EVOLVE'13 | Keynote | Roy Fielding

1

S c ra m b l e d E g g s• Roy T. Fielding, Ph.D. | Senior Principal Scientist, Adobe

I T ’ S A M Y ST E R Y

2


Open SourceApache

2


Open SourceApache

StandardsHTTPbis + HTTP/2Do Not Track

2


Open SourceApache


So!ware Architecture

REST

2


Open SourceApache


So!ware Architecture

REST

Wouldn’t it be nice if CQ supported …

2

STA N D A R D S : H T T P

HTTP/1.1Almost done, reallyIESG last call next week or so

HTTP/2.0Standardization of Google’s SPDYSession-layer Tunnel for HTTP with Compression (?)

• Should have been called TCP++, or TLS++

Improvement for session-heavy, authenticated sites• http://trac.tools.ietf.org/wg/httpbis/trac/wiki

3

http://trac.tools.ietf.org/wg/httpbis/trac/wiki

http://trac.tools.ietf.org/wg/httpbis/trac/wiki

STA N D A R D S : D O N OT T R A C K

Tracking is pervasivebecause it feeds personalization and UX

4

5

profile data

Green arrows represent the flow of consumer data.Blue arrows represent the flow of 3rd party information & offerings.

This diagram represents a typical flow of information related to some online behavioral advertising. Not all online behavioral advertising operates exactly like this diagram.

..

Browser on Personal Computer

Ad Network

BUY ONE,

GET ONE!SPECIALOFFER!

Web Analytics Provider

News Website

Other Websites

Merchant

Secondary Ad Networks

Profiling Service

AGE

INCOMELEVEL

HOBBIES

statistics & consumer behavior

contextual &tailored ads

contextual &tailored ads

demographics &online activity

demographicdata

(from registration)

demographics,past purchases

aggregateanalytics data

* depending on contract limitations

webpage

interestsegments

BUY ONE,

GET ONE!SPECIALOFFER!

URL + analyticscookie

URL + ad cookie1

URL + pre-existing

cookie

redirect URL

Online Behavioral Advertising

URL + ad cookie2

URL + news site

cookie



Data collection across unrelated contexts is a privacy concern

6

7

Doctor

Medical Prescriptions


This diagram represents a typical flow of information related to some medical and pharmaceutical companies. Not all medical and pharmaceutical companies operate exactly like this diagram.

Patient

Pharmaceutical Company

Health Insurance

Pharmacy Public Health Agency

(disease tracking)

prescription

billing

marketing

prescription

refill reminders

Pharmacy AnalyticsCompany

marketing

prescriptiondata

aggregateprescription

statistics


statistics


statistics

personalprofile data

[FTC]

7

Doctor

Medical Prescriptions


This diagram represents a typical flow of information related to some medical and pharmaceutical companies. Not all medical and pharmaceutical companies operate exactly like this diagram.

Patient

Pharmaceutical Company

Health Insurance

Pharmacy Public Health Agency

(disease tracking)

prescription

billing

marketing

prescription

refill reminders

Pharmacy AnalyticsCompany

marketing

prescriptiondata


statistics


statistics


statistics

personalprofile data

[FTC]

profile data

Other Websites

Profiling Service

AGE

INCOMELEVEL

HOBBIES

demographics &online activity



Data collection across unrelated contexts is a privacy concern

Governments want to stop it,but they don’t know how

Privacy advocates incite fear and doubt

Poor business data practices justify them!

This should bean easy problem to fix

8

9

Online Advertising Industry

US FTC European Commission

Privacy Advocates

B U T O N LY I F W E W O R K TO G E T H E R

… and now state governments are getting involved too …

S O F T W A R E A R C H I T E C T U R E

What isthe best practice for

versioninga REST API?

10

S E R I O U S LY, W H I C H I S B E T T E R ?

Should I include a version number in the URL hierarchy?• http://example.com/v1/users

Should I include a version number on the resource name?• http://example.com/users.v1

Should I include a version number as a query parameter?• http://example.com/users?api=v1

Should I include a version number in the media type?• Content-Type: application/vnd.myname.v1+json

11

http://host/v1/users






R E ST

RESTis so!ware engineering on the scale of

DECADES

12

R E ST

RESTis designed primarily to improve

EVOLVABILITY

13

14

E V O LV A B I L I T Y

Evolvability is the ability to change over time, in response to changing user needs

or a changing environment,without starting over

15

Degree of Evolvability

Arch

itect

ural

Sca

le

So!wareEvolution

IndependentEvolution

Self-ModifyingSo!ware

R E ST

Hypertext as the Engine of Application State

16

S0 S2S1 S3R o y

*

*

R E ST

Follow Your Nose

17

S0 S2S1 S3R o y

*

*

R E ST

Follow Your Nose

18

S0 S2S1 S3R o y

*

*

R E ST

Follow Your Nose

19

S0 S2S1 S3R o y

*

*

R E ST

Follow Your Nose

20

S0 S2S1 S3R o y

*

*

R E ST

Hypertext as the Engine of Application State

each state can be dynamiceach transition can be redirected

21

S0 S2S1 S3R o y

*

*

R E ST



22

R E ST



22

DON’TVersioning an interface

is just a “polite” wayto kill deployed applications

S E R I O U S LY ?

23

S E R I O U S LY ?

When was the last time you sawa version number on a website?

23

S E R I O U S LY ?

When was the last time you sawa version number on a website?

a REST API is just a websitefor users with a limited vocabulary(machine to machine interaction)

23

B R E A K I N G CO M PAT I B I L I T Y I S B A D

Websites are supposed to retainbackwards compatibility

(avoid broken links)

If you want to break with the past,use a different hostname,

with new branding!

24

25

A LW A Y S S H I P T R U N K

why web applications are different …

problems that none of therevision control systems solve …

how you can solve some of them yourself

[Paul Hammond (Typekit)] http://www.paulhammond.org/2010/06/trunk/based on real deployment experience at Flickr, Etsy, Typekit, ...

http://www.paulhammond.org/2010/06/trunk/%5D

http://www.paulhammond.org/2010/06/trunk/%5D

26


26


What would a revision control system built for supporting deployed web applications be like?

26



right?

26



right?

Wouldn’t it be nice if CQ supported …

F R A G S

Feature Flags

for conditional activationof content fragments during

continuous deployment

27

G LO B A L CO N F I G U R AT I O N S E T T I N G S

28

if (frags(“saml_auth”)) {credentials = saml.authenticate(user);

}else {credentials = httpAuth.check(user);

}

• testable for conditional content (i.e., everything)• readable via all development interfaces• writable with ops authority

F L I P S W I TC H E S V I A CO N S O L E

29

• easy UI for (proportional) enabling or disabling of frags• activation by frag, recorded with timestamps• activation by AB testing, recorded for comparative analytics

[Ross Harmes, http://www.flickr.com/photos/rossharmes/4153769740/]

http://www.flickr.com/photos/rossharmes/4153769740/%5D

http://www.flickr.com/photos/rossharmes/4153769740/%5D

A C T I V AT I O N - A W A R E M O N I TO R I N G

30

• dashboard interfaces for time-series graphs with activation markers• AB comparisons based on automated percentile activation• data available as more resources, for reuse by enterprise monitoring

F R A G S

Are you a CQ/AEM customer/prospect?

Do you want a feature like Frags?

Do you need more than what I described?

Ask for it!

(we prioritize features by customer demand)

31

EVOLVE'13 | Keynote | Roy Fielding

Technology

Transcript of EVOLVE'13 | Keynote | Roy Fielding