rest vs ws -* comparisondret.net/netdret/docs/rest-icwe2010/rest-ws.pdfrest architectural style for...
TRANSCRIPT
REST vs WS-* Comparison3Cesare PautassoFaculty of InformaticsUniversity of Lugano, Switzerland
[email protected]://www.pautasso.info
©2009-2010 - Cesare Pautasso, Erik Wilde 56
Web Sites (1992)
HTTP
HTMLWeb Browser
Web Server
(HTTP)
SOAP
ServerClient XMLWSDL
WS-* Web Services (2000)
©2009-2010 - Cesare Pautasso, Erik Wilde 57
RESTful Web Services (2007)
Client HTTP
PO-XM
L
RSS/Atom
JSON
Web Server
WADL
WS-* Web Services (2000)
(HTTP)
SOAP
ServerClient XMLWSDL
©2009-2010 - Cesare Pautasso, Erik Wilde 58
WS-* Standards Stack
©2009-2010 - Cesare Pautasso, Erik Wilde 59
XML
URI HTTP
MIME
JSON
SSL/TLS
RSS Atom
RESTful Web Services Standards Stack
AtomPub
©2010 - Cesare Pautasso 60
Is REST really used?
©2010 - Cesare Pautasso 61
Is REST really used?
Atom, 2%
Gdata, 1%
JavaScript, 6%
JSON-RPC, 0%
REST, 71%
RSS, 1%
SMS, 0%
SOAP, 17%XML-RPC, 2%
XMPP, 0%
2042 APIs
ProgrammableWeb.com
30.6.2010
©2009-2010 - Cesare Pautasso, Erik Wilde 62
Can we really compare WS-* vs. REST?
WS-* REST
©2009-2010 - Cesare Pautasso, Erik Wilde 63
WS-*
MiddlewareInteroperability
Standards
REST
Architecturalstyle for the Web
Can we really compare WS-* vs. REST?
©2009-2010 - Cesare Pautasso, Erik Wilde 64
How to compare?
WS-*
MiddlewareInteroperability
Standards
REST
Architecturalstyle for the Web
©2009-2010 - Cesare Pautasso, Erik Wilde 65
Architectural Decisions Architectural decisions
capture the main design issues and the rationale behind a chosen technical solution
The choice between REST vs. WS-* is an important architectural decision for Web service design
Architectural decisions affect one another
Architectural Decision:Programming Language
Architecture Alternatives:1. Java2. C#3. C++4. C5. Eiffel6. Ruby7. …
Rationale
©2009-2010 - Cesare Pautasso, Erik Wilde 66
Decision Space Overview
©2009-2010 - Cesare Pautasso, Erik Wilde 67
21 Decisions and 64 alternativesClassified by level of abstraction:• 3 Architectural Principles• 9 Conceptual Decisions• 9 Technology-level Decisions
Decisions help us to measure the complexity implied by the choice of
REST or WS-*
Decision Space Overview
©2009-2010 - Cesare Pautasso, Erik Wilde 68
Architectural Principles
1. Protocol Layering• HTTP = Application-level Protocol (REST)• HTTP = Transport-level Protocol (WS-*)
2. Dealing with Heterogeneity3. Loose Coupling
©2009-2010 - Cesare Pautasso 69
©2009-2010 - Cesare Pautasso, Erik Wilde 70
RESTful Web Service Example
HTTP Client
(Web Browser)
Web Server
Application Server Database
GET /book?ISBN=222SELECT *
FROM books WHERE isbn=222
POST /order INSERT INTO orders301 Location: /order/612
PUT /order/612 UPDATE ordersWHERE id=612
©2009-2010 - Cesare Pautasso, Erik Wilde 71
WS-* Service Example (from REST perspective)
HTTP Client
(Stub Object)
Web Server
Application Server
POST /soap/endpoint
POST /soap/endpoint
POST /soap/endpoint
return getBook(222)
return new Order()
order.setCustomer(x)
Web Service
Implementation
©2009-2010 - Cesare Pautasso, Erik Wilde 72
Protocol Layering“The Web is the universe of globally accessible information” (Tim Berners Lee) Applications should publish
their data on the Web (through URI)
“The Web is the universal (tunneling) transport for messages” Applications get a chance
to interact but they remain “outside of the Web”
Application
(Many) Resource URI
HTTPPOST
Application
1 Endpoint URI
HTTPGET
HTTPPUT
HTTPDEL
HTTPPOST
SOAP (WS-*)
MQ…SMTP
AtomPub JSON …POX
©2010 - Cesare Pautasso 73
©2009-2010 - Cesare Pautasso - 30.6.2010 74
Coupling FacetsFacets
Discovery Identification Binding Platform Interaction Model State Generated Code Conversation
REST Referral Global Late Independent Asynchronous Self-Describing Stateless None/Dynamic Reflective
