World Wide Webber - Notes from the Australian Architecture Forum

Notes from the Australian Architecture Forum

Posted: 20 May 2008 @ 02:12 UT from Sydney, Australia
Last updated: 20 May 2008 @ 22:36 UT

After a fairly reasonable flight from London (I can't believe that I can find 23 hour flights reasonable nowadays) I arrived in Sydney to attend and present at the Australian Architecture Forum. The theme of the conference this year was exclusively SOA (to the detriment of other interesting architecture themes) and a great number of the presentations that I attended were on REST or some variant of the old REST versus SOAP debate.

Still it's pleasing that enterprise architecture folks are talking about Web architecture at last, but I was a little dismayed at some of the understanding around the topic. I'd make Leonard and Sam's book compulsory for any speaker. As a side note I'd ask any REST proponent what HTTP 409 is just to check whether they grok it, rather than using the Web as a crummy 200/404 XML-RPC mechanism.

Anyhow, here are my distilled notes and corrections mostly for my own convenience because I seem to answer these questions a lot day to day. Maybe they'll be useful for you, maybe not. The names have been changed to protect the innocent and ignorant.

REST is simple.

I've heard this quite a lot today and I have a feeling it is true if and only if:

1. You are a genius of the level of Fielding,or the other inhabitants of REST-Discuss; or,
2. You don't get it.

That is to say for most of us practitioners, REST isn't simple. It is well understood but it is not a panacea the way it has been presented here today.
(Popping the 409 question indicated, informally, that (2) above was the majority case)

REST won't work in my situation.

Yes, you're right. Absolutely. Your situation is unique and you are special.

But if you could change your situation REST quite possibly could work. After all it works for all those gazillions of people and programs on the big Web. Perhaps if your enterprise architecture was more aligned with the Web, rather than a special-case enterprise fantasy architecture, you'd have a fighting chance.

REST is all about CRUD.

No, it's not. It's about following links and asking for metadata to help you process the resources those links identify. If you treat the Web as a CRUD platform, you're missing out on the good stuff.

You can't do pub/sub with REST.

Not true.

Atom feeds with reverse proxies (for scalability) are a great publication scheme. Anyone who's authorised can subscribe to those feeds (and even with AtomPub have a way of updating them). The challenge is to figure out the optimal size for a feed and to figure out a sensible way of maintaining information once it drops off the head (identified by a canonical URI) of a feed (like using link="previous" or similar).

Serendipitously, this model helps with the notion that a newly switched-on system is the same as a system implementing crash recovery - the data needed to start or recover is in the cloud, which is nice.

Apart from UDDI, all the WS-* specs are new solutions to real problems.

See WS-Transfer and friends for counter examples. (Coincidentally I think those dark days were the beginning of the end of the WS-* affair for me).

REST has reach.

Oh yes it does. Or at least the Web has reach. Everything knows about the Web. Scratch one up for the good guys (and Stefan Tilkov who informs them, and Steve Loughran for joining the dots for me!).

HTTP just maps to a database.

Yes it can, but isn't that the most trivial thing you can do? Treating the Web as a CRUD framework is like using a thoroughbred race horse to pull a cart.

The RESTful support in WCF is limited to (cacheable) CRUD and you define which verbs apply to which URI templates at compile time.

Oh dear. Resources tend to change which verbs they respond to over a lifecycle which isn't limited by compile-time choices. Yes OPTIONS is hard, but why ignore it when you are building frameworks so that we Morts can do REST? Because you're wedded to static contracts, that's why. Welcome to the IDL-isation of REST.

If-Modified-Since is less accurate than and ETag and If-None-Matches.

Yup, true. Timestamps are also cheaper than hashing internal data structures or managing UUIDs so think carefully about sub-second changes and decide if they're important to you or not.

You only need to know 5 HTTP response codes: 200 304, 400, 404, and 500.

Nonsense. 201 and 401 are pretty common, and 100, 409 and 412 are essential for anything but CRUD demoware.

Update: 201 gets a mention a few slides later on, as does 409. Yay!

comments: 6

Comments:

#	:-) "REST" et tu, Jim? REST is not the Web and Web is not REST! Sigh. Bringing you to order! :-) .savas. Posted by Savas Parastatidis, email, url @ 20 May 2008 06:20 UT

#	Hey Savas, The entirety of the planet is using the noun "REST" to mean "stuff that they do on the Web." It's a shorthand. Don't get hung up on it :-) Jim Posted by Jim Webber, url @ 20 May 2008 08:03 UT

#	Every speaker works for a sponsor? Sounds like the event should have been renamed "Australian (Vendor Sponsored) Architecture Forum". Posted by Alex @ 20 May 2008 08:13 UT

One *could* argue that *initially* the RESTful APIs we see today were just a useful afterthought, allowing developers and users to not have to use a Web browser to upload photos to Flickr or upload the latest version of Ubuntu to S3.

Afterthoughts aside, REST (I think ReST looks better since there are only three letters to this apparent FLA!) has become a both a popular and commercially viable approach to Web-based applications - there are too many good examples to refute this assertion. This is in part due to unique business models (they typically don't last long once public), and in part due to the fact that the tooling for RESTful web services is so much more *accessible* than finding the next broken copy of Maven with an ancient copy of Xerces, together with Axis 1.x (let's forget Axis2) that doesn't serialise EndpointReferences correctly just to send a message to a Web Service that could otherwise be done with a simple HTTP GET.

Yes, REST is difficult, but designing a scalable, flexible, and secure architecture that's going to earn you loads of dosh is difficult. You've got to think about resource lifecycle, security, quality of service and how service-to-service interactions will work to fulfil your business processes that you promised the folks on high. WS-* specs have *some* advantages, since so much effort is made to writing half-baked specs on how to federate identity between enterprises.

By the way, does anyone actually use UDDI? I remember having to use a SUN implementation once - really secure as I remember, using a SOAP endpoint without WS-Security or HTTPS - nice work.

WS-Transfer, on the other hand, must have been someone's idea of a joke after an eventful night ending with a refreshing kebab slavered in chilli sauce. I haven't seen much *progress* recently regarding the direction being taken by MS, HP, Intel or IBM on WS-Convergence - can there be anything better than WSRF ;-)

Cheers,

Rowland

Posted by Rowland, email, url @ 20 May 2008 11:18 UT

#	Hi Alex, I hadn't realised that. But now you mention it, I went to a few Object pressos, and a couple of TW and a Microsoft. That's probably not the best balance - I'll pass on your feedback to the organisers. Jim Posted by Jim Webber, url @ 20 May 2008 10:05 UT

#	Welcome! You forgot to mention the key benefits of REST: No WSDL, no debugging SOAP stacks, and XSD is optional. Posted by Steve Loughran @ 21 May 2008 08:27 UT