly
ThelastprincipleIwanttoaddressisstatelesscommunication.Firstofall,itsimportanttostress thatalthoughRESTincludestheideaofstatelessness,thisdoesnotmeanthatanapplicationthat exposesitsfunctionallycannothavestateinfact,thiswouldrenderthewholeapproachpretty uselessinmostscenarios.RESTmandatesthatstatebeeitherturnedintoresourcestate,orkepton theclient.Inotherwords,aservershouldnothavetoretainsomesortofcommunicationstatefor anyoftheclientsitcommunicateswithbeyondasinglerequest.Themostobviousreasonforthisis scalabilitythenumberofclientsinteractingwouldseriouslyimpacttheserversfootprintifithad tokeepclientstate.(NotethatthisusuallyrequiressomeredesignyoucantsimplystickaURIto somesessionstateandcallitRESTful.) Butthereareotheraspectsthatmightbemuchmoreimportant:Thestatelessnessconstraint isolatestheclientagainstchangesontheserverasitisnotdependentontalkingtothesameserver intwoconsecutiverequests.Aclientcouldreceiveadocumentcontaininglinksfromtheserver,and whileitdoessomeprocessing,theservercouldbeshutdown,itsharddiskcouldberippedoutand bereplaced,thesoftwarecouldbeupdatedandrestartedandiftheclientfollowsoneofthelinks ithasreceivedfromtheserver,itwontnotice.

RESTintheory
Ihaveaconfessiontomake:WhatIexplainedisnotreallyREST,andImightgetflamedfor simplifyingthingsalittletoomuch.ButIwantedtostartthingsalittledifferentlythanusual,soIdid notprovidetheformalbackgroundandhistoryofRESTinthebeginning.Letmetrytoaddressthis,if somewhatbriefly. Firstofall,IveavoidedtakinggreatcaretoseparateRESTfromHTTPitselfandtheuseofHTTPina RESTfulway.Tounderstandtherelationshipbetweenthesedifferentaspects,wehavetotakealook atthehistoryofREST.

8 InfoQExplores:REST

ThetermRESTwasdefinedbyRoyT.FieldinginhisPhDthesis(youmightactuallywanttofollow thatlinkitsquitereadable,foradissertationatleast).Royhadbeenoneoftheprimarydesigner ofmanyessentialWebprotocols,includingHTTPandURIs,andheformalizedalotoftheideas behindtheminthedocument.(ThedissertationisconsideredtheRESTbible,andrightfullyso afterall,theauthorinventedtheterm,sobydefinition,anythinghewroteaboutitmustbe consideredauthorative.)Inthedissertation,Royfirstdefinesamethodologytotalkabout architecturalstyleshighlevel,abstractpatternsthatexpressthecoreideasbehindan architecturalapproach.Eacharchitecturalstylecomeswithasetofconstraintsthatdefineit. Examplesofarchitecturalstylesincludethenullstyle(whichhasnoconstrainsatall),pipeand filter,client/server,distributedobjectsandyouguesseditREST. Ifallofthissoundsquiteabstracttoyou,youarerightRESTinitselfisahighlevelstylethatcould beimplementedusingmanydifferenttechnologies,andinstantiatedusingdifferentvaluesforits abstractproperties.Forexample,RESTincludestheconceptsofresourcesandauniforminterface i.e.theideathateveryresourceshouldrespondtothesamemethods.ButRESTdoesntsaywhich methodstheseshouldbe,orhowmanyofthemthereshouldbe. OneincarnationoftheRESTstyleisHTTP(andasetofrelatedsetofstandards,suchasURIs),or slightlymoreabstractly:theWebsarchitectureitself.Tocontinuetheexamplefromabove,HTTP instantiatestheRESTuniforminterfacewithaparticularone,consistingoftheHTTPverbs.As FieldingdefinedtheRESTstyleaftertheWeboratleast,mostofitwasalreadydone,one mightarguewhetheritsa100%match.Butinanycase,theWeb,HTTPandURIsaretheonlymajor, certainlytheonlyrelevantinstanceoftheRESTstyleasawhole.AndasRoyFieldingisboththe authoroftheRESTdissertationandhasbeenastronginfluenceontheWebarchitecturesdesign, thisshouldnotcomeasasurprise. Finally,IveusedthetermRESTfulHTTPfromtimetotime,forasimplereason:Manyapplications thatuseHTTPdontfollowtheprinciplesofRESTandwithsomejustification,onecansaythat usingHTTPwithoutfollowingtheRESTprinciplesisequaltoabusingHTTP.Ofcoursethissoundsa littlezealousandinfactthereareoftenreasonswhyonewouldviolateaRESTconstraint,simply becauseeveryconstraintinducessometradeoffthatmightnotbeacceptableinaparticular situation.Butoften,RESTconstraintsareviolatedduetoasimplelackofunderstandingoftheir benefits.Toprovideoneparticularlynastyexample:theuseofHTTPGETtoinvokeoperationssuch asdeletinganobjectviolatesRESTssafetyconstraintandplaincommonsense(theclientcannotbe heldaccountable,whichisprobablynotwhattheserverdeveloperintended).Butmoreonthis,and othernotableabuses,inafollowuparticle.

Summary
Inthisarticle,IhaveattemptedtoprovideaquickintroductionintotheconceptsbehindREST,the architectureoftheWeb.ARESTfulHTTPapproachtoexposingfunctionalityisdifferentfromRPC, DistributedObjects,andWebservices;ittakessomemindshifttoreallyunderstandthisdifference. BeingawareaboutRESTprinciplesisbeneficialwhetheryouarebuildingapplicationsthatexposea

9 InfoQExplores:REST

WebUIonlyorwanttoturnyourapplicationAPIintoagoodWebcitizen. Link:http://www.infoq.com/articles/restintroduction RelatedContents InterviewwithGuilhermeSilveira,creatorofRestfulie IsJAXRS,orRESTeasy,unRESTful? IBMWebSphereEmbracesREST BusinessCaseForREST IsCRUDBadforREST?

10 InfoQExplores:REST

Articles

ResourceOrientedArchitecture:TheRestofREST
Author:BrianSletten

SeriesIntroduction
Thinkforamoment,ifyoucan,backtoatimebeforetheWeb.Imaginetryingtoexplainthe impendingchangestoyourhaplesscontemporaries.Itislikelytheywouldsimplynotbeableto fathomtheimpactsthattheWeb'semergencewouldhaveonnearlyeveryaspectoftheirlives.In retrospect,itfeelslikeatsunamicaughtusoffguardandforeveralteredthelandscapearoundus. Therealityismorepedestrian,however.Itwasadeliberateseriesoftechnicalchoicesthatbuiltupon eachotherthatyieldedtheresultswehaveexperienced. Now,pauseandreflectupontheideathatyouareprobablyinasimilarpositiontothoseincredulous preWebtypesyouwerejusttryingtoenlighten.Unlessyouhavebeenpayingcloseattention,you areabouttobecaughtoffguardagainasitfeelslikeanewwavecrashesuponoureconomic,social, technologicalandorganizationallandscapes.Whiletheresultingchangeswillfeelliketheyoccur overnight,therealityisthattheyhavebeenintheworksforyearsandarejustnowproducing tangibleresults.ThisnewwaveisaboutaWebthathasevolvedbeyonddocumentsintoWebsof Data,bothpersonalandprivate.Wewillnolongerfocusoninformationcontainers,buton informationitselfandhowitisconnected. Thiswavehasbeenintheworksforyearsandisagainbeingdrivenbythedeliberateadoptionof specificchoicesandtechnologies.Thesechoicesarecombiningtosolvetheproblemscausedbythe inexorablemarchoftechnologicalchange,businessflux,newandvarieddatasourcesandthe ubiquitous,expensiveandfailureproneeffortsthathavecostmillionsanddeliveredinsufficient value.WebServicesandServiceOrientedArchitectures(SOA)weresupposedtobepartofthe answer,buttheeleganceoftheirvisionshavebeenforeverstainedbytheineleganceoftheir technicalsolutions. Thebeautyisthatwearenotstartingfromscratch.Wearebuildinguponthetechnologywehavein placetogrowthesedatawebsorganically.Wecanwrapourdatabases,libraries,servicesandother contentsourceswithanewsetofabstractionsthatwillhelpusoffthetreadmillwehavebeenon. WeareintegratingthepublicWebofDatawithourown,privatelyhelddata.Theincremental adoptionofthesetechnologiesisyieldingnewcapabilitiesthatwill,inturn,unlockfurther capabilities.

11 InfoQExplores:REST

Thisisthefirstarticleinanewseriestohighlighttheevolutionofinformationorientedsystemsthat gotustowhereweareandprovidearoadmaptowherewearegoing.Despitewhatitmayseemon thesurface,thesechoicesareneitheradhocnoresoteric,butratherfoundationaldecisionsbased onalongtraditionofacademiaandappliedengineering. WewillstartbyrevisitingtheREpresentationalStateTransfer(REST)architecturalstyle.Oftquoted andevenmoreoftenmisunderstood,thismannerofbuildingnetworkedsoftwaresystemsallowsus tomergeourdocuments,dataandinformationorientedservicesintoarich,logicalecosystemof namedresources.Fromthere,wewillintroducethevisionoftheSemanticWebandwalkthroughits coretechnologiesrepresentedbyaflexibleandextensibledatamodelandtheabilitytoqueryit.We willseehowtoincorporaterelationaldata,contentfromdocuments,spreadsheets,RSSfeeds,etc. intoarichwebofreusablecontent. Afterwepresentthebasics,wewillwalkthroughavarietyofsuccessfuleffortsbuildingonthese technologiesandthenreturntoreclaimingthevisionpromisedtousbyproponentsofWebServices technologies.WewilldescribeaprocesswherewecanachievesomethingofaUnifiedTheoryof InformationSystems;onethatnotonlyhandles,butembracesthekindoftechnicalandsocial changethathasbeenpainfulandintractabletomanageinthepast. TherehasbeentoomuchhypesurroundingtheSemanticWeb,buttherehavealsobeenasteady streamofquietsuccesses.Thisserieswillbeapragmaticguideintobothnewandfamiliarterritory. Wewillconnectthetechnologiesindeeperwaysthanperhapsyouhaveseenbefore.Wewill highlighteventsandactionsbycompanies,governmentorganizationsandstandardsbodiesthat indicatethatthisishappeninganditwillchangeeverything.Wewillshowhowaverylarge differenceinyoursystemimplementationcanoftenbemadethroughsubtleshiftsinperspective andadoptionofstandardsthataredesignedtofacilitatechange. Thefirststep,istoembraceacommonnamingschemeforallaspectsofourinfrastructure.A ServiceOnlyArchitectureusuallyignoresthedatathatflowsthroughit.Attheendoftheday,our organizationscareaboutinformationfirstandforemost.RESTandtheWebArchitectureputsthis priorityupfrontandlaysthefoundationfortheremainderofourdiscussion.

TheRestofREST
IthasbecomefashionabletotalkabouttheREpresentationalStateTransfer(REST)assomethingofa weaponintheWarOnComplexity.Theenemiesinthiswar,accordingtosome,areSOAPandthe WebServicestechnologystackthatsurroundsit.ThisUsvsThemrhetoricbringspassiontothetable, butrarelymeaningfuldialoguesopeopleremainconfusedastotheunderlyingmessageandwhyitis important.ThegoalisnottoreplaceSOAP;thegoalistobuildbettersystems. RESTisnotevenadirectreplacementforSOAP.Itisnotsomekindoftechnologyofconvenience;a simplesolutionforinvokingWebServicesthroughURLs.Themanagementofinformationresources isnotthesamethingasinvokingarbitrarybehavior.Thisconfusionleadspeopletobuild"RESTful" solutionsthatareneitherRESTful,norgoodsolutions.

12 InfoQExplores:REST

RESTderivesitsbenefitsasmuchfromitsrestrictionsasitdoesitsresultantflexibility.IfyoureadDr. RoyFielding'sthesis(whichyouareencouragedtodo),youwilllearnthattheintentwastodescribe howthecombinationofspecificarchitecturalconstraintsyieldsasetofpropertiesthatwefind desirableinnetworkedsoftwaresystems.Theadoptionofauniforminterface,theinfamousUniform ResourceLocator(URL),contributestothedefinitionofREST,butisinsufficienttodefineit.Likewise, interfacesthatsimplyexposearbitraryservicesviaURLswillnotyieldthesamebenefitswehave seensosuccessfullyintheexplosionoftheWeb.Ittakesaricherseriesofinteractionsandsystem partitioningtogetthefullresults. MostpeopleunderstandthatRESTinvolvesrequestingandsupplyingapplicationstateofinformation resourcesthroughURLsviaasmallnumberofverbs.YouretrieveinformationbyissuingGET requeststoURLs,youcreateorupdateviaPOSTandPUT,andremoveinformationviaDELETE requests. Thissummaryisnotincorrect,butitleavestoomuchout.Theomissionsyielddegreesoffreedom thatunfortunatelyoftenallowpeopletomakethewrongdecisions.Inthisgap,peoplecreateURLs outofverbswhicheliminatesthebenefitofhavingnamesfor"things".TheythinkRESTisjustabout CRUDoperations.Theycreatemagical,unrelatedURLsthatyouhavetoknowupfronthowtoparse, losingthediscoverabilityofthehypertextengine.Perhapsmostunforgivably,theycreateURLstied solelytoparticulardataformats,makingprematuredecisionsforclientsabouttheshapeofthe information. UnderstandingthefullimplicationsofRESTwillhelpyouavoidtheseproblems;itwillhelpyouto developpowerful,flexibleandscalablesystems.Butitisalsothebeginningofanewunderstanding ofinformationandhowitisused.UponthisfoundationofWebarchitecture,theapplicationofthe remainingtechnologiesoftheSemanticWebwillyieldunprecedentedpowerinhowweinteract witheachotherasindividuals,governments,organizationsandbeyond.Thisiswhywebeginwitha deeperdiveintothepartsofRESTthatmanypeopledonotunderstandandthereforedonotdiscuss. Thesetopicsincludetheimplicationsof: URLsasidentifiers FreedomofForm Logicallyconnected,LatebindingSystems HypertextastheEngineofStateTransfer(HATEOS)

URLsasIdentifiers
WehavealreadyestablishedthatmostpeopleknowaboutURLsandREST.Itseemsclearthatthey understandthataURLisusedforinvokingaservice,butitisnotclearthattheygetthelargersense ofaURLasanameforinformation.Namesarehowweidentifypeople,places,thingsandconcepts. Ifwelacktheabilitytoidentify,welacktheabilitytosignify.ImagineAbbottandCostello'sinfamous "Who'sonFirst?"skitonadailybasis.Havingnamesgivesustheabilitytodisambiguateandidentify somethingwecareaboutwithinacontext.Havinganameandacommoncontextallowsustomake

13 InfoQExplores:REST

referencetonamedthingsoutofthatcontext. TheUniformResourceIdentifier(URI)istheparentscheme.Itisamethodforencodingother schemesdependingonwhetherwewantthemtoincluderesolutioninformationornot.Librarians andotherlongtermdatastewardslikenamesthatwillnotchange.AUniformResourceName(URN) isaURIthathasnolocationinformationinit;nothingbutnameisinvolved.Thegoodnewsisthat thesenameswillneverbreak.Thebadnewsisthatthereisnoresolutionprocessforthem.An exampleofaURNisanISBNnumberforabook: urn:isbn:0307346617 Inordertofindmoreinformationaboutthisbook,youwouldhavetofindaservicethatallowsyou tolookupinformationbasedontheISBNnumber. Ifnothingaboutthecontextofoursystemsandinformationeverchanged,wewouldprobably alwayswanttoincluderesolutioninformationinourresourcenamessowecouldresolvethem.But anyonewhohasbeenhandedabrokenlinkknowswewantlongerlivednamesforreallyimportant stuff.LookingatourhistoryofusingURLs,wehavedonesomesillythingswhenwecreatedones suchas: http://someserver.com/cgi-bin/foo/bar.pl http://someserver.com/ActionServlet?blah=blah http://someserver.com/foo/bar.php TheproblemwiththeseURLsisthatthetechnologyusedtoproducearesultisirrelevanttothe consumerofinformation.ThereisnogoodreasontocreateURLslikethat.Thefocusshouldbeon theinformation,notthetechnology.Implementationtechnologieschangeovertime.Ifyouabandon them,forinstance,anysystemthathasalinktothePerl,ServletorPHPbasedURLwillbreak.We willaddresssomeinfrastructuretosolvethisprobleminfuturearticles,fornow,wewilljusttryto makecarefulchoicesinthenameswegiveourinformationresources. Despitebeingfragile,theURLschemedoesallowustodisambiguateinformationreferencesina globalcontext. http://company1.com/customer/123456 isdistinctanddistinguishablefrom http://company2.com/customer/123456 inwaysthatadecontextualizedidentifierlike'123456'isnot. Togroundtheconceptintoalargerinformationsystemsframework,youcanthinkofaURLasa primarykeythatisnotspecifictoaparticulardatabase.Wecanmakereferencestoanitemviaits URLindozensofdifferentdatabases,documents,applications,etc.andknowthatwearereferringto thesamethingbecausewehaveauniquenameinaglobalcontext.Wewillusethispropertyin futurediscussionstodescribeandconnectRESTfulsystemstoothercontentandmetadata.

14 InfoQExplores:REST

ThenextaspectofURLsthatbearsdiscussionistheiruniversalapplicability.Wehaveacommon namingschemethatallowsustoidentify: documents(reports,blogs,announcements) data(results,instanceinformation,metadata) services(REST!) concepts(people,organizations,domainspecificterms)

Wedonotneedtocomeupwithadifferentmechanismtorefertoeachdifferentcategoryofthings. Acarefulapplicationofsomespecificguidelinesallowsustoblurthedistinctionsbetweenthese thingswhichbringsustothelastpointfornowaboutURLs.Notonlyarethesenamesusefulinorder torefertoinformationwecareabout,butsystemsthatreceivethesereferencescansimplyaskfor them.The'L'inURL(locator)givesusthecapacitytoresolvethething,notknowinganythingelse aboutit.Wecanusuallyinvokethesamebasicoperationsoneverythingwecanname.IssuingaGET requesttoaURLrepresentingadocument,somedata,aservicetoproducethatdataoranabstract, nonnetworkaddressableconceptallworkfundamentallythesameway.Forthosethingswehave thepermissiontomanipulate,wecanalsocreate,modifyordeletethemusingsimilarmeans.

FreedomofForm
OurexperienceoftheWebhasbeensomewhatpassivewithrespecttotheshapeofinformation. Whenweclickonalink,weexpectthecontenttocomebackinaparticularform,usuallyHTML.That isfineformanytypesofinformation,butthearchitecturesupportsamuchmoreconversational styleallowingclientstorequestinformationinapreferredform. Tounderstandwhythisisuseful,consideracompany'ssalesreport.Itiseasytoimaginethisbeing usefultoexecutives,salespeople,otheremployees,clientsandinvestorsasanindicationofhowa companyisperforming.Apossiblenameforsuchareportcouldincludetheyearandthequarterin theURL: http://company1.com/report/sales/2009/qtr/3 WemightcontrastthiswithasalesreportforthemonthofMarch: http://company1.com/report/sales/2009/month/3 Botharegood,logicalnamesthatareunlikelytobreakovertime.Itisacompellingvisionthat peoplecouldsimplytypesuchaURLintoabrowserandgettheinformationtheyseekrenderedas HTML.Thereportscouldbebookmarked,emailed,linkedto,etc.;allthethingsweloveaboutthe Web. Theproblemisthattheinformationislockedintoitsrenderedform(untilweintroducetechnologies likeGRDDLandRDFalaterinthisseries!).Weusedtotrytoscrapecontentfrompages,butgaveup indisgust.Asthepagelayoutchanges,ourscriptsbreak.

15 InfoQExplores:REST

Ifyouwereaprogrammerforthiscompanyandwantedtogettotheinformationdirectly,youmight liketorequestitasXML.Youcouldgetbackraw,structureddatathatyoucouldvalidateagainsta schema.HTTPandRESTmakethistrivialaslongastheserverknowshowtorespond.Bypassingin an"Accept:application/xml"headertoyourrequest,youcouldindicateapreference(or requirement)forXML.Onsuccess,youwillgetbackabytestreamwithaMIMEtypeindicatingthat yourrequesthasbeenhonored.Onfailure,theserverwillindicateviaa406Errorthatitcannothelp you.Inthatcase,youmightwanttocontactthedepartmentresponsibleforthisinformationand requesttheyaddthesupportyouneed;somethingtheycandowithoutbreakinganyexistingclients. Ifyouwereabusinessanalyst,youmightthinkthatXMLhassharppointsandcanhurtyou,soyou mightliketorequestitbackasaspreadsheet,aformatthatiseasilyincorporatedintoyourexisting workflows,toolsandprocesses. Thepointisthatthelogicalnameforthereportiseasilyconvertedintovariousformsatthepointit isrequested.Itisequallyeasytorunsystemsthatacceptmodificationsbackinthevariousforms. Theclienthasnovisibilityintohowtheinformationisactuallystored,theyjustknowthatitworks forthem.ThisfreedomiswhollyunderusedbypeoplebuildingRESTfulsystems.Whentheystandup aserviceanddecidethattheywillonlyreturnXML,theymissthepotentialvalueRESThastoan organization. Becausemanydevelopersareeitherunawareofcontentnegotiationorfinditdifficulttotestina browser,theydefinedifferentURLsforthedifferentformats: http://company1.com/report/sales/2009/qtr/3/report.html http://company1.com/report/sales/2009/qtr/3/report.xml http://company1.com/report/sales/2009/qtr/3/report.xls Thisdeveloperconveniencebecomesalimitationonceyouescapetheconfinesofaparticularuse.In essence,wenowhavethreeinformationresources,notonethatcanberenderedindifferentforms. Notonlydoesthisforktheidentityintheglobalcontext,italsoprematurelycommitsotherclientsto aparticularform.IfyoupassareferencetoaURLaspartofaworkflowororchestrationyouare robbingtheupstreamclientsfromthefreedomtochoosetheformofthedata. ThereareseveralwaystotestaproperRESTfulservicewithoutusingabrowser,forexample: curl -H "Accept: application/xml" -O http://company1.com/report/sales/2009/qtr/3 usingthepopularcurlprogram.AnyreasonableHTTPclientwillprovidesimilarcapabilities. Thebenefitsofsupportingarichecosystemofnegotiabledataformsmaynotbeimmediately obvious,butonceyouwrapyourheadaroundit,youwillseeitasalinchpintowardlonglived, flexiblesystemsthatfavortheclient,notthedeveloper.

16 InfoQExplores:REST

LogicallyConnected,LateBindingSystems
Onceyoucommittogood,logicalnamesforyourinformationresources,youwilldiscoversome additionalbenefitsthatfalloutofthesedecisions.Namedreferencescansafelyandefficientlybe passedbackasresultswithoutreturningactualdata.Thishasstrongimplicationsforlargeand sensitivedatasets,butitalsomakespossibletechnicalandarchitecturalmigration. ForthesamereasonspointersareusefulinlanguageslikeCandC++,URLsasreferencestodataare morecompactandefficienttohandofftopotentialconsumersofinformation.Largedatasetssuch asfinancialtransactions,satelliteimagery,etc.canbereferencedinworkflowswithoutrequiringall participantstosuffertheburdenofhandlingthelargecontentvolume. Anyorchestrationthattouchesactualdatamustconsiderthesecurityimplicationsofpassingitonto othersystems.Itquicklybecomesuntenabletoprovideperfectknowledgeofwhoisallowedtodo whatateverystepofaprocess.Ifareferenceispassedfromsteptostep,itisuptotheinformation sourcetoenforceaccess.Somestepsmaynotrequireaccesstothesensitiveinformationandcould thereforebeexcludedfromreceivingitwhentheyresolvethereference. Thismeansthelatebindingresolutioncanfactorinthefullcontextoftherequest.Aparticularuser accessingaresourcefromoneapplicationmighthaveabusinessneedtoseesensitiveinformation. Thesamepersonusingadifferentapplicationmightnothaveabusinessjustificationtothesame data.ARESTfulservicecouldinspectsessiontokensandtheliketoenforcethisaccesspolicy declaratively.Thislevelofspecificityisrequiredtopreventinternalfraud,oftenthebiggestriskin systemsthatdealwithsensitivecontent.Thedetailsofsuchasystemaregoingtobe implementationspecificandarelargelyorthogonaltotheprocessofnamingandresolving logicallynamedcontent. Dependencyonalogicalconnectionallowsclientstobeprotectedagainstimplementationchanges. Whenpopularwebsitesshiftfromonetechnologytoanother,theyareusuallysuccessfulathiding thesechangesfromtheirusers.RESTfulservicesdothesamething.Thisgivesusthefreedomto wraplegacysystemswithlogicalinterfacesandleavetheminplaceuntilthereisabusinessreasonto investinanewimplementation.Whenthathappens,clientscanbeprotectedfrombeingaffected. Inadditiontomediatingtechnologychanges,RESTfulsystemsallowyoutoembraceavariantof Postel'sLaw:BeConservativeinwhatyoudo;beLiberalinwhatyouacceptfromothers.Youcan maintainstrictcontentvalidationofwhatyouacceptandreturn.However,ifyouhaveanexisting clientbasethatisprovidingyoucontentinagivenform,youarefreetoallowotherclientsto providedifferentforms,differentschemas,etc.withoutaffectingtheexistingclients.Systemsthat closelyassociateacontractwithanendpointtendnottohavethisfreedomwhichmakesthemmore brittleandquicklyfragmented.

17 InfoQExplores:REST

HypertextAstheEngineofStateTransfer(HATEOS)
Assystemscomeacrossreferencestoinformationresources,manypeoplethinkthereneedstobe somesortofdescriptionlanguagetoindicatewhatispossibleorshouldbedonewithit.Thereality isthatawellconsideredRESTfulsystemusuallydoesnotrequirethisconcept.Thisisdifficultfor SOAPdeveloperstoaccept,butithastodowiththeconstraintsofthearchitecturalstyle.Because wetreatinformationresourcesasthingstomanipulatethroughauniforminterface(theURL!)and restrictoureffortstoasmallsetofverbs,therereallyisnoneedtodescribetheservice. Ifyoufindyourselfconfusedonthispoint,itisprobablyanarchitecturalsmellthatyouareconflating manipulatingresourceswithinvokingarbitrarybehavior.TheRESTverbsprovidethefullsetof operationstoapplytoaninformationresource.Certainly,youneedtoknowwhatinformationis beingreturnedsoyouknowhowtoprocessit,butthatiswhatMIMEtypesarefor.Whileitisusually preferabletoreuseknowntypes(application/xml,image/png,etc.),manydevelopersdonotrealize thattheycancreatetheirownapplicationspecificdatatypesifnecessary. Inthelargerarcofthisarticleseries,wewilladdresstheproblemsoffindingandbindingarbitrary resourcesusingrichmetadata.Fornow,wewillsimplykeepinmindRoy'sunderscoringofthe importanceof"hypertextastheengineofstatetransfer"(obliquelyreferredtoas"HATEOS"by RESTafarians).Thisisperhapsthemostmisunderstoodportionofthethesis.Togetitsfullimplication, weneedtorevisithowtheWebworks. YoutypeaURLintothebrowseranditissuesanHTTPGETrequestforthatresource.Invariably,the serverrespondswithabytestream,aresponsecode(usually200onsuccess)andaMIMEtype indicatingthattheresponseisHTML.Thebrowserdecidesitknowshowtohandlethistypeand parsestheresultintoadocumentmodelofsomesort.Withinthatmodel,itfindsreferencestoother resources:links,images,scripts,stylesheets,etc.Ittreatseachonedifferently,butitdiscoversthem intheprocessofresolvingtheoriginalresource.Thereisnoservicedescription;thebrowser,asa client,simplyknowshowtoparsetheresult. ThesamemechanismshouldbeemployedforRESTfulservices.TheURLsthemselvesshouldnotbe "magical".AclientshouldnotberequiredtoknowhowtoparseaURLorhaveanyspecial knowledgeofwhatonelevelinthehierarchymeansoveranotherone.RESTfulclientsshould retrievearesource,investigatethereturnedMIMEtypeandparsetheresult.Assuch,aclientshould knowhowtoparsethereturnedtype. Forexample,aclientmightreceiveareferencetothemainRESTfulserviceforthereportingservice wedescribedabove: http://company1.com/report/ Ifrequestedfromabrowser,itcouldreturnanHTMLdocumentthathasreferencesto: http://company1.com/report/sales whichtheusercouldclickthroughtofindalistofyearstobrowse.Thepointisthatthebrowserhas

18 InfoQExplores:REST

nospecialknowledgeoftheURLstructure,butitknowshowtoparsetheresultandpresentthe contenttotheuserinawayshecanexplore. ThesamecanbetrueofotherMIMEtyperesponses.Forexample,requestingthe2009quarterly reportsasXML: http://company1.com/reports/sales/2009/qtr couldyield: <reports> <description>2009 Quarterly Reports</description> <report name="First Quarter" src="http://company1.com/reports/sales/2009/qtr/1"/> <report name="Second Quarter" src="http://company1.com/reports/sales/2009/qtr/2"/>

<report name="Third Quarter" src="http://company1.com/reports/sales/2009/qtr/3"/> </reports> YoucanthinkoftheURLasavectorthroughaninformationspace.Eachlevelpointsyoucloserto theultimateresource.Differentpathscanyieldthesameresults.Theclientwillhavetoknowhowto parsetheseresults,butbygivingtheresponseanidentifiabletype,wecantriggertheappropriate parser.Thestructurecanbespideredbydescendingthroughthereferences,orpresentedtoauser tobrowsethroughsomekindofinterface.ARESTfulinterfacebecomesawayforclientstoaskfor informationbasedonwhattheyknow.Theystartfromaknownordiscoveredpointandbrowsethe informationlikeyoubrowsetheWeb. ThisiswhatHATEOSrefersto.Theapplicationstateistransferredanddiscoveredwithinthe hypertextresponses.JustlikethebrowserneedstoknowaboutHTML,images,soundfiles,etc.,a RESTfulclientwillneedtoknowhowtoparsetheresultsofresolvingaresourcereference.However, theentireprocessissimple,constrained,scalableandflexibleexactlythepropertieswewantfrom anetworkedsoftwaresystem. Manypeoplebuild"RESTful"systemsthatrequiretheclientstoknowbeforehandwhateachlevelin aURLmeans.Shouldtheinformationgetreorganizedontheserverside,clientsofthosesystemswill break.ClientsthattrulyembodyHATEOSaremorelooselycoupledfromtheserversthey communicatewith.

19 InfoQExplores:REST

LookingForward
Westruggledailytosolvetheproblemsofrapidlychangingdomains,technologies,customer demandsandactionableknowledge.Wespendtoomuchtimewritingsoftwaretolinkwhatwelearn towhatweknow.Objectsanddatabaseshavenotkeptpacewiththechangesweexperience.We needanewwayoflookingattheinformationweproduceandconsumethatisextensibleandless fragilethanthesolutionsofthepast.Weneedtechnologytohelpusformconsensus.Weshouldnot havetoachieveconsensusintheformofcommonmodelsbeforewecanuseourtechnologies. Inthisarticle,wehaveintroducedtheseriesandhavebeguntolookathowRESTandWeb technologiescanserveasthebasisofanewinformationorientedarchitecture.Wehaveestablished anamingschemethatallowsustounifyreferencestoallmannerofcontent,servicesand documents.Clientscanleveragethefreedomtonegotiateinformationintotheformtheywant.As theyresolvereferences,theycandiscovernewcontentconnectedthroughnewrelationships. ThisarchitecturalstyleandthetechnologiessurroundingtheSemanticWebcombinenicelytocreate powerful,scalable,flexiblesoftwaresystems.TheircapacitytocreateWebsofDatawillhaveas muchimpactonourlivesastheWebhasalreadyhad.Thiswillbeaninformationsystemsrevolution thatwillturnmuchofwhatweknowonitshead.Itwillnotonlyreducethecostofdataintegration, butitwillenablenewbusinesscapabilitieswecanonlybegintoimagine. Wearemovingintoaworldwhereinformationcanbeconnectedandusedregardlessofwhetherit iscontainedindocuments,databasesorisreturnedastheresultsofaRESTfulservice.Wewillbe abletodiscovercontentandconnectittowhatwealreadyknow.Wewillbeabletosurfacethedata currentlyhiddenbehinddatabases,spreadsheets,reportsandothersilos.Notonlywillwegain accesstothisinformation,wewillbeabletoconsumeitinthewayswewantto. Thisisoneofthemain,modestgoalsoftheSemanticWeb.Achievingit,aswearenowabletodo,is startingtochangeeverything. Link:http://www.infoq.com/articles/roarestofrest RelatedContents JavaOneSemanticWebPanel CoolURIsinaRESTfulWorld AComparativeClarification:Microformatsvs.RDF TheSemanticWebandOntologicalTechnologiesContinuetoExpand SPARQLUpdatetoCompleteRESTfulSOAScenario

20 InfoQExplores:REST

Articles

RESTfulHTTPinpractice
Author:GregorRoth ThisarticlegivesashortoverviewaboutthebasicsofRESTfulHTTPanddiscussestypicalissues thatdevelopersfacewhentheydesignRESTfulHTTPapplications.ItshowshowtoapplytheREST architecturestyleinpractice.ItdescribescommonlyusedapproachestonameURIs,discusseshow tointeractwithresourcesthroughtheUniforminterface,whentousePUTorPOSTandhowto supportnonCRUDoperations. RESTisastyle,notastandard.ThereisneitheraRESTRFC,noraRESTprotocolspecificationnor somethingsimilar.TheRESTarchitecturestylehasbeendescribedinthedissertationofRoyFielding, oneoftheprincipalauthorsoftheHTTPandURIspecification.AnarchitecturestylesuchasREST definesasetofhighlevelarchitecturesdecisionswhichisimplementedbyanapplication. Applicationswhichimplementadedicatedarchitecturestylewillusethesamepatternsandother architecturalelementssuchascachingordistributionstrategiesinthesameway.RoyFielding describedRESTasanarchitecturestylewhichattemptstominimizelatencyandnetwork communication,whileatthesametimemaximizingtheindependenceandscalabilityofcomponent implementations" EventhoughRESTisheavilyinfluencedbytheWebTechnology,intheorytheRESTarchitecturestyle isnotboundtoHTTP.However,HTTPistheonlyrelevantinstanceoftheREST.Forthisreasonthis articledescribesRESTimplementedbyusingHTTP.OftenthisiscalledRESTfulHTTP. TheideabehindRESTfulHTTPistousetheexistingfeaturesandcapabilitiesoftheWEB.RESTdoes notinventnewtechnologies,componentsorservices.RESTfulHTTPdefinestheprinciplesand constrainstousetheexistingWEBStandardsinabetterway.

Resources
ResourcesarethekeyabstractionsinREST.Theyaretheremoteaccessibleobjectsoftheapplication. Aresourceisaunitofidentification.Everythingthatmightbeaccessedorbemanipulatedremotely couldbearesource.Resourcescanbestatic,whichmeansthestateoftheresourcewillnotchange overthetime.Ontheothersideotherresourcescanhaveahighdegreeofvarianceintheirstate overtime.Bothtypesofresourcesarevaildtypes. Forinstance,theclasses,showninFigure1,couldeasilybemappedtosuchresources.Mapping

21 InfoQExplores:REST

entityclassessuchasHotelorRoomtoresourceswillnotbeverycomprehensibleforobjectoriented designers.Thesameistrueformappingcontrolclasseswhichrepresentcoordination,transactions, orcontrolofotherclasses.