WS-* Centralized Context-Based Late Independent Asynchronous Shared Model Stateless Static Explicit
More Info on http://dret.net/netdret/docs/loosely-coupled-www2009/
©2009-2010 - Cesare Pautasso - 30.6.2010 75
Coupling Comparison
©2010 - Cesare Pautasso 76
WS-BPEL Primitives
©2009-2010 - Cesare Pautasso, Erik Wilde 77
Dealing with Heterogeneity
CICSIMS
Picture from
Eric N
ewcom
er, ION
A
Enterprise Computing
HTTP
Web Applications Enable Cooperation Enable Integration
©2009-2010 - Cesare Pautasso - 30.6.2010 78
Heterogeneity
EnterpriseArchitectures
WebApplications
REST WS-*
©2009-2010 - Cesare Pautasso - 30.6.2010 79
Heterogeneity
WebApplications
REST
EnterpriseArchitectures
Claim: REST can also be successfully used to design integrated enterprise applications
EnterpriseArchitectures
©2009-2010 - Cesare Pautasso - 30.6.2010 80
Enterprise “Use Cases”
CRUD ServicesWeb-friendly APIs
Mobile Services Real-time ServicesTransactional ServicesComposite Services
©2009-2010 - Cesare Pautasso - 30.6.2010 81
Enterprise “Use Cases”
EnterpriseArchitectures
RESTWS-*
Part of the debate is about how many “enterprise” use cases can be covered with
REST as opposed to WS-*
©2010 - Cesare Pautasso 82
Does REST support X?
Service Description Security Asynch Messaging Reliable Messaging Stateful Services
Service Composition Transactions Semantics SLAs Governance …
©2009-2010 - Cesare Pautasso, Erik Wilde 83
Managing State REST provides explicit state
transitions Communication is stateless* Resources contain data and
hyperlinks representing valid state transitions
Clients maintain application state correctly by navigating hyperlinks
Techniques for adding session to HTTP: Cookies (HTTP Headers) URI Re-writing Hidden Form Fields
SOAP services have implicit state transitions Servers may maintain
conversation state across multiple message exchanges
Messages contain only data (but do not include information about valid state transitions)
Clients maintain state by guessing the state machine of the service
Techniques for adding session to SOAP: Session Headers
(non standard) WS-Resource Framework
(HTTP on top of SOAP on top of HTTP)
(*) Each client request to the server must contain all information needed to understand the request, without referring to anystored context on the server. Of course the server stores the state of its resources, shared by all clients.
©2009-2010 - Cesare Pautasso, Erik Wilde 84
What about service description? REST relies on human
readable documentation that defines requests URIs and responses (XML, JSON)
Interacting with the service means hours of testing and debugging URIs manually built as parameter combinations. (Is is it really that simpler building URIs by hand?)
Why do we need strongly typed SOAP messages if both sides already agree on the content?
WADL proposed Nov. 2006 XForms enough?
Client stubs can be built from WSDL descriptions in most programming languages
Strong typing Each service publishes its
own interface with different semantics
WSDL 1.1 (entire port type can be bound to HTTP GET or HTTP POST or SOAP/HTTP POST or other protocols)
WSDL 2.0 (more flexible, each operation can choose whether to use GET or POST)
©2009-2010 - Cesare Pautasso, Erik Wilde 85
What about security?
REST security is all about HTTPS (HTTP + SSL/TLS)
Proven track record (SSL1.0 from 1994)
HTTP Basic Authentication (RFC 2617, 1999RFC 1945, 1996)
Note: These are also applicable with REST when using XML content
Secure, point to point communication (Authentication, Integrity and Encryption)
SOAP security extensions defined by WS-Security (from 2004)
XML Encryption (2002) XML Signature (2001) Implementations are
starting to appear now Full interoperability moot Performance?
