Transcript Description
THE US NATIONAL VIRTUAL OBSERVATORY
vs
Matthew J. Graham (Caltech, NVO)
IVOA Beijing: Grid & Web Services 2
15 May
2007
1
What is REST?
• Representational State Transfer (Fielding
2000)
• A resource-oriented architectural style for
web services based on the WWW architecture:
– Each resource has a unique identifier (URI)
– Resource representations are exchanged in XML
over HTTP
– Agents employ the HTTP methods as a standard
API to ensure uniform interface semantics
• REST is about exposing resources through
URIs and not services through messaging
interfaces
• REST is possible
with SOAP and WSDL
2.0
IVOA Beijing: Grid & Web Services 2
15 May
2007
2
RESTful interfaces
HTTP
method
Description
HTTP status codes
GET
View resource representation
200, 301, 400
PUT
Create/Modify client-identified
resource
200, 301, 400, 410
POST
Create/Modify server-identified
resource
201, 400
• GET
is safe: it Delete
has noresource
side effects and is purely for
retrieval
DELETE
200,
204
• GET, PUT, and DELETE are idempotent: the side-effect of N > 0
identical
requests is the same as for a single request
• Atom Publishing Protocol is the canonical REST interface
• WebDAV is not RESTful:
• URLs are inherently hierarchical and not opaque
• properties and locks are not separate resources
• PROPPATCH, PROPFIND, LOCK and UNLOCK methods manipulate
metadata attached to a resource
• 207 (Multi-Status) response code for “bundled” operations
IVOA Beijing: Grid & Web Services 2
15 May
2007
3
WS-* (18 months ago)
• WS-Addressing
• WS-AtomicTransaction
• WS-Attachments
• WS-BaseNotification
• WS-BPEL
• WS-BrokeredNotification
• WS-BusinessActivity
• WS-CAF
• WS-Choreography
• WS-CDL
• WS-Context
• WS-Coordination
• WSCoordinationFramework
• WS-Discovery
• WSDistributedManagement
• WS-Enumeration
• WS-Eventing
• WS-ExperienceLanguage
• WS-Federation
• WS-GAF
• WS-Inspection
• WSIL
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
WS-I Basic Profile
WS-I Basic Security Profile
WS-Manageability
WS-Management
WS-MetadataExchange
WS-Notification
WS-Policy
WS-PolicyAssertions
WS-PolicyAttachment
WS-PolicyFramework
WS-Polling
WS-Provisioning
WS-Reliability
WS-ReliableMessaging
WS-RemotePortals
WS-ResourceFramework
WS-ResourceLifetime
WS-ResourceProperties
WS-Routing
WS-SecureConversation
WS-Security
WS-SecurityPolicy
IVOA Beijing: Grid & Web Services 2
• WS-Semantics
• WS-Topic
• WS-Transaction
• WS-Transaction
Management
• WS-Transfer
• WS-Trust
• ASAP
• ebXML
• MTOM
• SAML
• SOAP
• SwA
• UBL
• UDDI
• WSDL
• XACML
• XML Encryption
• XML Signature
• XKMS
+ others incl. WSKitchenSink
15 May
2007
4
Description languages - I
• WSDL:
– Complicated
– Difficult to describe protocols that use SOAP headers so not
straightforward for WS-*
– Operation-centric
– Web service versioning is difficult (better in WSDL 2.0)
– Limited modelling of interaction patterns (no more than two
messages within a single exchange)
– No choreographic information so cannot specify ordering
constraints between operations
– WSDL is immutable so no dynamic endpoints
IVOA Beijing: Grid & Web Services 2
15 May
2007
5
Description languages - II
• WSDL 1.1:
– Supports HTTP GET and POST
– Cannot use GET with no parameters
– Cannot mix multiple HTTP methods on one port
• WSDL 2.0:
– Supports HTTP GET/PUT/POST/DELETE
– No support for JSON or binary format (need to write specification
for binding rules on how to serialize)
– Authentication limited to HTTP Basic and Digest
– No support for links: cannot write WSDL for Atom Publishing
Protocol
• WADL:
– Backed by Sun (wadl.java.dev.net - wadl2java)
– http://code.google.com/p/rest-api-code-gen/
– REST Describe
(http://tomayac.de/rest-describe/latest/RestDescribe.html)
IVOA Beijing: Grid & Web Services 2
15 May
2007
6
Sample WADL file
<application xmlns="http://research.sun.com/wadl/2006/10"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:vot="http://www.ivoa.net/xml/VOTable/v1.1"
xsi:schemaLocation="http://research.sun.com/wadl/2006/10 wadl.xsd">
<grammars>
<include href="votable.xsd"/>
</grammars>
<resources base="http://galex.stsci.edu/gxWS/ConeSearch">
<resource path="gxConeSearch.aspx">
<method name="GET">
<request>
<param name="ra" type="xsd:float" style="query"/>
<param name="dec" type="xsd:float" style="query"/>
<param name="sr" type="xsd:float" style="query"/>
</request>
<response>
<representation mediaType="text/xml" element="vot:VOTABLE"/>
</response>
</method>
</resource>
</resources>
</application>
IVOA Beijing: Grid & Web Services 2
15 May
2007
7
Security
• WS-Security:
– provides message level, end-to-end security
– really requires WS-SecurityPolicy
– interoperable implementations?
• HTTP Basic:
– Base64-encoded username/password
• HTTP Digest:
– MD5 hashes of username, password, authentication realm,
etc.
• SSL/TLS:
– provides transport level, point-to-point security
• Message authentication:
– AWS approach using HMAC with SHA-1 hash code
• HTTPSec for “full” message level security
IVOA Beijing: Grid & Web Services 2
15 May
2007
8
Addressing + state
• WS-Addressing:
– SOAP lacks a standard way to specify where a message
is going, how to return a response or where to report
an error
– provides SOAP header keywords such as: To, ReplyTo,
FaultsTo, Anonymous, and MessageId/RelatesTo.
– SAF (Store-and-forward) service is a use case that REST
cannot address
• WSRF:
– framework for handling state
– separates web service and state information (resource)
– a resource has a unique key and message exchanges
with the service are used to interact with the resource
– basically equivalent to REST
IVOA Beijing: Grid & Web Services 2
15 May
2007
9