Figure1:Exampleanalysismodel Theanalysismodelisagoodstartingpointforidentifyingresources.However,thereisnot necessarilyaonetoonemapping.Forinstance,the<Hotel>.listOccupancy()operationcanalsobe modelledasresources.Furthermoretherecouldalsoberesourceswhichrepresents(partsof)some entities.Theprimarydriversoftheresourcedesignarenetworkingaspectsandnottheobject model. Anyimportantresourceisreachablethroughauniqueidentifier.RESTfulHTTPusesURIstoidentify resources.URIsareprovidingidentificationthatiscommonacrosstheWeb.Theycontaineverything theclientneedstointeractwiththereferredresource. HowtonameResourceIdentifiers? EventhoughRESTfulHTTPdoesnotspecifyhowaURIpathhavetobestructured,inpracticeoften specificnamingschemasfortheURIpathisused.URInamingschemashelptodebugandtrace applications.OftenaURIcontainstheresourcetypenamefollowedbyanidentifiertoaddressa dedicatedresource.SuchaURIwillnotcontainverbswhichindicateabusinessoperationtoprocess. Itisonlyusedtoaddressresources.Figure(a1)showsanexampleURIofaHotelresource. AlternativelythesameHotelcanbeaccessedbyURI(a2).Aresourcecanbereferedbymorethan oneURI. (a1) http://localhost/hotel/656bcee2-28d2-404b-891b (a2) http://127.0.0.1/hotel/656bcee2-28d2-404b-891b (b) http://localhost/hotel/656bcee2-28d2-404b-891b/Room/4 (c) http://localhost/hotel/656bcee2-28d2-404b-891b/Reservation/15 (d) http://localhost/hotel/656bcee2-28d2-404b-891b/Room/4/Reservation/15

22 InfoQExplores:REST

(e) http://localhost/hotel/656bcee2-28d2-404b-891b/Room/4/Reservation/15 v7 (f) http://localhost/hotel/656bcee2-28d2-404b-891bv12 Figure2:Examplesofaddressingresources URIscanalsobeusedbyresourcestoestablishrelationshipsbetweenresourcerepresentations.For instanceaHotelrepresentationwillrefertheassignedRoomresourcesbyusingaURI,notbyusinga plainRoomid.UsingaplainidwouldforcethecallertoconstructaURIbyaccessingtheresource. Thecallerwouldnotbeabletoaccesstheresourcewithoutadditionalcontextknowledgesuchas thehostnameorthebaseURIpath. Hyperlinksareusedbyclientstonavigatethroughtheresources.RESTfulAPIsarehypertextdriven, whichmeansbygettingaHotelrepresentationtheclientwillbeabletonavigatetotheassigned RoomrepresentationsandtheassignedReservationrepresentations. Inpractice,classessuchasshowninfigure1willoftenbemappedinthesenseofbusinessobjects. ThismeanstheURIstayspersistentthroughoutthelifecycleofthebusinessobject.Ifannew resourceiscreated,anewURIwillbeallocated.AfterdeletingtheresourcetheURIbecomesinvalid. TheURI(a),(b),(c)and(d)areexamplesofsuchidentifiers.OntheothersideaURIcanalsobeused toreferringobjectsnapshots.ForinstancetheURI(e)and(f)wouldrefersuchasnapshotby includingaversionidentifierwithintheURI. URIscanalsoaddresses"sub"resourcesasshowninexample(b),(c),(d)and(e).Oftenaggregated objectswillbemappedtosubresourcessuchastheRoomwhichisaggregatedbytheHotel. Aggregatedobjectsdonothavetheirownlifecycleandiftheparentobjectisdeleted,allaggregated objectswillalsobedeleted. However,ifasub"resourcecanbemovedfromoneparentresourcetoanotheroneitshouldnot includetheparentresourceidentifierwithintheURI.ForinstancetheReservation,showninFigure1 canbeassignedtoanotherRoom.AReservationresourceURIwhichcontainstheRoomidentifier suchasshownin(d)willbecomeinvalid,iftheRoominstanceidentifierchanges.Ifsucha ReservationURIisreferredbyanotherresource,thiswillbeaproblem.ToavoidinvalidURIsthe Reservationcouldbeaddressedsuchasshownin(c). NormallytheresourceURIsarecontrolledbytheserver.Theclientsdonothavetounderstandthe resourceURInamespacestructuretoaccesstheresource.ForinstanceusingtheURIstructure(c)or theURIstructure(d)willhavethesameeffectsfortheclient.

UniformResourceinterface
TosimplifytheoverallsystemarchitecturetheRESTarchitecturestyleincludestheconceptofa UniformInterface.TheUniformInterfaceconsistsofaconstrainedsetofwelldefinedoperationsto accessandmanipulateresources.Thesameinterfaceisusedregardlessoftheresource.Iftheclient

23 InfoQExplores:REST

interactswithaHotelresource,aRoomresourceoraCreditScoreresourcetheinterfacewillbethe same.TheUniformInterfaceisindependenttotheresourceURI.NoIDLlikefilesarerequired describingtheavailablemethods. TheinterfaceofRESTfulHTTPiswidelyusedandverypopular.ItconsistsofthestandardHTTP methodssuchasGET,PUTorPOSTwhichisusedbyinternetbrowserstoretrievepagesandtosend data.UnfortunatelyalotofdevelopersbelieveimplementingaRESTfulapplicationjustmeanstouse HTTPinadirectway,whichitisnot.ForinstancetheHTTPmethodshavetobeimplemented accordingtotheHTTPspecification.UsingaGETmethodtocreateortomodifyobjectsviolatesthe HTTPspecification. UniformInterfaceapplied Fielding'sdissertationdoesnotincludeatable,alistorsomethingelsewhichdescribesindetail whenandhowtousethedifferentHTTPverbs.ForthemostmethodssuchasGETorDELETEit becomesclearbyreadingtheHTTPspecification.ThisisnottrueforPOSTandpartialupdates.In practicedifferentapproachesexiststoperformpartialupdatesonresourceswhichwillbediscussed below. Table1listthetypicalusageofthemostimportantmethodsGET,DELETE,PUTandPOST Important Methods TypicalUsage TypicalStatusCodes 200(OK)therepresentationissentinthe response 204(nocontent)theresourcehasanempty representation 301(MovedPermanently)theresourceURIhas beenupdated retrievea representation GET retrievea representationif modified(caching) 303(SeeOther)e.g.loadbalancing 304(notmodified)theresourcehasnotbeen modified(caching) 400(badrequest)indicatesabadrequest(e.g. wrongparameter) 404(notfound)theresourcedoesnotexits 406(notacceptable)theserverdoesnotsupport therequiredrepresentation 500(internalservererror)genericerrorresponse yes yes Safe? tent
Idempo

24 InfoQExplores:REST

Important Methods

TypicalUsage

TypicalStatusCodes 503(ServiceUnavailable)Theserveriscurrently unabletohandletherequest 200(OK)theresourcehasbeendeleted 301(MovedPermanently)theresourceURIhas beenupdated 303(SeeOther)e.g.loadbalancing

Safe? tent

Idempo

DELETE

deletetheresource

400(badrequest)indicatesabadrequest 404(notfound)theresourcedoesnotexits 409(conflict)generalconflict 500(internalservererror)genericerrorresponse 503(ServiceUnavailable)Theserveriscurrently unabletohandletherequest 200(OK)ifanexistingresourcehasbeenupdated 201(created)ifanewresourceiscreated 301(MovedPermanently)theresourceURIhas beenupdated 303(SeeOther)e.g.loadbalancing

no

yes

PUT

createaresourcewith 400(badrequest)indicatesabadrequest clientsidemanaged 404(notfound)theresourcedoesnotexits instanceid 406(notacceptable)theserverdoesnotsupport updatearesourceby therequiredrepresentation no replacing 409(conflict)generalconflict updatearesourceby replacingifnotmodified 412(PreconditionFailed)e.g.conflictby (optimisticlocking) performingconditionalupdate 415(unsupportedmediatype)received representationisnotsupported 500(internalservererror)genericerrorresponse 503(ServiceUnavailable)Theserveriscurrently unabletohandletherequest

yes

createaresourcewith 200(OK)ifanexistingresourcehasbeenupdated serversidemanaged 201(created)ifanewresourceiscreated

25 InfoQExplores:REST

Important Methods POST

TypicalUsage

TypicalStatusCodes 202(accepted)acceptedforprocessingbutnot beencompleted(Asyncprocessing)

Safe? tent no

Idempo

(autogenerated) instanceid

createasubresource 301(MovedPermanently)theresourceURIhas beenupdated partialupdateofa 303(SeeOther)e.g.loadbalancing resource 400(badrequest)indicatesabadrequest no partialupdatea 404(notfound)theresourcedoesnotexits resourceifnotmodified 406(notacceptable)theserverdoesnotsupport (optimisticlocking) therequiredrepresentation 409(conflict)generalconflict 412(PreconditionFailed)e.g.conflictby performingconditionalupdate 415(unsupportedmediatype)received representationisnotsupported 500(internalservererror)genericerrorresponse 503(ServiceUnavailable)Theserveriscurrently unabletohandletherequest Table1:ExampleofaUniformInterface

Representations
Resourceswillalwaysbemanipulatedthroughrepresentations.Aresourcewillneverbetransmitted overthenetwork.Insteadrepresentationsofaresourcearetransmitted.Arepresentationconsistsof dataandmetadatadescribingthedata.ForinstancetheContentTypeheaderofaHTTPmessageis suchametadataattribute. Figure3showshowtoretrievearepresentationbyusingJava.ThisexampleusestheHttpClientof theJavaHTTPlibraryxLightwebwhichismaintainedbytheauthor. HttpClient httpClient = new HttpClient();

IHttpRequest request = new GetRequest(centralHotelURI); IHttpResponse response = httpClient.call(request); Figure3:Javaexampletoretrievearepresentation ByperformingtheHTTPclient'scallmethod,anhttprequestwillbesent,whichrequestsa

26 InfoQExplores:REST

representationoftheHotelresource.Thereturnedrepresentation,showninFigure4,alsoincludesa ContentTypeheaderwhichindicatesthemediatypeoftheentitybody. REQUEST: GET /hotel/656bcee2-28d2-404b-891b HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6

RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 277 Content-Type: application/x-www-form-urlencoded

classification=Comfort&name=Central&RoomURI=http%3A%2F%2Flocalhost%2 Fhotel%2F 656bcee2-28d2-404b-891b%2FRoom%2F2&RoomURI=http%3A%2F%2Flocalhost%2F hotel%2F6 56bcee2-28d2-404b-891b%2FRoom%2F1 Figure4:RESTfulHTTPinteraction Howtosupportspecificrepresentations? Sometimesonlyareducedsetofattributesshouldbereceivedtoavoidtransferringlargedatasets. Inpractice,oneapproachtodeterminetheattributesofarepresentationistosupportaddressing specificattributesasshowninfigure5. REQUEST: GET /hotel/656bcee2-28d2-404b-891b/classification HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded

RESPONSE:

27 InfoQExplores:REST

HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 26 Content-Type: application/x-www-form-urlencoded; charset=utf-8

classification=Comfort Figure5:Attributefiltering TheGETcall,showninfigure5,requestsonlyoneattribute.Torequestmorethanoneattributethe requiredattributescouldbeseparatedbyusingacommaasshowninfigure6. REQUEST: GET /hotel/656bcee2-28d2-404b-891b/classification,name HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded

RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 43 Content-Type: application/x-www-form-urlencoded; charset=utf-8

classification=Comfort&name=Central Figure6:Multiattributefiltering Anotherwaytodeterminetherequiredattributesistouseaqueryparameterwhichliststhe requiredattributesasshowninfigure7.Queryparameterwillalsobeusedtodefinequery conditionsormorecomplexfilterorquerycriteria. REQUEST: GET /hotel/656bcee2-28d2-404b-891b?reqAttr=classification&reqAttr=name HTTP/1.1 Host: localhost

28 InfoQExplores:REST

User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded

RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 43 Content-Type: application/x-www-form-urlencoded; charset=utf-8

classification=Comfort&name=Central Figure7:QueryString Intheexamplesabovetheserveralwaysreturnsarepresentationwhichisencodedbythemedia typeapplication/xwwwformurlencoded.Essentiallythismediatypeencodesanentityasalistof keyvaluepairs.Thekeyvalueapproachisveryeasytounderstand.Unfortunatelyitwillnotfitwell, ifmorecomplexdatastructureshavetobeencoded.Furthermorethismediatypedoesnotsupport abindingofscalardatatypessuchasInteger,BooleanorDate.ForthisreasonoftenXML,JSONor Atomisusedtorepresentresources(JSONalsodoesnotdefinethebindingoftheDatetype). HttpClient httpClient = new HttpClient();

IHttpRequest request = new GetRequest(centralHotelURI); request.setHeader("Accept", "application/json");

IHttpResponse response = httpClient.call(request);

String jsonString = response.getBlockingBody().readString(); JSONObject jsonObject = (JSONObject) JSONSerializer.toJSON(jsonString); HotelHotel= (Hotel) JSONObject.toBean(jsonObject, Hotel.class); Figure8:RequestingaJSONrepresentation Bysettingtherequestacceptheader,theclientisabletorequestforaspecificrepresentation encoding.Figure8showshowtorequestarepresentationofthemediatypeapplication/json.The returnedresponsemessageshowninfigure9willbemappedtoaHotelbeanbyusingthelibrary

29 InfoQExplores:REST

JSONlib. REQUEST: GET /hotel/656bcee2-28d2-404b-891b HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/json

RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 263 Content-Type: application/json; charset=utf-8

{"classification":"Comfort", "name":"Central", "RoomURI":["http://localhost/hotel/656bcee2-28d2-404b-891b/Room/1", "http://localhost/hotel/656bcee2-28d2-404b-891b/Room/2"]} Figure9:JSONrepresentation Howtosignalerrors? Whathappensiftheserverdoesnotsupporttherequiredrepresentation?Figure10showsaHTTP interactionwhichrequestsforaXMLrepresentationoftheresource.Iftheserverdoesnotsupport therequiredrepresentation,itwillreturnaHTTP406responseindicatingtorefusetoservicethe request. REQUEST: GET /hotel/656bcee2-28d2-404b-891b HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: text/xml

RESPONSE:

30 InfoQExplores:REST

HTTP/1.1 406 No match for accept header Server: xLightweb/2.6 Content-Length: 1468 Content-Type: text/html; charset=iso-8859-1

<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/> <title>Error 406 No match for accept header</title> </head> <body> <h2>HTTP ERROR: 406</h2><pre>No match for accept header</pre> ... </body> </html> Figure10:Unsupportedrepresentation ARESTfulHTTPserverapplicationhastoreturnthestatuscodeaccordingtotheHTTPspecification. Thefirstdigitofthestatuscodeidentifiesthetypeoftheresult.1xxindicatesaprovisionalresponse, 2xxasuccessfulresponse,3xxaredirect,4xxaclienterrorand5xxaservererror.Misusingthe responsecodeoralwaysreturninga200response,whichcontainsanapplicationspecificresponsein thebodyisabadidea. Clientagentsandintermediariesalsoevaluatetheresponsecode.ForinstancexLightweb's HttpClientpoolspersistentHTTPconnectionsbydefault.AfteranHTTPinteractionapersistentHTTP connectionwillbereturnedintoaninternalpoolforreuse.Thiswillonlybedoneforhealthy connection.Forinstanceconnectionswillnotbereturnedifa5xxstatuscodeisreceived. Sometimesspecificclientsrequireamoreprecisestatuscode.Oneapproachtodothisistoaddan XHeader,whichdetailstheHTTPstatuscodeasshowninfigure11. REQUEST: POST /Guest/ HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6

31 InfoQExplores:REST

Content-Length: 94 Content-Type: application/x-www-form-urlencoded

zip=30314&lastName=Gump&street=42+Plantation+Street&firstName=Forest &country=US& city=Baytown&state=LA

RESPONSE: HTTP/1.1 400 Bad Request Server: xLightweb/2.6 Content-Length: 55 Content-Type: text/plain; charset=utf-8 X-Enhanced-Status: BAD_ADDR_ZIP

AddressException: bad zip code 99566 Figure11:Enhancedstauscode Oftenthedetailederrorcodeisonlynecessarytodiagnoseprogrammingerrors.AlthoughaHTTP statuscodeisoftenlessexpressivethanadetailederrorcode,inmostcasestheyaresufficientfor theclienttohandletheerrorcorrectly.Anotherapproachistoincludethedetailederrorcodeinto theresponsebody

PUTtingorPOSTing?
IncontrasttopopularRPCapproachestheHTTPmethodsdonotonlyvaryinthemethodname. PropertiessuchasidempotencyorsafetyplayanimportantroleforHTTPmethods.Idempotency andsafetyvariesforthedifferentHTTPmethods. HttpClient httpClient = new HttpClient();

String[] params = new String[] { "firstName=Forest", "lastName=Gump", "street=42 Plantation Street", "zip=30314",

32 InfoQExplores:REST

"city=Baytown", "state=LA", "country=US"}; IHttpRequest request = new PutRequest(gumpURI, params); IHttpResponse response = httpClient.call(request); Figure12:PerformingaPUTmethod Forinstancefigure12and13showaPUTinteractiontocreateanewGuestresource.APUTmethod storestheenclosedresourceunderthesuppliedRequestURI.TheURIwillbedeterminedonthe clientside.IftheRequestURIreferstoanalreadyexistingresource,thisresourcewillbereplacedby thenewone.ForthisreasonthePUTmethodwillbeusedtocreateanewresourceaswellasto updateanexistingresource.However,byusingPUT,thecompletestateoftheresourcehastobe transferred.TheupdaterequesttosetthezipfieldhastoincludeallotherfieldsoftheGuest resourcesuchasfirstNameorcity. REQUEST: PUT Hotel/guest/bc45-9aa3-3f22d HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Content-Length: 94 Content-Type: application/x-www-form-urlencoded

zip=30314&lastName=Gump&street=42+Plantation+Street&firstName=Forest &country=US& city=Baytown&state=LA

RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 36 Content-Type: text/plain; charset=utf-8 Location: http://localhost/guest/bc45-9aa3-3f22d

33 InfoQExplores:REST

Theguestresourcehasbeenupdated. Figure13:HTTPPUTinteraction ThePUTmethodisidempotent.Anidempotentmethodmeansthattheresultofasuccessful performedrequestisindependentofthenumberoftimesitisexecuted.Forinstanceyoucan executeaPUTmethodtoupdatetheHotelresourceasmanytimesasyoulike,theresultofa successfulexecutionwillalwaysbethesame.IftwoPUTmethodsoccursimultaneously,oneofthem willwinanddeterminethefinalstateoftheresource.TheDELETEmethodisalsoidempotent.Ifa PUTmethodoccursconcurrentlytoaDELETEmethod,theresourcedwillbeupdatedordeleted,but nothinginbetween. IfyouarenotsureiftheexecutionofaPUTorDELETEwassuccessfulandyoudidnotgetastatus codesuchas409(Conflict)or417(ExpectationFailed),reexecuteit.Noadditionalreliability protocolsarenecessarytoavoidduplicatedrequest.Ingeneraladuplicatedrequestdoesnotmatter. ThisisnottrueforthePOSTmethod,becausethePOSTmethodisnotidempotent.Takecareby executingthesamePOSTmethodtwice.Themissingidempotencyisthereasonwhyabrowser alwayspopsupawarningdialogwhenyouretryaPOSTrequest.ThePOSTmethodwillbeusedto createaresourcewithoutdetermininganinstancespecificidontheclientside.Forinstancefigure 14showsaHTTPinteractiontocreateaHotelresourcebyperformingaPOSTmethod.Typicallythe clientsendsthePOSTrequestbyusingaURIwhichcontainstheURIbasepathandtheresourcetype name. REQUEST: POST /HotelHTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Content-Length: 35 Content-Type: application/x-www-form-urlencoded; charset=utf-8 Accept: text/plain

classification=Comfort&name=Central

RESPONSE: HTTP/1.1 201 Created Server: xLightweb/2.6 Content-Length: 40

34 InfoQExplores:REST

Content-Type: text/plain; charset=utf-8 Location: http://localhost/hotel/656bcee2-28d2-404b-891b theHotelresourcehasbeencreated Figure14:HTTPPOSTinteraction(create) OftenthePOSTmethodwillalsobeusedtoupdatepartsoftheresource.ForinstancesendingaPUT requestswhichcontainsonlytheclassificationtoupdatetheHotelresourceviolatesHTTP.Thisisnot trueforthePOSTmethod.ThePOSTmethodisneitheridempotentnorsafe.Figure15showssucha partialupdatebyusingaPOSTmethod. REQUEST: POST /hotel/0ae526f0-9c3d HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Content-Length: 19 Content-Type: application/x-www-form-urlencoded; charset=utf-8 Accept: text/plain

classification=First+Class

RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 52 Content-Type: text/plain; charset=utf-8 theHotelresourcehasbeenupdated(classification) Figure15:HTTPPOSTinteraction(update) PartialupdatecanalsobeperformedbyusingthePATCHmethod.ThePATCHmethodisaspecialized methodtoapplypartialmodificationstoaresource.APATCHrequestincludesapatchdocument whichwillbeappliedtotheresourceidentifiedbytheRequestURI.However,thePATCHRFCisin draft.

35 InfoQExplores:REST

UsingHTTPcaching
ToimprovethescalabilityandtoreducetheserverloadRESTfulHTTPapplicationscanmakeuseof theWEBInfrastructurecachingfeatures.HTTPrecognizescachingasanintegralpartoftheWEB infrastructure.ForinstancetheHTTPprotocoldefinesspecificmessageheaderstosupportcaching.If theserversetssuchheaders,clientssuchasHTTPclientsorWebcachingproxieswillbeableto supportefficientcachingstrategies. HttpClient httpClient = new HttpClient(); httpClient.setCacheMaxSizeKB(500000);

IHttpRequest request = new GetRequest(centralHotelURI + "/classification"); request.setHeader("Accept", "text/plain");

IHttpResponse response = httpClient.call(request); String classification = response.getBlockingBody.readString();

// ... sometime later re-execute the request response = httpClient.call(request); classification = response.getBlockingBody.readString(); Figure16:Clientsidecachinginteraction Forinstancefigure16showsarepeatedGETcall.Bysettingthecachemaxsizelargerthan0the cachingsupportoftheHttpClientisactivated.Iftheresponsecontainsfreshnessheaderssuchas ExpiresorCacheControl:maxage,theresponsewillbecachedbytheHttpClient.Theseheaderstell howlongtheassociatedrepresentationisfreshfor.Ifthesamerequestisperformedwithinthis periodoftime,theHttpClientwillservetherequestusingthecacheandavoidarepeatednetwork call.Onthenetwork,showninfigure17,onlyoneHTTPinteractionintotaloccurs.Caching intermediariessuchasWEBproxiesimplementthesamebehaviour.Inthiscasethecachecanbe sharedbetweendifferentclients. REQUEST: GET /hotel/656bcee2-28d2-404b-891b/classification HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6

36 InfoQExplores:REST

Accept: text/plain

RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Cache-Control: public, max-age=60 Content-Length: 26 Content-Type: text/plain; charset=utf-8 comfort Figure17:HTTPresponseincludinganexpireheader Theexpirationmodelworksverywellforstaticresources.Unfortunately,thisisnottruefordynamic resourceswherechangesinresourcestateoccurfrequentlyandunpredictably.HTTPsupports cachingdynamicresourcesbyvalidationheaderssuchasLastModifiedandETag.Incontrasttothe expirationmodel,thevalidationmodeldonotsaveanetworkrequest.However,executinga conditionalGETcansafeexpensiveoperationstogenerateandtransmitaresponsebody.The conditionalGETshowninfigure18(2.request)containsanadditionalLastModifiedheaderwhich holdsthelastmodifieddateofthecachedresponse.Iftheresourceisnotchanged,theserverwill replywitha304(NotModified)response. 1. REQUEST: GET /hotel/656bcee2-28d2-404b-891b/Reservation/1 HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded

1. RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 252 Content-Type: application/x-www-form-urlencoded Last-Modified: Mon, 01 Jun 2009 08:56:18 GMT

37 InfoQExplores:REST

from=2009-06-01T09%3A49%3A09.718&to=2009-06-05T09%3A49%3A09.718&gues tURI= http%3A%2F%2Flocalhost%2Fguest%2Fbc45-9aa3-3f22d&RoomURI=http%3A%2F% 2F localhost%2Fhotel%2F656bcee2-28d2-404b-891b%2FRoom%2F1

2. REQUEST: GET /hotel/0ae526f0-9c3d/Reservation/1 HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded If-Modified-Since: Mon, 01 Jun 2009 08:56:18 GMT

2. RESPONSE: HTTP/1.1 304 Not Modified Server: xLightweb/2.6 Last-Modified: Mon, 01 Jun 2009 08:56:18 GMT Figure18:Validationbasedcaching

Donotstoreapplicationstateontheserverside
ARESTfulHTTPinteractionhastobestateless.Thismeanseachrequestcontainsallinformation whichisrequiredtoprocesstherequest.Theclientisresponsiblefortheapplicationstate.ARESTful serverdoesnothavetoretaintheapplicationstatebetweenrequests.TheServerisresponsiblefor theresourcestatenotfortheapplicationstate.Serversandintermediariesareabletounderstand therequestandresponseinisolation.Webcachingproxiesdohavealltheinformationtohandlethe messagescorrectlyandtomanagetheircaches. Thisstatelessapproachisafundamentalprincipletoimplementhighscalable,highavailable applications.Ingeneralstatelessnessenablesthateachclientrequestcanbeservedbydifferent servers.Aservercanbereplacedbyanotheroneforeachrequest.Astrafficincreases,newservers areadded.Ifaserverfails,itwillberemovefromthecluster.Foramoredetailedexplanationonload balancingandfailoverrefertothearticleServerloadbalancingarchitectures.

38 InfoQExplores:REST

SupportingnonCRUDoperations
OftendeveloperswonderhowtomapnonCRUD(CreateReadUpdateDelete)operationsto resources.ItisobviouslythatCreate,Read,UpdateandDeleteoperationswillmapverywellto resourcemethods.However,RESTfulHTTPisnotlimitedtoCRUDorientedapplications.

Figure19:RESTfulHTTPResources ForinstancethecreditScoreCheckclassshowninfigure19providesanonCRUDoperation creditScore(...)whichconsumesanaddress,calculatesthescoreandreturnsit.Suchanoperation canbeimplementedbyaCreditScoreResourcewhichrepresentstheresultofthecomputation. Figure20showstheGETcallwhichpassesovertheaddresstoprocessandretrievesthe CreditScoreResourcerepresentation.Thequeryparametersareusedtoidentifythe CreditScoreResource.TheGETmethodissafeandcacheablewhichfitsverywelltononfunctional behaviouroftheCreditScoreCheck'screditScore(...)method.Theresultofthescorecalculationcan becachedforaperiodoftime.Asshowninfigure20theresponseincludesacacheheadertoenable clientsandintermediariestocachetheresponse. REQUEST: GET /CreditScore/?zip=30314&lastName=Gump&street=42+Plantation+Street&

39 InfoQExplores:REST

firstName=Forest&country=US&city=Baytown&state=LA HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Accept: application/x-www-form-urlencoded

RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 31 Content-Type: application/x-www-form-urlencoded Cache-Control: public, no-transform, max-age=300 scorecard=Excellent&points=92 Figure20:NonCRUDHTTPGETinteraction ThisexamplealsoshowsthelimitoftheGETmethod.AlthoughtheHTTPspecificationdoesnot specifyanymaximumlengthofaURL,practicallimitsareimposedbyclients,intermediariesand servers.ForthisreasonsendingalargeentitybyusingaGETqueryparametercanfailcausedby intermediaryandserverswhichlimitstheURLlength. AnalternativesolutionisperformingaPOSTmethodwhichwillalsobecacheable,ifindicated.As showninfigure21firstaPOSTrequestwillbeperformedtocreateavirtualresource CreditScoreResource.Theinputaddressdataisencodedbythemimetypetext/card.After calculatingthescoretheserversendsa201(created)responsewhichincludestheURIofthecreated CreditScoreResource.ThePOSTresponseiscacheableifindicatedasshownintheexample.By performingaGETrequestthecreditscorewillbefetched.TheGETresponsealsoincludesacache controlheader.Iftheclientreexecutesthesetworequestsimmediately,allresponsescanbeserved bythecache. 1. REQUEST: POST /CreditScore/ HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6 Content-Length: 198 Content-Type: text/x-vcard

40 InfoQExplores:REST

Accept: application/x-www-form-urlencoded

BEGIN:VCARD VERSION:2.1 N:Gump;Forest;;;; FN:Forest Gump ADR;HOME:;;42 Plantation St.;Baytown;LA;30314;US LABEL;HOME;ENCODING=QUOTED-PRINTABLE:42 Plantation St.=0D=0A30314 Baytown=0D=0ALA US END:VCARD

1. RESPONSE: HTTP/1.1 201 Created Server: xLightweb/2.6 Cache-Control: public, no-transform, max-age=300 Content-Length: 40 Content-Type: text/plain; charset=utf-8 Location: http://localhost/CreditScore/l00000001-l0000005c

the credit score resource has been created

2. REQUEST: GET /CreditScore/l00000001-l0000005c HTTP/1.1 Host: localhost User-Agent: xLightweb/2.6

2. RESPONSE: HTTP/1.1 200 OK Server: xLightweb/2.6 Content-Length: 31

41 InfoQExplores:REST

Content-Type: application/x-www-form-urlencoded Cache-Control: public, no-transform, max-age=300 scorecard=Excellent&points=92 Figure21:NonCRUDHTTPPOSTinteraction Therearealsosomevariantsofthisapproach.Insteadofreturninga201responsea301(Moved Permanently)redirectresponsecouldbereturned.The301redirectresponseiscacheablebydefault. Anothervariantwhichavoidsasecondrequestistoaddtherepresentationofthenewlycreate CreditScoreResourcetothe201response.

Conclusion
MostSOAarchitecturessuchasSOAPorCORBAtrytomaptheclassmodel,suchasshowninFigure 1,moreorlessonetooneforremoteaccess.Typically,suchSOAarchitecturesarehighlyfocusedon transparentmappingofprogramminglanguageobjects.Themappingiseasytounderstandandvery traceable.Howeveraspectssuchasdistributionandscalabilityarereducedtoplayingasecondrole. Incontrast,themajordriveroftheRESTarchitecturestyleisdistributionandscalability.Thedesign ofaRESTfulHTTPinterfaceisdrivenbynetworkingaspects,notbylanguagebindingaspects.RESTful HTTPdoesnottrytoencapsulateaspects,whicharedifficulttohidesuchasnetworklatency, networkrobustnessornetworkbandwidth. RESTfulHTTPapplicationsusetheHTTPprotocolinadirectwaywithoutanyabstractionlayer.There arenoRESTspecificdatafieldsuchaserrorfieldsorsecuritytokenfields.RESTfulHTTPapplications willjustusethecapabilityoftheWEB.DesigningRESTfulHTTPinterfacesmeansthattheremote interfacedesignerhastothinkinHTTP.Oftenthisleadstoanadditionalstepwithinthedevelopment cycle. However,RESTfulHTTPallowsimplementingveryscalableandrobustapplications.Especially companieswhichprovidewebapplicationsforaverylargeusergroupsuchasWebMailingor SocialNetworkingapplicationscanbenefitfromtheRESTarchitecturestyle.Oftensuchapplications havetoscaleveryhighandveryfast.Furthermore,suchcompaniesoftenhavetoruntheir applicationonalowbudgetinfrastructurewhichisbuiltonwidelyusedstandardcomponentsand software.

Abouttheauthor
GregorRoth,creatorofthexLightwebHTTPlibrary,worksasasoftwarearchitectatUnitedInternet group,aleadingEuropeanInternetServiceProvidertowhichGMX,1&1,andWeb.debelong.His areasofinterestincludesoftwareandsystemarchitecture,enterprisearchitecturemanagement,

42 InfoQExplores:REST

objectorienteddesign,distributedcomputing,anddevelopmentmethodologies.

Literature
RoyFieldingArchitecturalStylesandtheDesignofNetworkbasedSoftwareArchitectures SteveVinoskiRESTEyefortheSOAGuy SteveVinoskiPresentation:SteveVinoskionREST,ReuseandSerendipity StefanTilkovABriefIntroductiontoREST WikipediaFallaciesofDistributedComputing GregorRothServerloadbalancingarchitectures GregorRothAsynchronousHTTPandCometarchitectures JSONlib xLightweb Link:http://www.infoq.com/articles/designingrestfulhttpappsroth RelatedContents 80legsIsaWebCrawlingService PracticalAdviceforSOAImplementers RPCanditsOffspring:Convenient,YetFundamentallyFlawed HTTPStatusReport BuildingScalableWebServices

43 InfoQExplores:REST

Articles

HowtoGETaCupofCoffee
Author:JimWebber,SavasParastatidis&IanRobinson Weareusedtobuildingdistributedsystemsontopoflargemiddlewareplatformslikethose implementingCORBA,theWebServicesprotocolsstack,J2EE,etc.Inthisarticle,wetakeadifferent approach,treatingtheprotocolsanddocumentformatsthatmaketheWebtickasanapplication platform,whichcanbeaccessedthroughlightweightmiddleware.WeshowcasetheroleoftheWeb inapplicationintegrationscenariosthroughasimplecustomerserviceinteractionscenario.Inthis article,weusetheWebasourprimarydesignphilosophytodistilandsharesomeofthethinkingin ourforthcomingbookGET/connectedWebbasedintegration(workingtitle).

Introduction
Theintegrationdomainasweknowitischanging.TheinfluenceoftheWebandthetrendtowards moreagilepracticesarechallengingournotionsofwhatconstitutesgoodintegration.Insteadof beingaspecialistactivityconductedinthevoidbetweensystemsorevenworse,anafterthought integrationisnowaneverydaypartofsuccessfulsolutions. Yet,theimpactoftheWebisstillwidelymisunderstoodandunderestimatedinenterprisecomputing. EventhosewhoareWebsavvyoftenstruggletounderstandthattheWebisn'taboutmiddleware solutionssupportingXMLoverHTTP,norisitacrudeRPCmechanism.Thisisashamebecausethe Webhasmuchmorevaluethansimplepointtopointconnectivity;itisinfactarobustintegration platform. Inthisarticlewe'llshowcasesomeinterestingusesoftheWeb,treatingitasapliantandrobust platformfordoingverycoolthingswithenterprisesystems.Andthereisnothingthattypifies enterprisesoftwaremorethanworkflows

WhyWorkflows?
Workflowsareastapleofenterprisecomputing,andhavebeenimplementedinmiddleware practicallyforever(atleastincomputingterms).Aworkflowstructuresworkintoanumberof discretestepsandtheeventsthatprompttransitionsbetweensteps.Theoverarchingbusiness processimplementedbyaworkflowoftenspansseveralenterpriseinformationsystems,making workflowsfertilegroundforintegrationwork.

44 InfoQExplores:REST

Starbucks:Standardgenericcoffeedeservesstandardgenericintegration
IftheWebistobeaviabletechnologyforenterprise(andwider)integration,ithastobeableto supportworkflowstoreliablycoordinatetheinteractionsbetweendisparatesystemstoimplement somelargerbusinesscapability. Todojusticetoarealworldworkflow,we'dnodoubthavetoaddressawealthoftechnicaland domainspecificdetails,whichwouldlikelyobscuretheaimofthisarticle,sowe'vechosenamore accessibledomaintoillustratehowWebbasedintegrationworks:GregorHohpe'sStarbuckscoffee shopworkflow.Inhispopularblogposting,GregordescribeshowStarbucksfunctionsasadecoupled revenuegeneratingpipeline:

Starbucks,likemostotherbusinessesisprimarilyinterestedinmaximizingthroughputof orders.Moreordersequalsmorerevenue.Asaresulttheyuseasynchronousprocessing. Whenyouplaceyourorderthecashiermarksacoffeecupwithyourorderandplacesitinto thequeue.Thequeueisquiteliterallyaqueueofcoffeecupslinedupontopoftheespresso machine.Thisqueuedecouplescashierandbaristaandallowsthecashiertokeeptaking ordersevenifthebaristaisbackedupforamoment.Itallowsthemtodeploymultiple baristasinaCompetingConsumerscenarioifthestoregetsbusy.

WhileGregorprefersEAItechniqueslikemessageorientedmiddlewaretomodelStarbucks,we'll modelthesamescenariousingWebresourcesaddressableentitiesthatsupportauniform interface.Infact,we'llshowhowWebtechniquescanbeusedwithallthedependabilityassociated withtraditionalEAItools,andhowtheWebismuchmorethanXMLmessagingovera request/responseprotocol! We'llapologiseinadvancefortakinglibertieswiththewayStarbucksworksbecauseourgoalhere isn'ttomodelStarbuckscompletelyaccurately,buttoillustrateworkflowswithWebbasedservices. Sowithbeliefdulysuspended,let'sjumpin. StatingtheObvious Sincewe'retalkingaboutworkflows,itmakessensetounderstandthestatesfromwhichour workflowsarecomposed,togetherwiththeeventsthattransitiontheworkflowsfromstatetostate. Inourexample,therearetwoworkflows,whichwe'vemodelledasstatemachines.Theseworkflows runconcurrently.OnemodelstheinteractionbetweenthecustomerandtheStarbucksserviceas showninFigure1theothercapturesthesetofactionsperformedbyabaristaasperFigure2. Inthecustomerworkflow,customersadvancetowardsthegoalofdrinkingsomecoffeeby interactingwiththeStarbucksservice.Aspartoftheworkflow,weassumethatthecustomerplaces anorder,pays,andthenwaitsfortheirdrink.Betweenplacingandpayingfortheorder,the customercanusuallyamenditby,forexample,askingforsemiskimmedmilktobeused.