Secure, end-to-end communication – Self-protecting SOAP messages (does not require HTTPS)
©2009-2010 - Cesare Pautasso, Erik Wilde 86
What about asynchronous reliable messaging?
Although HTTP is a synchronous protocol, it can be used to “simulate” a message queue.
POST /queue
202 AcceptedLocation:
/queue/message/1230213
GET /queue/message/1230213
DELETE /queue/message/1230213
SOAP messages can be transferred using asynchronous transport protocols and APIs (like JMS, MQ, …)
WS-Addressing can be used to define transport-independent endpoint references
WS-ReliableExchange defines a protocol for reliable message delivery based on SOAP headers for message identification and acknowledgement
©2009-2010 - Cesare Pautasso, Erik Wilde 87
Measuring Complexity Why is REST perceived to be simpler? Architectural Decisions give a
quantitative measure of the complexity of an architectural design space: Total number of decisions For each decision, number of alternative options For each alternative option, estimate the effort
REST WS-*Decisions 17 14Alternatives 27 35
Decisions with 1 or more alternative options
©2009-2010 - Cesare Pautasso, Erik Wilde 88
Measuring Complexity
REST WS-*Decisions 17 14Alternatives 27 35
Decisions with 1 or more alternative options
REST WS-*Decisions 5 12Alternatives 16 32
Decisions with more than 1 alternative options
©2009-2010 - Cesare Pautasso, Erik Wilde 89
Measuring Complexity
REST WS-*Decisions 5 12Alternatives 16 32
Decisions with more than 1 alternative options
• URI Design• Resource Interaction Semantics• Payload Format• Service Description• Service Composition
©2009-2010 - Cesare Pautasso, Erik Wilde 90
Measuring Complexity
REST WS-*Decisions 5 12Alternatives 16 32
Decisions with more than 1 alternative options
REST WS-*Decisions 12 2
Decisions with only 1 alternative option
©2009-2010 - Cesare Pautasso, Erik Wilde 91
Measuring Complexity
REST WS-*Decisions 12 2
Decisions with only 1 alternative option
• Payload Format• Data Representation Modeling
©2009-2010 - Cesare Pautasso, Erik Wilde 92
Measuring Effort
REST WS-*Decisions 12 2
Decisions with only 1 alternative option
REST WS-*Do-it-yourself Alternatives
5 0
Decisions with only do-it-yourself alternatives
©2009-2010 - Cesare Pautasso, Erik Wilde 93
Measuring Effort
REST WS-*Do-it-yourself Alternatives
5 0
Decisions with only do-it-yourself alternatives
• Resource Identification• Resource Relationship• Reliability• Transactions• Service Discovery
©2009-2010 - Cesare Pautasso, Erik Wilde 94
Freedom of Choice (>1 Alternative)Freedom from Choice (=1 Alternative)
©2009-2010 - Cesare Pautasso, Erik Wilde 95
Comparison Summary
Architectural Decisions measure complexity implied by alternative technologies
REST simplicity = freedom from choice 5 decisions require to choose among 16 alternatives 12 decisions are already taken (but 5 are do-it-yourself)
WS-* complexity = freedom of choice 12 decisions require to choose among 32 alternatives 2 decisions are already taken (SOAP, WSDL+XSD)
©2010 - Cesare Pautasso 96
©2010 - Cesare Pautasso 97
Software Connectors
Shared Data
Message BusEvents
Procedure CallRemote Procedure Call
File Transfer
©2010 - Cesare Pautasso 98
RPC
Remote Procedure Call
Call
• Procedure/Function Calls are the easiest to program with.• They take a basic programming language construct and make it
available across the network (Remote Procedure Call) to connect distributed components
• Remote calls are often used within the client/server architectural style, but call-backs are also used in event-oriented styles for notifications
©2010 - Cesare Pautasso 99
Hot Folder
File Transfer(Hot Folder)
WriteCopy
WatchRead
• Transferring files does not require to modify components
• A component writes a file, which is then copied on a different host, and fed as input into a different component
• The transfers can be batched with a certain frequency
©2010 - Cesare Pautasso 100
Shared Database
Shared Database
CreateRead
UpdateDelete
• Sharing a common database does not require to modify components, if they all can support the same schema
• Components can communicate by creating, updating and reading entries in the database, which can safely handles the concurrency
4.3.2010©2010 - Cesare Pautasso 101
Bus
Message Bus
PublishSubscribe
• A message bus connects a variable number of components, which are decoupled from one another.
