Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012
Transcript of Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012
![Page 1: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/1.jpg)
Exploring REST Purity and Pragmatism
Samisa Abeysinghe Vice President Engineering
![Page 2: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/2.jpg)
REST
• General idea
– It is simple
– Widely used
– “cool” & state of the art
– And ideal for SOA & the enterprise
True?
![Page 3: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/3.jpg)
Yes
Simple Cool
Popular Used
REST is…
![Page 4: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/4.jpg)
From Theory to Practice
• Can simplicity meet complexity?
• Can REST be used in enterprise?
![Page 5: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/5.jpg)
REST for Enterprise
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
![Page 6: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/6.jpg)
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
![Page 7: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/7.jpg)
REST Principles
Resources
Names
URI, XRI
(http://acme.com/ customers)
Verbs
CRUD and more
(PUT, GET,POST,DELETE … HEAD, OPTIONS) Representations
HTML, XML or Binary
(text/html, text/xml, image/png)
![Page 8: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/8.jpg)
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
![Page 9: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/9.jpg)
Services vs APIs
• Services are what you develop
• APIs are what you expose
– “The interface”
– How can you consume the service?
![Page 10: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/10.jpg)
RESTful APIs
• REST (REpresentational State Transfer)
– An architectural style based on transferring representations of resources from a server to a client
• RESTful Web services
– Web services built on the REST principles
– Also called a RESTful Web API
– http://en.wikipedia.org/wiki/Representational_state_transfer#RESTful_web_services
![Page 11: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/11.jpg)
The Interface Matters
• It is not the implementation that matter
• But the interface
– And got to be managed and maintained systematically
![Page 12: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/12.jpg)
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
![Page 13: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/13.jpg)
Manage Life-Cycles
Service API
![Page 14: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/14.jpg)
Tools for Life-Cycle Management
![Page 15: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/15.jpg)
Tools for Life-Cycle Management
![Page 16: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/16.jpg)
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
![Page 17: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/17.jpg)
Securing RESTful Services
Confidentiality
HTTPS
Integrity
HTTPS
Authentication
HTTP Basic/Digest Auth., Mutual Auth., OAuth
Non Repudiation
2-legged OAuth
Security
![Page 18: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/18.jpg)
Security Using OAuth
http://pathberiya.blogspot.com/2011/02/2-legged-oauth-to-secure-restful.html
![Page 19: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/19.jpg)
Access Tokens
Used when applications are calling each other
Application Key Used when an
end user is using an application
User Key
![Page 20: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/20.jpg)
Application/User Key Generation Sequence
![Page 21: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/21.jpg)
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
![Page 22: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/22.jpg)
Business Models
![Page 23: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/23.jpg)
Business Requirements
Tiers
Platinum
Gold
Silver
Metering
Usage metering
Capacity metering
Status tracking
Throttling
Tier limits enforcement
SLA & policy enforcement
Prioritization
Billing
Pay for use
Budget
Estimates
Monitoring
Trends
Continuous improvement
Capacity planning
![Page 24: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/24.jpg)
Monitoring Tools
![Page 25: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/25.jpg)
Insights & Continuous Improvement
![Page 26: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/26.jpg)
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
![Page 27: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/27.jpg)
Closing Remarks
• REST is simple, cool, popular and used
• Need to look beyond coolness to use REST for real
• Think of REST as a way to expose APIs
• Pay attention to good governance
• Make informed security architecture decisions
• Focus on monitoring, analysis and insights based continuous improvements
![Page 28: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/28.jpg)
Resources
• http://wso2.com/products/api-manager/
• http://wso2.com/products/governance-registry/
• http://wso2.com/products/business-activity-monitor/
• http://sanjiva.weerawarana.org/2012/08/api-management-missing-link-for-soa.html
• http://sumedha.blogspot.com/search/label/API
![Page 29: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/29.jpg)
WSO2 Engagement Model
• QuickStart
• Development Support
• Development Services
• Production Support
• http://wso2.com/support
![Page 30: Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012](https://reader036.fdocuments.us/reader036/viewer/2022081404/557cfb06d8b42a89158b4d26/html5/thumbnails/30.jpg)
Thank you! [email protected]