45 InfoQExplores:REST

Figure1TheCustomerStateMachine Thebaristahashisorherownstatemachine,thoughit'snotvisibletothecustomer;it'sprivateto theservice'simplementation.AsshowninFigure2,thebaristaloopsaroundlookingforthenext ordertobemade,preparingthedrink,andtakingthepayment.Aninstanceoftheloopcanbegin whenanorderisaddedtothebarista'squeue.Theoutputsoftheworkflowareavailabletothe customerwhenthebaristafinishestheorderandreleasesthedrink.

Figure2TheBarista'sStateMachine AlthoughallofthismightseemamillionmilesawayfromWebbasedintegration,eachtransitionin ourtwostatemachinesrepresentsaninteractionwithaWebresource.Eachtransitionisthe combinationofaHTTPverbonaresourceviaitsURIcausingstatechanges.

Butwe'regettingaheadofourselves.ThinkingaboutstatemachinesandtheWebisn'teasyto swallowinonebiglump.Solet'srevisittheentirescenariofromthebeginning,lookatitinaWeb context,andproceedonestepatatime. TheCustomer'sViewpoint We'llbeginatthebeginning,withasimplestorycardthatkickstartsthewholeprocess:

GETandHEADarespecialcasessincetheydon'tcausestatetransitions.Insteadtheyallowus toinspectthecurrentstateofaresource.

46 InfoQExplores:REST

Thisstorycontainsanumberofusefulactorsandentities.Firstly,there'sthecustomeractor,whois theobviousconsumerofthe(implicit)Starbucksservice.Secondly,therearetwointerestingentities (coffeeandorder),andaninterestinginteraction(ordering),whichstartsourworkflow. TosubmitanordertoStarbucks,wesimplyPOSTarepresentationofanordertothewellknown StarbucksorderingURI,whichforourpurposeswillbehttp://starbucks.example.org/order.

Figure3Orderingacoffee Figure3showstheinteractiontoplaceanorderwithStarbucks.StarbucksusesanXMLdialectto represententitiesfromitsdomain;interestingly,thisdialectalsoallowsinformationtobeembedded sothatcustomerscanprogressthroughtheorderingprocessaswe'llseeshortly.Onthewirethe actofpostinglookssomethinglikeFigure4.

InthehumanWeb,consumersandservicesuseHTMLasarepresentationformat.HTMLhas itsownparticularsemantics,whichareunderstoodandadoptedbyallbrowsers:<a/>,for example,meansananchorthatlinkstoanotherdocumentortoabookmarkwithinthe samedocument.TheconsumerapplicationtheWebbrowsersimplyrenderstheHTML, andthestatemachine(that'syou!)followslinksusingGETandPOST.InWebbased

47 InfoQExplores:REST

integrationthesameoccurs,excepttheservicesandtheirconsumersnotonlyhavetoagree ontheinteractionprotocols,butalsoontheformatandsemanticsoftherepresentations.

Figure4POSTingadrinksorder TheStarbucksservicecreatesanorderresource,andthenrespondstotheconsumerwiththe locationofthisnewresourceintheLocationHTTPheader.Forconvenience,theservicealsoplaces therepresentationofthenewlycreatedorderresourceintheresponse.Theresponselooks somethinglike.

Figure5Ordercreated,awaitingpayment The201CreatedstatusindicatesthatStarbuckssuccessfullyacceptedtheorder.TheLocationheader givestheURIofthenewlycreatedorder.Therepresentationintheresponsebodycontains confirmationofwhatwasorderedalongwiththecost.Inaddition,thisrepresentationcontainsthe URIofaresourcewithwhichStarbucksexpectsustointeracttomakeforwardprogresswiththe customerworkflow;we'llusethisURIlater. NotethattheURIiscontainedina<next/>tag,notanHTML<a/>tag.<next/>isheremeaningfulin thecontextofthecustomerworkflow,thesemanticsofwhichhavebeenagreedapriori. We'vealreadyseenthatthe201Createdstatuscodeindicatesthesuccessfulcreationofaresource. We'llneedahandfulofotherusefulcodesbothforthisexampleandforWebbasedintegrationin general: 200OKThisiswhatweliketosee:everything'sfine;let'skeepgoing.201CreatedWe'vejust createdaresourceandeverything'sfine.

48 InfoQExplores:REST

202AcceptedTheservicehasacceptedourrequest,andinvitesustopollaURIintheLocation headerfortheresponse.Greatforasynchronousprocessing. 303SeeOtherWeneedtointeractwithadifferentresource.We'reprobablystillOK. 400BadRequestWeneedtoreformattherequestandresubmitit. 404NotFoundTheserviceisfartoolazy(orsecure)togiveusarealreasonwhyourrequestfailed, butwhateverthereason,weneedtodealwithit. 409ConflictWetriedtoupdatethestateofaresource,buttheserviceisn'thappyaboutit.We'll needtogetthecurrentstateoftheresource(eitherbycheckingtheresponseentitybody,ordoinga GET)andfigureoutwheretogofromthere. 412PreconditionFailedTherequestwasn'tprocessedbecauseanEtag,IfMatchorsimilarguard headerfailedevaluation.Weneedtofigureouthowtomakeforwardprogress. 417ExpectationFailedYoudidtherightthingbychecking,butpleasedon'ttrytosendthatrequest forreal. 500InternalServerErrorTheultimatelazyresponse.Theserver'sgonewrongandit'snottelling why.Crossyourfingers UpdatinganOrder OneofthenicethingsaboutStarbucksisyoucancustomiseyourdrinkinamyriadofdifferentways. Infact,someofthemoreadvancedcustomerswouldbebetterofforderingbychemicalformula, giventhenumberofupgradestheydemand!Butlet'snotbethatambitiousatleastnottostart with.Instead,we'lllookatanotherstorycard:

LookingbackonFigure4,it'sclearwemadeasignificanterror:foranyonethatreallylikescoffee,a singleshotofespressoisgoingtobeswampedbygallonsofhotmilk.We'regoingtohavetochange that.Fortunately,theWeb(ormorepreciselyHTTP)providessupportforsuchchanges,andsodoes ourservice. Firstly,we'llmakesurewe'restillallowedtochangeourorder.Sometimesthebaristawillbesofast ourcoffee'sbeenmadebeforewe'vehadachancetochangeitandthenwe'restuckwithacupof hotcoffeeflavouredmilk.Butsometimesthebarista'salittleslower,whichgivesustheopportunity

49 InfoQExplores:REST

tochangetheorderbeforethebaristaprocessesit.Tofindoutifwecanchangetheorder,weask theresourcewhatoperationsit'spreparedtoprocessusingtheHTTPOPTIONSverb,asshownon thewireinFigure6. Request OPTIONS/order/1234HTTP1.1Host:starbucks.example.org Figure6AskingforOPTIONS FromFigure6weseethattheresourceisreadable(itsupportsGET)andit'supdatable(itsupports PUT).Aswe'regoodcitizensoftheWeb,wecan,optionally,doatrialPUTofournewrepresentation, testingthewaterusingtheExpectheaderbeforewedoarealPUTlikeinFigure7. Request PUT/order/1234HTTP1.1Host:starbucks.example.comExpect:100Continue Figure7Lookbeforeyouleap! Ifithadnolongerbeenpossibletochangeourorder,theresponsetoourlookbeforeyouleap requestinFigure7wouldhavebeen417ExpectationFailed.Butheretheresponseis100Continue, whichallowsustotrytoPUTanupdatetotheresourcewithanadditionalshotofespresso,as showninFigure8.PUTtinganupdatedresourcerepresentationeffectivelychangestheexistingone. InthisinstancePUTlodgesanewdescriptionwithan<additions/>elementcontainingthatvital extrashot. AlthoughpartialupdatesarethesubjectofdeepphilosophicaldebateswithintheRESTcommunity, wetakeapragmaticapproachhereandassumethatourrequestforanadditionalshotisprocessed inthecontextoftheexistingresourcestate.Assuchthereislittlepointinmovingthewholeresource representationacrossthenetworkforeachoperationandsowetransmitdeltasonly. Response 100Continue Response 200OKAllow:GET,PUT

Figure8Updatingaresource'sstate Ifwe'resuccessfullyabletoPUTanupdatetothenewresourcestate,wegeta200responsefrom theserver,asshowninFigure9.

50 InfoQExplores:REST

Figure9Successfullyupdatingthestateofaresource CheckingOPTIONSandusingtheExpectheadercan'ttotallyshieldusfromasituationwherea changeattheservicecausessubsequentrequeststofail.Assuchwedon'tmandatetheiruse,andas goodWebcitizenswe'regoingtohandle405and409responsesanyway. OPTIONSandespeciallyusingtheExpectheadershouldbeconsideredoptionalsteps. EvenwithourjudicioususeofExpectandOPTIONS,sometimesourPUTwillfail;afterall,we'reina racewiththebaristaandsometimesthoseguysjustfly! Ifwelosetheracetogetourextrashot,we'lllearnaboutitwhenwetrytoPUTtheupdatestothe resource.TheresponseinFigure10istypicalofwhatwecanexpect.409Conflictindicatesthe resourceisinaninconsistentstatetoreceivetheupdate.Theresponsebodyshowsthedifference betweentherepresentationwetriedtoPUTandtheresourcestateontheserverside.Incoffee termsit'stoolatetoaddtheshotthebarista'salreadypouringthehotmilk.

Figure10Losingarace We'vediscussedusingExpectandOPTIONStoguardagainstraceconditionsasmuchaspossible. Besidesthese,wecanalsoattachIfUnmodifiedSinceorIfMatchheaderstoourPUTtoconveyour intentionstothereceivingservice.IfUnmodifiedSinceusesthetimestampandIfMatchtheETag1 oftheoriginalorder.Iftheorderhasn'tchangedsincewecreateditthatis,thebaristahasn't startedpreparingourcoffeeyetthenthechangewillbeprocessed.Iftheorderhaschanged,we'll geta412PreconditionFailedresponse.Ifwelosetherace,we'restuckwithmilkycoffee,butatleast we'venottransitionedtheresourcetoaninconsistentstate.

51 InfoQExplores:REST

ThereareanumberofpatternsforconsistentstateupdatesusingtheWeb.HTTPPUTisidempotent, whichtakesmuchoftheintricateworkoutofupdatingstate,buttherearestillchoicesthatneedto bemade.Here'sourrecipeforgettingupdatesright: 1.Asktheserviceifit'sstillpossibletoPUTbysendingOPTIONS.Thisstepisoptional.Itgivesclients aclueaboutwhichverbstheserversupportsfortheresourceatthetimeofasking,butthereareno guaranteestheservicewillsupportthosesameverbsindefinitely. 2.UseanIfUnmodifiedSinceorIfMatchheadertohelptheserverguardagainstexecutingan unnecessaryPUT.You'llgeta412PreconditionFailedifthePUTsubsequentlyfails.Thisapproach dependseitheronslowlychangingresources(1secondgranularity)forIfUnmodifiedSinceor supportforETagsforIfMatch. 3.ImmediatelyPUTtheupdateanddealwithany409Conflictresponses.Evenifweuse(1)and(2), wemayhavetodealwiththeseresponses,sinceourguardsandchecksareoptimisticinnature. TheW3Chasanonnormativenoteondetectinganddealingwithinconsistentupdatesthatargues forusingETag.ETagsareourpreferredapproach. Afterallthathardworkupdatingourcoffeeorder,itseemsonlyfairthatwegetourextrashot.So fornowlet'sgowithourhappypath,andassumewemanagedtogetouradditionalshotofespresso. Ofcourse,Starbuckswon'thandourcoffeeoverunlesswepay(anditturnsoutthey'vealready hintedasmuch!),soweneedanotherstory:

Rememberthe<next/>elementintheresponsetoouroriginalorder?ThisiswhereStarbucks embeddedinformationaboutanotherresourceintheorderrepresentation.Wesawthetagearlier, butchosetoignoreitwhilecorrectingourorder.Butnowit'stimetolookmorecloselyatit:

52 InfoQExplores:REST

Thereareafewaspectstothenextelementworthpointingout.Firstisthatit'sinadifferent namespacebecausestatetransitionsarenotlimitedtoStarbucks.Inthiscasewe'vedecidedthat suchtransitionURIsshouldbeheldinacommunalnamespacetofacilitatereuse(oreveneventual standardisation). Then,there'stheembeddedsemanticinformation(aprivatemicroformat,ifyoulike)intherel attribute.Consumersthatunderstandthesemanticsofthehttp://starbucks.example.org/payment stringcanusetheresourceidentifiedbytheuriattributetotransitiontothenextstate(payment)in theworkflow. Theuriinthe<next/>elementpointstoapaymentresource.Fromthetypeattribute,wealready knowtheexpectedresourcerepresentationisXML.Wecanworkoutwhattodowiththepayment resourcebyaskingtheserverwhichverbsthatresourcesupportsusingOPTIONS.

Microformatsareawaytoembedstructured,semanticallyrichdatainsideexisting documents.MicroformatsaremostcommoninthehumanreadableWeb,wheretheyare usedtoaddstructuredrepresentationsofinformationlikecalendareventstoWebpages. However,theycanjustasreadilybeturnedtointegrationpurposes.Microformat terminologyisagreedbythemicroformatscommunity,butweareatlibertytocreateour ownprivatemicroformatsfordomainspecificsemanticmarkup.

Innocuousastheyseem,simplelinksliketheoneofFigure10arethecruxofwhattheREST communityratherverboselycallsHypermediaastheengineofapplicationstate.Moresimply,URIs representthetransitionswithinastatemachine.Clientsoperateapplicationstatemachines,likethe oneswesawatthebeginningofthisarticle,byfollowinglinks. Don'tbesurprisedifthattakesalittlewhiletosinkin.Oneofthemostsurprisingthingsaboutthis modelisthewaystatemachinesandworkflowsgraduallydescribethemselvesasyounavigate throughthem,ratherthanbeingdescribedupfrontthroughWSBPELorWSCDL.Butonceyourbrain hasstoppedsomersaulting,you'llseethatfollowinglinkstoresourcesallowsustomakeforward progressinourapplication'svariousstates.Ateachstatetransitionthecurrentresource representationincludeslinkstothenextsetofpossibleresourcesandthestatestheyrepresent.And becausethosenextresourcesarejustWebresources,wealreadyknowwhattodowiththem. Ournextstepinthecustomerworkflowistopayforourcoffee.Weknowthetotalcostfromthe <cost/>elementintheorder,butbeforewesendpaymenttoStarbuckswe'llaskthepayment resourcehowwe'remeanttointeractwithit,asshowninFigure11.

Howmuchupfrontknowledgeofaservicedoesaconsumerneed?We'vealreadysuggested thatservicesandconsumerswillneedtoagreethesemanticsoftherepresentationsthey exchangepriortointeracting.Thinkoftheserepresentationformatsasasetofpossible statesandtransitions.Asaconsumerinteractswithaservice,theservicechoosesstatesand

53 InfoQExplores:REST

transitionsfromtheavailablesetandbuildsthenextrepresentation.Theprocessthe howofgettingtoagoalisdiscoveredonthefly;whatgetswiredtogetheraspartofthat processis,however,agreedupfront. Consumerstypicallyagreethesemanticsofrepresentationsandtransitionswithaservice duringdesignanddevelopment.Butthere'snoguaranteethatasserviceevolves,itwon't confronttheclientwithstaterepresentationsandtransitionstheclienthadneveranticipated butknowshowtoprocessthat'sthenatureofthelooselycoupledWeb.Reaching agreementonresourceformatsandrepresentationsunderthesecircumstancesis,however, outsidethescopeofthisarticle. Ournextstepistopayforourcoffee.Weknowthetotalcostofourorderfromthe<cost>element embeddedintheorderrepresentation,andsoournextstepistosendapaymenttoStarbuckssothe baristawillhandoverthedrink.Firstlywe'llaskthepaymentresourcehowwe'remeanttointeract withit,asshowninFigure11. Request OPTIONS/payment/order/1234HTTP1.1Host:starbucks.example.com Figure11Figuringouthowtopay Theresponseindicateswecaneitherread(viaGET)thepaymentorupdateit(viaPUT).Knowingthe cost,we'llgoaheadandPUTourpaymenttotheresourceidentifiedbythepaymentlink.Ofcourse, paymentsareprivilegedinformation,sowe'llprotectaccesstotheresourcebyrequiring authentication2. Request PUT/payment/order/1234HTTP1.1 Host:starbucks.example.com ContentType:application/xml ContentLength:... Authorization:Digestusername="JaneDoe" realm="starbucks.example.org nonce="..." uri="payment/order/1234" qop=auth nc=00000001 cnonce="..." reponse="..." opaque="..." <paymentxmlns="http://starbucks.example.org/"> Response Allow:GET,PUT

54 InfoQExplores:REST

<cardNo>123456789</cardNo> <expires>07/07</expires> <name>JohnCitizen</name> <amount>4.00</amount> </payment> Response 201Created Location:https://starbucks.example.com/payment/order/1234 ContentType:application/xml ContentLength:... <paymentxmlns="http://starbucks.example.org/"> <cardNo>123456789</cardNo> <expires>07/07</expires> <name>JohnCitizen</name> <amount>4.00</amount> </payment> Figure12Payingthebill Forsuccessfulpayments,theexchangeshowninFigure12isallweneed.Oncetheauthenticated PUThasreturneda201Createdresponse,wecanbehappythepaymenthassucceeded,andcan moveontopickupourdrink. Butthingscangowrong,andwhenmoneyisatstakewe'dratherthingseitherdidn'tgowrongor arerecoverablewhentheydo3.Anumberofthingscanobviouslygowrongwithourpayment: Wecan'tconnecttotheserverbecauseitisdownorunreachable; Theconnectiontotheserverisseveredatsomepointduringtheinteraction; Theserverreturnsanerrorstatusinthe4xxor5xxrange.

Fortunately,theWebhelpsusineachofthesescenarios.Forthefirsttwocases(assumingthe connectivityissueistransient),wesimplyPUTthepaymentagainuntilwereceiveasuccessful response.Wecanexpecta200responseifapriorPUThadinfactsucceeded(effectivelyan acknowledgementofanoopfromtheserver)ora201ifthenewPUTeventuallysucceedsinlodging thepayment.Thesameholdstrueinthethirdcasewheretheserverrespondswitha500,503or 504responsecode. Statuscodesinthe4xxrangearetrickier,buttheystillindicatehowtomakeforwardprogress.For example,a400responseindicatesthatwePUTsomethingtheserverdoesn'tunderstand,and shouldrectifyourpayloadbeforePUTingitagain.Conversely,a403responseindicatesthatthe serverunderstoodourrequestbutisrefusingtofulfilitanddoesn'twantustoretry.Insuchcases

55 InfoQExplores:REST

we'llhavetolookforotherstatetransitions(links)intheresponsepayloadtomakealternative forwardprogress.

We'veusedstatuscodesseveraltimesinthisexampletoguidetheclienttowardsitsnext interactionwiththeservice.Statuscodesaresemanticallyrichacknowledgments.By implementingservicesthatproducemeaningfulstatuscodesandclientsthatknowhowto handlethem,wecanlayeracoordinationprotocolontopofHTTP'ssimplerequestresponse mechanism,addingahighdegreeofrobustnessandreliabilitytodistributedsystems.

Oncewe'vepaidforourdrinkwe'vereachedtheendofourworkflow,andtheendofthestoryasfar astheconsumergoes.Butit'snottheendofthewholestory.Let'snowgoinsidetheservice boundary,andlookatStarbucks'internalimplementation. TheBarista'sViewpoint Ascustomerswetendtoputourselvesatthecentreofthecoffeeuniverse,butwe'renottheonly consumersofacoffeeservice.Weknowalreadyfromourracewiththebaristathattheservice servesatleastoneothersetofinterestedparties,nottheleastofwhichisthebarista.Inkeeping withourincrementaldeliverystyle,it'stimeforanotherstorycard.

ListsofdrinksareeasilymodelledusingWebformatsandprotocols.Atomfeedsareaperfectlygood formatforlistsofpracticallyanything,includingoutstandingcoffeeorders,sowe'lladoptthemhere. ThebaristacanaccesstheAtomfeedwithasimpleGETonthefeed'sURI,whichforoutstanding ordersishttp://starbucks.example.org/ordersinFigure13.

56 InfoQExplores:REST

Figure13Atomfeedfordrinkstobemade StarbucksisabusyplaceandtheAtomfeedat/ordersisupdatedfrequently,sothebaristawillneed topollittostayuptodate.Pollingisnormallythoughtofasofferinglowscalability;theWeb, however,supportsanextremelyscalablepollingmechanismaswe'llseeshortly.Andwiththe sheervolumeofcoffeesbeingmanufacturedbyStarbuckseveryminute,scalingtomeetloadisan importantissue. Wehavetwoconflictingrequirementshere.Wewantbaristastokeepuptodatebypollingthe orderfeedoften,butwedon'twanttoincreasetheloadontheserviceorunnecessarilyincrease networktraffic.Toavoidcrushingourserviceunderload,we'lluseareverseproxyjustoutsideour servicetocacheandservefrequentlyaccessedresourcerepresentations,asshowninFigure14.

57 InfoQExplores:REST

Figure14Cachingforscalability Formostresourcesespeciallythosethatareaccessedwidely,likeourAtomfeedfordrinksit makessensetocachethemoutsideoftheirhostservices.Thisreducesserverloadandimproves scalability.AddingWebcaches(reverseproxies)toourarchitecture,togetherwithcachingmetadata, allowsclientstoretrieveresourceswithoutplacingloadontheoriginserver.

Apositivesideeffectofcachingisthatitmasksintermittentfailuresoftheserverandhelps crashrecoveryscenariosbyimprovingtheavailabilityofresourcestate.Thatis,thebarista cankeepworkingeveniftheStarbucksservicefailsintermittentlysincetheorder informationwillhavebeencachedbyaproxy.Andifthebaristaforgetsanorder(crashes) thenrecoveryismadeeasierbecausetheordersarehighlyavailable.

Ofcourse,cachingcankeepoldordersaroundlongerthanneeded,whichishardlyidealfora highthroughputretailerlikeStarbucks.Tomakesurethatcachedordersarecleared,theStarbucks serviceusestheExpiresheadertodeclarehowlongaresponsecanbecached.Anycachesbetween theconsumerandservice(should)honourthatdirectiveandrefusetoservestaleorders4,instead forwardingtherequestontotheStarbucksservice,whichhasuptodateorderinformation. TheresponseinFigure13setstheExpiresheaderonourAtomfeedsothatdrinksturnstale10 secondsintothefuture.Becauseofthiscachingbehaviour,theservercanexpectatmost6requests perminute,withtheremainderhandledbythecacheinfrastructure.Evenforarelativelypoorly performingservice,6requestsperminuteisamanageableworkload.Inthehappiestcase(from Starbucks'pointofview)thebarista'spollingrequestsareansweredfromalocalcache,resultingin noincreasednetworkactivityorserverload. Inourexample,weuseonlyonecachetohelpscaleoutourmastercoffeelist.RealWebbased scenarios,however,maybenefitfromseverallayersofcaching.TakingadvantageofexistingWeb cachesiscriticalforscalabilityinhighvolumesituations.

Nowthatwe'veaddressedscalability,let'sreturntomorefunctionalconcerns.Whenthebarista beginstoprepareourcoffee,thestateoftheordershouldchangesothatnofurtherupdatesare allowed.Fromthepointofviewofacustomer,thiscorrespondstothemomentwe'renolonger allowedtoPUTupdatesofourorder(asinFigure6,Figure7,Figure8,Figure9,andFigure10). Fortunatelythereisawelldefinedprotocolthatwecanuseforthisjob:theAtomPublishing Protocol(alsoknownasAPPorAtomPub).AtomPubisaWebcentric(URIbased)protocolfor managingentriesinAtomfeeds.Let'stakeacloserlookattheentryrepresentingourcoffeeinthe /ordersAtomfeed.

TheWebtradeslatencyformassivescalability.Ifyouhaveaproblemdomainthatishighly sensitivetolatency(e.g.foreignexchangetrading),thenWebbasedsolutionsarenotagreat idea.If,however,youcanacceptlatencyintheorderofseconds,orevenminutesorhours, thentheWebislikelyasuitableplatform.

58 InfoQExplores:REST

Figure15Atomentryforourcoffeeorder TheXMLinFigure15isinterestingforanumberofreasons.First,there'stheAtomXML,which distinguishesourorderfromalltheotherordersinthefeed.Thenthere'stheorderitself,containing alltheinformationourbaristaneedstomakeourcoffeeincludingourallimportantextrashot! Insidetheorderentry,there'salinkelementthatdeclarestheeditURIfortheentry.TheeditURI linkstoanorderresourcethatiseditableviaHTTP.(Theaddressoftheeditableresourceinthiscase happenstobethesameaddressastheorderresourceitself,butitneednotbe.) Whenabaristawantstochangethestateoftheresourcesothatourordercannolongerbechanged, theyinteractwithitviatheeditURI.SpecificallytheyPUTarevisedversionoftheresourcestateto theeditURI,asshowninFigure16.

Figure16ChangingtheorderstatusviaAtomPub

59 InfoQExplores:REST

OncetheserverhasprocessedthePUTrequestinFigure16,itwillrejectanythingotherthanGET requeststothe/orders/1234resource. Nowthattheorderisstablethebaristacansafelygetonwithmakingthecoffee.Ofcourse,the baristawillneedtoknowwe'vepaidfortheorderbeforetheyreleasethecoffeetous,sobefore handingthecoffeeover,thebaristacheckstomakesurewe'vepaid.InarealStarbucks,thingsarea littledifferent:thereareconventions,suchaspayingasyouorder,andothercustomershanging aroundtomakesureyoudon'trunoffwiththeirdrinks.Butinourcomputerisedversionit'snot muchadditionalworktoaddthischeck,andsoontoourpenultimatestorycard:

ThebaristacaneasilycheckthepaymentstatusbyGETtingthepaymentresourceusingthepayment URIintheorder.

Inthisinstancethecustomerandbaristaknowaboutthepaymentresourcefromthelink embeddedintheorderrepresentation.Butsometimesit'susefultoaccessresourcesviaURI templates. URItemplatesareadescriptionformatforwellknownURIs.Thetemplatesallowconsumers tovarypartsofaURItoaccessdifferentresources.

AURItemplateschemeunderpinsAmazon'sS3storageservice.Storedartefactsare manipulatedusingtheHTTPverbsonURIscreatedfromthistemplate: http://s3.amazonaws.com/{bucket_name}/{key_name}. It'seasytoinferasimilarschemeforpaymentsinourmodelsothatbaristas(orother authorisedStarbuckssystems)canreadilyaccesseachpaymentwithouthavingtonavigateall orders:http://starbucks.example.org/payment/order/{order_id} URItemplatesformacontractwithconsumers,soserviceprovidersmusttakecareto maintainthemevenastheserviceevolves.BecauseofthisimplicitcouplingsomeWeb integratorsshyawayfromURItemplates.OuradviceistousethemonlywhereinferableURIs

60 InfoQExplores:REST

areusefulandunlikelytochange. Analternativeapproachinourexamplewouldbetoexposea/paymentsfeedcontaining (noninferable)linkstoeachpaymentresource.Thefeedwouldonlybeavailableto authorisedsystems. UltimatelyitisuptotheservicedesignertodeterminewhetherURItemplatesareasafeand usefulshortcutthroughhypermedia.Ouradvice:usethemsparingly! Ofcourse,noteveryoneisallowedtolookatpayments.We'drathernotletthemorecreative(and lessupstanding)membersofthecoffeecommunitycheckeachothers'creditcarddetails,solikeany sensibleWebsystem,weprotectoursensitiveresourcesbyrequiringauthentication. Ifanunauthenticateduserorsystemtriestoretrievethedetailsofaparticularpayment,theserver willchallengethemtoprovidecredentials,asshowninFigure17. Request Response

401UnauthorizedWWWAuthenticate:Digest GET/payment/order/1234HTTP1.1 realm="starbucks.example.org",qop="auth", Host:starbucks.example.org nonce="ab656...",opaque="b6a9..." Figure17Unauthorisedaccesstoapaymentresourceischallenged The401status(withhelpfulauthenticationmetadata)tellsusweshouldtrytherequestagain,but thistimeprovideappropriatecredentials.Retryingwiththerightcredentials(Figure18),weretrieve thepaymentandcompareitwiththeresourcerepresentingthetotalvalueoftheorderat http://starbucks.example.org/total/order/1234. Request Response 200OK ContentType:application/xml ContentLength:... <payment xmlns="http://starbucks.example.org/"> <cardNo>123456789</cardNo> <expires>07/07</expires> <name>JohnCitizen</name> <amount>4.00</amount> </payment>

GET/payment/order/1234HTTP1.1Host: starbucks.example.orgAuthorization:Digest username="baristajoe" realm="starbucks.example.orgnonce="..." uri="payment/order/1234"qop=authnc=00000001 cnonce="..."reponse="..."opaque="..."

Figure18Authorisedaccesstoapaymentresource Oncethebaristahaspreparedanddispatchedthecoffeeandcollectedpayment,they'llwantto removethecompletedorderfromthelistofoutstandingdrinks.Asalwayswe'llcapturethisasa

61 InfoQExplores:REST

story:

BecauseeachentryinourordersfeedidentifiesaneditableresourcewithitsownURI,wecanapply theHTTPverbstoeachorderresourceindividually.ThebaristasimplyDELETEstheresource referencedbytherelevantentrytoremoveitfromthelist,asinFigure19. Request DELETE/order/1234HTTP1.1Host:starbucks.example.org Figure19Removingacompletedorder WiththeitemDELETEdfromthefeed,afreshGETofthefeedreturnsarepresentationwithoutthe DELETEdresource.Assumingwehavewellbehavedcachesandhavesetthecacheexpirymetadata sensibly,tryingtoGETtheorderentrydirectlyresultsina404NotFoundresponse. YoumighthavenoticedthattheAtomPublishingProtocolmeetsmostofourneedsfortheStarbucks domain.Ifwe'dexposedthe/ordersfeeddirectlytocustomers,customerscouldhaveusedAtomPub topublishdrinksorderstothefeed,andevenchangetheirordersovertime. Response 200OK

Evolution:AfactofLifeontheWeb
Sinceourcoffeeshopisbasedaroundselfdescribingstatemachines,it'squitestraightforwardto evolvetheworkflowstomeetchangingbusinessneeds.ForexampleStarbucksmightchoosetooffer afreeInternetpromotionshortlyafterstartingtoservecoffee: JulyOurnewStarbucksshopgoesliveofferingthestandardworkflowwiththestatetransitionsand representationsthatwe'veexploredthroughoutthisarticle.Consumersareinteractingwiththe

62 InfoQExplores:REST

servicewiththeseformatsandrepresentationsinmind. AugustStarbucksintroducesanewrepresentationforafreewirelesspromotion.Ourcoffee workflowwillbeupdatedtocontainlinksprovidingstatetransitionstotheoffer.Thankstothemagic ofURIs,thelinksmaybetoa3rdpartypartnerjustaseasilyastheycouldbetoaninternalStarbucks resource

Becausetherepresentationsstillincludetheoriginaltransitions,existingconsumerscanstillreach theirgoal,thoughtheymaynotbeabletotakeadvantageofthepromotionbecausetheyhavenot beenexplicitlyprogrammedforit. SeptemberConsumerapplicationsandservicesareupgradedsothattheycanunderstandanduse thefreeInternetpromotion,andareinstructedtofollowsuchpromotionaltransitionswhenever theyoccur. Thekeytosuccessfulevolutionisforconsumersoftheservicetoanticipatechangebydefault. Insteadofbindingdirectlytoresources(e.g.viaURItemplates),ateachsteptheserviceprovides URIstonamedresourceswithwhichtheconsumercaninteract.Someofthesenamedresourceswill notbeunderstoodandwillbeignored;otherswillprovideknownstatetransitionsthatthe consumerwantstomake.Eitherwaythisschemeallowsforgracefulevolutionofaservicewhile maintainingcompatibilitywithconsumers.

TheTechnologyyou'reabouttoenjoyisextremelyhot
Handingoverthecoffeebringsustotheendoftheworkflow.We'veordered,changed(orbeen unabletochange)ourorder,paidandfinallyreceivedourcoffee.Ontheothersideofthecounter Starbuckshasbeenequallybusytakingpaymentandmanagingorders. WewereabletomodelallnecessaryinteractionshereusingtheWeb.TheWeballowedustomodel somesimpleunhappypaths(e.g.notbeingabletochangeaninprocessorderoronethat'salready beenmade)withoutushavingtoinventnewexceptionsorfaults:HTTPprovidedeverythingwe neededrightoutofthebox.Andevenwiththeunhappypaths,clientswereabletoprogresstowards theirgoal. ThefeaturesHTTPprovidesmightseeminnocuousatfirst.Butthereisalreadyworldwideagreement anddeploymentofthisprotocol,andeveryconceivablesoftwareagentandhardwaredevice understandsittoadegree.Whenweconsiderthebalkanisedadoptionofotherdistributed computingtechnologies(suchasWS*)werealisetheremarkablesuccessthatHTTPhasenjoyed,

63 InfoQExplores:REST

andthepotentialitreleasesforsystemtosystemintegration. TheWebevenhelpednonfunctionalaspectsofthesolution.Wherewehadtransientfailures,a sharedunderstandingoftheidempotentbehaviourofverbslikeGET,PUTandDELETEallowedsafe retries;bakedincachingmaskedfailuresandaidedcrashrecovery(throughenhancedavailability); andHTTPsandHTTPAuthenticationhelpedwithourrudimentarysecurityneeds. Althoughourproblemdomainwassomewhatartificial,thetechniqueswe'vehighlightedarejustas applicableintraditionaldistributedcomputingscenarios.Wewon'tpretendthattheWebissimple (unlessyouareagenius),nordowepretendthatthatit'sapanacea(unlessyouareanunrelenting optimistorhavecaughtRESTreligion),butthefactisthattheWebisarobustframeworkfor integratingsystemsatlocal,enterprise,andInternetscale.

Acknowledgements
TheauthorswouldliketothankAndrewHarrisonofCardiffUniversityfortheilluminating discussionsaroundconversationdescriptionsontheWeb.

AbouttheAuthors
Dr.JimWebberisdirectorofprofessionalservicesforThoughtWorkswhereheworksondependable distributedsystemsarchitectureforclientsworldwide.Jimwasformerlyaseniorresearcherwiththe UKEScienceprogrammewherehedevelopedstrategiesforaligningGridcomputingwithWeb ServicespracticesandarchitecturalpatternsfordependableServiceOrientedcomputingandhas extensiveWebandWebServicesarchitectureanddevelopmentexperience.Asanarchitectwith HewlettPackard,andlaterArjunaTechnologies,Jimwastheleaddeveloperontheindustry'sfirst WebServicesTransactionsolution.Jimisanactivespeakerandisinvitedtospeakregularlyat conferencesacrosstheglobe.Heisanactiveauthorandinadditionto"DevelopingEnterpriseWeb ServicesAnArchitect'sGuide"heisworkingonanewbookonWebbasedintegration.Jimholdsa B.Sc.inComputingScienceandPh.D.inParallelComputingbothfromtheUniversityofNewcastle uponTyne.Hisblogislocatedathttp://jim.webber.name. SavasParastatidisisaSoftwarePhilosopher,thinkingaboutsystemsandsoftware.Heinvestigates theuseoftechnologyineResearchandisparticularlyinterestedinCloudComputing,knowledge representationandmanagement,andsocialnetworking.He'scurrentlywithMicrosoftResearch's ExternalResearchteam.Savasenjoysbloggingathttp://savas.parastatidis.name. IanRobinsonhelpsclientscreatesustainableserviceorientedcapabilitiesthatalignbusinessandIT frominceptionthroughtooperation.HehaswrittenguidanceforMicrosoftonimplementing serviceorientedsystemswithMicrosofttechnologies,andhaspublishedarticlesonconsumerdriven servicecontractsandtheirroleinthesoftwaredevelopmentlifecyclemostrecentlyinThe ThoughtWorksAnthology(PragmaticProgrammers,2008)andelsewhereonInfoQ.Hespeaks regularlyatconferencesonsubjectsthatincludeRESTfulenterprisedevelopmentandthetestdriven

64 InfoQExplores:REST

foundationsofserviceorienteddelivery. Linkhttp://www.infoq.com/articles/webberrestworkflow RelatedContents InterviewandBookExcerpt:ThomasErl'sSOADesignPatterns CloudArchitecturesAreNotFullyThoughtOutYet AQuickLookatArchitecturalStylesandPatterns DidyouPerformaSiloAnalysisaspartofyourSOAImplementation? EntityServicesPatternorAntipattern?

