World Wide Webber - Stu Charlton, Designing Enterprise IT Systems with REST

Stu Charlton, Designing Enterprise IT Systems with REST

Posted: 23 November 2008 @ 23:24 UT from San Francisco, USA

Here are my raw, unedited notes from Stu Charlton's QCon San Francisco 2008 talk.

- Challenge is applying REST to enterprises - enterprises haven't figured it out yet, particularly since they're in the MOM/Component/SOAP space - major headache is hypermedia
- Hypermedia is simply a different kind of abstraction between systems, and is a layer atop message passing
- REST is not file transfer - more than CRUD, is a solution for general purpose systems
- Enterprise architecture is tiered (data, business services, presentation)
- Web architecture blurs these silos, but doesn't solve every problem and has some trade offs
- Web architecture has visibility, transactions, syndication which map onto classic enterprise constraints
- Interfaces for classic services have a producer mentality, with interfaces resembling that mentality a la Conway's Law
- Move towards consumer driven contracts instead - Ian Robinson in audience agrees :-)
- Hypermedia is about consumer driven contracts - creating state machines which are independent of any particular consumer
- Problem domain: cloud -> rapid enterprise deployment
- Governance will save SOA, but assumes a federation with a chief, but the Web is a confederation of self interest
- Web of metadata notion - hyperlinked, decentralised infrastructure
- Agents (clients) surf a shared information space with explicit instructions on how to change things - hypermedia is a mix of data and control
- Semantics are in the context of a link
- Agent stores representation history (e.g. cache)
- Elasta has its own content type which has hypermedia capabilities (to allow agents to understand and traverse links to machine descriptions)
- How to start? Newbies try XML schema with minOccurs > 0, tightly coupled. Better to go with dynamically generated schemas, edit link relations (AtomPub)
- Federated identity is needed, best bet is to treat it as an orthogonal concern, rather than dealing with it within the hypermedia world (SAML, WS-Federation). OAuth is young, but has promise (see it on Facebook as a way of delegating credentials to apps)
- Semantic Web is just layering stuff on the Web, to query a big graph
- RDFa is just the W3C's approach to microformats, SPARQL useful for querying the Web
- Hypermedia bursts silos; SemWeb practical today for early adopters for SPARQL, RDFa, GRDDL
- Question: Why custom media type over xhtml? Answer: XHTML would be an odd fellow in enterprises, which prefer domain specific XML - also support RDFa and JSON RDF
- Question: If you have a legacy DB, how would you expose it? Answer: start by exposing as-is, then perform syntactic transformation to canonical format, then semantics can be layered on
- Question: Have you come across any useful ontologies? Answer: Yes, but domain specific
- Comment: Stanford has an ontological Web site
- Clarification: Is edml elasta specific? Answer: Yes. It's an ontology with an XML serialisation
- Question: Action links and URIs represent actions, why not a single URI for the resource, and then HTTP verbs to operate on it? Answer: The URI points to a resource, not an action. Actions are not embedded in URIs.
- Comment: Received criticism for failing to distinguish between resource and application state - but these are co-mingled. But it seems consistent with Stu's hypermedia model which are context-free and canonical. Stu responds: a description of a human interaction media format (or C2C format) along with a process format to integrate it. Need a media type and a set of resources, media type which sets this out.
- Question: How does SAML work RESTfully? Answer: Turn it into a cookie, and use that. Or create a SAML profile to map minimal assertions into a HTTP header (a la Amazon Web Services)

comments: 8

Comments:

Hi Jim,

Interesting question on SAML and RESTful usage - we looked at placing it in the HTTP header - just a question of consensus on what the header name is.

I would argue though that there is little benefit to using SAML tokens in an HTTP header for authz *unless* you use TLS mutual authn; the Relying Party should compare TLS certificate and signature with the one in the SAML token - otherwise, you can send any old SAML token you nicked from your aunt and pretend to be her.

