Tue Nov 07 2006 00:04:
Who would send me a Nethack T-shirt to congratulate me on my first ascension?
However Sam and I did have a long IM conversation today, and
cleared up a lot of taxonomy issues, as well as some of my
misunderstandings about SOAP. I feel confident enough now to take
another stab at my taxonomy of the programmable web. I got about
halfway through before Ben came over to watch Battlestar Galactica,
and that half is what I present to you tonight.
Again the disclaimer: though people will argue about these topics
until the end of time, for purposes of this book we just need to get a
coherent story about what it is we're cutting away as we zoom in on
the programmable web to focus on the parts called "REST" and "ROA".
There are two major architectures on the programmable web. One is
oriented around the passing of messages from place to place, and one
is oriented around the manipulation of server-side objects called
resources. We're (still tenatively) calling these the Message-Oriented
and Resource-Oriented Architectures. Both architectures have real web
applications and real web services to their credit.
These architectures can show up elsewhere than on the web, but
we're not concerned with that. On the programmable web a service under either architecture uses the
same underlying technologies: HTTP; a data format like XML,
JSON, or form-encoded key-value pairs; and at least one URI.
Because they're built on HTTP, both architectures have a request
cycle where the client asks the server to do something, and the server
does it and sends a response. But we've found two questions which the
MOA and the ROA answer differently:
First a brief digression. When you send an HTTP request, you have
two main options as to what to send in the entity-body. You can just
send your data, or, if your data is an XML document, you can stick it
in a box first. The name of the box is SOAP.
Just to avoid confusion: "SOAP" here is referring to the SOAP standard, not to the things people do with SOAP in the real world (that comes next). Sam says: "There isn't much to SOAP. It is three elements and a fault descriptor. Oh, that, and a world view." I'm just talking about the three elements and the fault descriptor. The worldview is the MOA.
Why would you stick your XML document in a box? Well, there are a
variety of stickers that can be slapped onto the box without
disturbing the contents. These stickers are the WS-* stack. That's the
five-cent definition.
With that in mind, let's consider how the Resource-Oriented Architecture answers the two
questions. A client for an ROA service scopes its request to a
resource, by sending its request to a URI that identifies that
resource. In an idealized ROA application there's one resource for
every part of the application you might want to manipulate. Every
resource has at least one URI, and you've got to send your request to
some URI, so you might as well designate your resource by its
URI. The URI goes in a special place in the HTTP request and can't be
confused with anything else.
When conveying what it wants an ROA service to do to a resource,
the client is restricted to a small and standardized list of
methods. These methods are the famous HTTP GET, PUT, etc. Again, the
HTTP method goes in a special place in the HTTP request and can't be
confused with anything else.
If the client wants to convey an action that's not on that list,
the problem is almost always that they've chosen the wrong
resource. The service ought to expose some other resource for which
the client's desired action translates naturally into one of the
standard methods. The service might not actually expose this resource,
but that just means the service can't do what the client wants. It's
no different from the aggravation of a C library that's missing the
function you need.
(There are edge cases I don't really understand, about overloading
POST for atomic operations that span resources. I'm still trying to
figure this part out. I think I may end up modelling this as a tiny
MOA architecture inside the ROA.)
Now, depending on the service, when you need to send a document with your request, you might just send it as is, or you might stick it in a
SOAP box first. The second possiblity, is, AFAIK, only theoretical. I
don't know of any services I would describe as ROA where the client
sticks its entity-bodies in a SOAP box before sending them.
This is partly for historical reasons. It's partly because it's
simpler for the server to accept the entity-body as a document,
instead of parsing it into a SOAP box covered in stickers, plus the
"real" document. But it's mainly because HTTP already has stickers
(HTTP headers). An HTTP request or response is already a box that can
contain data and have stickers slapped on it.
HTTP stickers are more restricted in form than SOAP stickers, but
they're good enough for most purposes. To the extent that ROA service
programmers covet the features of WS-* stickers, they tend to devise ways of
representing the same information in HTTP headers. Example: WS-Security's
WSSE "ported" to the ROA as the X-WSSE header.
OK, enough about the ROA for a while. What about the MOA? And where
do popular acronyms already in common usage fit in? Tune in tomorrow
for the action-packed conclusion.
![[Comments]](/nb//themes/Default/comments.png "6 comments")
(6) Tue Nov 07 2006 22:21 Taxonomy of the Programmable Web! Part Deux:
I know you're all for some reason anxious for the next report on my
book progress. Well, in public it's all high-level philosophy but
really the bulk of my day was spent chasing down Javascript and HTTP
proxy hacks so I can finish "Ajax Applications as REST Clients".