65 InfoQExplores:REST

Articles

AddressingDoubtsaboutREST
Author:StefanTilkov Invariably,learningaboutRESTmeansthatyoullendupwonderingjusthowapplicabletheconcept reallyisforyourspecificscenario.Andgiventhatyoureprobablyusedtoentirelydifferent architecturalapproaches,itsonlynaturalthatyoustartdoubtingwhetherREST,orratherRESTful HTTP,reallyworksinpractice,orsimplybreaksdownonceyougobeyondintroductory,Hello, Worldlevelstuff.Inthisarticle,Iwilltrytoaddress10ofthemostcommondoubtspeoplehave aboutRESTwhentheystartexploringit,especiallyiftheyhaveastrongbackgroundinthe architecturalapproachbehindSOAP/WSDLbasedWebservices.

1.RESTmaybeusableforCRUD,butnotforrealbusinesslogic
ThisisthemostcommonreactionIseeamongpeoplewhoareskepticalaboutRESTbenefits.After all,ifallyouhaveiscreate/read/update/delete,howcanyoupossiblyexpressmorecomplicated applicationsemantics?Ihavetriedtoaddresssomeoftheseconcernsintheintroductoryarticleof thisseries,butthispointdefinitelymeritscloserdiscussion. Firstofall,theHTTPverbsGET,PUT,POST,andDELETEdonothavea1:1mappingtotheCRUD databaseoperations.Forexample,bothPOSTandPUTcanbeusedtocreatenewresources:they differinthatwithPUT,itstheclientthatdeterminestheresourcesURI(whichisthenupdatedor created),whereasaPOSTisissuedtoacollectionorfactoryresourceanditstheserverstaskto assignaURI.Butanyway,backtothequestion:howdoyouhandlemorecomplexbusinesslogic? Anycomputationcalc(a,b)thatreturnsaresultccanbetransformedintoaURIthatidentifiesits resulte.g.x=calc(2,3)mightbecomehttp://example.com/calculation?a=2&b=3.Atfirst,this seemslikeagrossmisuseofRESTfulHTTParentwesupposedtouseURIstoidentifyresources, notoperations?Yes,butinfactthisiswhatwedo:http://example.com/sum?augend=2&addend=3 identifiesaresource,namelytheresultofadding2and3.Andinthisparticular(obviouslycontrived) example,usingaGETtoretrievetheresultmightbeagoodideaafterall,thisiscacheable,you canreferenceit,andcomputingitisprobablysafeandnotverycostly. Ofcourseinmany,ifnotmostcases,usingaGETtocomputesomethingmightbethewrong approach.RememberthatGETissupposedtobeasafeoperation,i.e.theclientdoesnotaccept anyobligations(suchaspayingyouforyourservices)orassumeanyresponsibility,whenallitdoesis

66 InfoQExplores:REST

followalinkbyissuingaGET.Inmanyothercases,itsthereforemorereasonabletoprovideinput datatotheserversothatitcancreateanewresourceviaPOST.Initsresponse,theservercan indicatetheURIoftheresult(andpossiblyissuearedirecttotakeyouthere).Theresultisthen reusable,canbebookmarked,canbecachedwhenitsretrievedyoucanbasicallyextendthis modeltoanyoperationthatyieldsaresultwhichislikelytobeeveryoneyoucanthinkof.

2.Thereisnoformalcontract/nodescriptionlanguage
FromRPCtoCORBA,fromDCOMtoWebServiceswereusedtohavinganinterfacedescriptionthat liststheoperations,theirnames,andthetypesoftheirinputandoutputparameters.HowcanREST possiblybeusablewithoutaninterfacedescriptionlanguage? Therearethreeanswerstothisveryfrequentlyaskedquestion. Firstofall,ifyoudecidetouseRESTfulHTTPtogetherwithXMLaverycommonchoicethe wholeworldofXMLschemalanguages,suchasDTDs,XMLSchema,RELAXNGorSchematronare stillavailabletoyou.Arguably,95%ofwhatyouusuallydescribeusingWSDLisnottiedtoWSDLat all,butratherconcernedwiththeXMLSchemacomplextypesyoudefine.ThestuffWSDLaddson topismostlyconcernedwithoperationsandtheirnamesanddescribingthesebecomespretty boringwithRESTsuniforminterface:Afterall,GET,PUT,POSTandDELETEarealltheoperationsyou have.WithregardstotheuseofXMLSchema,thismeansthatyoucanuseyourfavoritedatabinding tool(ifyouhappentohaveone)togeneratedatabindingcodeforyourlanguageofchoice,evenif yourelyonaRESTfulinterface.(Thisisnotanentirelycompleteanswer,seebelow.) Secondly,askyourselfwhatyouneedadescriptionfor.Themostcommonalbeitnottheonly usecaseforhavingsomedescriptionistogeneratestubsandskeletonsfortheinterfaceyoure describing.Itisusuallynotdocumentation,sincethedescriptionine.g.WSDLformattellsyou nothingaboutthesemanticsofanoperationitjustlistsaname.Youneedsomehumanreadable documentationanywaytoknowhowtocallit.InatypicalRESTapproach,whatyouwouldprovideis documentationinHTMLformat,possiblyincludingdirectlinkstoyourresources.Usingtheapproach ofhavingmultiplerepresentations,youmightactuallyhaveselfdocumentingresourcesjustdoan HTTPGETonaresourcefromyourbrowserandgetanHTMLdocumentcontainingdataaswellasa listoftheoperations(HTTPverbs)youcanperformonitandthecontenttypesitacceptsand delivers. Finally,ifyouinsistonusingadescriptionlanguageforyourRESTfulservice,youcaneitherusethe WebApplicationDescriptionLanguage(WADL)orwithinlimitationsWSDL2.0,whichaccording toitsauthorsisabletodescribeRESTfulservices,too.NeitherWADLnorWSDL2areusefulfor describinghypermedia,thoughandgiventhatthisisoneofthecoreaspectsofREST,Imnotatall suretheyresufficientlyuseful.

67 InfoQExplores:REST

3.Whowouldactuallywanttoexposesomuchoftheirapplications implementationinternals?
Anothercommonconcernisthatresourcesaretoolowlevel,i.e.animplementationdetailone shouldnotexpose.Afterall,wontthisputtheburdenofusingtheresourcestoachievesomething meaningfulontheclient(theconsumer)? Theshortansweris:No.TheimplementationofaGET,PUToranyoftheothermethodsona resourcecanbejustassimpleorcomplicatedastheimplementationofaserviceorRPCoperation. ApplyingRESTdesignprinciplesdoesnotmeanyouhavetoexposeindividualitemsfromyour underlyingdatamodelitjustmeansthatinsteadofexposingyourbusinesslogicinan operationcentricway,youdosoinadatacentricway. Arelatedconcernisthatnotenablingdirectaccesstoresourceswillincreasesecurity.Thisisbased onanoldfallacyknownassecuritybyobscurity,andonecanarguethatinfactitstheotherway round:Byhidingwhichindividualresourcesyouaccessinyourapplicationspecificprotocol,youcan nolongereasilyusetheinfrastructuretoprotectthem.ByassigningindividualURIstomeaningful resources,youcane.g.useApachessecurityrules(aswellasrewritinglogic,logging,statisticsetc.) toworkdifferentlyfordifferentresources.Bymakingtheseexplicit,youdontdecrease,youincrease yoursecurity.

4.RESTworkswithHTTPonly,itsnottransportprotocolindependent
Firstofall,HTTPismostemphaticallynotatransportprotocol,butanapplicationprotocol.Ituses TCPastheunderlyingtransport,butithassemanticsthatgobeyondit(otherwiseitwouldbeof littleuse).UsingHTTPasameretransportisabusingit. Secondly,abstractionisnotalwaysagoodidea.Webservicestaketheapproachoftryingtohide manyverydifferenttechnologiesunderasingleabstractionlayerbutabstractionstendtoleak. Forexample,thereisahugedifferencebetweensendingamessageviaJMSorasanHTTPrequest. Tryingtodumbwidelydifferentoptionsdowntotheirleastcommondenominatorservesnoone.An analogywouldbetocreateacommonabstractionthathidesarelationaldatabaseandafilesystem underacommonAPI.Ofcoursethisisdoable,butassoonasyouaddressaspectssuchasquerying, theabstractionturnsintoaproblem. Finally,asMarkBakeroncecoined:Protocolindependenceisabug,notafeature.Whilethismay seemstrangeatfirst,youneedtoconsiderthattrueprotocolindependenceisimpossibletoachieve youcanonlydecidetodependonadifferentprotocolthatmayormaynotbeonadifferentlevel. Dependingonawidelyaccepted,officiallystandardizedprotocolsuchasHTTPisnotreallyaproblem. Thisisespeciallytrueifitismuchmorewidespreadandsupportedthantheabstractionthattriesto replaceit.

68 InfoQExplores:REST

5.Thereisnopractical,clear&consistentguidanceonhowtodesignRESTful applications
TherearemanyaspectsofRESTfuldesignwheretherearenoofficialbestpractices,nostandard wayonhowtosolveaparticularproblemusingHTTPinawayconformingtotheRESTprinciples. Thereislittledoubtthatthingscouldbebetter.Still,RESTembodiesmanymoreapplicationconcepts thanWSDL/SOAPbasedwebservices.Inotherwords:whilethiscriticismhasalotofvaluetoit,its farmorerelevantforthealternatives(whichbasicallyofferyounoguidanceatall). Occasionally,thisdoubtcomesupintheformofeventheRESTexpertscantagreehowtodoit.In general,thatsnottrueforexample,ItendtobelievethatthecoreconceptsIdescribedherea fewweeksagohaventbeen(norwilltheybe)disputedbyanymemberoftheRESTcommunity(if wecanassumethereissuchathing),notbecauseitsaparticularlygreatarticle,butsimplybecause thereisalotofcommonunderstandingoncepeoplehavelearnedalittlemorethanthebasics.Ifyou haveanychancetotryoutanexperiment,trywhetheritseasiertogetfiveSOAproponentstoagree onanythingthantryingtogetfiveRESTproponentstodoso.Basedonpastexperienceandlong participationinseveralSOAandRESTdiscussiongroups,IdtendtobetmymoneyontheRESTfolks.

6.RESTdoesnotsupporttransactions
Thetermtransactionisquiteoverloaded,butingeneral,whenpeopletalkabouttransactions, theyrefertotheACIDvarietyfoundindatabases.InanSOAenvironmentwhetherbasedonweb servicesorHTTPonlyeachservice(orsystem,orwebapp)implementationisstilllikelytointeract withadatabasethatsupportstransactions:nobigchangehere,exceptyourelikelytocreatethe transactionexplicitlyyourself(unlessyourservicerunsinanEJBcontaineroranotherenvironment thathandlesthetransactioncreationforyou).Thesameistrueifyouinteractwithmorethanone resource. Thingsstarttodifferonceyoucombine(orcompose,ifyouprefer)transactionsintoalargerunit.In aWebservicesenvironment,thereisatleastanoptiontomakethingsbehavesimilarlytowhat peopleareusedtofrom2PCscenariosassupportede.g.inaJavaEEenvironment:WSAtomic Transaction(WSAT),whichispartoftheWSCoordinationfamilyofstandards.Essentially,WSAT implementssomethingverysimilarorequaltothe2PCprotocolspecifiedbyXA.Thismeansthat yourtransactioncontextwillbepropagatedusingSOAPheaders,andyourimplementationwilltake careofensuringtheresourcemanagershookintoanexistingtransaction.Essentially,thesame modelinEJBdeveloperisusedtoyourdistributedtransactionbehavesjustasatomicallyasalocal one. Therearelotsofthingstosayabout,orratheragainst,atomictransactionsinanSOAenvironment: Loosecouplingandtransactions,especiallythoseoftheACIDvariety,simplydontmatch.The

69 InfoQExplores:REST

veryfactthatyouarecoordinatingacommitacrossmultipleindependentsystemscreatesa prettytightcouplingbetweenthem. Beingabletodothiscoordinationrequirescentralcontroloveralloftheservicesitsvery unlikely,probablyimpossibletoruna2PCtransactionacrosscompanyboundaries Theinfrastructurerequiredtosupportthisisusuallyquiteexpensiveandcomplicated.

Forthemostpart,theneedforACIDtransactionsinaSOAorRESTenvironmentisactuallyadesign smellyouvelikelymodeledyourservicesorresourcesthewrongway.Ofcourse,atomic transactionsarejustonetypeoftransactionthereareextendedtransactionmodelsthatmightbe abettermatchforlooselycoupledsystems.Theyhaventseenmuchadoptionyet,thoughnot evenintheWebservicescamp.

7.RESTisunreliable
ItsoftenpointedoutthatthereisnoequivalenttoWSReliableMessagingforRESTfulHTTP,and manyconcludethatbecauseofthis,itcantbeappliedwherereliabilityisanissue(whichtranslates toprettymucheverysystemthathasanyrelevanceinbusinessscenarios).Butveryoftenwhatyou wantisnotnecessarilysomeinfrastructurecomponentthathandlesmessagedelivery;rather,you needtoknowwhetheramessagehasbeendeliveredornot. Typically,receivingaresponsemessagesuchasasimple200OKincaseofHTTPmeansthatyou knowyourcommunicationpartnerhasreceivedtherequest.Problemsoccurwhenyoudontreceive aresponse:Youdontknowwhetheryourrequesthasneverreachedtheothersside,orwhetherit hasbeenreceived(resultinginsomeprocessing)anditstheresponsemessagethatgotlost. Thesimplestwaytoensuretherequestmessagereachestheothersideistoresendit,whichisof courseonlypossibleifthereceivercanhandleduplicates(e.g.byignoringthem).Thiscapabilityis calledidempotency.HTTPguaranteesthatGET,PUTandDELETEareidempotentandifyour applicationisimplementedcorrectly,aclientcansimplyreissueanyofthoserequestsifithasnt receivedaresponse.APOSTmessageisnotidempotent,thoughatleasttherearenoguarantees intheHTTPspecthatsayitis.Youareleftwithanumberofoptions:Youcaneitherswitchtousing PUT(ifyoursemanticscanbemappedtoit),useacommonbestpracticedescribedbyJoeGregorio, oradoptanyoftheexistingproposalsthataimtostandardizethis(suchasMarkNottinghamsPOE, YaronGolandsSOARity,orBilldehrasHTTPLR). Personally,Ipreferthebestpracticeapproachi.e.,turnthereliabilityproblemintoanapplication designaspect,butopinionsonthisdifferquiteabit. Whileanyofthesesolutionsaddressagoodpartofthereliabilitychallenge,thereisnothingorat least,nothingthatImawareofthatwouldsupportdeliveryguaranteessuchasinorderdelivery forasequenceofHTTPrequestsandresponses.Itmightbeworthpointingout,though,thatmany existingSOAP/WSDLscenariosgetbywithoutWSReliableMessagingoranyofitsnumerous predecessors,too.

70 InfoQExplores:REST

8.Nopub/subsupport
RESTisfundamentallybasedonaclientservermodel,andHTTPalwaysreferstoaclientandaserver astheendpointsofcommunication.Aclientinteractswithaserverbysendingrequestsand receivingresponses.Inapub/submodel,aninterestedpartysubscribestoaparticularcategoryof informationandgetsnotifiedeachtimesomethingnewappears.Howcouldpub/subbesupported inaRESTfulHTTPenvironment? Wedonthavetolookfartoseeaperfectexampleofthis:itscalledsyndication,andRSSandAtom Syndicationareexamplesofit.AclientqueriesfornewinformationbyissuinganHTTPagainsta resourcethatrepresentsthecollectionofchanges,e.g.foraparticularcategoryortimeinterval.This wouldbeextremelyinefficient,butisnt,becauseGETisthemostoptimizedoperationontheWeb. Infact,youcaneasilyimaginethatapopularweblogserverwouldhavescaleupmuchmoreifithad toactivelynotifyeachsubscribedclientindividuallyabouteachchange.Notificationbypollingscales extremelywell. Youcanextendthesyndicationmodeltoyourapplicationresourcese.g.,offeranAtomfeedfor changestocustomerresources,oranaudittrailofbookings.Inadditiontobeingabletosatisfya basicallyunlimitednumberofsubscribingapplications,youcanalsoviewthesefeedsinafeedreader, similarlytoviewingaresourcesHTMLrepresentationinyourbrowser. Ofcourse,thisisnotasuitableanswerforsomescenarios.Forexample,softrealtimerequirements mightrulethisoptionout,andanothertechnologymightbemoreappropriate.Butinmanycases, themixtureofloosecoupling,scalabilityandnotificationenabledbythesyndicationmodelisan excellentfit.

9.Noasynchronousinteractions
GivenHTTPsrequest/responsemodel,howcanoneachieveasynchronouscommunication?Again, wehavetobeawarethattherearemultiplethingspeoplemeanwhentheytalkaboutasynchronicity. Somerefertotheprogrammingmodel,whichcanbeblockingornonblockingindependentlyofthe wireinteractions.Thisisnotourconcernhere.Buthowdoyoudeliverarequestfromaclient (consumer)totheserver(provider)wheretheprocessingmighttakeafewhours?Howdoesthe consumergettoknowtheprocessingisdone? HTTPhasaspecificresponsecode,202(Accepted),themeaningofwhichisdefinedasTherequest hasbeenacceptedforprocessing,buttheprocessinghasnotbeencompleted.Thisisobviously exactlywhatwerelookingfor.Regardingtheresult,therearemultipleoptions:Theservercanreturn aURIofaresourcewhichtheclientcanGETtoaccesstheresult(althoughifithasbeencreated specificallyduetothisrequest,a201Createdwouldprobablybebetter).Ortheclientcanincludea URIthatitexpectstheservertoPOSTtheresulttoonceitsdone.

71 InfoQExplores:REST

10.Lackoftools
Finally,peopleoftencomplainaboutthelackoftoolsavailabletosupportRESTfulHTTP development.Asindicatedinitem#2,thisisnotreallytrueforthedataaspectyoucanuseallof thedatabindingandotherdataAPIsyouareusedto,asthisisaconcernthatsorthogonaltothe numberofmethodsandthemeansofinvokingthem.RegardingplainHTTPandURIsupport, absolutelyeveryprogramminglanguage,frameworkandtoolkitontheplanetsupportsthemoutof thebox.Finally,vendorsarecomingupwithmoreandmore(supposedly)easierandbettersupport forRESTfulHTTPdevelopmentintheirframeworks,e.g.SunwithJAXRS(JSR311)orMicrosoftwith theRESTsupportin.NET3.5ortheADO.NETDataServicesFramework.

Conclusion
So:IsREST,anditsmostcommonimplementation,HTTP,perfect?Ofcoursenot.Nothingisperfect, definitelynotforeveryscenario,andmostofthetimenotevenforasinglescenario.Ivecompletely ignoredanumberofveryreasonableproblemareasthatrequiremorecomplicatedanswers,for examplemessagebasedsecurity,partialupdatesandbatchprocessing,andIsolemnlypromiseto addresstheseinafutureinstallment.IstillhopeIcouldaddresssomeofthedoubtsyouhaveand ifIvemissedthemostimportantones,youknowwhatthecommentsarefor. Link:http://www.infoq.com/articles/tilkovrestdoubts RelatedContents RESTandtransactions? FinancialTransactionExchangeatBetFair.com Shoulddeveloperswritetheirowntransactioncoordinationlogic? FileSystemTransactionsstillaproblemarea? EricNewcomerOnDifferenceBetweenRESTfulvs.WebServiceTransactions

72 InfoQExplores:REST

Articles

RESTAntiPatterns
Author:StefanTilkov WhenpeoplestarttryingoutREST,theyusuallystartlookingaroundforexamplesandnotonlyfind alotofexamplesthatclaimtobeRESTful,orarelabeledasaRESTAPI,butalsodigupalotof discussionsaboutwhyaspecificservicethatclaimstodoRESTactuallyfailstodoso. Whydoesthishappen?HTTPisnothingnew,butithasbeenappliedinawidevarietyofways.Some ofthemwereinlinewiththeideastheWebsdesignershadinmind,butmanywerenot.Applying RESTprinciplestoyourHTTPapplications,whetheryoubuildthemforhumanconsumption,foruse byanotherprogram,orboth,meansthatyoudotheexactopposite:YoutrytousetheWeb correctly,orifyouobjecttotheideathatoneisrightandoneiswrong:inaRESTfulway.For many,thisisindeedaverynewapproach. Theusualstandarddisclaimerapplies:REST,theWeb,andHTTParenotthesamething;RESTcould beimplementedwithmanydifferenttechnologies,andHTTPisjustoneconcretearchitecturethat happenstofollowtheRESTarchitecturalstyle.SoIshouldactuallybecarefultodistinguishREST fromRESTfulHTTP.Imnot,soletsjustassumethetwoarethesamefortheremainderofthis article. Aswithanynewapproach,ithelpstobeawareofsomecommonpatterns.Inthefirsttwoarticlesof thisseries,Ivetriedtooutlinesomebasiconessuchastheconceptofcollectionresources,the mappingofcalculationresultstoresourcesintheirownright,ortheuseofsyndicationtomodel events.Afuturearticlewillexpandontheseandotherpatterns.Forthisone,though,Iwanttofocus onantipatternstypicalexamplesofattemptedRESTfulHTTPusagethatcreateproblemsandshow thatsomeonehasattempted,butfailed,toadoptRESTideas. LetsstartwithaquicklistofantipatternsIvemanagedtocomeupwith: 1. TunnelingeverythingthroughGET 2. TunnelingeverythingthroughPOST 3. Ignoringcaching 4. Ignoringresponsecodes 5. Misusingcookies

73 InfoQExplores:REST

6. Forgettinghypermedia 7. IgnoringMIMEtypes 8. Breakingselfdescriptiveness Letsgothrougheachofthemindetail.

TunnelingeverythingthroughGET
Tomanypeople,RESTsimplymeansusingHTTPtoexposesomeapplicationfunctionality.The fundamentalandmostimportantoperation(strictlyspeaking,verbormethodwouldbeabetter term)isanHTTPGET.AGETshouldretrievearepresentationofaresourceidentifiedbyaURI,but many,ifnotallexistingHTTPlibrariesandserverprogrammingAPIsmakeitextremelyeasytoview theURInotasaresourceidentifier,butasaconvenientmeanstoencodeparameters.Thisleadsto URIslikethefollowing: http://example.com/some-api?method=deleteCustomer&id=1234 ThecharactersthatmakeupaURIdonot,infact,tellyouanythingabouttheRESTfulnessofa givensystem,butinthisparticularcase,wecanguesstheGETwillnotbesafe:Thecallerwilllikely beheldresponsiblefortheoutcome(thedeletionofacustomer),althoughthespecsaysthatGETis thewrongmethodtouseforsuchcases. Theonlythinginfavorofthisapproachisthatitsveryeasytoprogram,andtrivialtotestfroma browserafterall,youjustneedtopasteaURIintoyouraddressbar,tweaksomeparameters,and offyougo.Themainproblemswiththisantipatternsare: 1. ResourcesarenotidentifiedbyURIs;rather,URIsareusedtoencodeoperationsandtheir parameters 2. TheHTTPmethoddoesnotnecessarilymatchthesemantics 3. Suchlinksareusuallynotintendedtobebookmarked 4. Thereisariskthatcrawlers(e.g.fromsearchenginessuchasGoogle)causeunintendedside effects NotethatAPIsthatfollowthisantipatternmightactuallyendupbeingaccidentallyrestful.Hereis anexample: http://example.com/some-api?method=findCustomer&id=1234 IsthisaURIthatidentifiesanoperationanditsparameters,ordoesitidentifyaresource?Youcould arguebothcases:Thismightbeaperfectlyvalid,bookmarkableURI;doingaGETonitmightbe safe;itmightrespondwithdifferentformatsaccordingtotheAcceptheader,andsupport sophisticatedcaching.Inmanycases,thiswillbeunintentional.Often,APIsstartthisway,exposinga readinterface,butwhendevelopersstartaddingwritefunctionality,youfindoutthatthe

74 InfoQExplores:REST

illusionbreaks(itsunlikelyanupdatetoacustomerwouldoccurviaaPUTtothisURIthe developerwouldprobablycreateanewone).

TunnelingeverythingthroughPOST
Thisantipatternisverysimilartothefirstone,onlythatthistime,thePOSTHTTPmethodisused. POSTcarriesanentitybody,notjustaURI.AtypicalscenariousesasingleURItoPOSTto,and varyingmessagestoexpressdifferingintents.ThisisactuallywhatSOAP1.1webservicesdowhen HTTPisusedasatransportprotocol:ItsactuallytheSOAPmessage,possiblyincludingsome WSAddressingSOAPheaders,thatdetermineswhathappens. OnecouldarguethattunnelingeverythingthroughPOSTsharesalloftheproblemsoftheGET variant,itsjustalittlehardertouseandcannotexplorecaching(notevenaccidentally),norsupport bookmarking.ItactuallydoesntendupviolatinganyRESTprinciplessomuchitsimplyignores them.

Ignoringcaching
Evenifyouusetheverbsastheyareintendedtobeused,youcanstilleasilyruincaching opportunities.TheeasiestwaytodosoisbysimplyincludingaheadersuchasthisoneinyourHTTP response: Cache-control: no-cache Doingsowillsimplypreventcachesfromcachinganything.Ofcoursethismaybewhatyouintendto do,butmoreoftenthannotitsjustadefaultsettingthatsspecifiedinyourwebframework. However,supportingefficientcachingandrevalidationisoneofthekeybenefitsofusingRESTful HTTP.SamRubysuggeststhatakeyquestiontoaskwhenassessingsomethingsRESTfulnessisdo yousupportETags?(ETagsareamechanismintroducedinHTTP1.1toallowaclienttovalidate whetheracachedrepresentationisstillvalid,bymeansofacryptographicchecksum).Theeasiest waytogeneratecorrectheadersistodelegatethistasktoapieceofinfrastructurethatknowshow todothiscorrectlyforexample,bygeneratingafileinadirectoryservedbyaWebserversuchas ApacheHTTPD. Ofcoursetheresaclientsidetothis,too:whenyouimplementaprogrammaticclientforaRESTful service,youshouldactuallyexploitthecachingcapabilitiesthatareavailable,andnotunnecessarily retrievearepresentationagain.Forexample,theservermighthavesenttheinformationthatthe representationistobeconsideredfreshfor600secondsafterafirstretrieval(e.g.becausea backendsystemispolledonlyevery30minutes).Thereisabsolutelynopointinrepeatedly requestingthesameinformationinashorterperiod.Similarlytotheserversideofthings,goingwith aproxycachesuchasSquidontheclientsidemightbeabetteroptionthanbuildingthislogic yourself.

75 InfoQExplores:REST

CachinginHTTPispowerfulandcomplex;foraverygoodguide,turntoMarkNottinghamsCache Tutorial.

Ignoringstatuscodes
UnknowntomanyWebdevelopers,HTTPhasaveryrichsetofapplicationlevelstatuscodesfor dealingwithdifferentscenarios.Mostofusarefamiliarwith200(OK),404(Notfound),and500 (Internalservererror).Buttherearemanymore,andusingthemcorrectlymeansthatclientsand serverscancommunicateonasemanticallyricherlevel. Forexample,a201(Created)responsecodesignalsthatanewresourcehasbeencreated,theURI ofwhichcanbefoundinaLocationheaderintheresponse.A409(Conflict)informstheclientthat thereisaconflict,e.g.whenaPUTisusedwithdatabasedonanolderversionofaresource.A412 (PreconditionFailed)saysthattheservercouldntmeettheclientsexpectations. Anotheraspectofusingstatuscodescorrectlyaffectstheclient:Thestatuscodesindifferentclasses (e.g.allinthe2xxrange,allinthe5xxrange)aresupposedtobetreatedaccordingtoacommon overallapproache.g.aclientshouldtreatall2xxcodesassuccessindicators,evenifithasntbeen codedtohandlethespecificcodethathasbeenreturned. ManyapplicationsthatclaimtobeRESTfulreturnonly200or500,oreven200only(withafailure textcontainedintheresponsebodyagain,seeSOAP).Ifyouwant,youcancallthistunneling errorsthroughstatuscode200,butwhateveryouconsidertobetherightterm:ifyoudontexploit therichapplicationsemanticsofHTTPsstatuscodes,youremissinganopportunityforincreased reuse,betterinteroperability,andloosercoupling.

Misusingcookies
UsingcookiestopropagateakeytosomeserversidesessionstateisanotherRESTantipattern. CookiesareasuresignthatsomethingisnotRESTful.Right?No;notnecessarily.Oneofthekey ideasofRESTisstatelessnessnotinthesensethataservercannotstoreanydata:itsfineifthere isresourcestate,orclientstate.Itssessionstatethatisdisallowedduetoscalability,reliabilityand couplingreasons.Themosttypicaluseofcookiesistostoreakeythatlinkstosomeserversidedata structurethatiskeptinmemory.Thismeansthatthecookie,whichthebrowserpassesalongwith eachrequest,isusedtoestablishconversational,orsession,state. Ifacookieisusedtostoresomeinformation,suchasanauthenticationtoken,thattheservercan validatewithoutrelianceonsessionstate,cookiesareperfectlyRESTfulwithonecaveat:They shouldntbeusedtoencodeinformationthatcanbetransferredbyother,morestandardizedmeans (e.g.intheURI,somestandardheaderorinrarecasesinthemessagebody).Forexample,its preferabletouseHTTPauthenticationfromaRESTfulHTTPpointofview.

76 InfoQExplores:REST

Forgettinghypermedia
ThefirstRESTideathatshardtoacceptisthestandardsetofmethods.RESTtheorydoesntspecify whichmethodsmakeupthestandardset,itjustsaysthereshouldbealimitedsetthatisapplicable toallresources.HTTPfixesthematGET,PUT,POSTandDELETE(primarily,atleast),andcastingallof yourapplicationsemanticsintojustthesefourverbstakessomegettingusedto.Butonceyouve donethat,peoplestartusingasubsetofwhatactuallymakesupRESTasortofWebbasedCRUD (Create,Read,Update,Delete)architecture.Applicationsthatexposethisantipatternarenotreally unRESTful(ifthereevenissuchathing),theyjustfailtoexploitanotherofRESTscoreconcepts: hypermediaastheengineofapplicationstate. Hypermedia,theconceptoflinkingthingstogether,iswhatmakestheWebawebaconnectedset ofresources,whereapplicationsmovefromonestatetothenextbyfollowinglinks.Thatmight soundalittleesoteric,butinfacttherearesomevalidreasonsforfollowingthisprinciple. ThefirstindicatoroftheForgettinghypermediaantipatternistheabsenceoflinksin representations.ThereisoftenarecipeforconstructingURIsontheclientside,buttheclientnever followslinksbecausetheserversimplydoesntsendany.Aslightlybettervariantusesamixtureof URIconstructionandlinkfollowing,wherelinkstypicallyrepresentrelationsintheunderlyingdata model.Butideally,aclientshouldhavetoknowasingleURIonly;everythingelseindividualURIs, aswellasrecipesforconstructingtheme.g.incaseofqueriesshouldbecommunicatedvia hypermedia,aslinkswithinresourcerepresentations.AgoodexampleistheAtomPublishing Protocolwithitsnotionofservicedocuments,whichoffernamedelementsforeachcollectionwithin thedomainthatitdescribes.Finally,thepossiblestatetransitionstheapplicationcangothrough shouldbecommunicateddynamically,andtheclientshouldbeabletofollowthemwithaslittle beforehandknowledgeofthemaspossible.AgoodexampleofthisisHTML,whichcontainsenough informationforthebrowsertoofferafullydynamicinterfacetotheuser. IconsideredaddinghumanreadableURIsasanotherantipattern.Ididnot,becauseIlikereadable andhackableURIsasmuchasanybody.ButwhensomeonestartswithREST,theyoftenwaste endlesshoursindiscussionsaboutthecorrectURIdesign,buttotallyforgetthehypermediaaspect. SomyadvicewouldbetolimitthetimeyouspendonfindingtheperfectURIdesign(afterall,their juststrings),andinvestsomeofthatenergyintofindinggoodplacestoprovidelinkswithinyour representations.

IgnoringMIMEtypes
HTTPsnotionofcontentnegotiationallowsaclienttoretrievedifferentrepresentationsofresources basedonitsneeds.Forexample,aresourcemighthavearepresentationindifferentformatssuchas XML,JSON,orYAML,forconsumptionbyconsumersimplementedinJava,JavaScript,andRuby respectively.OrtheremightbeamachinereadableformatsuchasXMLinadditiontoaPDFor JPEGversionforhumans.Oritmightsupportboththev1.1andthev1.2versionsofsomecustom

77 InfoQExplores:REST

representationformat.Inanycase,whiletheremaybegoodreasonsforhavingonerepresentation formatonly,itsoftenanindicationofanothermissedopportunity. Itsprobablyobviousthatthemoreunforeseenclientsareableto(re)useaservice,thebetter.For thisreason,itsmuchbettertorelyonexisting,predefined,widelyknownformatsthantoinvent proprietaryonesanargumentthatleadstothelastantipatternaddressedinthisarticle.

Breakingselfdescriptiveness
ThisantipatternissocommonthatitsvisibleinalmosteveryRESTapplication,eveninthose createdbythosewhocallthemselvesRESTafariansmyselfincluded:breakingtheconstraintof selfdescriptiveness(whichisanidealthathaslesstodowithAIsciencefictionthanonemightthink atfirstglance).Ideally,amessageanHTTPrequestorHTTPresponse,includingheadersandthe bodyshouldcontainenoughinformationforanygenericclient,serverorintermediarytobeableto processit.Forexample,whenyourbrowserretrievessomeprotectedresourcesPDFrepresentation, youcanseehowalloftheexistingagreementsintermsofstandardskickin:someHTTP authenticationexchangetakesplace,theremightbesomecachingand/orrevalidation,the contenttypeheadersentbytheserver(application/pdf)triggersthestartupofthePDFviewer registeredonyoursystem,andfinallyyoucanreadthePDFonyourscreen.Anyotheruserinthe worldcouldusehisorherowninfrastructuretoperformthesamerequest.Iftheserverdeveloper addsanothercontenttype,anyoftheserversclients(orservicesconsumers)justneedtomakesure theyhavetheappropriateviewerinstalled. Everytimeyouinventyourownheaders,formats,orprotocolsyoubreaktheselfdescriptiveness constrainttoacertaindegree.Ifyouwanttotakeanextremeposition,anythingnotbeing standardizedbyanofficialstandardsbodybreaksthisconstraint,andcanbeconsideredacaseofthis antipattern.Inpractice,youstriveforfollowingstandardsasmuchaspossible,andacceptthat someconventionmightonlyapplyinasmallerdomain(e.g.yourserviceandtheclientsspecifically developedagainstit).

Summary
EversincetheGangofFourpublishedtheirbook,whichkickstartedthepatternsmovement,many peoplemisunderstooditandtriedtoapplyasmanypatternsaspossibleanotionthathasbeen ridiculedforequallyaslong.Patternsshouldbeappliedif,andonlyif,theymatchthecontext. Similarly,onecouldreligiouslytrytoavoidalloftheantipatternsinanygivendomain.Inmanycases, therearegoodreasonsforviolatinganyrule,orinRESTterminology:relaxanyparticularconstraint. Itsfinetodosobutitsusefultobeawareofthefact,andthenmakeamoreinformeddecision. Hopefully,thisarticlehelpsyoutoavoidsomeofthemostcommonpitfallswhenstartingyourfirst RESTprojects. ManythankstoJavierBotanaandBurkhardNeppertforfeedbackonadraftofthisarticle.

78 InfoQExplores:REST

Link:http://www.infoq.com/articles/restantipatterns RelatedContents WhatMakesGoodREST? Debate:ShouldArchitectureRewritebeAvoided? Decisionsdrivenbyproductivityconcerns:Reasons,implicationsandlimitations PreservingflexibilitywhileusingActiveRecordpattern Canarchitecturecreateagapbetweendevelopersandsoftwaretheybuild?