• Components act as message sources by publishing messages into the bus; Components act as message sinks by subscribing to message types (or properties based on the actual content)
• The bus can route, queue, buffer, transform and deliver messages to one or more recipients
• The “enterprise” service bus is used to implement the SOA style
REST
WS-
*
©2010 - Cesare Pautasso 102
Different software connectors
RPC ESB
WWW
Spring Semester 2010 Software Architecture and Design © Cesare Pautasso
103
Web (RESTful Web services)
Get PutDeletePost
Web• The Web is the connector used in the REST (Representational State
Transfer) architectural style• Components may reliably transfer state among themselves using the
GET, PUT, DELETE primitives. POST is used for unsafe interactions.
Spring Semester 2010 Software Architecture and Design © Cesare Pautasso
104
Tuple Space
In OutRd Tuple Space
• A tuple space acts like a shared database, but offers a much simpler set of primitives and persistence guarantees
• Components can write tuples into the space (with the Out operation) or read tuples from it (with the Rd operation).
• Components that read tuples can also atomically take them out of the space (with the In operation)
• Extensions for the connector are available that support different kinds of synchronization, in addition to the basic data flow primitives
©2009-2010 - Cesare Pautasso - 30.6.2010 105
Comparison Conclusion You should focus on whatever solution gets
the job done and try to avoid being religiousabout any specific architectures or technologies.
WS-* has strengths and weaknesses and will be highly suitable to some applications and positively terrible for others.
Likewise with REST. The decision of which to use depends entirely
on the application requirements and constraints.
We hope this comparison will help you make the right choice.
©2009-2010 - Cesare Pautasso, Erik Wilde 106
Comparison Conclusion You should focus on whatever solution gets
the job done and try to avoid being religiousabout any specific architectures or technologies.
WS-* has strengths and weaknesses and will be highly suitable to some applications and positively terrible for others.
Likewise with REST. The decision of which to use depends entirely
on the application requirements and constraints.
We hope this comparison will help you make the right choice.
RESTful Service Composition4Cesare PautassoFaculty of InformaticsUniversity of Lugano, Switzerland
[email protected]://www.pautasso.info
©2009-2010 - Cesare Pautasso, Erik Wilde 108
REST Architectural Elements
User Agent Origin Server
Cache
Proxy
Gateway
Connector (HTTP)
Client/Server Layered CacheStateless Communication
©2009-2010 - Cesare Pautasso, Erik Wilde 109
Basic Setup
User Agent Origin Server
HTTP
CachingUser Agent
Origin Server
HTTP
User Agent CachingOrigin Server
HTTP
Adding Caching
CachingUser Agent
CachingOrigin Server
HTTP
©2009-2010 - Cesare Pautasso, Erik Wilde 110
Proxy or Gateway?
Client ProxyHTTP Origin Server
HTTP
Client GatewayHTTP
Origin ServerHTTP
Intermediaries forward (and may translate) requests and responses
A proxy is chosen by the Client (for caching, or access control)
The use of a gateway (or reverse proxy) is imposed by the server
©2009-2010 - Cesare Pautasso, Erik Wilde 111
What about composition?
The basic REST design elements do not take composition into account
WS-BPEL is the standard Web service composition language. Business process models are used to specify how a collection of services is orchestrated into a composite service
Can we apply WS-BPEL to RESTful services?
User Agent Origin Server
HTTP
?
Origin Server
Origin Server
User Agent
HTTP
©2009-2010 - Cesare Pautasso, Erik Wilde 112
WSDL 2.0 HTTP Binding can wrap RESTful Web Services
BPEL and WSDL 2.0
(WS-BPEL 2.0 does not support WSDL 2.0)
©2009-2010 - Cesare Pautasso, Erik Wilde 113
Make REST interaction primitives first-class language constructs of BPEL
BPEL for REST
R
BPEL for REST PUT
DELETE
GET
POST
...