Cheers,

Rowland

Posted by Rowland Watkins, email @ 24 November 2008 03:38 UT

#	"XHTML would be an odd fellow in enterprises, which prefer domain specific XML" Is there any guidance on using XHTML + microformats vs domain specific XML? It seems more costly to always create domain specific XML. Posted by Chuck @ 24 November 2008 04:31 UT

Re: SAML , absolutely use TLS mutual authn ; short of that someone will have to really try to make a proper S/MIME profile for HTTP or some alternative (and I recall James Clark having hinted about the need for this over a year ago; it's just one of those blindingly obvious things that needs applied expertise)

Regarding XHTML + microformats, I suggest looking at building a vocabulary with RDF and annotating the webpage with RDFa.

The page can then be queried with a SPARQL engine that supports RDFa (which many do today) -- much easier than DOM parsing, I might add.

Posted by Stu @ 25 November 2008 10:05 UT

#	"I suggest looking at building a vocabulary with RDF and annotating the webpage with RDFa. " Noooooo... "The page can then be queried with a SPARQL engine that supports RDFa (which many do today)" I have millions of pages - now what? Posted by Bill de hÓra, email, url @ 26 November 2008 12:00 UT

That wasn't Chuck's question. The question was an alternative to domain-specific XML.

Why on earth would you think I was suggesting it's productive to issue a SPARQL query against a million web documents? (similarly, who the heck would issue an XQuery against a million domain-specific XML documents?)

Posted by Stu, email @ 05 December 2008 05:36 UT

I appreciate both responses, but neither seems to provide an answer to my original question. The question was guidance on using one vs the other.

RDF & RDFa seems like introducing a third option, which is fine, however I'd still like to know why.

I'm a REST noob and one thing I find lacking in REST media is discussion around hypermedia formats in enterprise systems. Some suggest XTHML, others custom media types. I'm looking for more specifics on why.

Is this choice just a minor implementation detail?

Posted by Chuck @ 05 December 2008 05:56 UT

The real tradeoff is, are you making life easier for the consumer or the producer of the data? The difference between RDF, XHTML+RDFa/Microformats, and an XML schema has to do with interoperability. One should ask: what agent or server software can interpret that media type? A custom XML vocabulary might be less interoperable than an XHTML page that's annotated with a Microformat or RDFa.

When we use XHTML or even Atom/Atompub, we're reusing bits of meaning that other people have defined -- but we think are appropriate mappings to our applciation. When your potential audience size is very large, it use useful to layer and modularize your data so it can be interpreted by those that understand XHTML but may not understand your more specific semantics (i.e. the Microformat or RDF schema or OWL ontology).

There also are cases where your data could reuse an XHTML module and take advantage of widespread interoperability - for example, the Forms module, for describing a GET's URI template or the interface of a POST hyperlink; the Table module for tabular data; or the List module, for describing simple lists.

On the other hand, if you're dealing with processing, validating, and/or transforming business domain-specific data, it's arguably easier for a developer to just work with colloquial XML that's typed to your business domain, especially if you expect all your consumers to be custom-adapters that will parse or transform that XML. It might be harder for software that was NOT built without your vocabulary in mind to work with your data.... (e.g. a reporting tool). On the other hand, there's plenty of tools that can access XML interfaces and try to make sense of the data, or give you a way of doing so (e.g. a reporting tool's mapping or transformation engine).

RDF is useful, in my opinion, for two reasons: it can describe interoperable semantics for your data (usually simple stuff like taxonomies), and it can help you model your data like we used to with an RDBMS, keeping your data model independent of the syntax of that data (RDF is independent of syntax, whereas XML is all syntax). But there's a whole world of newness to RDF that makes it somewhat of a niche to this day. I think this will change over time.

Posted by Stu, email @ 09 December 2008 03:41 UT

#	This helps. Thanks for the insight. Posted by Chuck @ 09 December 2008 02:18 UT