79 InfoQExplores:REST

Interview

IanRobinsondiscussesREST,WS*and ImplementinganSOA
InthisinterviewfromQConSanFrancisco2008,IanRobinsondiscussesRESTvs.WS*,REST contracts,WADL,howtoapproachcompanywideSOAinitiatives,howanSOAchangesacompany, SOAandAgile,toolsupportforREST,reuseandforeseeingclientneeds,versioningandthefutureof RESTbasedservicesinenterpriseSOAdevelopment. IanRobinsonisaPrincipalConsultantwithThoughtWorks,wherehespecializesin thedesignanddeliveryofserviceorientedanddistributedsystems.Hehaswritten guidanceforMicrosoftonimplementingintegrationpatternswithMicrosoft technologies,andhaspublishedarticlesonbusinessorienteddevelopment methodologiesanddistributedsystemsdesign. InfoQ:Hi.MynameisRyanSlobojanandIamherewithIanRobinson.Ian,whatdoyoucurrently considertobethebesttechnicaloptionforcreatingaserviceorientedarchitecture?WS*or REST? IanRobinson:Ithinkitisalwaysgoingtodepend;wearealwaysgoingtohaveheterogeneous environmentswithintheenterprise.Therearelikelytechnologiesthatarealreadyinplace, applicationsthatarealreadyinplacethatuseWS*,anditisunlikelythatwewouldwanttoreplace thosejusttoimposesomekindofuniformsolution.Alotofthestacksofferakindofhomogenous developmentenvironment.Andifwearedevelopingtheinternalsofanapplicationortheinternals ofaservicewecancertainlytakeadvantageofalotofthoseWS*compliantapplicationsand interfaces.Ithinkoncewearelookingfortremendousreachandscalability,whenwearelookingto extendacrossorganizationalboundaries,thenwemightwanttolookatmoreRESTfulsolutions.We willhavetechnologiesateitherend,technologystacksthathavesimpleHTTPclients,wecantake advantageofthose,wearenothavingtoworrysomuchaboutincompatibilitiesbetweendifferent versionsofaWS*specification.SoIthinkreallybeingabletotakeadvantageofsomeoftheweb's infrastructure,someofthescalabilitythatisinherentinthatinfrastructuremightguideustowards adoptingaRESTfulsolutionforthosepartsofourSOA. InfoQ:Oneoftheotherquestionswhichcomestomindishowdoyouviewthenotionofcontracts withinaRESTscenario? IanRobinson:Ithinkcontracts,asweareusedtothemfromthewebservicesstack,aren't necessarilyasapplicableinaRESTfulenvironmentoraRESTfulsolution.Nonethelesscontractsare there,arepresentinoneformoranother,andit'sprobablyworthinvestigatingthoseindetail.But

80 InfoQExplores:REST

firstIwilljusttalkalittlebitaboutthosewebservicescontracts:WSDLandWSPolicy.Togetherthey aretypicallysaidtocompriseawebservicecontract.WSDLexposestheendpointsandthe operationsthatcanbeperformedatthoseendpoints.AndWSPolicyassertssomeofthe qualityofservicecharacteristicsthatmightbeassociatedwiththatservice. WSDLinparticularseemstoencouragearemoteoperationviewoftheworld.It'sverystatic,very upfrontwearekindofcommittingveryearlytothewayinwhichwewanttoconsumeaservice.Ina RESTfulsolutiontypicallywhatwearetryingtodoisguideaclienttowardsitsgoal.Sotheclient makesarequestofourserviceandwe'llserveupsomekindofrepresentation,itmightbea representationofanorderforexample.Itmaybethatwewanttoprogressthatorderthrough severalstates,ideallywhatwewanttodoinsidethatrepresentationisadvertisesomeofthe possibletransitionstothenextstageorthenextstateinprocessingthatorder.Sowe'renot necessarilyhavingtoadvertiseupfrontinsomeexternalcontractwhatisthatwecandowithan order,therepresentationitselfoffersupseveralopportunitiestomanipulatethatorder.Sothisis that"hypermediaasthelevertoapplicationstate"constraintwithinREST. Soreallythecontractsarebeingexposedgraduallyinarathermoredynamicfashion.Wearestill treatingwiththeclientoverthecourseofseveralrequestsandresponses.Butweareenablingthat clienttomakedecisionsontheflyastowhereitwantstogonext.OneofthethingsthatIthinkwe reallywanttotryandadheretohereiscarefuluseofmediatypesorMIMEtypes.Soahandfulof goodmediatypeswithintheirprocessingmodel,basicallyadvertisewhatisahyperlink,whatare thosehypermedialeversthatareavailablewithinthatparticularmediatype. Soifwearebuildingrathergenericclientsthatcanhandletheseparticularmediatypes,thenthey canbegintoidentifythosepossiblestatetransitions,thosepossibleontheflyelementsofthe contractandbegintoactonthemthereandthen.Sowecanstartlayeringsomeapplicationspecific intelligenceontopofsomeverygenericRESTclientsandweareusingmediatypestoguidethose clientstogetherwiththeparticularrepresentationsthatweareservingup.Weareusingthoseto guidethoseclientstowardsthesuccessfulcompletionoftheirgoals.Doesthatmakesense? InfoQ:Yes,itdoes.SowhatareyourthoughtsonWADL,WebApplicationDescriptorLanguage? IanRobinson:WecoulduseWADL.WADLeffectivelyallowsustodescribesomeoftheoperations thatwecouldperformagainstanyparticularresource.WecouldusethatinaWSDLlikewayto providesomestaticupfrontdescriptionoftheservice.OrwecouldactuallyuseWADLtoannotate someofthoserepresentationsastheycomebackandsay"Lookhereistoday'scontractforthis order.Herearethethingsthatyoucandowiththisordertodaywiththisparticularrepresentation". WehaveactuallyusedWADLtoannotatethatrepresentationandprovidesomekindofcontractlike semanticsonthefly.Ithinkthatisapreferablesolution.Obviouslywe'vetalkedaboutothermedia types,thingslikeRDFhasarichprocessingmodelthatallowsusagaintoidentifyparticularlinksand thesemanticsattachedtothoselinkssothatwecouldinterrogatearepresentationandthenbegin toprogressit,inmakingfurtherrequestsoftheservice. InfoQ:HowwouldyouapproachalargescalecompanywideSOAproject?

81 InfoQExplores:REST

IanRobinson:AnapproachwehaveusedsuccessfullyinthepastatThoughtworks,thisisan approachIhaveusedwithanumberofcompanieswheretheyoftenhaveaverysuccessfulpedigree inmainframeapplicationdevelopmentandinothermorerecentkindsofapplicationdevelopment aswell,buttheydon'tnecessarilyhaveanyexperienceatSOA.Nonethelessthereareverystrong pressuresforsomesignificantchangetotakeplace,marketconditionsarechanging,theyarefinding thattheirexistingapplicationsaredifficulttochange,expensivetochangesoallofthisleadsthemto believethattheyneedsomekindofSOAsolution. There'sanobviousneedthere;theyhavealotofexperienceinotherkindsofapplication development;andtheyareawarethatthere'salotofSOAexperienceouttherebuttheydon't necessarilypossesitatthispointintime.Whatdotheydo?Howdotheygetstarted?Whatweare tryingtodoisprovidesomekindofacceleratedroutetowardsidentifyinganddevelopingservices, andthendeliveringthemintotheenterprisesoastodeliververyrealsignificantbusinessvalue, valuethatmeetsthatcompany'sstrategicgoals.Sotypicallywhatwedoispresentaveryverysimple map,ideallyIwouldliketobeabletodrawthatupforyou,butitbasicallyprogressesfromleftto rightandonthelefthandsideIjustdrawfewboxesthatrepresentsomeofthoseorganizational units,theirkeygoals,whatisittheyaretryingtoachieve,what'simpedingthem...Inthemiddleof ourmapwediagramcapabilities,andthenoverontherighthandsidewedescribeservicesandthen specifictechnicalimplementationsofthoseservices. AndIsay"Whatwearegoingtodotogetheroverthecourse,say,ofacoupleofmonthsisweare goingtobeginpopulatingthismapwithdetail,wearegoingtostartattachingveryspecificartifacts topartsofthismap".Sowearegoingtostarttryingtounderstandwhosomeofthekeystakeholders hereare,whataretheirkeygoals,whataretheytryingtoachieve,what'smotivatingthem?Andwe aregoingtodothatthroughanumberofworkshopexercises,thingslikethat.Andfromthatweare thengoingtostarttryingtoidentifysomekeyorcorecapabilitiesthatbelongtoyourorganization. Whatkindofcapabilitiesorwhatabilitiesdoyouneedtobeabletofurnishinordertomeetsomeof thosekeygoals?Soagainyouwanttodrawthoseoutasquicklyaspossible,doingjustenoughwork togetsomekindofsenseoftheoverallscopeoftheengagement.Thenwearegoingtostarttrying toassignthosecapabilitiestoservices. Wesaythatservicesarehostsforoneormorebusinesscapabilities.Andthenwecanbeginmaking somedecisionsabouthowweactuallywanttoimplementthoseservices,whatspecifictechnologies, whatarchitecturalapproachesdowewanttotake,inordertoimplementthoseservices.Soboiled downtoitscore,Italkaboutstories,capabilities,servicesandcontracts.StoriesItakefromthings likeBehaviourDrivenDevelopment,andusingstoriesandthestoryformattodescribearole"I wanttoachievethis,sothat"andthenIdescribesomekindofvalueattachedtoachievingthat goal,soidentifyingarole,agoalandavalueattachedtothatgoal. Weusethatkindofstoryformatveryoftenwithpeoplewithstrategicresponsibilitiesatthe beginningofaninitiative.We'llaskthemreallytotryanddescribesomeoftheirkeybusinessgoals, andthevaluethattheyattachtothem.Andthen,asacomplementtothat,wetryandderivewhat sortofcapabilitiesarethatthatcompanypossessesorneedstofurnishinordertomeetthosegoals. Sowhatwearetryingtocreateisacapabilitymap,verysimple,oftenthiskindofhierarchical description,butit'sadescriptionreallyofwhatitisthatthecompanydoesorwhatitistryingto

82 InfoQExplores:REST

achieve.Andthenthatbecomesthebasisforawholebunchofotherconversationsbothwith strategicstakeholdersandsomeoftheoperationalstaff. Whichofthesecapabilitiesarecoretoyourbusiness?Whichofthemdifferentiatethem,or differentiateyoufromyourcompetitors?Whichofthemdoyoudowelltoday,andwhichofthemdo youdobadly?Arethereanythatyoucouldoutsource?Andwhatareyourkindofqualityofservice expectationsaroundthesecapabilities?Andwearenotatthismomentintimetalkingabouthowwe implementthem,butifyouneedtobeabletosourcepartsforsecondhandcars,what'sthe turnaroundtimeonthatkindofexpectedprovisionofthatserviceorthatkeycapability?Sowecan askallofthesequestions,wecanbegintoderivesomekindofqualityofservicecharacteristics. Thenwearebeginningtohoneinonsomeofthekeycapabilities,thethingsthatareveryvery significant,veryimportanttothiscompany,orthingsthattheyarenotcurrentlydoingwellbutwhich nonethelesstheyoughttobedoingbetter.Wecanthenstarttoidentifyservices,startassigning thosecapabilitiestoservices.Andthenwecanstartmakingsomedecisionsabouthowtoactually buildtheseservices.Nowoftenthattakesplaceinanenvironmentwherethereisawholebunchof inflightprojects,soagainaspartofthisveryquickstartwayofapproachinganSOAinitiative,we starttotryandmapsomeofthosekeycapabilitiesandperhapssomeofthecandidateservicesthat we'veidentifiedtoinflightprojectssowearebeginningtocreatethissharedunderstanding betweenseveralteams,severaldifferentgroupsofstakeholders,wearetryingtobringthem togetherwithinthisverysimplemap,andhelpthemunderstandtheseveraldependenciesbetween differentprojectstreams. Thisisreallyaniterativeexercise,soasIsaywe'llgothroughanumberofworkshopstoidentify someveryhighlevelsandkeycapabilitiesandwemightimmediately,followingonfromthat,tryto identifysomecandidateservicesandstarttryingtodeliververyquicklysomeworkingsoftwarethat helpssatisfysomeofthoseservicebehaviors.Butwe'llconstantlybegoingback,engagingmore stakeholders,drillingdownanddiscussingmoreofthosecapabilitiesindetail.Butagainit'sa conversationaroundwhatisityouaretryingtoachieve,whyisitimportanttoyou,whatkindof qualityofservicecharacteristicsdoyouattachtothesethings?Sothisisthebasisofthekindof conversationthatcanjoinupseveraldifferentpartieswithintheorganization,someofthose businessstakeholders,someofthosetechnicalstakeholders.Sothecapabilitiesbecomethis ubiquitouslanguageandthentheservicesandtheserviceimplementationsarereally implementationdetails.Nowwecanbegintosharesomeofthatwiththatgroupofstakeholders, butreallyIseethelinkasbeingreallythoseconversationsaroundthecapabilities. InfoQ:OneofthequestionsthatcomestomindishowdoesimplementingaSOAchangean organizationwhichdidnotpreviouslyhaveone?Howdoesitchangetheflowofworkwithinan organizationandcapabilities? IanRobinson:Ithinkoneofthefirsteffectsreallyisawholebunchofpeoplewhohavenot necessarilytalkedtooneanothertoomuchactuallycomingtogetherandcreatingashared understandingofwhatitistheyaretryingtodo,andwhyit'simportant,anddoingitinsomevery simplepracticalterms.Wearenotusingstrictlytechnicallanguageatthispointintime.Sowe're creatingthissharedunderstanding,andoftenthat'sarealbreathoffreshairforsomeofthese

83 InfoQExplores:REST

organizationswheretheyhavebeenlockedinverysiloedefforts,thereisalotofrepeatedor duplicatedeffortacrosstheorganization.Wearebeginningtoidentifysomeofthatandwe're helpingpeoplebridgesomeofthosegaps. Aswestartactuallydeliveringworkingsoftware,wearealsotryingtoencouragethoseteamsto collaborate,toidentifydependenciesandresponsibilities.Thisteamoverheremighthavesomevery realresponsibilitiestoyourteamoverthere,howcanwecommunicatethoseandhowcanwe continuallyenforcethoseresponsibilities.Andoneofthewaysthatweliketodothatistoactually sharetests.Soyourteamcouldactuallycreateasuiteofteststhatassertsomeoftheexpectations thatyouhaveofmyservicethisisthewayinwhichyouwanttointeractwithit. Thesearethepartsoftheservicethatareimportanttoyou.Andyougiveusthosesuitesoftests, andwemightincorporatethemintoourcontinuousintegrationenvironment,sowehavethisvery practicalprogrammaticassertedbehavior.Soweareactuallygettingtheseprogrammaticcontracts beingexchangedbetweenteams.Wearealsotryingtoencourageteamstobemorelonglived,so theylivewithaservicefromitsinceptionthroughtoitsoperationratherthanacoreteambeing dedicatedsolelytodevelopmentandthenhandingovertosomeothersupportfunction. Nowagainthat'softenquiteasignificantorganizationalchange,it'snotalwayseasilyaccomplished andit'snotalwaysappropriate,buttryingtoencourageteamstohavethislongoveralldutyofcare tothelifetimeofthesystemandtotakeaccountoftheseveraldifferentpartiesthataregoingtobe responsibleforthatsystemandthinkingaboutthatalittleearlierinthedevelopmentlifecycle.So againtherearethosekindsofverypracticalchangesthatwebegintoseetakeplacewithinan organizationaspeoplearecomingtogetheraroundthesesharedgoalsandaswearethinkingofvery practicalwaysofcommunicating,exchangingunderstandingandcreatingtheseprogrammatic contractsbetweenteams. InfoQ:Oneofthethoughtswhichcomestomindwhilelisteningtowhatyouaresayingisthatalot ofwhatyouaredescribingsoundsalotlikeanAgileimplementation.DoyouseeagoodSOA architecturewithinanorganizationandAgilebeingnecessarilyintertwined? IanRobinson:Yes,butIwanttocaveatthatquiteabit.TherearethreetermsthatI'mquitewaryof, particularlyaroundSOAinitiatives:thosetermsareAgile,integrationandbusinessprocess.So,I thinkit'sakindofopenquestioneventoday:canwecreateorganizationalorenterpriseagilityusing Agileprojectmanagementorsoftwaredeliverymethods?Sopeopleoftensay:canwedoAgileSOA? Sometimesthat'saCIOisveryskeptical,sayingtherigorsofSOAdon'tseemtogowiththis,seeming gunghoattitudethatAgilehas,howcanthetwocometogether?Andsometimesit'sakindof dogmaticAgilepractitionerworryingthatthekindofprotractedexercisesthatseemnecessaryto SOAcan'tbemadeAgileandthereforetheyarealmostquestioningSOA'srighttoexist. SocanwedoAgileSOA?Tomethat'sthewrongquestion.Bettertoask:whatcanwedotobetter meetanorganization'skeystrategicgoals?Whateverisappropriateisappropriate.NowasAgile practitioners,we'vegotawholebunchofactivities,practices,principlesthatwecanbringtothe table.Someofthemaremoreappropriatethanothers,someofthemhavetobemodified.Because wearedealingoftenwithteamsatadistance,projectsworkingwithindifferenttimestreams,it's verydifficulttocoordinateallofthosethings.Wecan'talwaysjustpourourknowledgeoutontoa

84 InfoQExplores:REST

bunchofcardsaroundatable,weareoftendealingwithascalewherethat'snotpracticalor possible. Nonetheless,therearesomekeythingsthatwetakeawayfromAgile,thisdesiretohaveinsight, daytodayorminutetominuteinsightintooursystems,andthewaytheyarebehaving,desireto haveverystrictandclosefeedbackloops.SoI'moftenlookingforstrategiesandtechniquesand practicesthatcanencouragethosethingsandthat'sanattitudethatIbringfromAgile,butwhether ornotIamdoingAgileSOAtomeisanecumenicalmatter,Iamnotoverlyinterestedwhetherornot IamdoingAgileSOA.IsaidacoupleofothertermsthatIamwaryofaswell,integration.SoIoften seeorganizationswithsomekindofintegrationgroup,ortheyaretalkingveryoftenaboutdoing integration. Integrationtomeisabitofabadsmell,itsuggeststhatwhatyouaretryingtodoafterthefactis gluetogetherabunchofsystemsandfixupabunchofbaddecisions.SoIprefertotalkabout intrinsicinteroperability,thoughIcanbarelysaytheword,andwithinaRESTfulsolutionthatisoften leadingtoserendipitousreuse.Butintrinsicinteroperability,evenworsethesecondtime,over integration.NowIrecognizethatintegrationisabsolutelynecessary.There'sawholeloadof integrationactivitythattakesplacedaytodayandveryoftenwhenwearebuildingoutaservicea lotoftheinternalimplementationsofthatservicemightbeabunchofintegrationactivities.Butlet's notprizeintegrationassomethingthatwedosuccessfullyanditmakestheworldabetterplace. AndthelasttermthatIamwaryof,andagainIrecognizethatitisnecessary,butit'sthisterm "businessprocess".Businessprocesstome,itseemsanoverlyformalterm,it'satermthatisusedby abunchofspecialistsbutit'snotnecessarilymeaningfultothosepeopleonthegroundwhoare actuallyachievingacompany'sgoalsdaytoday.There'sawholebunchofadhocactivities, collaborationsthattakeplace.Ifyouareofaparticularstrategicmind,youmighttryanddivine businessprocessesoroverlaythisformalityontopofthem.Butifwetalktooquicklyaboutbusiness processesweenduptalkingabouttheseratherfragileassembliesorsequencesorworkflows.And wesay"Wellthisisthewaytheworldistodayandthisisthewayitoughttobe". Infactabusinessprocessagainisoftenanimplementationdetailofoneofthosecapabilities.Today weimplementthecapabilitytosourcesecondhandpartsforyourcar,somehurriedstaffinthecall centerhavetogothroughafilingcabinet,that'sthebusinessprocesstoday.Tomorrowwemight automateit,buttheyareimplementationdetails.SoagainIrecognizethatitisaveryimportantterm, butifIamlookingforanAgileSOAsolutionthatisorientedaroundintegrationandbusiness processes,IthinkIamslightlyofftrack.IfIamtryingtodelivertosomeofthosesignificantgoals, providingsolutionsthatarecapableofevolving,wherewe'vegotrapidfeedbackandminuteto minuteinsightintothebehaviorsofoursystem,that'sgood.Ifwearedoingintegrationinsideofour servicesthat'sabsolutelynecessaryintegrationbutprotectingalltheotherconsumersofthatservice fromthatkindofmessydetail,that'sgood.Andifwearetalkingaboutbusinessprocessesasapure implementationdetailofsomeofthosekeycapabilities,againthat'sfine. InfoQ:Canyoutalkaboutthecurrentstateoftoolsupportfordeveloperswhowanttogetgoing withRESTbasedwebservicesandframeworksandtoolsandbestpractices? IanRobinson:Ok,sothestateoftoolsupportfordoingRESTfuldevelopment.Well,thebasetools

85 InfoQExplores:REST

arethereinmostdevelopmentlanguagesHTTPclientsandwaysofhostingsolutionssotheyare listeningtoanHTTPendpointaswell...Letmehaveathinkaboutthat.Iamnotoverlyfamiliarwith awidevarietyoftools,andIwouldsayIsupposethereisn'tterrifictoolsupportinawaythatthere iswiththeWS*stack.Sotypicallyasadeveloperwhatwewantwhenwearedevelopingaweb service,issomeWSDLthatwecanthenusetoautogeneratesomekindofproxy. IfsomeoftherepresentationsthatweareservingupinaRESTfulmannerconformtosomeXML schema,thenit'slikelywehavegotsomekindofautomatedtoolsupportforproducingthose stronglytypedrepresentationsinourownlanguageforserializinganddeserializing.Idon'tthink that'sabsolutelynecessary,Imuchpreferto,againifweareusingXML,toXPathoutthepartsofthe messagethatIamreallyreallyinterestedinanddiscardalltherest.AndI'dprobablyadoptthat approachevenwhenusingthewebservicesstack.Soagainmypreferenceisnottoautogenerate proxiesandclientsagainstaparticularversionoftheschema,butinsteadjusttoparseoutthebitsof themessagethatIamreallyinterestedin,andIwouldadoptexactlythesameapproachinaRESTful solution. WhatIhavedonealittleworkonrecentlyisaverysimpleDSLforexpressingaclient'sexpectations withregardtoaparticularmessageorrepresentation.SothatDSLitlooksalittlelikeYAMLbasically abunchofnestedtermstogetherwithatype,Iexpectthistobeastring,Iexpectthistobean integer.ButitisveryconcisebutthenfromthatIcangenerateawholebunchofthings,Ican generateabunchofXPathassertionssothatIcanvalidateincomingmessagesifIwantorIcan validatethemonthewayout.Icangenerateserializersanddeserializersthatarededicatedto satisfyingmyexpectationswithregardtothekindofmessagesthatyouareproducing.Icanalsouse ittogenerateagraphthat,withregardtothisparticularschema,thisgraphbeginstodescribesome oftheexpectationsthatdifferentclientshaveofthatschema. SoIambuildingupeffectivelythiskindofsocialnetworksforcontracts.Soallthesedifferent artifactswecangenerateoffthetopofsomethingproducedwiththisDSL.It'ssomethingthatIam playingwithatthemoment,butthatseemstometobeawayofbeingabletoexpressmy expectationsofamessageandthencreatetypeclassesthatarereallydedicatedtothose expectations,towardsservicingthoseexpectations.SoI'vekindofgotabitofftrackintermsofyour questionaroundRESTtoolsupport.IndevelopingsomesolutionsrecentlywithAtomandAtomPub, whatI'vereallywantedtoensureisthattheprotocolandthewayinwhichthoseclientsare interactingwiththosefeedsisbeingadheredto,soIwanttocreateawholebunchofunittests aroundtheservicethatisgeneratingthosefeeds. AndIwanttobeabletoassertthatspecificHTTPheadersarecomingback,certainresponsecodesin responsetoaparticularstimulus.WhatIfound,andIwasdoingthisonthe.Netframework,whatI foundwasthatyoucanveryquicklygetintothatHTTPcontext,butforeverytest,whatyouare havingtodoisactuallyinstantiateaserviceoverHTTPandcommunicatewithit.SowhatIhavedone isjustcreateasimplewrapperaroundthatHTTPcontext,it'saninterfacethatIown,andthenIcan mockitoutandobviouslysetexpectationswithregardtothatmock.AndthenI'vegotaseparate bunchofteststhatjustassertthatspecificimplementationsofthatinterfaceactuallydelegateto the.Netframework.Oneofthethingsthatwewanttobedoingistestingtheprotocol;likeIsaid, that'sintermsofstatuscodes,headers,thatkindofstuff.

86 InfoQExplores:REST

InfoQ:Howcanyouachievereuse,andhowcanaproviderforeseetheneedsofitsclients? IanRobinson:GoingbacktosomethingthatMartinsaidinthekeynotethismorning,ourexperience isthatreuseoftenhappensafterthefact.Let'sdoonethingwellweunderstandthespecific contextinwhichthisparticularlypieceoffunctionalityistowork,let'sdelivertothat.Thenwebegin toidentifyopportunitiesforreuse.Ifwehaveasuiteofunitteststhenwehaveabedrockofasserted behaviorthatwillallowustoevolveapieceofsoftwaretowardsamoregenericsolution.Soasnew usecasescomealong,weareidentifyingthoseopportunitiesforreuse,wecanevolveoursoftware quiterapidlyandthatsuiteoftestshelpsensurethatourexistingobligationsarebeingsatisfied. WhatwehavedoneatThoughtworkswithanumberofclientsonanumberofprojectsisthenwe'll extendthis,andit'ssomethingthatItalkedaboutearlierinfact,whereby,ifwearetalkingabout reusingaspectsofservices,partsofservices,thenwe'lloftenhaveclientorconsumerteamsgiveus asuiteofteststhatdescribetheirexpectationswithregardtoourserviceor,ifweareearlierinthe softwareortheservicedevelopmentlifecycle,thentogethertheseteamswillhelpestablish obligationsandexpectations.Youneedthisofme,youneedtoseethishappen,howcanwe describethatasacontractbetweenthetwoofus,andhowcanwethenturnthatcontractinto perhapsasuiteoftests,perhapsagainXPathorSchematron,thatsay"yousendmethismessageor ifIsendyouthismessagethisisthekindofresponsethatIexpect". AndthesearethepartsoftheresponsethatIamparticularlyinterestedin.So,whenyougiveme thatsuiteoftestsyouarebasicallycommunicatingtomeyourexpectationsandthenitmaybethat anotherclientorconsumercomesalongandgivesmeasimilarsuiteoftests,andgraduallyI'm buildingupmyoverallaggregatesetofobligations,soI'mbeginningtolearn.Thisoftentakesplace withinacontrolledenvironment,withintheenterprise,it'snotnecessarilyanInternetscalesolution. ButI'mbeginningtounderstandwhatmyobligationsarewithrespecttoseveraldifferentpartiesand thenifIwanttoevolvemyservice,wellI'mfreetodosojustaslongasIdon'tbreakanyofthose expectations. Onyoursidewhatyou'repromisingis,youknow,you'veadvertisedanenormousschemaactually weareinterestedinthesefivedifferentfields,whatwe'repromisingisthatweareonlygoingto consumethosefivefieldsandwearegoingtothrowanythingelseaway.Soyou'refreetochange everythingelseaslongasyoucontinuetoprovidethosefivefields,sothepromiseonyoursideis youarenotimportingormakinguseofstuffthatyouarenottellingmeabout.Andthenasaservice providerI'mquitefreetochangemyschematoevolveitaslongasIdon'tbreakanyofthoseexisting obligationsandinfactIcanmakeachangethatisostensiblyabreakingchangebutaslongasitis notactuallybreakinganyofmyextantclients,whocares?Sotheversioning...There'sdefinitely versioningtakingplacehere,butitisoftenataslowerpace. Idon'tnecessarilyneedtoversionifIknowthatI'mgoingtocontinuetosatisfyallthoseexisting clients.It'swhenIidentifyarealbreakingchangeandIneedtocommunicatethattoyou,weneedto beabletoidentifysomewayofmovingforwards.ThatmightbethatIprovideanalternative implementationthatsupportsyouforthenext6months,itmightbethatyouhavetobegintomake somechangesnow. InfoQ:Youhadmentionedversioning.Whatdoyouconsidersomeofthebestapproacheswith

87 InfoQExplores:REST

regardstoversioning? IanRobinson:Ithinkit'sfirstlyaboutprovidingaplatformforevolution.SowithXMLschemawecan provideforextensibilitypoints,wecandesignschemaswithextensibilityinmind.That'softenquite cumbersome,andthemessagesasthey'veevolvedovertimeactuallybegintolookratherawkward andarenotnecessarilyasexpressiveastheymightbe.I'vetalkedalittlearoundwhatwe'recalling consumerdrivencontractsandthefactthattheyhelpmeunderstandwhenachangeisreallya breakingchangeandwhenwhat'saseemingbreakingchangeactuallydoesn'treallydisturbthe universeatall.So,thereareveryrealdemandsforaversioningstrategywithinanorganization. Youknowthesethingscanoftenbeverylonglived,andwe'veseenmainframeapplicationsthat havelivedfortwentyyearsormore,itwillbewonderfulifthekindsofsolutionsthatweare producingtodaycouldhaveasimilarlifetime.It'salmostinevitablethattheyaregoingtochangeand thereforewedoneedtostartthinkingaboutthoseversioningstrategies.Idon'tthinkthereis actuallyagreatversioningstoryinalotoftoolsetstodayandinalotoftheframeworksandIthinkit isaproblemthatisbeginningtomakeitselffelt,andIthinkalotofthosetechnologystacksandalot ofsolutionsandtheframeworksarebeginningtoaddressthat.ButItryandtakeaverycautious approach,basicallyhavingconsumersonlyconsumewhat'sabsolutelyimportanttothem,discard therest,havethemtrytocommunicatesomeofthoseexpectationstoaprovider,andthathelpsthe providerunderstandwhentheyarefreetochange,butatsomepointwedoneedtoversion,and that'sthepointwherewemighthavetotakeadvantageofsomeofthoseextensibilitypointsthatwe haveprovidedfor,itmightbethatwehavetoprovideawhollynewinterface. InfoQ:WhatdoyouseeasthefutureofRESTbasedwebservicesinenterpriseSOAdevelopment? IanRobinson:Ithinkwearelearningtodaythatalotoftheenterprisesolutionsthatwehavebuiltin thepastareverymuchconfinedtotheenterprise,andwehaveoftenabusedorcompletely disregardedsomeofthebenefitsthatthingssuchasHTTPandthelargerwebinfrastructurehaveto offerus.Wearealsodiscoveringtodaythatalotofthevaluethatwewanttogeneratewithinan organizationisdependantuponitsinteractionsanditscollaborationswithotherorganizations.Sofar morecommunicationacrossorganizationalboundaries.Partsofthewebservicesstackinhibitthat kindofcrossorganizationalgrowth.Wehaveaproliferationofspecificationsandoftenfora particularspecificationthereareseveraldifferentversions. Wearefindingitincreasinglydifficulttogetthatkindofintrinsicinteroperabilityacross organizationalboundariesusingthewebservicesstack.RESTfulsolutionscanhelpusextendour reachinthisregard.Wearetakingadvantageofaconstrainedinterface,butwearebeginningto surfaceanddescribearichpoolofresourcesandwearehelpingidentifyeachofthoseresourcesand makethemavailabletoourclientsandtootherorganizations.Andwearehelpingguidethose clientstowardssuccessful,thesuccessfulconclusionoftheirgoals.Sowetalkedaboutthatearlierin termsofservinguprepresentationsthathelpaclientachieveitsgoalsandwearebeginningto advertisewhatthenextstepintheprocessis. Now,Ithinkthatwecanlearnfromthatevenifwewanttoimportsomeofthoselessonsintothe wayinwhichwearebuildingsolutionsontopofthewebservicesstack.Identifyingresourcesinand ofitselfisaveryusefulexercise,soadoptingkindofresourceorientedthinkingoftenhelpusidentify

88 InfoQExplores:REST

thingswhicharesignificanttoacompany,whichgeneratevalueonbehalfofacompany,givethema name.Oftenthosethingsareotherwiseburiedawayinsomeimplementationdetailwe're beginningtosurfacethem,givethemnames,makethemaddressable.Theideathatprocessesare notdefinedonceandforall,thattheymightgraduallyevolveoverthecourseofalonglived conversation,interactionacrossorganizationalboundaries. Again,howcanweguideclients,howcanweadvertisewhatispossibletodotoday,wemightbe advertisingsomethingcompletelydifferenttomorrow,wemightbeintroducingforexamplesome kindofadvertisingcampaigninthemidstoftheordinaryprocessandifaclientcanrecognizethose additionalelementsofthatprocess,thatwe'readvertisingonthefly,theymightbeabletotake advantageofthat.Butclientsthatdon'trecognizeitcanstillmeettheircoregoalofgeneratingan order.So,Ithinkweareseeingsolutionstodaythatareemergingthatarebeginningtotake advantageofsomeofthisthinking,beginningtointroducesomeRESTfulideasacrossabroader rangeofsolutionsandthatisthekindofinfluencethatIwouldliketohaveinthenextfewyears. ViewFullVideo http://www.infoq.com/interviews/robinsonrestwssoaimplementation RelatedContents HowRelevantIsContractFirstDevelopmentUsingAngleBrackets? RESTTheGood,theBadandtheUgly QuestforTrueSOA InfoQMinibook:CompositeSoftwareConstruction Presentation:ScottDavisonRealWorldWebServices

89 InfoQExplores:REST

Interview

JimWebberon"GuerillaSOA"
Inthisinterview,recordedatQConLondon,JimWebber,ThoughtWorksSOApracticeleadertalksto StefanTilkovaboutGuerillaSOA,alightweightapproachtoSOAthatdoesnotrelyonbig middlewareproducts,amessageorientedarchitecturalstylecalledMESTanditsdifferencestoREST, andtheSOAPServiceDescriptionLanguage(SSDL). Dr.JimWebberistheSOAPracticeleadforThoughtWorks,whereheworksonWeb Servicesbasedsystemsforclientsworldwide.HehasextensiveWebServices architectureanddevelopmentexperienceandwastheleaddeveloperwith HewlettPackardontheindustry'sfirstWebServicesTransactionsolution.Jimisis coauthorofthebook"DevelopingEnterpriseWebServicesAnArchitect'sGuide." InfoQ:ThisisStefanTilkovatQConandIaminterviewingJimWebber.Canyoutellusabitabout yourself? Jim:Iworkforasmallconsultingorganizationcalled"ThoughtWorks",whoyoumayhaveheardof, andIdoalotofSOAandWebservicesworkforthem,particularlywithanemphasisondependable systems.Maybeit'sbecauseIamapessimist,butIlookforthosekindsofsituationswhenthingsgo wrongandfigureoutwaysofmitigatingthatkindofrisk. InfoQ:SothetitleofyourtalkhereatQConis"GuerillaSOA".Canyoutellusalittlebitabout whatthatissupposedtomean? Jim:AlotofSOAprojectsIhaveseen,havebeensomewhatakintomobilizinganarmy.Youhave hundredsofconsultants,awholebunchofarmamentsintheformofhuge,sophisticated middlewareplatforms.Thewholethingisveryheavyweightandcumbersome.Ifeelthatwhenyou aregoingforthatkindofbig,upfrontSOAdeployments,youlosealotofopportunitiestoprioritize, todeliverbusinessprocessesbasedonyourbusinessprioritiesandyourbusinessvalues.TheGuerilla SOAaspecttriestoturnthataroundalittle,sowe'relookingformuchmorelightweight engagements,ifyou'dlikeinmilitaryterms.Wewanttoaddressspecificdiscretebusinessproblems, organizedbyprioritiesaccordingtothebusinessstakeholderandgetthoseprocessesimplemented rapidlyinanincrementalwaywithlotsoffeedback.Sowecanactuallystarttoprioritizeacrossthe businesswhichprocessisthemostvaluable,whichonesaremostheavilyusedandimplement thosefirstwithouthavingtowaitforabigprogramofworktobeestablished,toputtheenterprise servicebusinplaceorotherkindoftechnicaldependencies.Soitiskindofalmosta,tongueincheek really,butahitandrun,deliveroften,andincrementallykindofSOAoption. InfoQ:Soisthissomethingthatisonlyusableinsmallerscenariosordoesitscaleuptobig