<Put R>
<Get R>
...
<Post R>
<Delete R>
...
<Put R>
<Get R>
<Post R>
<Delete R>
©2009-2010 - Cesare Pautasso, Erik Wilde 114
Dynamically publish resources from BPEL processes and handle client requests
BPEL for REST<Resource P>
<onGet>
<Put R>
<Get S>
</onGet>
<Post R>
<Delete S>
</onDelete>
</Resource>
<onDelete>
R
PUT
DELETE
GET
POST
S
PUT
DELETE
GET
POST
P
PUT
DELETE
GET
POST
BPEL for REST – Resource Block
©2010 - Cesare Pautasso 115
REST Scalability
Origin ServerClient
Proxy/Gateway
One example of REST middleware is to help with the scalability of a server, which may need to service a very large number of clients
Cache
Clients
©2010 - Cesare Pautasso 116
REST Scalability
Origin Server
Clients
Proxy/Gateway
One example of REST middleware is to help with the scalability of a server, which may need to service a very large number of clients
Cache
©2010 - Cesare Pautasso 117
REST Composition
Origin Server
Clients
Proxy/Gateway
Composition shifts the attention to the client which should consume and aggregate from many servers
©2010 - Cesare Pautasso 118
Servers
REST Composition
Origin Client
The “proxy” intermediate element which aggregates the resources provided by multiple servers plays the role of a composite RESTful service Can/Should we implement it with BPM?
CompositeRESTfulservice
©2010 - Cesare Pautasso 119
Composite Resources
PUT
DELETE
GET
POST
PUT
DELETE
GET
POST
C
RPUT
DELETE
GET
POST
S
©2010 - Cesare Pautasso 120
Composite Resources
StateR
StateS
C
R S
The composite resource only aggregates the state of its component resources
©2010 - Cesare Pautasso 121
Composite Resources
StateR
StateS
StateC
C
R S
The composite resource augments (or caches) the state of its component resources
©2010 - Cesare Pautasso 122
Composite Representations
PUT
PUT
DELETE
DELETE
GET
GETPOST
POSTC
RS
LinkR
LinkS
Composite Representation
©2010 - Cesare Pautasso 123
Composite Representation
CompositeRepresentation
Origin Servers
Client
OriginServer
A composite representation is interpreted by the client that follows its hyperlinks and aggregates the state of the referenced component resources
©2010 - Cesare Pautasso 124
Bringing it all together
CompositeRepresentation
Origin Servers
Client
CompositeRESTfulservice
A composite representation can be produced by a composite service too
Origin Servers
©2010 - Cesare Pautasso 125
Doodle Map Example
CompositeRepresentation
Origin Servers
Client
CompositeRESTfulservice
Vote on a meeting place based on its geographic location
Origin Servers
©2010 - Cesare Pautasso 126
1. Composite Resource
PUT
DELETE
GET
POST
PUT
DELETE
GET
POST
C
RPUT
DELETE
GET
POST
S
©2010 - Cesare Pautasso 127
1. Composite Resource
GET
DELETE
GET
POST
C
RPUT
DELETE
GET
POST
S
©2010 - Cesare Pautasso 128
2. Composite Representation
GET
DELETE
GET
POST
C
RPUT
DELETE
GET
POST
S
DMLinkG
LinkC
GETG
LinkD
©2009-2010 - Cesare Pautasso, Erik Wilde 129
RESTful Composition Example
©2009-2010 - Cesare Pautasso, Erik Wilde 130
Example: Doodle Map Mashup
Setup a Doodle with Yahoo! Local search and visualize the results of the poll on Google Maps
©2009-2010 - Cesare Pautasso, Erik Wilde 131
Doodle Map Mashup Architecture
Web Browser WorkflowEngine
RESTfulWeb Services
APIsGET
POSTGET
REST
ful A
PI
Cesare Pautasso, RESTful Web Service Composition with JOpera, Proc. of the International Conference on Software Composition (SC 2009), Zurich, Switzerland, July 2009.
©2010 - Cesare Pautasso 132
Was it just a mashup?