90 InfoQExplores:REST

deploymentsorbigscenarios? Jim:Thenicethingisthatitworksineitherbecauseyouhavespecificprioritiesthatthebusiness givesyouatanygiventimeandyoufocusonthose,andaslongasthebusinesscankeepcomingto youandsaying"Inowneedthatthisprocessimplemented"thenyoucanscaleupadinfinitumuntil thepointwhereyouautomatedalloftheprocessesofagivendomaininagivenbusiness,soitscales fairlywell. InfoQ:Itsoundsalittledifferentthantheapproachprioritizedbysomeofthevendors,Ithink.So isthisapproachcompatiblewithlargescalemiddlewareproductsaswell? Jim:Ithinktheapproachhelpsusthetodecoupledependenciesbetweenwhatthebusinesspeople wantandthetoolswehaveavailable.SoalthoughIpokefunattheESBsandsoon,Iwould absolutelyusethosetoolswhereitmakessensetometoimplementtheprocessthatIhavebeen instructedtoautomate.Ifitdoesn'tmakesensethenIwon'tusethemandIwilluseothertools.I willuseanythingfromsimpleJavaappsrightthewaythroughtofullmessagebroker, store&forwardbasedarchitectureswhereitmakessensewithinmycurrentcontext.Butthe importantthingisthatIdon'tletmycurrentdevelopmentcontextbleed.Idon'tletthose abstractionsleakintootherdevelopmentprojects.Weliketokeepeachprocessthatweare implementingrelativelyisolatedsothatthentheserviceecosystemgrowsandcanbereused.Ithas thisemergentbehaviorthatweneverexpected.Ontheotherhandifwealloweverythingtobleed togetherinabigSOAplatformyoutendtogettightcouplingandthatrestrictsyouroptionsfor evolutionfurtherdownthelineanditrestrictsyouroptionsforthiskindofinterestingemergent behavior,whichmeandyouasgeekscouldbutthebusinesspeoplecouldn'tseebecausetheyhave thismuchbroaderviewofprocessesasawhole. InfoQ:Soyoumentionedtightcouplingasarisk.Canyouelaborateonthat? Jim:Sure.Itistheclassicscenario.IfI'vegottwosystemswhicharetightlybound,IchangeoneIrisk breakingtheother.WesawthisbackinthedaywithCORBAapplicationswherewetightlycoupled throughIDLandweseeittodayinWebserviceswherewetightlycouplethroughanotherIDLcalled WSDL.IfwearesharingtypesystemsandIwanttochangemytypesysteminmyprogramthatcan havearipplethrougheffectwhichisgoingtohurtyou.SowhenIcometoyouandsay"I'mgoingto makechanges"yourfirstreactionis"No,becauseyou'regoingtobreakme!"andthenwegetinto thisparalysis,whereneitherofuscanmakeprogressbecausewe'resoscaredofdamagingeach other.Thenyouneedstronggovernanceandsoonandsomeonetocomewithastrongarmand makebothpartiesmove.It'sareluctanthighfrictionenvironmenttobeinandyethadwedecided nottosharetechnicalabstractionsatthatlevelchancesarethatwe'dbemuchfreertoevolveand innovatelocallywithoutdisturbingorbreakinganyoneelsegloballybecausetheabstractionsweuse internallywouldbedifferenttotheabstractionswesharewithotherservicesaroundtheecosystem. InfoQ:Sowhatwouldbeanalternativetothatapproach? Jim:Analternativetotheapproachofsharingtypesystem,forexample? InfoQ:YesyousaidthatweactuallyhavethesameproblemswehadwithCORBAbutwenowhave

91 InfoQExplores:REST

themwithadifferenttypeoftechnology.Doyouhaveanideaofwhatwecoulddoinstead? Jim:Insteadofsharingtypes,Ithinkweshouldstarttosharebusinessmessages,orschemasfor businessmessages,ownednotbythetechnicalpeople,butbythebusinesspeople.Thatgivesmeas adeveloperofaserviceaninterfacewhichIcanmakesurethatIadheretoandhonoracontractin myserviceimplementation.Youcanalsoseethatcontractinyourserviceimplementationandyou canunderstandthatyou'regoingtogetthesekindsofmessagesinandout.Thepointbeingatthe technicalabstractionsthatyouareusingtoimplementthattype,youmayhavesomeinteresting classhierarchy,areneverexposed,soIcanneverbindtothemsowenevergetcoupledatthatlevel. Thecouplingwehaveisjustonthemessageswedependon.Youlookatmyservice'scontract,you seethemessagesthatcomeinandoutatmyserviceandsomewheredeepinthebowelsofmy service,Ikindofhavewaysofextractingtheinformationandusingittodosomeprocessingandyou soinyourservice.Inbetweenwehavethisveryneutralintegrationdomain,whichisjustthe businessmessagesasrecognizedbythebusinessstakeholders.Anotherbenefitofthatisthatthe businessstakeholderscantellyouwhenyou'vegotthingsrightandwhenyou'vegotthingswrong, whichistremendouslydifficultifyouareusinglowerlevelabstractionslikethetypesystem.Because thebusinessguysknowthatthismessageusedtogetsentbyfaxfromSydneytoLondonandthey knewthesemanticsofthatandifyoucanshowthemthesamethinginyourautomatedelectronic workflowstheycansay:"Yes.That'sright!"orperhapsevenmorevaluable:"Noyouhavegotit wrong!Stop!Doitthisway!"Soyoudon'tgooffonatangentbuildingasolutiontowhatyouthinkis theproblem,youbuildasolutiontotheactualproblem. InfoQ:Soyoumentionedservicesandmessagesastwoabstractions?Whataboutoperations? Jim:OperationsareanabstractionwhichIdonotbelieveexistsinaserviceorientedarchitecture. TheymaywellexistinyourimplementationofaservicebutthatisnothingthatIwanttosharewith you.Thisisatechnicaldetailwhichismybusinessinsidemyimplementation.WhenIthinkaboutan SOA,Iliketothinkaboutthenotionofletterboxes.SoallIcandoisdeliveramessagetoyouandat somepointyoumightopenit,readit,think:"Yes,Iunderstandwhatthatmessageis."andthenyou willgoawayandprocessitornot.IfIsendyouanonsensemessageyoumaybegracefulenoughto faultandtellmeso,butliterallywedon'thaveanytightcouplingintheformofanoperation abstraction.Ican'tinvokeyoubecauseforallIknowyouareina3rdpartysysteminadifferent organizationsoIdon'thavethatstrength.Youarenotalocalobjecttome,wedon'thaveacallstack, Ican'tpokeyou.AllIcandoisrequest:"Couldyoupossiblyhavealookatthismessageandmaybeif itsuitsyoudosomeprocessingonit",ratherthanthemoretightlycoupledoperationabstraction. InfoQ:Soforthistoworkalloftheinformationthattheotherpartyneedstoprocessthis informationhastobewithinthatmessage? Jim:Absolutely.AndthisisfromastyleofarchitecturewhichwecalledMESTorMessageExchange, whichwasadeliberatepayingofrespecttoRESTwheresomeofourinspirationcamefrom,insofar asthisletterboxisauniforminterfacethroughwhichwepokemessages.Ifwe'dmapitontoHTTPit wouldbeaPOST.YoucanalsouseSMTPSENDorwhateverelseyouchoose.Themessagewould contain2things:itwouldcontainthebusinesspayloadwhichiseffectivelythepurchaseorder,the invoice,thosekindsofthingsthatbusinesspeopleprocessanditwouldcontainsomemetadata,

92 InfoQExplores:REST

potentiallycontainssomemetadataoranyway,whichsetstheprocessingcontextforthatpayload. Soitmaysetsecuritycontext,itmaysettransactioncontext,thatkindofthing.TheMESTideais thatI'mdeliveringyouamessage;youaregoingtogoaway,setthecontextofprocessingthat message,examinethatmessage,findwhetheritmakessense,goawayandprocessthatmessage. Endofstory.Atsomepointlateramessagecomesintomyletterbox,Iopenitandsay:"Ok.That's fromStefan."AndIknowwhatthismeans.It'sactuallycorrelatedsomehow,typicallywith WSAddressingRelatesToandsoon,withthatmessageIsenthimearlier.NowIcangointomy implementationandfinishtheprocessingIwasdoing,whichoriginallycausedthemessagetobe senttoyou.Andthat'sareallynicedecoupledwayofdoingthings.I'mnotbindingtoyoudirectly; theonlythingsI'mbindingtoinatechnicalsensearemessageswhichareinmystack,inmyprocess space,whichisverysafetobindto,whereasifwegobacktotheoperationabstraction,ifI'mbound toyouandinvokingandforsomereasonyou'redownbecausethenetworkisdownoryou'reina differentcompanyandthefirewallrulessuddenlygotrestrictivesuddenlyIbreak,Igetthishorrible "Internettimedout"exceptionorsomethingmeaningless;whereasifI'mjusttreatingmessages goingupanddowninmystackasthethingsIusedtocauseprocessingorthingsthatIcreatedasa sideeffectofprocessing,it'sactuallyarobustpatternforimplementingindividualservicesaswellas anicedecoupledscalablepatternforbuildingupserviceecosystems. InfoQ:AsyoumentionedREST,Ijusthavetoaskhowdoyoucomparethetwo,MESTandREST? Wherearethecommonalitiesandwherearethedifferences? Jim:Sure.Commonalitiesareprettyobvious:uniforminterface,soRESThasfiveoperationseach resourceimplements;inMESTeveryservicehasoneinterfacewhichiseffectivelypokeamessagein here.DifferencesareMESTisverymuchmoreakintotraditionalMOM;it'saboutpassingmessages oversometransport,whereasRESTusesthehypermediaengine.Theyarekinsbecausetheyboth aimforlargescalablesystems,butwhereasRESTfulsystemstendtolookliketheweb,MESTy systemstendtolooklikeTCP.Justmakeconnection,postthemessage,closeconnection,thatkindof thing.SotherearesimilaritiesandIthinkbothmodelshavebeenprovenout.Tongueincheek,I'd sayTCPhappenstobeslightlybiggerthanthewebsomaybetheMETSsolutionismorescalable,but I'mnottoupsettheRESTjihadistsatthispoint. InfoQ:WhatyoudescribedactuallyseemstofitverynicelywiththeideasbehindSOAPandyou alsomentionedWSAddressing.Itjustdoesn'texactlyseemtomatchWSDL. Jim:Right.WSDLisanIDL.WSDL'sabstractionsareoperations.Ithassomeotherdrawbacksinsofar asit'squiteaverboseIDL.Ithinkthedifficultycomeswhenyoustarttogetpast"StockQuote"web servicesandyouneedtobeabletohaveaconversation,alonglivedconversationwithaservice, whichWSDLdoesn'thavetheabstractionstosupport.Thelongestconversationyouhavewitha WSDLdescribedserviceisrequests/response.Sometimeagothisstartedtobecomequiteachafing limitationformeandsomeotherguys,SavasParastatidisandsomeoftheguysworkingatCSIROin Sydney,Australia;wedecidedwearegoingtodosomethingaboutit.Andthisiswhenwewrote SSDL.SSDLhasaspectrumofpossibilities;atoneendisjustalessverbosereplacementforWSDL2, it'scompletelyisomorphictothecapabilitiesthatWSDL2givesyou,andattheotherendit'sa supersetonwhat'savailableinWSCDL,WSBPELandWSDL.

93 InfoQExplores:REST

Soweareabletodescribelonglivedconversationsbetweenmultiplewebservicesinastructured way,inawaythatwecanverifythatthatconversationwon'tdeadlocksowecanputitthrough modelcheckersandsoon;sowecanactuallygetawholelotofstaticanalysisabouthowendtoend systemsaregoingtolookandstillsupportthisnotionofquiteintricateconversationswithaservice. AtypicalmessageexchangepatterninSSDLmightbetworequests,followedbysevenresponses, followedbyanotherrequest,anoptionalresponse,andthreemorerequests.Andwecanbuild arbitraryconversationpatternsinit,whichisreallygoodwhenyouthinkthatmostwebservicesare goingtobeusedtohostbusinessprocessesandmostbusinessprocessesareworkflowswhichhave thiskindofmorechattyorconversationalkindofinteractionpatternwhichisreallydifficultto captureinWSDLbeinglimitedtorequestsandresponses.SoSSDLgivesyouthiscapabilityto describeworkflowseffectivelywhichIthinkisgoingtobeoneofthesweetspotsoftheSOAweb servicesgoingforward. InfoQ:SoisSSDLastandard? Jim:No.SSDLwasaneffortbysomeacademicresearchersandpractitionerstoseewhatacontract metadatalanguagewouldlooklike,ifwewerefreedfromthetyrannyoftheoperationabstraction. Rightnowit'sbeeninthecommunityforacoupleofyears,it'sgotsomeprettygoodfeedback,alot ofthewebservicesguysknowaboutitandhavecommentedfavorablyaboutit,butitdoesn'thave thebackingofanyofthelargevendors,althoughsomeofthepeopleinvolvedinitnowworkfor largevendorsandlargeresearchorganizations,thereisnothingofficial.Ourhopeoriginallywas maybewecanjustinspiresomethinkinginthevendorsthatareprovidingtools,sothevendorscan giveustoolsthatdothisworkflowytypestuff.Andthat'shappening,therehasbeensomediscussion inthecommunity,butnowtokeepmomentumgoingthecommunityitselfhasstartedtodevelop tools. InfoQ:ArethereanyimplementationsofSSDLyet? Jim:Yes.WhenwefirstreleasedSSDLSavasParastatidisofMicrosofthadasimpleSSDLtoolthat woulddosomebasiccontractgeneration,validationandsoon.ButmorerecentlyPatrickFornasier ofUniversityofNewSouthWalesinSydneyhasbuiltacompleteSSDLstackontopofWindows communicationfoundation.Currentlythatstackwhichisfabulous,it'sareallyneatpieceof engineering;itlookslikeWCF,itbehaveslikeWCF,sotheprogrammingexperienceisconsistentand friendlyandfamiliarnowcurrentlyitonlyimplementsthepartofSSDLwhichlookslikeWSDL,but theframeworkisextensibleenoughsothatyoucanthenimplement,whichwebelievetobethe highervalueaspectsofSSDL,thepicalculusbasestuffthatenablesyoutodescribechoreographies. Patrickhasbeenkindenoughtoopensourcethatandasofacoupleofweeksagothereisnowa SourceForgeprojectwherepeoplecancontributeandhopefullythattoolkitwillgoontobecome richerandricherandinmyultimatefantasyscenarioitjustbecomesadefactostandardthatpeople usewhentheyaregoingtobuildWCFwebservices. InfoQ:AnyhopeofasimilarthingforJavayet? Jim:It'ssomethingwehavebeenthinkingabout(mycolleaguesatThoughtWorksinSydney,Josh Grahamandthoseguys).WhatwasmeanttodoitinfactwhenIndigowasbeingbuiltwehadthe firstskeletonofaprojectcalledDingoakindoftongueincheekversionofIndigowhichwewere

94 InfoQExplores:REST

goingtomakeSSDLcentricandthathaslanguishedalittlebecausewewouldhavedayjobstodo. MyhopeisthatSoya,whichistheWCFSSDLtoolkitsstartstogetsomemomentumfolksontheJava side,maybefolkslikeArjen[Poutsma]whohaveseenSSDLandhavespokenfavorablyaboutitmay justbuilduptheJavaasideofthestackortheguysintheRubycommunitymayjustbuildup somethingontheRubysideofthestack.Soit'soptimism,maybeunfounded. InfoQ:Whatdoyouseetheindustrymovingtowardswithregardstotheseissues?Doyouthink thattheRPCabstractionortheRPCstyleisgoingtostillremainthemostwidespreadstyleordo youthinkthattheideasaregoingtobecomemoreimportant? Jim:Ithinkasadeveloper,mydaytodayworkisreallyconstrictedbythefactthatthetoolsI'm givenallreinforcetheRPCmindsetandIhavetofightreallyquitehardtobeattheRPCmindset downandtrytomakethesecurrenttoolsbehaveinamoremesssagyway;overtheyearswe've developedabunchofpatterns,forexample,forusingtoolslikeAxiswhichareveryRPCcentricand beingabletoabstractawaythatthere'sRPCinterfacehereandturnintoamoremessagepassing kindofsystem.Idon'tthinkmostdeveloperswhoareunderthecoshwillhavethetimenecessarily ortheinclinationtodothatandwhenthevendorscomealongandsay:"Yes.JusttakeyourEJBs,put themthroughthismachineandoutcomesyourWSDLandthereisaSOA."Ithinktheyfindthat appealingbecausetheyhavegotamillionotherthingstheyhavetodo,soIdon'tnecessarilydespair ofthefactthatweweren'tevermovedtowardamoreasynchronousmessagingenvironment.Ithink maybewe'llgetburnedafewtimeswithsomefamouswebservicesfailureswhereRPCstyle implementationbuiltoutasystemwhichisnotveryevolvable,whichishighfrictionandsoon, beforepeoplestarttothink:"Yes,Ineedbettertooling."Youseetentativeeffortsinthisarea,like theSpringWebServicesstackforexample.That'sgoingtobeabitrudeforalotofdevelopersbut youcanseethesamekindofmessagyideas:"HereisalumpofXML,dealwithit!"startingto percolatenowintomoremainstreamframeworkssocautiouslyoptimisticthatitmaynotbeableak RPCfuture. InfoQ:WhenyoumentionedthatRESThasthisuniforminterfacewithasetofoperationsand MESTsimilarlyhasoneoperation.Isthisreallyanoperationwithapplicationmeaning?Isn'tjust anoperationthatissouniformthatitseizestomeananythingatall? Jim:Absolutely.Andthat'sthebeautyofit.Youforgetthatit'stherebecauseit'sjustameansof transferringamessagefromasendertoarecipientwiththeimplicitrequestorhopethatthe recipientwouldprocessthatmessageinsomemeaningfulwayinhiscontext.SoifIcouldgetaway havingauniforminterfacewhichhaszerologicaloperationsIwouldbehappywiththat. UnfortunatelymyownmentalcrutchwasIthoughtservicesimplementanoperation"processthis messageformeplease"andittakes"message"asitsparameteranditreturns"message"asaresult. Soformethatwaskindofacrutch. InfoQ:ButintheRESTworldtheideabehindthatuniforminterfaceseemstobethatyoucan actuallyoptimizetheinfrastructurebasedonthoseoperationssoyoucandosomethingdifferent foraGETthanyoudoforaPOST.TodosomethingsimilarontheMESTworldyouwouldhaveto lookinsidetheXMLanddefinesomewherewhatdifferenttypesofXMLmessagesyouexchange. Jim:Absolutely.IntheRESTworldyouaretypicallytakingadvantageofexistingwebinfrastructureso

95 InfoQExplores:REST

youcandoidempotentGETs,youcancachetheresultsfromidempotentGETsandsoonandget performanceoptimizationsinthatway.Inamessagingworldyoucan't,becauseweseethe mechanismoftransferbetweentwoservicestobeapipe,thatmaybeaHTTPpipe,thatcommonly istodayinwhichcasemaybethetransportdoesoptimizationsbutwearespecificallydecouplingthe notionofthemessagefromthewayit'stransportedandyoucanimplementoptimizationstothe transportlevelbutthatdoesn'taffectthemessagepayloadandviceversasothoseissuesare decoupledintheMESTworld.Ofcourse,Ishouldusethisopportunitytodrawoutaninconsistency withintheRESTcamp:theyassumealotofRESTpractitionersaremakinguseofthevaluable featuresthatthewebprovides,whenthefactisthatmostpeoplenowaretunnelingXMLoverHTTP ortunnelingmethodplusparametersinaURL,andthat'sanevenmorehorribleformofRPCthan youcanevenachievewithSOAPandWSDL.InthatcaseatleastSOAPandWSDLRPCyoucantool supporttogeneratestubsandskeletonswhichissomethingyoucan'tdowithRESTRPC.Trade market,justinventedthat.MarkBakerhasbeenverygoodatadvocatingthebenefitsofREST,and yetnowthatisinthehandsofdevelopersthatsamekindofdegenerativebehaviorthatbuggedweb services,isnowbuggingtheRESTcommunity.It'sgoingtobeaninterestinglearningcurveforREST peopletogetonwhentheyrealizetheyhavetostartmarkingresourcesascacheabletoexploitthe web;theyhavetohavestructured,readableURLsinordertoidentifyresourcesinsomesane meaningfulwaywithintheirapplicationcontext.Andtheycan'tjustuseHTTPasanXMLtunnel becausetherearenobenefitstothat,overandaboveanyotherRPCtechnology.. InfoQ:WhenRESTpeoplecriticizetheWSDLfolks,theypointtoWSDL2.0,andsayeverythingis betterthereandactuallyWSDL2.0canbeusedinsomewaytodescribeREST.DoyouthinkWSDL 2.0isanimprovementoverWSDLwithregardstotheRPCcentricity? Jim:Absolutely.IreallythinkthatWSDL2.0isbetterthanWSDL1.1.HoweverI'myettoseeany servicesbeingbuiltusingWSDL2.0.ThecyclebetweenWSDL1.1andWSDL2.0hasbeensomany years.InfactIwasworkingintheUKwhenIrememberemailingtheWSDLworkinggroupsaying: "Let'scallthis2.0."andthatmusthavebeenatleastthreeyearsagoandthatisalongtimetowait betweenreleases;myconcernforWSDLasmuchasIhaveconcernforWSDL,whichisn'tverymuch, isthatithasbeensuchalongcyclethatWSDL2.0hasbeenindangerofbeingirrelevantorstillborn becauseWSDL1.1doesthesamethings.Anymatterofcleanersyntax,morestronglydefinedMEPs andsoonreallydoesn'tdealwithwhatmostdevelopersaredealingwithnow,whichisthe operationabstractionwhichWSDL1.1coversreasonablywell. ViewFullVideohttp://www.infoq.com/interviews/jimwebberqconlondon RelatedContents GETDetailsOnUpcoming.NetAccessControlService SOATransactionsUsingtheReservationsPattern SOAMeetsFormalMethods RESTTruerToTheWebThanWS*

96 InfoQExplores:REST

Interview

IanRobinsonandJimWebberon WebbasedIntegration
Inthisinterview,recordedatQConLondon2009,IanRobinsonandJimWebbertalktoStefanTilkov abouttheWebasaplatformforintegration,theusefulnessofvariousdegreesofRESTfulHTTPand thebenefitsofRESTintheoryandpractice. IanRobinsonisaPrincipalConsultantwithThoughtWorks,wherehespecializesin thedesignanddeliveryofserviceorientedanddistributedsystems.Dr.JimWebber istheGlobalHeadofArchitectureforThoughtWorkswhereheworkswithclientson deliveringdependableserviceorientedsystems.IanandJimarecurrently coauthoringabookonWebfriendlyenterpriseintegration. InfoQ:WelcometothisinterviewwithIanRobinsonandJimWebber,hereatQConLondon2009. Asusual,we'dliketostartoffwithyouverybrieflyintroducingyourself.Jim,whydon'tyoustart? JW:I'mJimWebber,IworkforThoughtWorksintheUKandI'mcurrentlywritingalongwithmy friendIanhereareallyfantasticbookonintegrationusingtheweb. IR:MynameisIanRobinson,IalsoworkforThoughtWorks,asadeveloper.Iworkwithdistributed andconnectedsystemsandI'malsowritingabookwithJim.Hopefullyit'sthesameone! JW:Whydon'tyoutellusmoreaboutthatfantasticbook? InfoQ:Ifyoutalkaboutthisbookyoumentioned,thetitleisWebBasedIntegration.Isthisthe samethingasRESTorisitsomethingdifferent?Canyoubrieflyexplainwhatyoumeanbythis? Giveustheelevatorpitchonthat? JW:Sure.RESTislikethetrademarkofthehighpriestessesoftheRESTafarianKingdomand unfortunately,we'renotordainedinthatchurch.Weareusing"web"becauseit'sabitmore encompassing,it'sawholebunchoftechniquesthatweseeusedoutthereonthebigwideInternet, someofwhicharen'tnecessarilyaspleasantorlovelyorperformantorscalableorsensibleasREST, buthaveutilityoutsideofthatparticulararchitecturalstyle.We'reabitmorebroadlytrawlingthe webforinterestingtechniques. IR:Idon'tthinkeitherofusareRESTauranteursmuchasIthinkpeoplesomepeoplethinkwhenJim standsupandgetsveryangry,butwearebroaderinourapproach.We'rejustlookingforsomevery

97 InfoQExplores:REST

pragmaticapproachestoproblemsthatwecomeacrossmonthin,monthoutwiththatkindofstuff wearedoing. InfoQ:Ipersonallyrememberthatafewyearsago,whenyoumentionedREST,yougotreally strangelooksandpeoplewonderedwhatyouweretalkingaboutandthisobviouslyhaschanged. Atleastpeopletalkaboutitalotthesedaysandthetracksarevisitedverywellandandthe conferencesessionsarepacked.Whatdoyouthinkisthecurrentstateofactualadoptionin practice?Dopeopleuseit,actually? IR:Yes,weuseit.Weuseitquitealot;orusewebbasedapproaches,someofwhicharemore RESTfulthanothers.It'snotnecessarilyacrosstheboardineverythingthatwedo,butweare introducingjustverylightweightwaysofworkingwiththewebwithsomeofourclientsand gradually,workingourwayoutofthatthatkindofRESTfulstack,butbeginningtosplitthingsup intoresourcesandaddressthemandthenconnectthemandthenactuallystarttodriveapplications bywayofhypermedia.Yes,weareseeinganadoptioninmanydifferentareas. JW:I'dconcurwiththat.Ithinkinquiteareversaloffortune,ifyoulike,fromafewyearsago,where RESTwouldbelaughedoutofanyseriousaustereenterprise,oftennowit'snotatallcomedictogo toaclientandtakeawebbystandpointasyouareyourdefault.Indeed,mycurrentclients,whoare veryinterestedinmassivelyhighperformancesystemswouldhavepotentiallygonewithtraditional nterprisemiddlewareifwehaven'tdonesomeempiricalexperimentationandfoundthatasimpler webbyapproachwasactuallyjustaswellsuitedfortheirneeds.Havingdonethoseempiricaldata pointsitsortofemboldensyoualittleyoukindoffiguredoutthatthewebstuffworksquitewell onceinonescenario,andthenagaininanotherscenario,anditemboldsyoutodefaulttothatwhen youaretalkingaboutdistributedsystemsintegration. InfoQ:Arethesedifferentdegreesifyoumaycallthemthat,thedifferentdegreesof RESTfulnessorofadoptionoftheRESTthings,isthisalsothewaythatyouintroduceRESTorthe webbasedintegrationapproachintoacompany?Doyoustartwiththefirststepandthen graduallyaddmoreandmorefromthatRESTstuff? JW:Sure.IthoughLenardRichardsonhasabrilliantscale,achartofRESTfulnessindecibelsandof ROYsorsomethingIdon'tknow!Leonardpartitionsitfromlevel0,whichisbasicallytunneling, throughtolevel3,whichisthehypermediastuff,andIthinkthatinternallyismymentalmodel.I tendnottosharethatmentalmodelwithpeople,becausetheygetfixatedthenonthekindof"REST inside"stickerthattheywanttoapply.Instead,whenI'mdesigningsystemsandbuildingsystems,I'm justtryingtothinkaboutfitnessforpurposeandoften,atthemoment,I'mfindingthatfitnessfor purposetendstofallonthelowerendofLeonard'sscale.Theyarekindofwebaware,butnot necessarilyhypermediacentricservices. IR:IthinkLeonard'smodelisactuallyausefulwayoftalkingtoclientsaboutRESTbecausehestarts offsaying"Takeanyproblemthesimplestwaytosolveitistobreakitdownintosmallerchunks". Whatdowedo?Wejustidentifylotsofresourcesandgivethemaddresses.So,he'snotnecessarily talkingaboutRESTfulthingsinthefirstinstance,heisjusttalkingabouthowtobreakupaproblem. Thenheissaying"Ifwedothesamethingoverandoveragain,let'sjustdoitinanuniformway" that'shissecondlevel,justusethoseuniformmethods.

98 InfoQExplores:REST

Thenhisthirdthingis"Ifwearedoingsomethinginterestingorspecialized,thendoitinaspecialized way"that'swherehestartstotalkabouthypermedia.Youcanactuallytalktoclients,talktoother people,justaboutbreakingproblemsdownintosimplechunks,doingthesamekindofthingsinthe samewayoverandoveragainandthenspecializinganywaynecessary.Ithinkthat'sanicewayof talkingaboutit.Then,youcanlayeronsomeveryparticularthingsaboutRESToraboutusingthe web.It'sausefulwayofgettingthatconversation. InfoQ:DoyouthinksomeofthethingsthatthepeopleconsideranabuseofHTTParealsovalid stepsonthatpath?Isitjustsomethingthatyouhavetodoorisitavoidable?Doyouhavetoat sometimetunnelmethodinvocationsthroughGETtochangesomethingoristhisjustsomething younevercanjustify? JW:Theangrymaninsidemeoftennottoodeeplyburiedinsidemewouldliketotearyourhead fromyourshouldersatthispointandinsistthattheseareterribilybadideas.However,inthereal world,wearefindingtechniquesliketunnelingverbsandURIsareusedincertainhopefullybounded contexts,sometimeslessbounded,whichmakesthemdangerous.Certainly,inaboundedcontext, whatenablesmetogetsomerapidtacticalsolutiontomarketquickly,I'mwillingtoacceptthem. It'sakindofstickingclusterapproachIconfessandwealwaysintendtogobackandredressthose, butIthinkhavingthekindofarchitecturalIcallitarchitectgasmanddesigningtheworld'smost brilliantRESTfulhypermediacachedsuperthingmaybenotthesimplestthingthatcouldwork immediately.Maybewecouldtakethosekindofuglysteps,liketunneling,togetusrollingtodayand thenasoursystemvolumeexpands,asitsrequirementsbecomemoresophisticated,asit encompassesmoresystems,asitsreachgrows,thenwecanthinkaboutmigratingthattomore RESTfulpartterns,whicharedemonstrablysuitableforthatkindofsystem. IR:Wereallywanttoexploitalargeinstalledinfrastructure.Thingssucceedbecausethewebis alreadyoutthere,butwealsobegintoacceptsomeoftheconstraintsthatarethere,aswell,some additionalconstraintsthatarejustthereinthewayinwhichthewebhasgrown.Thoseconstraints existnow,likethebrowsertendstoacceptonlytwoverbs,GETandPOST,andveryoften,we'llend upbuildingsolutionsthatjusthavetoadheretothoseconstraints,whetherornotwe'reparticularly fondoftunnelingstuff. JW:ThatappliestosomeoftheintermediariestheRESTarchitecturalstyleispreachedasiftheweb isthisperfectutopia,whereeverythingunderstandsthefullextentoftheHTTPuniforminterface andpragmatically,that'snottrue.Therearejustsomeactorsoutthereontheweb,whichdon't understandsomeverbs,eventhoughHTTPsuggeststhattheyreallyshould.That'sthelimitingtoout thinkingabout,forexamplethecurveofcachematuritythatMarkNottinghamissuchafanoftelling usabout. Thoseconstraintsposerealchallengesatusatwebscalebecausethewebdoesn'tbehavetheway thatRESTdescribesthatitshouldbehave,sowehavetotakesomepragmaticshortcutstomake systemswork.ThereisvalueinREST,butthereismorevalueinhavingworkingsystems. InfoQ:IactuallythinkthatRoyFieldingwouldverymuchagreewithyouthatHTTPandthecurrent webisnotaperfectRESTimplementationit'ssomethinghekeepssayingallthetime.

99 InfoQExplores:REST

JW:Good,becauseotherwiseI'dgetlynchedbyhisposse. IR:Andyet,nonetheless,it'ssuccessful.Wecanworkourwaythroughthat. InfoQ:IjustnoticedthatwehaveusedthetermRESTwithoutreallyexplainingit,sotheremay stillbesomepeoplewhodon'tknowwhatwe'retalkingabout.Canyoujustgiveusa60second introtowhatisREST? IR:It's"pickyourpathtoadventureforinterestingbusinessprocessesontheweb".Wewantto realizesomegoalhavingacoupleofdifferentthingscooperating,wegettodothatbyservingup someHTMLorsomeXMLandtheclientortheconsumercanbegin,givenasetofgoals"I'mtrying toachievethisthingorthat",itcanbegintopickitspaththroughtheserverlandscapepickingupon linksinsidethoserepresentationsandworkingitswaytowardsthegoal. JW:ThatwasreallycuteI'mgonnastealthat,we'llhavetoeditthistomakeitsoundlikeithad beenmyidea.It'saboutthenotionofserversleavingbreadcrumsforclientstofollow.It'sleading theclientthroughthebusinessprocessestheserversimplement.Wetendtogetboggeddowninthe kindofuniforminterfaceandHTTPandallthatstuffandreallytheheartofitistheservertakesyou bythehandandguidesyougentlythroughabusinessprocess. InfoQ:Youmentionedsomestuffthat'smissingandallandthat'sproblematicintheinfrastructure, suchasthebrowserlimitationtoGETandPOSTandthenthecaches,intermediariesandotherstuff ignoringorblockingsomeofthosemethods.Doyouthinkthereareotherthingsthataremissing currentlyinthecurrentwebspace?Istherestuffthatweshouldhavetousethismoreeffectively? Ifso,whatwouldthatbe? JW:Experienceisthemainingredientwhichismissinghere,althoughthewebitselfisareally maturetechnology.Ithinkweareonlynowlearninghowtodirectitsparticularcharacteristics towardsintegratedsystems.Thewebhasbeenbrilliantasamechanismforconnectinghumans, particularlyinrecentyears,whenhumanshavetakentothewebintheirmilionstointeractwith pokesandtweetsandallthatkindofstuff. Asdistributedsystemengineerswestilllackthatlevelofexperiencefordoingthesamethingswith computers.Wehaven'tquitefiguredoutyetinanyrobustwayhowtoextendhypermedia,for example,betweensystems.Forme,thatwouldbethekeythingthatI'dsayit'slacking.I'mhappyto workaroundquirksintheinfrastructure,differencesofopinionaroundthecommunity,butIthink reallyweneedtojustexperimentwiththisstuff,learnhowtomakeitsing. IR:Thingsevenatthelevelofclientlibrarybeingabletosurfacehypermediainarelativelycommon orstandardway.I'mthinkingIgetarepresentationback,butIjustwantalinkquerythatallowsme toidentifyallofthehypermediaandthen,basedonwhateveritisIamtryingtoachieverightnow,I canchoosetodereferenceinthoseURIswhateverpursuethathypermedia. InfoQ:WhatarethegoodplacestouseRESTandthewebandwhataretheplaceswhereyou shouldavoidusingthatstuff? IR:Wheneveryouwantrealreachforyourapplications,thenIthinkRESTandthewebarean

100 InfoQExplores:REST

attractiveproposition.It'sarelativelylowbarriertoentryforanybodytobeabletoconsumeyour applicationorworkwithit.WhereasifwearejustworkingwithinEnterpriseboundarieswhether it'sagoodideaornotwearefreetocreateourownidiom.Ifwearenevergoingtohavetoexplain thattoanybodyelse,wecouldinventsomethingfromthegroundup,butthemomentwewantto crossanyofthoseorganizationalboundarieslet'sstartlookingforsufficientlysophisticatedbut nonethelesslowestcommondenominatorwayofworkingandcooperating. JW:Icantakethatstagefurtherandstartlookingatsomeofthearchitecturaltradeoffsthatpresent themselveswhenyou'reconsideringthisuseoftechnologyandmyfavoriteforthewebis"Canyou tradelatencyforscalability?"Thewebisn'talowlatencysystem,butit'shugelyscalable,particular thewayyouconfederateloadontheweb.Ifyoucanaffordlatenciesofseconds,minutes,probably abouthours,days,weeks,thewebisgoingtoscalereallywell. Butifyoucan'taffordhighlatency,thenprobablylookingatawebinspiredsolutionisthewrong thingandGodwillstrikemeforsayingthis,butsomeproprietarytransportsubstratewith millisecondlatenciesorbettermaywellbethethingyouneed.However,I'veoftenfoundparticularly techieswillalwaysinsistthattheyneedthemillisecondtransportsubstrateupfrontwithoutreally holisticallyunderstandingthekindofbusinessproblemthey'relookingat,andthebusinessproblem maywellcallforsomethingmuchmoresensible,likeseconds,inwhichcasethewebcouldbea sensiblelowceremonywayofachievingthesamegoal. Geekslikeussufferterriblyfromthesinofpridebecausewealwayswantthecoolest,fastest,lowest latency,shiniestbrassknobsononsystemandthewebisreallynotaboutthat.Thewebislike "humdrumgetonanddoit".Tradelatencyforscalabilityanydayoftheweekandifitcomesoutin termsofscalabilitywithhighlatency,gowiththeweb. IR:Ithinkthereisamoregeneralissuefordistributedsystemsdevelopmentaswell.Itasksusto thinkalittlemoreaboutourtoleranceforlatency,forinconsistency.We'vebeenaccommodating thesethingsforcenturies.Icansendahorsegallopingoffromonetowntoanotherwithanorder andsometerriblethingscanhappeninthatinterveningperiod.We'veinventedbusinessprotocols thatcanhandleallofthatandIthinkthiskindofworkisforcingustolookatthoseandtosurface thoseprotocolssemanticsagaininsteadofalwaysdependinguponthelowlatencysubstrateand tryingtodelegateeverythingtothetechnology. JW:That'sinterestingbecausethewebasadistributedplatformabsolutelyinsiststhatwedealwith distribution.Fromsomanyyearsincomputingsciencenow,we'vebeentoldabstractionisagreat thingandweshouldabstractawayallofthathardcomputingsciencestufftothebackroomboffins andweshouldforgetaboutitinlivinghappybusinesswebsiteland.Actually,youcan'tdothat Waldotoldusthatyearsagoandhe'sbeenwoefullyignoredbythecomputingcommunity,butwhen youdecidetobuildawebbaseddistributedsystem,thewebdoesn'thidethatdistributionfromyou. Infact,itgivesyouusefulinformationtocoordinatedistributedinteractionsand,forexample,touse themessengerhorsemetaphor,toknowwhenyourhorseisbeingrobbedbyahighwaymanat gunpointandtotakesomecorrectiveformofcompensatingactivities.Asaformertransactionsguy,I seethewebasabigcoordinationplatformakindoftwophaseconsensusgonenuts. IR:Justgetoverthefactyoucan'thaveaGod'seyeviewofyoursuccess.

101 InfoQExplores:REST

JW:ApartfromapparentlySirTimhecanseethewholeweballthetime.Seriously,youposta blog,heknowsitheiswatchingyou.Heiswatchingallofyourightnowthroughawebcam. InfoQ:Asyoumentionedtransactions,oneofthecritiquesthatIhearmostoftenaboutRESTis thattherearesomanyenterprisefeaturesmissingfromit.Inwebservicesyouhavethe transactionprotocols:WSCoordinationwithAtomicTransactionsandWSBusinessActivityandall thatstuff.Doyouperceivethatassomethingthat'slacking?Doweneedatransactionsprotocol onHTTPthat'sRESTful? JW:No,nextquestion.Idon'tthinkso.Ithinkwe'relearningthekindofscalesthatthewebworksat, theclassictwophasetransactionsaren'treallysuitable.AnyonethatlistenstoWernerVogelstalk aboutthiseventualconsistencystuff,anyonewho'sreadsomeofGregorHohpe'stuffabouthow Starbucksdoesn'tusetwophasecommit,anyonethathasactuallyappliedanyfleetingthought aboutthisunderstandsthatparticularlytwophasetransactionscan'tworkontheweb.Youtradeoff consistencyforscalabilityandtheweb'sallaboutscalability,potentiallyeventualconsistency. Ifit'snottoomuchofablatantplugforthebook,chapter12discussesthis.Actually,wedobakeoff atchapter11nowwescotchthechapterssothatwecankeepupwithStefan'sprolificpaceof writinginhisequivalentGermanbook.Weactuallydobakeoff,ifyoulike,infactweuseWS* techniquesforthingslikesecurity,transactions,reliablemessagingandsoon.Weshowthe equivalentpatternsandstrategiesthatweuseinaplainoldwebbyHTTPworld.Wedon'tclaimthat we'reRESTful,wearejustsaying,forexampletransactionsyoudon'treallyneedbecausetheweb givesyouallofthiscoordinationallthetime. It'skindofperversethatthewebbeingthissynchronousstepwisetextbasedprotocolitshouldn't reallyworkatglobalscale,butitdoesbecauseforeachinteractionIhavewiththeresourceonthe web,Igetsomemetadatatellingmewhetherornotthatinteractionwassuccessful.So,Icanelectto followtheadventurerouteifyoulike,Icanelecttokeepgoingfollowingresourcesandmaking forwardprogressorintheeventofapieceofmetadatathatsuggestthatmyprocessingisfailing,I canperhapstakeanotherroutethroughasetoflinkedresourcesandotherprocesseswhereIcould makealternativeprogress.That,forme,isamuchmoresensiblewayofdealingwithundesirable outcomes,tryingtowrapeverythinginabighawkingtransaction. IR:"Youareconfrontedbyadwarfwithanaxe.Whatdoyouwanttodonext?"Imean,evenwith theWS*protocols,Idon'tthinkweshouldbetemptedtousethemallthetimetotryand coordinateandinvolveanumberofdifferentservicesinsomekindoftransactionalcontext.Itmay bethatyouactuallywanttousethatbehindsomecoarsegrainedboundaryandsomeinternal implementationofservice,evenifweareexposingitacrossthewebinaRESTfulmannerthatthe internalimplementationmightdependuponsomeofthoselowerlevelprotocols.Ithinkthat'sfine. Ifwearepreparedtotoleratetheexpenseoflockinganumberofresources.Weareseekingacoarse grainedboundarywherewedon'tnecessarilyhavetodothatatthatlevel. JW:Thatdoesn'tcomeforfree,right?Thattakesexplicitcleverdesigndecisionstogetrightbecause atthelowestlevels,ifyouareusingoneoftheselegacyrelationaldatabases,youaregoingtohave tothinkaboutthesethingsyes,IsaiditandIsticktoit,too!butyouaregoingtohavetodesign explicitlyandbeverywaryaboutyourabstractionboundariesforthosekindofdetailsdon't

102 InfoQExplores:REST

inadvertentlyleak.Iftheyleaktotheweb,youarescrewed! IR:Onceyoustartgivingsomebodyakeytoyourbackdoor,they'llbeinthere. InfoQ:Reporter:Now,thatwe'vedealtwithtransactions,whatdoyouthinkabouthavinga BPM/BPELlikethingforREST?Doweneedsomethinglikethat? JW:Doesn'tthewebalreadyhavethatbuiltinitslinks?Thewebhasallthischoreographystufffor free. InfoQ:Doesit?I'mnotsure.Thisisarealhonestquestion.Thoseenginesnevermindthe programlanguageusedtoprogramthem,butthoseenginesdealwiththingslikecoordinating multiplerequeststomultiplesystemswheretheanswersgetdeliveredasynchronouslyandthey coordinatethemagainanddosomethingelse.Thatseemslikeausefulcapability.Shouldn'twe havethesamethingfortheRESTfulworld? JW:Itisausefulcapability.Thenotionofknowinganoutcomethatyouwanttogettoandmaybe somerulesthatwillhelpyoutogetthereisafinething.It'sonlywhenyoutieitupinan inflammatorylanguagelikeBPM,thatitraisesmyhacklesbecausethatcomeswithalotofbaggage. We'veallseenthekindofpointandclickwareBPMproductareandwerunscreamingfromthem becausetheyaredangerousthings.Thehardestpointinusingthewebisthecoordinatingfromthe clientside.Ifwecouldsolvethatproblem,thewebwouldbeamuchmoreamenablesolution,butI completelyagreethatweneedsomekindofclientsidecoordination,butIdon'tthinkitshouldbeof thesameveinoftheproductsandsolutionswe'veseentoday.SomethinglikePrologorarules engine.mightactuallybeabetterwayofdealingandorchestratingprocessesontheweb. IR:Thatcanbeaninternalimplementationissueforaclientorforaserver,whateverroletheyare playingatthatpointintime.It'snotunreasonabletosayinordertorealizeagoal,youmight anticipateafewofthestepsthatyouaregoingtohavetogothrough.Ifyourserverisgivingyou backarepresentation,offersupasetofopportunities,youareapplyingsomeintelligencetothatto pickyourpath,whichdoesalsosuggestthatthereisanoutofbandmechanismaswell,sothatwe canbegintocommunicatewhatisthatyoumightexpecttoreceive.Itprovidessomereasonably standardinterpretationsofthingssuchas"rel"attributesandstufflikethat. JW:Thatoutofbandintelligencecouldbeamicroformat.Itprobablyshouldbebecausetheyare lowceremonyandlovely. IR:Yes,butmanyprocessesareverysimple,sequential,ordrivenbyevents.It'srelativelysimpleto implementtheminthesimplestfashion.Itdoesn'tnecessarilydependupontherulesengineor someworkflowengineoranythinglikethat. InfoQ:Let'sgettosomepracticalthings.Wetalkedabouttheoreticaladvantagessolet'stalk practice.Whatkindoftoolsdoyourecommendtopeoplewhoactuallyareconvincedandwantto buildsomethingRESTful?Fromthedifferenttechnologiesspacesthatwehave,whatareyour favoritetoolstobuildHTTPRESTfulsystems? JW:IconfessI'mthefondestofverysimpletools.I'mcurrentlyworkingonsomeratherhigh

103 InfoQExplores:REST

performancesystemsandithappenstobeinJava,whichisfine.Wehave,ofcourse,severalchoices inJavawecouldgetwithRestlet,wecouldgetwithJAXRSserversimplementationbothofwhichare substantiallysophisticatedFrameworksthattakeoutalotofplumbingforus.Inthiscasewewent withservletsbecausetheyweresufficientforustogetthejobdoneinaverylowceremonyway.Flip side:ifyouareonthe.NETplatform,forexample,you'vegottheWebInvokeandtheWebGetstuff fromWCFthatyoucoulduseoryoucouldjustuseaHTTPhandler. IR:OraHTTPlisteneraswell,whichisactuallywhatWCFusesunderhoodifyouareselfhosting HTTP.Youcandropdowntothatandagain,it'sverysimpletobuildthingsontopofthat. JW:Theratherslipperyansweristhatyoutakeyourpick.Ifyouarecomfortablewithusingahighly abstractedFrameworklikeWCForJAXRS,ifyoucontainthatinyourbusinessdomainmorereadily thanyou'repreparedtotamesomethinglikeservlets,whichisveryHTTPrequest/responsecentric, thenit'syourcall.Usewhatmakesbestsensetoyou! IR:OneofthethingsI'moftenlookingatishowI'mgoingtocommunicatesomethingaroundthe applicationprotocolandtypically,Iwanttocommunicateitbywayoftests.Testsareausefulpiece ofdocumentation.ByapplicationprotocolI'msayingIwanttobeabletodescribetoyouhowyou canexpectmyservicetobehaveifyousubmitthisrepresentationtothisendpoint,invokethis method,thenyoumightexpecttogetbackthiskindofrepresentation,thismediatype,thesestatus codes,thisHTTPheaders.Allofthosethingsformpartofthatapplicationprotocolweare establishingsomelittlecontractbetweenourselves.YouseealotofthisstuffintheAtomPubspec, forexample. WhatI'dliketobeabletodoistoassertallofthatinatest.OneofthethingsI'moftenlookingforis canIdothatwithoutalwayshavingtospinupaninstanceofmyserviceorcommunicatewithitover thewire,soI'moftenlookingforveryverylightweightabstractionthatallowsmetocreate expectationsagainstallofthoseHTTPartifacts,withoutactuallyhavingtostartupaninstanceinthe service.Iknowyou'vedoneitwithsomeofthemockcontextinSpring.JW:Withservletsandsome oftheSpringmocksit'sactuallyareallynicewayofnothavingtodothefullbringupservicewait20 hoursforTomcattocomeupkindofthingverylightweight,verypragmatic. IR:WhereaswhatI'vedoneoccasionallyiscreateverythinwrappersaroundthingssuchasarequest orresponse.IcantestindependentlythattheyactuallydodelegatetowhateverruntimeI'musing, butthenIcanbasicallywritemytestsagainstthoseormockinstancesofthoserequestsand responses. InfoQ:Youmentionedtheword"contract".HowdoyouseecontractsrelatingtoREST?Becausein thewebservicesworld,thecontractisreallyattheheartofeverything.It'sthegreatWSDL descriptionthatJimisaverybigfanofasIknowthatactuallyreallydescribesveryformallyand verycompletelywhatmethodsyourserviceexposes.Howareyousupposedtointeractwitha servicethathasnoformaldescription?Howcouldyoupossiblyworkwithsomethingwithout havingthatWSDLfile? JW:YouhaveaninformaldescriptionandthenyouhaveabunchofIan'sfabulousconsumerdriven contracts.

104 InfoQExplores:REST

IR:I'mthinkingthatveryoftenthemediatypeisexpressingsomekindofcontract,ismakingsome promisesaboutthekindofrepresentationyoucanexpecttogetback.Themoreinterestingmedia typesactuallycontainalotofthosemoreprotocollikerulesaswell.Again,Ithinkatthingslike AtomPubthatnotonlytellyouwhatkindofstuffyouaregoingtogetback,buttheytellyousomeof themethodsthatyoucanexpecttobeabletoinvokeandthestatuscodesthatyoucanexpecttoget back.Therearecontractshere,theyarejustbeingshiftedaroundandIthinkweshouldbelooking formediatypesthatmakeveryclearwhatisthatwecanexpecttodo,howwecanexpecttosurface orinterrogatetheserepresentationsforhypermediaandhowitconnectsustohypermediainorder toprogressanapplication. InfoQ:Isitperhapstosaythathypermediaformatsassumetheroleofcontracts? JW:Yes.Inanutshell,yes.Infact,afriendandformercolleagueofoursGeorgeMalamidisonce saidtome"Thewebalreadyhasacontractlanguageit'scalledHTML."I'mstillscaredwhenIsay thatsentence.Georgeisaverysophisticatedthinkerinthesecircles,butIhaveatendencytobelieve heisright.I'mjustscaredtomaketheleaptowhereheis. InfoQ:Let'sassumeyouhavemanagedtoconvincesomepeoplethatRESTisagoodthing,but they,intheirturn,wanttoconvincetheircoworkerstoactuallystartit.Doyouhave recommendations?HowdoyougoaboutevangelizingRESTinyourcompany?What'sthebestway todothat? JW:Ican'tevangelizeit.Ithinkithastobeaboutasolutiontoaproblemwithinacontext.Oneof thesystemsI'vebeeninvolvedwithinthelastyearorsowasoriginallypennedtobebasedonJMS. That'sgreat,IlikeJMS,it'salovelyidea,buttheinitialdesignwasdonewithoutreallyanyholistic thoughttotheenvironmentinwhichthesystemwasgoingtobedeployed.JMS,lovelyasitis,hasits complexities.Whatweactuallyfoundwasfortheloadsthatwewantedtoputthroughthesystem, bydoingasmallspike,fewdaysworthofspiking,theHTTPwasquitegoodenoughforwherewe neededtobe. Thathadsomanybenefitsintermsofimprovingoursoftwaredelivery,itwasalotfaster,easierto writeHTTPthingsthenitwasJMS,theyareeasytotestwithtoolslikePosterorcurl,thedeliveryof thatparticularsystemwasgoodandthereisamanatthebackoftheroomsmilingaboutit,because hewasinvolvedwithitanditwaslovelyandIfeelthathadwegonedowntheJMSroutewewould havetoworksomuchhardertosurfacethissystemfortestingparticularlytoourQAs.Thefactthat ourQAscouldbringinFirefoxwiththePosterpluginandprobethesystem,maybesomereally advancedbutaccessibleexploratorytestingandtheybrokeusinwonderfulwaysthatwehadn't expectedbecauseofthesystemsurfacearea,whichisopentothemandthatmesmilealot. IR:Itopensouttoalargerconstituency,doesn'tit? JW:Yes,soareachthingagain. IR:Farmorepeoplehavingvisibleinsightintothewayinwhichthesystemisworkingorthewayin whichitexposesitselftotheworld.Andtheyareseeingitinwayswithwhichtheyareveryfamiliar theyarelookingatitinabrowser,thingslikePosterandstufflikethat.It'scurious:westartedallof

105 InfoQExplores:REST

thissayingthat,infact,wearemoreinterestedintalkingaboutwebby,WebberythingsandtheREST andthenwecontinuetotalkverymuchaboutREST,andIthinktoevangelizeRESTwithinan organizationisoccasionallynottheappropriatethingtodo.Ialwaysgetfrustratedwhenpeoplesay "WewantSOA".SOAisanotheroneofthosewordsthatshouldbeundererasure.Weshouldjust starttalkingaboutwhatitisthatwearetryingtodoandtalkaboutitinfamiliarwaysbecausevery fewpeoplearen'tnowfamiliarwiththeweb.Wecanjusttalkaboutsomeofthesimplethingsthat wedowiththewebandsay"Imagineifyourapplicationcouldalsoworklikethis." JW:ThereisthedangeraswhathappenedwithSOAthatitbecomesboundupinproductssuchto anextentwhereitbecomes"IcansellyouanSOA""No,youcan't"andIthinkweareseeing alreadythisRESTmonikerbeingappliedtosoftwareproducts.Itreallyconfusesthediscussion becausepeoplethinktheycanjustpluginREST,theycanjustbuyRESTplatformandtheyare suddenlyRESTful.Thenalltheyaredoingistickthe"RESTinside"boxandtheyhaven'treallygiven anycriticalthoughttowhythatmightbeusefultotheirbusiness.It'sjusttheseniorITdecision makersandthevendorsconcludeonadecisionwhichisnotnecessarilyinthebusiness'sbest interestanditisrarelyinthebestinterestofthedevelopmentteamwhoaretryingtoservicethat business. IR:It'sraretobeabletoinsertsomekindofadapterandtakeaWS*applicationandsuddenly surfaceitasaRESTfulapplicationandexpectittobearichandusefulRESTfulapplication. JW:That'sadangerousRESTapplicationbecausetheunderlyingimplementationisn'tdesignedto havesuchasurfaceareaortobeloadedinthatway,thedesigntobeloadedinamessagecentricor RPCishway. IR:Ithinktherethishugeinandofitselfthinkingofthingsintermsofresourcesandtotrytolayer resourcesontopofsomethingthat'sbeendesignedaroundanentiredifferentparadigm.Youare missinganopportunitytodiscoversomethinginterestingaboutyourbusiness,aboutyourprocess. Discussingintermsofresources,oftensurfacesthevalueinherentindoingsomething.Searchresults inandoffthemselvesareusefultocompanieslikeGoogle.It'soneofthewaysinwhichthey monetizewhatitisthattheyaredoing.Surfacingasearchresultasaresourceisagoodwayof thinkingandtalking. InfoQ:AudienceQuestion:RESTliesontopofHTTP,whichishasquiteoldspecifications.We've beenusingthatforafewyearsandmaybewouldRESTbecutbacktowhattheHTTPspecification wasmeanttobelike.WeareusingtheHTTPverbsinamoreinterestingway,despitetheway we'vebeenusingthatforthepast20years,maybe,andstillwehavebrowsersorclientswhichdo notimplementHTTPspecificationfully.Weknow,forinstance,it'sverydifficulttouseFlexwith RESTthat'squitescary!Whatdoyouseeinfrontofyou?Doyouseethatweneedanew specification,anupdate,sothatwecouldalsoaddressproblemsthatwedidn'thavewhenwe wereusingHTTPaswehavedone,butmaybenowweneedalsomorepowerfromHTTP?Ordo youseethatin12yearsallthebrowserswillimplementthecurrent1.1specificationandwewill behappyforthenext20years? JW:Theprimaryreasonwhythehumanwebdoesn'tsupportthefullgamletofHTTPverbsit'sthat HTMLdoesn'tsupportit,soweareleftwithGETandPOSTsupport,whichisaprettylimited

106 InfoQExplores:REST

vocabulary.I'mnottooworriedbythisbecausetomethebrowserarealreadydead.It'sthemost frequent,buttheleastinterestingagentontheweb.I'mmuchmoreinterestedinwhathappens whencomputersinteractratherthanwhenhumanspointbrowsersatwebserversandrightnow, thatinfrastructurecreaksattheseamswhenhumanspushit,butit'sgoodenoughforthemto facebookeachotherorwhateveritisthatkidsdonowadays,soI'mreallynotworriedaboutit.What actuallyworriesmemoreissomeofthefuturedirectionsthatsomeoftheworkinggroupsinthe W3Careheadingtowards,whichiseffectivelytryingtorewiretheweb.Rightnow,theweb infrastructureasitis,hasgotthismagictippingpointwhereitisgloballyavailable,ithasglobal reach. I'mconcernedifsomefolksatW3CcomethroughandforexampleHTML5.0somehowmakesitout intothewild,thatwegotthisweirdparadoxhalfthewebistheoriginalwebandhalfthewebis thisnewwebandit'sallgotwebsocketsandit'sallveryconfusingandit'snotallmarkuplanguage anymoreandthat'swhattroublesmemost.Rightnow,I'mlookingforthebrowserprovidersto innovateI'mcomfortablewiththat,I'mnotpassionateaboutit,butcomfortablewithit.I'mlooking fortheW3CtonurturethewebinamoreevolutionarymannerandI'mnotlookingforsomeoneto becomeSirTimthe2nd.Unfortunately,I'mconcernedthatsomepeopleinW3Carelookingthat wayhandsoff! InfoQ:Audiencequestion:Lately,weareseeing,evenhereintheconference,thatinprogramming therewasLispalongtimeagoandthenweweregoingsomuchlikewearetryingtodomore abstractionsandwegotoobjectsandbigstuffcomponents.Nowweseethatpeoplearegoing backtofunctionalprogramming.Thesamethinghasbeenwiththeweb:wegotthissimpleHTTP specification,westartedtobuildalotofabstractions,SOAPandBPEL,andthenwegobackto simplicity,toREST.Isitlikeatrendnowtogobacktosimplicityordoesithappenallthetimethis wayinsoftware,togobackandforth? JW:I'mnotoldenoughtoanswerthatquestion.Ianhasseenseveralofthesecycles,sohemight haveaproperanswer. IR:Fromthepointofviewofnostalgiadrivendevelopment,whereeverytextbeginswell,wouldn'tit beniceifwecoulddoittheoldway.Asyouweretalkingaboutsimplicityandtherebeingadrive towardssimplicity,IthinkoneofthebenefitsofRESTevangelismwhenitdoestakeplaceisnot actuallytoinsistonsimplicity,buttoinsistontheconstraints,tosurfaceandrecognizethe constraintsalloveragain.Alotofapplicationshavebeenbuiltonoraroundthewebthatabusethe web'sinfrastructureandthewayinwhichitworks.GoodRESTevangelismissurfacingand emphasizingsomeofthoseconstraintsandsayingthatifyouworkwithorunderthoseconstraints, youwillrealizegreaterreach,betterperformance.Thatisapartialanswerfromme. JW:Youareright.Wedidputabstractionafterabstractionontoourdistributedsysteminfrastructure andyouknowwhat:ithasn'tworkedoutthatwellforus.Someofthelargestandmostsophisticated distributedsystemsontheplanethaven'tbeenallthatlargeorsophisticatedandthenthiskindof crappyprotocolcomesalongthatinsistsonbeingsynchronous,andinsistsonbeingtextdrivenand itscalesglobally.That'sshockinganddoesnotmakesensetousasengineers.That'stheweb paradoxit'stherubbishestthingontheplanet,butit'sscaledandformethatiswhat'shitthereset

107 InfoQExplores:REST

buttonbecauseIwastotallyupforXMLbasedprotocolsthatdoallsortsoffunkystuff. IputmynametosomeOASISworkandsomeotherstuffinthetransactionsphaseGodforbid!, buttobefair,wethoughtwehadthebestofintentions,wethoughtthisstuffwasgoingtobeuseful anditmaystillbeusefulincertainboundedcontext,butwhatthewebandHTTPhaveshownusis thatifyouwanttoscaleandreachoutglobally,youhavetohavesomethingthat'sdumb.Dumb protocolsarethebaselinethroughwhicheveryonecaninteractandgettingthatinteractionseems tobenowwhat'scriticalinearly21stcenturycomputing.SoYes,backtobasics. ViewFullVideo http://www.infoq.com/interviews/robinsonwebberrest RelatedContents RESTisastyleWOAisthearchitecture HATEOASasanenginefordomainspecificprotocoldescription HowRelevantAreTheFallaciesOfDistributedComputingToday? Presentation:TransformingSoftwareArchitecturewithWebasPlatform Presentation:REST:APragmaticIntroductiontotheWeb'sArchitecture

108 InfoQExplores:REST

Interview

MarkLittleonTransactions,WebServicesand REST
Inthisinterview,recordedatQConLondon2008,RedHatDirectorofStandardsandTechnical DevelopmentManagerfortheSOAplatformMarkLittletalksaboutextendedtransactionmodels, thehistoryoftransactionstandardization,theirroleforwebservicesandlooselycoupledsystems, andthepossibilityofanendtotheWebservicesvs.RESTdebate. DrMarkLittleisTechnicalDevelopmentManagerfortheJBossSOAPlatform,Red Hat'sDirectorofStandardsandrepresentativeontheJavaExecutiveCommittee.He hasover20yearsofexperienceworkingintheareaofreliabledistributedsystems. WhileatRedHat/JBossMarkhasbeentheleadoftheJBossESBandJBoss TransactionsproductsaswellasworkingfromtheofficeoftheCTO. InfoQ:ThisisStefanTilkovatQCon2008,andIaminterviewingMarkLittle.WelcomeMark!Can youtellusalittlebitaboutyourselfandwhatyoudo? Mark:IamaTechnicalDevelopmentManagerforRedHat'sSOAplatform,whichbasicallymeansI aminvolvedinallourSOAstrategy.Ihavevariousgroupsreportingtomelikeworkflow,transactions, ESB.IamalsoaDirectorofStandards,soIamalsoresponsibleforparticipationinW3Cgroups, OASISandJCP. InfoQ:Ok,soifIreadyournamesomewheretheonethingthatpopsupinmymind,theonething Iassociateyouwithistransactions.Ithinkyouhavealonghistoryinbeinginvolvedwithstandards aroundtransactions.Canyougiveusalittlebackground;canyouactuallydefinetheterm transactionforus,giveusalittlerefresherthere? Mark:So"Transaction"isatermthatismisusedprobablyahundredandonedifferentwaysinour industry.It'sprobablybettertobeabitmoreexplicitandsayit'satomictransactions.Anatomic transactionhasitshistorybackinthe'60s,andit'shard,it'slikeit'safaulttolerancemechanism.It's basedonworkthatwasdonearoundthattimeinthe'60sonspheresofcontrol.Basicallyanatomic transactionisasphereofcontrol,it'sanactivitythatguaranteesthatworkdonewithinthescopeof thattransactioniseitheralldone,orit'snotdoneatall,yougetnopartialfailures. Atypicalexamplewouldbeabankaccountsystem.Supposeyouaretransferringmoneyfroma currentaccounttoahighinterestaccount,andonewayofdoingthatwithoutusingtransactions wouldbetoremovemoneyfromthecurrentaccount,soyouareholdingthemoneyandthen deposititintothesavingsaccount.Ifyouhaveacrashofthesystematdoingthis,thendependingon

109 InfoQExplores:REST

wherethecrashhappens,youmayloseyourmoney.Ifyoutakethemoneyoutofthecurrent accountbutithasn'tquitebeenputintothehighinterestaccountyet,whereisit?Obviouslythe bankhopefullywouldhaveinformationaboutwhereitis,andtheycandosomekindofmoney resolution,butthatcouldtakedaystoactuallysortoutandmeanwhileyouhaven'tgotyourmoney, youcan'tpayyourbills.Ifyouaretodothattransferwithinanatomictransaction,thentheatomic transactionwouldguaranteethatiftherewasacrashthemoneygoesbackintothecurrentaccount, thetransactionsystemwoulddothat,ordependingonwherethecrashis,itwouldguaranteethatit wouldeventuallyturnupinthehighinterestaccount,hopefullywithinamatterofsecondsor minutesatmost.Anditwoulddothatitselfautomatically,therewillbenorequirementformanual intervention. InfoQ:Oneofthetopicsthatcomeupoftenindiscussionsaboutwebservicesiswhetherornot theyneedtransactions.Maybewecanstartbyaquickdescriptionofwhatisactuallyavailablefor webservicesinthetransactionsspace. Mark:Webservicestransactionsdevelopmenthasbeengoingonforalmostaslongaswebservices hasbeendeveloped.SoIstarteddoingworkaroundthatin1999,whichisprettycloseafterSOAP wasfirstreleased.Whatwewerelookingatthenandwhatwehavecontinuedtolookatoverthe interveningeightornineyearsisactuallyanumberofdifferentapproachesfortransactionsinthe web.So,traditionalatomictransactionsthatIdescribedearlierhavesomeinbuiltassumptions abouthowtheywillworkandtheenvironmentinwhichtheywillwork,soprettymuchtheyassume theywillworkinacloselycoupledenvironmentthatcanbetrustedandtheylastforseconds, millisecondshopefully,butseconds,maybeattheutmostminutes.Onthewebthosekindsof interactionstypicallydon'thappen,youknowyoumightbebookinganightout,orbuyingabook fromAmazonandyoumightbedoingthatoverthecourseofhoursordays.Andtodoallofthat withinthescopeatthetoplevelofanatomictransaction,justdoesn'twork.Sowewerestarting withhowdowedotransactionsthatarespecificforwebservicesorfortheselongduration interactions.Andtherewasalotofworkthatwasdonebackinthe'80sandearly'90sonwhatis knownasextendedtransactions. Thereisarangeofextendedtransactions.Basicallytheprincipleaboutextendedtransactionsisto relaxtheverypropertiesthatareinherentwithinanatomictransaction,soifyougoandlookatthe literaturethenyou'llfindthatanotheracronymthatisputaroundatomictransactionsisalsoknown asACIDtransactions.ThatisACIDAforatomic,everythinghappensornothinghappens,Cfor consistent,thestateofthesystemmovesfromoneconsistentstatetoanother,Iforisolation,soyou can'tseedirtydataandDfordurable,sothatiftheworkhappensitismadepersistentevenifthere isacrash,you'lleventuallygetthesamestate.Extendedtransactionsrelaxthoseproperties,soyou mightrelaxatomicity,sowhenanextendedtransactionoracertaintypeofextendedtransaction terminates,youmaysay"IwanttocommitbutIdon'twanttocommittwooutofthreeofthese participants,Iwanttocommitthatone,buttheothertwoIactuallywanttoundo".Another extendedtransactionmodelmightrelaxisolation.Andthereasonforrelaxingthedifferent propertiesistocaterforthetypeofusecasesthatyouwant,andthat'swhythereisalotofdifferent extendedtransactionsmodels.Thereisnoonemodelthatactuallyfitseverythingyoucouldever wanttodo.

110 InfoQExplores:REST

Sothat'swhatwehavebeendoingoverthelasteightyears,wehavebeenlookingatextended transactionworkthathasbeendoneandtryingtocomeupwithawayofallowingpeopletodevelop extendedtransactionmodelsthataregoodfortheirparticularusecase,ratherthantryasa transactionindustryhasdonetwentyyearspriortothis,shoehorntheACIDtransactioninto absolutelyeverything,let'shavetargetedmodels,targetedimplementations,andwehavegotthere. SoithastakeneightornineyearstogettherebutfinallyinOASISthere'stheWSTXtechnical committee,whichhasdefinedaframework,WSCoordination,whichallowsyoutoplugindifferent intelligences,sothiswouldbethedifferenttypesofextendedtransactionmodels. Outofthebox,thestandardprovidestwoextendedtransactionmodels,becauseoftheusecases thatwecurrentlyhavethatweneedtoadopt.OneisBusinessActivity,whichisfortheselong runningunitsofwork,theotherisAtomicTransaction,sodespitewhatIsaidearlieraboutatomic transactionsnotbeinggoodforwebservices,ifyoucanrecallthatbackwhenwebserviceswhere firststartingandeventhroughtotoday,peopleareusingthemforinteroperability,asmuch,ifnot actuallymorethanforInternetscalecomputing. So,atomictransactionintheWSTXspecisreallythereforinteroperabilitybetweenheterogonous systemsrunningoncloselycouplednetworks.YoucoulduseitacrosstheInternet,there'sabsolutely nothingtopreventyoufromdoingthat,buttherearereallygoodreasonswhyyoushouldn't. TheAtomicTransactionsspecinWSTXhasgivenustransactionindustryinteroperabilitybetween obviouslyRedHat,IBM,Microsoft,andacoupleofothercompanies.Allheterogeneoustransaction protocolswithinaboutayearandahalfofthespec'sbeingfinalized,probablylessactually,whereas ifyouarelookingwhenwelasttriedtodothis,whichwasintheOMGwithintheObjectTransaction Servicework,thatreallytookusabouttenyears.Sothereweredefinitelybenefitsfordoingitinweb services. InfoQ:Soyouhavesomepracticenow,somaybeit'snowonderittookyoulessthantenyearsto start. Mark:Yes,youareright,wedidlearnfromourpreviousmistakes. InfoQ:SoyousaidthatontheInternetyouwouldneveruseatomictransaction,whichispretty obvious,butIbelievesomepeoplewouldclaimthatevenifyouhavetheidealsofbuildinga serviceorientedarchitecturethenloosecouplingbecomesadesignprincipleevenifyoustay withinthecompany'sboundaries.Wouldyoualsosaythatifloosecouplingisoneofyourgoals, atomictransactionsisnotagoodmatchforthat? Mark:Yes,Iwould,butsomepeoplestillwanttodoit.Soyoucanmakerecommendationsbut ultimatelyiftheywanttodoitthennothinginWSAtomicTransactionwillpreventthem. InfoQ:ManypeoplesaytransactionsandSOA,transactionsandloosecouplingdon'tmixatall. Whatarethebenefits,howwouldyouactuallyadvocatetheusageofthoseprettycomplicated standardstopeoplewhousethem? Mark:IthinksomeofthiscomesbacktowhatIsaidatthestartabouttheuseoftheword "transaction",alotofpeoplewhentheyseetransactiontheyimmediatelyassumeACIDtransactions,

111 InfoQExplores:REST

twophasecommit,databasetransactions,howeverthey'verunintotransactionsbefore.Andinthat casetheyareright,Iwouldnotrecommendtocustomerstouseatomictransactionsacrossthe Internetorwithinthecorporatefirewallifwhattheyaretryingtoachieveisaserviceoriented architecturebasedsystem. Butifyoulookatextendedtransactions,likeIsaidabouttherelaxationofdifferentproperties,you aregoingtoactuallyseethattherearecertainonesthatareactuallygoodforSOAbased applications,theyprovideyoutheguaranteesthatyoumightwantbuttheydon'tprovidethe restrictionsthatACIDtransactionsrequire.Soifyouactuallylookatsomeoftheworkthatwedidin WSCAF,thewebservicescompositeapplicationframework,whichpredatedWSTX,there'soneof thetransactionmodelsthere,thatunfortunatelywedidn'tadoptintoWSTX,whichisactuallymuch morerelevanttoSOAbasedimplementations. It'stheWSBusinessProcessModel,andIthinkweactuallystartedthatbackin2003,andsincethen companieslikeMicrosoftandobviouslyRedHat,andothercompanies,aretalkingaboutverysimilar thingswhereyounolongerhavethisnotionofglobalconsistency,there'snonotionof"everybody hasthesamestate",becauseinalargescalesystemyoucan'tguaranteethat.Well,youcan guaranteeit,butitmighttakeyouuntiltheheatdeathoftheuniversetomakesurethatitisthe case.AndthatisexactlywhatWSBPdid,assumedthattherewerethesedomainsofconsistencyand inbetweenthemtheremightbedomainsofinconsistency,uptoacertainlevelorevenfuzzierthan that.SoforpeoplelookingtousetransactionsinaSOAbasedenvironmentIwouldsuggestthatthey don'tcomeintoitwiththepreconceivednotionthattransactionequalsACIDtransactionsoratomic transaction."Transaction"istoooverused,thereareextendedtransactionmodelsouttherethat canbeofbenefittoyourapplication. InfoQ:OneofthethingsyouhavebrieflytoucheduponisthatitisactuallyWSCoordination,and WSAtomicTransactionandWSBusinessActivity,whichareessentiallytheMicrosoftdriven standards,thathavebeenincorporated.Isthatacorrectviewofthis?BecauseIactually rememberthattherewasasortofasusualinthewebservices,orwhatusedtobeintheweb servicesspacetherewasawallbetweentwodifferentfractions,maybeyoucangiveussome backgroundonthat? Mark:So,theworkactuallyonextendedtransactionbeingstandardized,startedbackin1997,inthe OMGwithArjuna,thecompanythatwaswithusatthatpoint,andIBMandafewothercompanies workingonsomethingcalledtheAdditionalStructuringMechanismsfortheOTS,rollsofthetongue, whichisshorthandtotheCORBAActivityService.Thatwasdevelopingaframeworkessentiallya pluggablecoordinator,whereyoucouldaddtheintelligenceforyourspecifictransactionmodels.If youmapthattowhatwehaveinWSTXyou'llseethatthereisalmostaonetoone:thepluggable frameworkandtheOMGspecisessentiallyWSCoordination.Andtheintelligenceswerethe differentprotocols.SoforWSTransactionsthereisanequivalentmappingintheOMGspec. Whenweactuallystartedtodoworkonthewebservicestransactionsbackinthe1999wewere workingwithIBMonessentiallytakingthismodelandadaptingittowebservices.Butyouareright, atthatpointthewebserviceswarsbetweenMicrosoftandIBMfightingSun,Oracleandprettymuch everybodyelse,theykickedoff,andIBMandMicrosoftwenttheirownway,buildingonthiswork,