MashupREST
Composition
Mashup
(It depends on the definition of Mashup)
©2010 - Cesare Pautasso 133
Read-only vs. Read/Write
Moving state around
PUT
DELETE
GET
POST
PUT
DELETE
GET
POST
C
RPUT
DELETE
GET
POST
S
©2010 - Cesare Pautasso 134
Read-only vs. Read/write
Simply aggregating data (feeds)
GET
GETC
RGET
S
©2010 - Cesare Pautasso 135
UI vs. API Composition
Is your composition reusable?
CompositeRepresentation
Origin Servers
Client
CompositeRESTfulservice
Origin Servers
API
UI Reusable services vs. Reusable Widgets
©2010 - Cesare Pautasso 136
Can you always do thisfrom a web browser?
Single-Origin Sandbox
Client
CompositeRESTfulservice
Origin Servers
Origin Servers
CompositeRepresentation
©2010 - Cesare Pautasso 137
Security Policies on the client may not always allow it to aggregate data from multiple different sources
Single-Origin Sandbox
CompositeRepresentation
Client
CompositeRESTfulservice
N Origin Servers
1 Origin Server
©2010 - Cesare Pautasso 138
Complementary
Mashup RESTComposition
Mashup
Read-OnlyRead/Write
APIUI
SituationalReusable
ServiceSandboxed
©2010 - Cesare Pautasso 139
RESTful HTTP is good enough to interact without any extension with process execution engines and their processes and tasks published as resources
RESTful Web service composition is different than mashups, but both can be built using BPM
If done right, BPM can be a great modeling tool for Hypermedia-centric service design(and implementation!)
GET http://www.jopera.org/
Conclusions
©2009-2010 - Cesare Pautasso - 30.6.2010 140
References Roy Fielding, Architectural Styles and the Design of Network-based
Software Architectures, PhD Thesis, University of California, Irvine, 2000
Leonard Richardson, Sam Ruby, RESTful Web Services, O’Reilly, May 2007
Jim Webber, Savas Parastatidis, Ian Robinson, REST in Practice: Hypermedia and Systems Architecture, O‘Reilly, 2010
Subbu Allamaraju, RESTful Web Services Cookbook: Solutions for Improving Scalability and Simplicity, O’Reilly, 2010
Stevan Tilkov, HTTP und REST, dpunkt Verlag, 2009,http://rest-http.info/
©2009-2010 - Cesare Pautasso - 30.6.2010 141
Web References Martin Fowler,
Richardson Maturity Model: steps toward the glory of REST,http://martinfowler.com/articles/richardsonMaturityModel.html My Constantly Updated Feed or REST-related material:http://delicious.com/cesare.pautasso/rest This week in RESThttp://thisweekinrest.wordpress.com/
©2009-2010 - Cesare Pautasso - 30.6.2010 142
Self-References Cesare Pautasso, Olaf Zimmermann, Frank Leymann,
RESTful Web Services vs. Big Web Services: Making the Right Architectural Decision, Proc. of the 17th International World Wide Web Conference (WWW2008), Bejing, China, April 2008.
Cesare Pautasso and Erik Wilde. Why is the Web Loosely Coupled? A Multi-Faceted Metric for Service Design, Proc of the 18th International World Wide Web Conference (WWW2009), Madrid, Spain, April 2009.
Cesare Pautasso, BPEL for REST, Proc. of the 6th International Conference on Business Process Management (BPM 2008), Milan, Italy, September 2008.
Cesare Pautasso, RESTful Web Service Composition with JOpera, Proc. Of the International Conference on Software Composition (SC 2009), Zurich, Switzerland, July 2009.
Cesare Pautasso, Gustavo Alonso: From Web Service Composition to Megaprogramming In: Proceedings of the 5th VLDB Workshop on Technologies for E-Services (TES-04), Toronto, Canada, August 2004
Thomas Erl, Raj Balasubramanians, Cesare Pautasso, Benjamin Carlyle, SOA with REST, Prentice Hall, end of 2010
©2009-2010 - Cesare Pautasso - 30.6.2010 143
Leonard Richardson, Sam Ruby, RESTful Web Services, O’Reilly, May 2007
Thomas Erl, Raj Balasubramanians, Cesare Pautasso, Benjamin Carlyle, SOA with REST, Prentice Hall, end of 2010
©2009-2010 - Cesare Pautasso - 30.6.2010 144Abstract Submission: Friday, July 16, 2010