112 InfoQExplores:REST

andwewentourownwayagainbuildingonthesamekindofframework,andwhatcameoutofit wasWSTfromIBMandMicrosoftin2001,andWSCAFwhichcameoutin2002.Eventually everybodykindofkissedandmadeup,andwehadtheOASISWSTXTCthatformed,butthe principleinputtothatwasstillWSTandWSCAF,despitethefactthatIamacoauthoronbothof thoseoriginalspecsandobviouslythestandardsaswell,WSCAFwasstillbetterIthink.Itwasmuch moreSOAbasedandmuchless"CORBAwithanglebrackets",ifyoulike.Andit'sdiedadeathnow, butyestheTXoneistheonethatwearestuckwith. InfoQ:SoundslikeaVHS/BetaMaxstory. Mark:ItisandtheBetaMaxwasthebetterone.Don'tevenmentionBlueRay! InfoQ:Giventhatwebservicessupportforsomelevelofsupporttransactions,wouldyousee thisasoneofthebenefitsoverREST?Youknowthereisonecontinuoustopicthatcomesup. Mark:SowedidaddtransactionstoRESTwhenIwasworkingatHPin2000,weactuallydidsome workontryingtostandardizeatransactionbased,RESTbasedprotocol.Andwediditandlooking backIamnotsureifitwasahundredpercentREST,Iactuallythinkit'sprobablyninetyfivepercent REST,butanyway.Thereasonwedidthatisbecauseweactuallyhadcustomerswhowerecomingto usandsay"Thiswebservicesstuffisalittlebittoonewforusatthemoment.Wearenottoosure"; itwasAxis1.0days,Axisdidn'tperformverywell,I'mnotevensureifitdoesthesedays. "Wewouldliketodosomethingaboutcoordinatingmultipleupdatestowebservers,weareusing HTTP,sorrymultiplewebservers,weareusingHTTP,canyoudosomethingforus?"Andwedidit, wediditforthesecustomers,butitnevergotprogressedandwhenIleftHPitprettymuchfolded, wentontheshelf,becausewebserviceswerebigoratleastweregettingbig,andithasn'treally beenanypushattransactionsbackintovanillawebifyouwant,orRESTorHTTP.Ithinkthat's becausepeoplearedivertedtowardswebservices;it'snotbecauseIdon'tthinktherequirementis nolongerthere,Ihavecomeacrossafewcompaniesoverthelastfiveorsixyearswhohaveasked similarquestions,butthey'vegoneeventuallyeitherfornotusingtransactionsatallandchancingto luck,ortheyhavegonewithwebservices.SoIthinktheneedisthere,Idon'tthinkit'sahugeneed, butthenthereisn'tahugeneedfortransactionsanywhere. Ithinkthatitwouldbeniceiftherewasastandard,IthinkthisisoneoftheproblemswithRESTover HTTPatthemoment,inthatalthoughit'sastandardthereisnogenerallyagreedupon standardizationofprotocolsthatmightsitontop,liketransactions,likegroupcommunications,that sortofthings.AndhopefullyifwecanputtheseRESTandwebserviceswarsbehindusandkissand makeupthenmaybewecanactuallytakesomeofthebenefitsofbothsystemsandstandardize thingsinRESToverHTTP.That'ssomecustomersareactuallycryingoutfor. InfoQ:WhatisyouropinionabouttheRESTvs.webserviceswar?Whileweareatitwemightas welladdressit?Whatisyouropiniononthat? Mark:Ithinkit'sgoingwaytoolongandIthinkit'sbecomeverypolarizedinsomesectorswhenit shouldn'thave.TherearecertainlygoodreasonsforusingRESToverHTTP,soobviouslythereisa distinctionbetweenRESTandwhatIwouldliketocallRESToverHTTP,whichisonewayofdoing

113 InfoQExplores:REST

REST. Therearealsogoodreasonswhyyoumightwanttousewebservices.AndIthinkforwebservicesit reallyistheinteroperabilityandthefactthateverybodyhasgottogetherandwehavestandardize thesehighlevelapplicationprotocolsthatsitontop.Idon'tthinkit'saneither/orsituation,itmight beincertaincases,itmightbethatitreallydoesmakesensetouseRESTeverywhereinaparticular deployment,butIthinkingeneralandifyoulookbackoverlikefortyoddyearsofdistributive systemsdevelopment,therehasneverbeenaglobalpanaceafordistributedsystems.Onething doesnotworkwellforabsolutelyalldistributedsystemorcomponentwithindistributedsystemlike youmightcomeupwith. RPChasworkedvery,verywellsincethe'70s,andwearerevisitingthatoverthelasttenyearsorso, butRPCisn'tdead,peoplearesayingRPCisdead,itisnot,ifyouactuallylookaroundRPCisrunning alotofbackendinfrastructuralsystemsthatarealwaysgoingtobeRPCbased.Sowhenpeople comeandsay"Youneedtochangethistomessageoriented"thatisnotgoingtobuythose companiesanything,theyarehappywithwhattheyhavegot.AndIthinktheRESTandwebservices warsshouldprettymuchjustend;let'sagreethattherearegoodthingsandbadthingsaboutboth, andlet'stryandusethemtogetherifwecan.Ithinktheycanactuallybeusedwelltogether,the worktomergethemtogetherandmakethemworkefficientlytogetherhasn'tbeendone,Ithinkit couldbedone,andlet'sjustgetonwithit,let'sjuststoptoomuchfighting. InfoQ:Couldyoubecomealittlemorespecific,sowhatisgoodinwebservicesthatshouldbe adoptedintheRESTfulwordandwhatisgoodintheRESTfulworldthatshouldbeadoptedinthe webservicesworld?Istheresuchalist? Mark:Transactions. InfoQ:Whichnobodyneeds. Mark:Yeah,thereisn'tahugeneedfortransactions,butthereisaneedfortransactions.Security, highavailability,WSRXforinstance,youcanbuildonthattodohighavailabilityservices.Froma RESTperspective,theuniforminterfacedoesmakealotofsenseinmanycases.Ithinkoneofthe problemsthatwehavewithwebservicesisWSDL,tobeperfectlyhonest.CertainlywhenIstarted doingworkaroundwebservicesbackin1999/2000WSDLwasstillinitsinfancyandwhenwewere developingspecsandactuallydoingimplementationinHP,weweredevelopingonSOAPoverHTTP andbackportingtheWSDLafterwardsbecausetheWSDLreallygotintheway,andIthinkitstill doestoday.SogettingawayfromWSDLandlookingatthebenefitsthatauniforminterfacecan provideratherthanaspecificinterface,andalsotrynottoabusetransports,sosayingthatSOAP overHTTPisthesameasSOAPoverTCP/IPbecauseHTTPismostobviouslyatransport,it'smost obviouslynotatransport. InfoQ:Youmentionedthatitisnowtimetogobeyondthewarsbetweendifferentfacts.Imean that'sprobablysomethingthathasbeengoingonforyearsindifferentareas,it'sbeenCOMvs. CORBA,andit'sbeenthesekindofwebservicesversusthatkindofwebservicesandnowit'sREST versuswebservices.Giventhelastdebatewhatwouldbeyoursuggestion,whatdoyouthink shouldbeworkedupon,whatarethethingsthatweshouldaddresstogetthosetwotounite,kiss

114 InfoQExplores:REST

andmakeup? Mark:Ithinkthatthewebservicesguys,andIkindofincludemyselfinthisgroup,needtorealize thatcertainlyinteractionsacrosstheInternetthatarebasedonHTTParemorelikelytobeREST basedthannot.AndbridgingbetweenwebservicesandHTTPorRESToverHTTPIshouldsay,should beaddressedinamoreefficientmanner.Weshouldn'ttrytobastardizeHTTPanymoreasatransport, weshouldtryandworkwithitratherthanagainstit,andIdon'tthinkwearereallydoingthatatthe moment.WebservicesusesHTTPforareallygoodreason,andit'ssothatyoucantunnelthrough firewalls. Andthat'stherealreason.IwasatthefirstOMGmeetingwhereSOAPwasbroughttolife,anditwas oneofthedebatesaboutwhyitwasthere.Ithinkwekindofprogressedthatwearedoingitforthe samereasonsoverthelastsevenoreightyears.ButIthinkthatasawebservicescommunitywecan domoretoembraceRESTthanwearecurrentlydoing.Ithinkweshould.Idon'tthinkthereis anythingtechnicallythatwouldpreventusfromdoingthat.Ifyouactuallylookatthewaytheweb works,thereisnothingthatshouldpreventusfrombeingabletousetruewebprotocolswith nothingelselaidontopofthem,toactuallytalkbetweenwebserversacrossdifferentcontinents. LikeIsaidbeforeabouttheextendedtransactionsstuffthat'stheWSBPspecthatImentioned whichhasthisnotionoflooselycoupleddomainsofconsistencywithinconsistenciesbetweenthem, that'skindofverysimilarinthatwhathappenswithinthecorporatefirewallmightwellbea combinationofCORBA,REST,webservices,DCOM,JavaRMI...whateveryouwant.Butbetweenthe corporatefirewalls,IthinkitshouldmorelikelytrytobenotRESTweshouldactuallyworkwiththat ratherthantryandfightit. InfoQ:Wouldyousaythatalotoftheargumentsthatweredismissedwithinsixtysecondsfiveor sixyearsagothattheRESTpeoplemadearenowbeingacceptedprettymuchbyeverybodyinthe webservicesworld?ImeanIpersonallyseelotsofpeoplelikeyou,peoplewhowritethe standards,whoareinvolvedatleastconcedingthatRESTisagoodsolutionformanycases?I distinctlyrememberfiveyearsagowhenitwassaidthatitwasonlyusableforbrowsers,for humantowebserverinteraction,nomachinetomachinecouldeverpossiblyworkwithinHTTP. Thatseemstohavechanged? Mark:Ithaschanged. InfoQ:Coulditbethattheywerejustright? Mark:TospeakpersonallyIdidtransactionsoverRESTbackin2000,it'snotlikeIcertainlyhada epiphanymomentsixmonthsago.Ithinkafewotherpeoplehavebeenkindofcomingaroundto this,andyeswhetheryouwanttosaythattheysuddenlyrealizedthatwhatotherpeoplewere sayingwasrightorwhethertheyalwaysknewitwasright,andtheyjusthaddifferentmastersatthat timewhowouldn'tletthemsaywhatwasreallygoingthroughtheirmind,Iobviouslycan'tspeakfor everybody. InfoQ:Oneofthebasicprinciplesofwebservicesisthisprotocolindependence,isthe independenceofparticulartransportprotocol,whichisoneofthebigelementsinthesalespitch

115 InfoQExplores:REST

forwebservices.Doesn'tthatmaketheoptionofconsolidatingHTTPthewayitwassupposedto beusedimpossible.IstherereallyawaytoconsolidatewebservicesinRestfulHTTP? Mark:Ithinkthereis.Iamnotnecessarilysurethatit'sSOAPoverREST.Ithinkthatagaingoingback towhatweweredoingwithtransactionsonRESTbackinHP,wewereactuallyworkingtobridge webservicestransactionstoRESTfultransactions.Andyoucoulddoit.Iliketothinkthatifwebeen allowedtofinishitmaybeitwouldhavebeenoneofthoselittlegemsthatwouldhavegrownand maybeunifiedpeoplearoundthatfactthatwebservicesandRESTcanbeusedtogether.Idobelieve thatwecandoit,I'mnotsuggestingthatitiseasy,butifyoulookbackattheamountoftimeand effortthathasbeenwastedinthesefightsthatwe'vehadfromindividualstobigcorporations,I wouldliketothinkthatifwe'dactuallyspentthattimeactuallytalkingandtryingtogetthesethings resolvedinareasonablemannerwecouldhavebeentherebynow. InfoQ:Therearelotsofrumorsgoingonatthemomentaboutthosetwocompaniesthathappen tohavemergedrecently,whichhappentobeJBossandRedHat.Canyougiveusalittlebitof backgroundonthat?Tellusalittlebitaboutwhethereverythingisjustniceandallthoserumors arejustcrazylittlethingsthatweshouldn'tbelieve?Areyouwillingtotalkaboutthat? Mark:RedHatacquiredJBossinJuly2006.Itdefinitelywasn'tasmoothtransitionbutIcertainly didn'texpectasmoothtransition.Butthatwasn'tbecauseitwasJBossanditwasRedHat,Ihave beeninvolvedinmoreacquisitionsinmycareerthatIcaretoremember,andnoneofthemhave beenparticularlysmooth.Soitdidn'tcomeasabigsurprisetome,Ithinkoneofthebigproblems thoughwhichisprobablyspecifictotheJBoss/RedHatacquisitionwastheculturewithinJBoss becauseofitshistoryofhavingtofightagainsttheman,whowasIBMorwhowasOracle,itwas muchmorecombativethanRedHat.BeingassimilatedintoacompanylikeRedHat,thathada differentkindofculturelikethat,didcausefriction. Iwon'tgointospecificsbutthingslikebeingaveryprivatecompanyaswell,variousmailingliststhat peoplewouldtalkwithinJBosstoeachotherthroughoutthewholecompanyanduseverycolorful language,forastartyouprobablywouldn'twanttodothatinapubliccompanyanyway,butalsoit canoffend...thelargerthesizeofthecompanythemorechanceitisitwouldoffendsomebody. Therewerethosekindofthingsyouhavetobecarefulaboutwhatyousay,yourleveloffreedomhas gonedownabitasaresult,butobviouslyit'sabiggercompany,ithasmoremoney,hasabigger reach,sotherearetradeoffs. Ithinkoverallithasbeenagoodthing,Ithink.Somepeoplehaveleftforonereasonoranother, sometimesbecausetheydidn'tliketheculturechange,othersbecausetheywantedtostaywiththe startupmentalityandnotgotoabigcompany,sotheygonetootherstartups.Therearestilltheodd cultureclashwithinRedHatandIthinkquiteafewpeople,oldtimeRedHatpeopleseeJBossguys asupstartsandbrashandtroublemakers,andtreatthemabitlikethataswellandthatdoesn'tgo downwellwithsomeindividualswhoarebrashandupstarts.Theypushback.Thereisalotoftoand throwbutIthinktheanalogyisprobablyteenagesonversusfortyyearsoldfather,JBossisgoing throughpubertyandthefatheristheonewhohasbeenthereanddoneitbefore. ViewFullVideo

116 InfoQExplores:REST

http://www.infoq.com/interviews/marklittleqcon08 RelatedContents OASISReleasesaRaftofNewStandards WebServicesTestForumAnnounced InfoQMinibook:CompositeSoftwareConstruction WSTX1.1standardannouncement WSTXasanOASISstandard

117 InfoQExplores:REST

Interview

CORBAGuruSteveVinoskionREST,WebServices, andErlang
Inthisinterview,recordedatQConSanFrancisco2007,CORBAGuruSteveVinoskitalkstoStefan TilkovabouthisappreciationforREST,occasionswhenhewouldstilluseCORBAandtheroleof descriptionlanguagesfordistributedsystems.Othertopicscoveredincludethebenefitsofknowing manyprogramminglanguages,andtheusefulnessofofErlangtobuilddistributedsystems. SteveVinoskiisamemberoftechnicalstaffatVerivue,astartupinWestford,MA, USA.Recognizedasoneoftheworld'sleadingexpertsonCORBA,hewaspreviously chiefarchitectandFellowatIONATechnologiesforadecade,andpriortothatheld varioussoftwareandhardwareengineeringpositionsatHewlettPackard,Apollo Computer,andTexasInstruments. InfoQ:I'mherewithSteveVinoski,oneofmychildhoodheroes.Whatareyouuptothesedays? Steve:Ican'treallysaywhatmycompanydoes.IleftIONATechnologiesinFebruaryandthenew companyisinstealthmode,sothefoundersdon'twantanydetailsaboutittobeleakedout,butI cantellyouthatI'mhavingalotoffun.It'slikeabreathoffreshair.Thisisverydifferentcompared totenyearsatIONAandI'mhavingalotoffun. InfoQ:Canyoutellusifit'sinanywayrelatedtomiddlewareorsomenewkindofDistributed Objects? Steve:No,it'satotallydifferentindustry.Istartedlifeasahardwareengineersotherearesome hardwareguysinvolvedanditissortofbacktosomeofmyroots.I'mnotworkingonthehardware, butthereismiddlewareworkinvolved.I'vegonefrombeingavendortobeingauser. InfoQ:Onecouldsaythatmaybethisisreflectedinthestatementsonyourblog,whichis fortunatelyavailableagain.Yousaidsomenottoonicethingsaboutvendors,middleware,WS* andESBs.Canyouelaborateabit? Steve:IthinkifyougobackandreadmycolumnsfromInternetComputingbackfouryearsago(in factthefirstRESTcolumnIwrotewasfiveyearsago)someofthemhavebeenlikethis:"Thisisa goodwayofdoingthingsusingWSDLasanabstraction".Someoftheothercolumnssaid:"Thisisnot reallystandardized;therearetoomanyspecs,andalltheusualvendorwarsandclashes".Ihaven't reallybeenkindtoitallalongbutIcouldn'treallysaywhatIreallyfeltbeingpartofIONAbecause thatwastheirbusiness.IthinkoncethatweightwasliftedfrommeIbecameabletosaywhatIreally felt.It'snottoofarofftowhatIsaidbeforeit'sjustthatnowitiscompletelyhonest,Ihaveno agenda.

118 InfoQExplores:REST

InfoQ:Ifyouwerenowanarchitectinalargecompanyfacedwithdesigninganarchitecturefora setofsystemsoralargedistributedsystem,whatwouldyouchose? Steve:IwouldlookatRESTtobeginwith.IfyoulookatSOAitismoreaboutbusiness,aboutculture. It'sallabouthowdowegetourbusinesstoworktogether,howdowemakethingsworktogether andmakesharedcomponentsthatwecanallreuseandhowcanweavoidduplicatingeffortand stufflikethat.It'smoreaboutculturethanitisabouttechnicalarchitecture.Somepeopletalkabout technicalSOA,buttechnicalSOAreallydependsontheproductthatyou'reusingbecauseevery productisdifferent.SOAisn'tspecificenoughfromatechnicalperspectivetomakethemalllookthe same.ThenyouturnaroundandlookatRESTanditisawholenewarchitecturalstyle;it'sallabout constraintsandwhatyougetfromapplyingthoseconstraints.Someonehasgonetoalltheeffortof applyingabunchofconstraintstoadistributedsystemandgettingthedesirablepropertiesasa resultofdoingthat.WhyshouldIgoandthinkIcandoanybetter?Theworkhasbeendoneforme, andit'salsodefinedlooselyenoughthatifIhavetotweakthoseconstraints,Icandothat.Justfrom apureengineeringcostperspectiveitmakessensetolookatRESTinmyopinion. InfoQ:Sowhatwouldbetheusecaseswhereyou'duseCORBA? Steve:IwoulduseCORBAifIhadtotalktosomethingalreadywrittenandusingCORBA.Istarted workingwithCORBAin1991anditisstillaroundandIjustgotaroyaltycheckfromthebookthat MichiHenningandIwroterecently.IsnotasmuchasitusedtobebutI'mnotgoingtoturnitdown. ThereareindustriesthatstilluseCORBAandthoseinterfacesarenotgoingtogoawaytomorrow, theyaregoingtobearoundforprobably5or10years.IfIhadtotalktosomethingthatwasbuilt usingCORBAI'duseCORBA.IfIwasdoingsomeverysmallscalesystemthatthedeveloperswere familiarwiththeapproach,Iwoulduseit,butifIhadtobuildanenterprisescalesystemIwouldlook atREST. InfoQ:Ifwearetotalkaboutonedifference,onetopicthatcomesupofteninthediscussions aboutRESTisthatthereisnodescription,nocontractapartfromtheonedefinedintheREST dissertation,whichisthegenericone.Don'tyouperceivethisasaproblembecauseCORBAisso stronginthisregardwithIDL?Isthissomethingthat'smissing? Steve:I'vehadalotofthoughtaboutthatasyoumightimagine.InCORBAthere'sobviously differentlayers,differentareasthatonecanworkon.I'veworkedonprettymucheverythingbut whenIwasworkingonCORBAI'vefocusedmostlyonIDLandmappingittolanguages.Forwhatit was,Ithinkwedidareasonablejob.IknowtherearealotofpeoplewhohaveaproblemwithC++ mapping,butitiswrittenforverystrongC++programmers.Ipersonallydon'thaveanyproblems withit.There'saproblemifyouhavetodefinesomethinginIDLjusttoknowhowtouseit.That doesn'treallywork.NoonetakesanIDLandsays:"Here'sthismethod,IcallthisandIpassthis.Ijust lookattheIDLandIknowwhattodo". Nobodydoesthat.IDLisreallyforcodegeneration.IfIwanttoknowhowtouseaservicewhetherit hasIDLornot,Igotalkandtalktothedevelopers,ifthey'renearby;ifthey'renotIlookattheir documentation.SoifyouthinkabouttheRESTservicesofAmazonorGoogleoranyothersite.They havedocumentationontheweb,Igolookontheweb,IreaditandIfigureitout.Idon'tknowif havinganIDLwouldhelp.Theinterfaceisfixedit'sHTTPverbs.Youhavetodealwithdata

119 InfoQExplores:REST

definitionsandthedatadefinitions,themediatypesareusuallydefinedbyregisteredIANAtypes;if youwanttoknowhowthedatalooksyougoandlookatthosemediatypesorMIMEtypes.Idon't seeitasbeingthesamekindofproblemastheCORBAstyleofDistributedObjects. InfoQ:OneofthemainargumentsIhearisthatifyouuseatypicalstaticallytypedlanguagelike JavaorC++thenfromthecodegenerationstepwhatyougetistypesafetywhenyoubuildup thoseobjectsthatyouexchangewhenyoucallthoseimplementations.Ifyoudon'thavea descriptionlanguagethatcangeneratethecode,youdon'thaveyourcodecompletioninyourIDE andallthestuffthatwe'vegottenusedto. Steve:Isupposedthereissomethingtothat,butIdon'tuseIDEs.I'vebeenhavingadiscussionwith aformercolleagueofmineaboutthatinmyblogcommentswheretheysaid"Youshouldbeusing IDEsandeverything".I'vealwaysusedEmacs.I'vetriedusingEclipseanditdoessomethingsnicely butIguessI'mjustan"olddog".Whenitcomestothetypesafetyproblemyoucancallit pseudotypesafetyatbest,becauseIcantakeamessagethatwassupposedlytypesafeinmyclient applicationandsendittoyourserverandyourservercanbecompiledwithcompletelydifferent definitionsandstillbeabletoreadthosebitsoffthewireandsomehowtheylookliketheyfityour messagedefinition,wherethetwodefinitionscouldbecompletelydifferent.Similarlyyourobjector serviceorwhateveritisthatI'mgettingtypesafetyfromusinganIDLcouldhavecompletely differenttypeinrealitythanwhatIhaveinmyclient,becauseitisalldistributed.Yourversions changeatadifferentratethanwhatminechangeat...it'ssortofpseudotypesafetyatbest.ButI thinkthatwholethingturnsthewholeequationbecauseyou'rebuildingadistributedsystem,you're notbuildingalocalprogramanddistributingit,butyou'rebuildingadistributedsystemandyou happentobewritingpiecesofitwiththelanguagethatyou'vechosen.Ithinkthefocusshouldbeon thedistributedsystemandmakingaparticularlanguageeasiertouseinthatcontextisthewrong focus.Iknowalotofpeopledisagreewithme. InfoQ:Youspentquitesometimediscussingdynamiclanguages.Canyouelaboratealittlebiton that?Iwouldn'thaveexpecteditfromanoldC++programmertosuddenlyswitchtoRuby. Steve:By"old"youmeanthatI'vebeenusingitsince1988,right?NotthatI'mold...I'vebeenaC++ programmerforalongtime,butI'vealsobeenadynamiclanguagefanforalongtime.Mydegreeis inElectricalEngineeringbutI'venevertakenanyformofcomputerscienceclasses.IalwaysfeltIhad tolearncomputerscienceonmyownandbackwhenIwasteachingmyselfdifferentlanguages,C& C++primarily,Ididn'thaveanyoneelsearoundtobounceideasoffbecauseIwasinahardware group.WhenIjoinedApolloComputerin1987Istartedworkingwithsomesoftwarepeople,but theywereprimarilyembeddeddevelopersmostlyusingAssemblylanguageandsomeusingC.I startedusingC++andthatjustfreakedthemout.Cwasradicaltobeusedinthatenvironment,and C++wascompletelyoffthecharts. Ididn'thaveanyonetobouncetheseideasoff.MaybeIwasmissingsomething,Ishouldbelooking atallkindsoflanguages,notjustthese.SoIjuststudiedlanguagesconstantlyonmyown.Ilookedat prettymucheverything.NotthatIdevelopedrealapplicationsinthem,butatleastIreadbooks aboutit.IalsogotinvolvedwithUnixearlyon.TherewasahardwaretestmachinethatIhadtouse; IhadBerkeleyUnixrunningonitsoIlearntUnixonmyown.LearningallthetoolsofUnix,thegreps

120 InfoQExplores:REST

andthesedsandtheawks,andwhenLarryWallcameoutwithPerlIlookedatitandIsaid"Well there'sthisallthisotherstuffI'velearnedbutit'sallinonelanguage".In1988IportedPerlto DomainOS,whichisitsApollo'soperatingsystemandIthinkifyoustillfindmynameinthePerl sourcefordoingthat.ThedynamiclanguagestuffgoeswaybacktothesameyearIstartedusingC++. It'snotanewthing;I'vedoneitallalong. InfoQ:WhenyoumentionedthatinsteadofusingCORBAyouwouldnowuseREST,isthesame trueforthelanguagethingaswell?WouldyounowratheruseRubyoranotherdynamiclanguage insteadofC++orJava? Steve:Idotendtolookatthoselanguagesfirst;sometimestheyarenottherightlanguage.WhatI liketodoistakemultiplelanguagesandjusthavethematmyfingertipsandlookataproblemand say:"What'stheeasiestwaytosolvethis?Whatlanguagewouldmakethiseasiesttosolve?"Not onlytosolvebuteasiesttomaintaingoingforward,easiesttoextend.Ilookattheproblemdomain,I lookatthelanguagesyouhaveinyourtoolboxandchosetherightone.WhileIpreferdynamic languagesjustbecausetheyaresocapable,theyareverybrief;youcanwriteprogramsthatareat leastanorderofmagnitudesmallerthanJava,C++orCandstilldothesamething.Theyarefast. Peopletendtosaytheyareslowbutthat'snotusuallytrue.Someareslower,somearen't.Pythonis veryfast.Idon'truleourJavaorC++.I'mnotabigJavafan,tobehonest,becauseifIwanttouse somethinglikethatIthinkIwillgotoC++.IfIwantsomethingthat'stotallydifferentthanC++Igoto thedynamiclanguageside.JavaformeistooclosetoC++tomakethatmuchofadifference. InfoQ:YouspentalotoftimeplayingwithErlangrecently.Idon'tknowwhetherplayingisthe rightword,butIsawyouimplementingTimBray'sWideFinder.Canyougiveusalittle backgroundbothontheWideFinderideaingeneralandonyourexperiencewithErlang? Steve:I'vebeenlookingatErlangforacoupleofyearsactually.Ihaven'tbeenusingitforacoupleof years,butprobablytwoyearsagoIstartedseeingreferencestoit.Usuallysomeonesays"There's thislanguageyoushouldlookatit"andmyinitialreactionis"OkIwilltakealook".IfIdon'tseean immediateuseforit,I'llgetbacktomyrealwork.Thatiswhathappened,butitsortofintriguedme becauseofthereliabilityandconcurrencyaspectsthatithas.Beingalongtimemiddleware developerIspentalotoftimetryingtomakesurethatthingsareproductionhardened.Getting messagesfromheretothere,translatingdata,that'stheeasypart. It'swhenthethinghastostayup,ithastofailoverincaseofproblemswithoneofthenodes,oryou needfaulttolerance,allthereliabilityissues,andthenthewholeconcurrencythingwhichiswhere youspendalotoftimejustfiguringout...I'vegotalockthispieceofdata,sharedacrossthese threadsandifImissonebadthingsaregoingtohappen.Thosearetwohardproblemsareas middlewaredevelopersdealwithconstantly.IlookatErlanganditissortofbuiltin.Thatmaybear moreinvestigationsoIsortofkeptlookingatit.WhenIwasatIONAIwasworkingontheadvanced messagequeuingprotocolimplementationthatApacheisworkingon;it'scalledtheQpidproject.I wasworkingonthatandsomeoneaskedmetolookatmakingitfaulttolerant.Isaid"Ifyouare goingtomakeitfaulttolerantyoushouldbedoingitinErlang,itwouldsavealotoftrouble." TwoweekslateracompanycalledRabbitMQcomesupwithanErlangversionofAMQP.Theyhad obviouslybeenworkingonitforawhile.It'sstillaroundandpeopleareusingit.IguessIwasn'ttoo

121 InfoQExplores:REST

farofthemarkthere.WhenitcametoTim'sWideFinder...TimBrayworksforSunandhewanted toanalyzehisweblog;probablyaquartergigabyteofdataforthesmallestlog,alotofdatato analyze.Hethoughtat"Sunhasthisnewmachinecomingout.HowcouldImakeuseofalanguage likeErlangtoparallelizetheanalysisofthisdata?"HewroteanErlangprogramandhewasvery unhappywithit.Ifyougobackinhisblogyoucanseehe'squiteunhappyandhethinksErlangisnot whatit'scrackeduptobe. IsawthatandIthoughtthatmaybeIcandoalittlebitbetter.Istartedworkingonit,otherpeoplein theErlangcommunitywereworkingonit.Wejustsawthetimedropping.IthinkTim'sinitialstab wasat3040secondstoanalyzethisparticulardataset.Igotitdownto23seconds.ArealErlang persontookitoverandhegotitdowntoaround.8seconds.Ithinknowthefastestimplementation ofTim'ssystemisinsomethingcalledOCaml,whichisanotherfunctionallanguage,Pythonis numbertwoandErlangisnumberthree.AlotofpeoplesaythatErlangcan'tdofileIOandthatit's reallybadatthat,butobviouslyitmustbeokatthatbecauseitispullinginthesehugedatafilesand itanalysesthemonthetoptenhitsonTim'swebsite. InfoQ:Doyouseethisassomethingthatwillcontinuetohappen,thatlanguagesbecomemore powerfulinsteadofageneralpurposelanguagewithahugesetoflibraries,toolsormiddleware thatsitsbelowitoraddstoit?Isthisatrendthatlanguagesincludefeaturesthatweexpecttobe inlibraries? Steve:There'sacoupleofthingsthataregoingoninthewholeconcurrencythingwiththe multicoresystems...whenyouhavetwocoresyoucantakeanyoldapplication,throwitonthat machineandit'sgoingtodook.Whenyouhaveeightcoresitgetsalittlemoreinterestingbecause youcanseethatsomeofthemarekindofidlemaybewhenyourunyourapplication.Ifyoudon't havetherightlanguagetotakeadvantageofthatthanyourapplicationscanuseoneofthecores. There'snothingtheoperatingsystemcandotohelpyoubecauseit'snotgoingtotakeyour applicationandbreakitupforyou.Youhavetoexplicitlygoinandmakeitmultithreaded.Threads inlanguageslikeJavaandC++arefairlyheavyweight.Eventhoughtheyarelighterthanprocess, theyarestillheavyweight.IttakessomethinglikeErlangorlanguageslikethattheyhavevery,very lightweightthreadssoit'sabletorun5060.000threadsonmyMacbookproeasily.Itisavery differentstyleoflanguage. Thenthere'salsotheobjectorientedversusfunctionalandthereseemstobearesurgencein functionallanguagesrightnow.Idon'tknowwhythatis;itmaybebecausetheyaresosmalllikeyou candosomuchstuffinjustafewlinesofcode.AndevenlanguageslikeRubyandPythonhave functionalaspectstothem;thatmaybewhat'sdrivingit.Ithinkthere'sabitofresurgencein languagedesignandpeoplelookingatlanguages.TherehasalwaysbeenCastheAssemblylanguage forhigherlevellanguages;notonlyC++butotherslikePython,PerletcareallbuiltontopofC. There'salotgoingoninJava.JavaisliketheassemblinglanguagefortheJVM,itbecomestheVMfor anumberoflanguages,likeScala,Groovy,andJython.Peoplearemovingintothesetwodirections, it'sthesamedirectioninfact:buildingsmallerlanguagesbettersuitedtospecificproblemsontopof thesegeneralpurposelanguagesunderneath. InfoQ:Ofallthoselanguagesthatyoumentionedwhichonewouldyourecommend?

122 InfoQExplores:REST

Steve:Ithinkthepastdecadeortwotherehasbeenasearchforthelanguage.Alotofpeoplefelt C++wasmaybethelanguagethatpeopleshouldbeusing;thenJavacamealongandalotofpeople latchedontoJava.I'vemetmanyprogrammerswhoseemthatalltheyknowisJava.Ifyoustart recommendingtothemthatmaybetheyshouldstartlookingatotherlanguagessomeofthemget argumentativeandtheysay"Javacandoitall!"Ithinkifyouweretotalktothepeoplewhobuilt theselanguagestheywouldneverclaimthattheirlanguagecandoitall.Allthroughthis,therehave beenthemultilanguagecommunitiesthathavebeenrollingalongworkingontheseotherlittle languages.Erlangistwentyoneyearsold,Smalltalkhasbeenaroundforeverandpeoplestilluseit.I thinkbecauseofthewaythatnolanguagecandoitalldevelopersreallyoweittothemselvesto learnmultiplelanguagesandbeabletointegratethem. Whenyouhavethatchoice,whenyouhaveatoolboxfulloflanguagesandyouhaveaproblemand solveitintwolinesofRubyversustwohundredlinesofJavait'sareallynicefeeling.Itjustmakes youabetterdeveloperbecauseyoustarttoseehowidiomsindifferentlanguagescanbeapplied andyoulearnfromdifferentlanguages.InPythontherearelistcomprehensionswhichareverycool; there'sonelinethatcandoallkindofstuffiteratingoveralist.Erlanghasthesamething.Yougoto Erlangandyousay"That'salistcomprehensionthat'salmostthesamesyntacticallyanddoesthe samethings".It'snotlikeeverylanguageisawholedifferentworldthatyouhavetocompletelystart fromscratch.Youlearnone,youseesomeofitsidioms,youstarttolearnanother,andyousee similarthings. SwitchingfromaOOlanguagetoafunctionallanguageisgoingtobealittlebitdifferent.Languages likeRubyandPythoninparticularcrossthoseboundariesandusingthoseyoucangetalotofwork doneandalsoexpandyourownhorizonatthesametime.Intermsofconcurrency,ifyou'rewriting middlewareIthinkyouoweittoyourselftolookatErlang.Thelanguageitselfhastheprimitives, thentherearelibrariescalledtheOpenTelecomPlatformthatcomewithit,thatbuildonthose primitivestomakereliablesoftwarealmostsimple.It'sneversimple,butcomparedtowhatyouhave todo,jumpingthroughhoopsinotherlanguages,it'skindofanobrainer.Sothereisnotone language,lookatallofthem. ViewFullVideo http://www.infoq.com/interviews/vinoskiqconinterview RelatedContents HowRelevantIsContractFirstDevelopmentUsingAngleBrackets? RESTTheGood,theBadandtheUgly QuestforTrueSOA Presentation:ScottDavisonRealWorldWebServices EviWareReleasesv2.0ofsoapUI,aWebServicesTestSuite

123 InfoQExplores:REST

InfoQExplores:REST
Issue#1,February2010 ChiefEditor:RyanSlobojan Editors: Feedback:feedback@infoq.com SubmitArticles:article@infoq.com Cooperation:Cooperation@infoq.com Exceptwhereotherwiseindicated,entire contentscopyright2010InfoQ.com

ChiefEditor:RyanSlobojan RyanSlobojanisamanagingdirectoratRoundTripNetworks,whichfocuses onthefulllifecycleofonlineapplicationsincludingboththeapplicationitself andtheinfrastructurethatitrunson.Hehasworkedwithawiderangeof technologies,butconsidersJavatobehismostindepthareaofknowledge, andhasbecomeimpressedwiththeimpactthatAgileandLean methodologieshaveuponthesoftwaredevelopmentprocess.Heenjoysthe dualchallengesofworkingwithnewcustomersandnewtechnologies,andis constantlyscouringthetechnologylandscapefornewandinteresting technologieswhicharebeingused.

124 InfoQExplores:REST