© Donald F. Ferguson, All rights reserved. Topics in Modern Internet Application Development: REST Continued, A Little Security, SaaS, Some DB Dr. Donald F. Ferguson

2 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Agenda

3 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Agenda Questions, discussions on assignments. Follow on topics from last week –Security concepts –Replay attacks. –Security basics: Message hash, signature, keys. –Stateless and Sessions Future assignments –Overview –Next steps Publish/subscribe; notification Multi-tenancy introduction Two new database models and use. We will likely end early I think I am presenting concepts Faster than you can absorb/implement I want to introduce concepts, To show where we are going Understand why we are doing things Give you a chance to pre-read if you want Follow-up with detail in subsequent lectures Free up some time for ad hoc reviews/discussion

4 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Questions Discussion on Assignment?

5 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Follow Up from Last Week

6 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB One perspective on security topics Alice is sending a message over a network to Bob. Eve is malicious and is watching the communication channel. Mallory can see and inject messages. Alice and Bob care about: 1.Authentication of messages 2.Integrity of messages 3.Privacy of messages Additionally, someone processing messages may care about 1.Authorization 2.Non-repudiation 3.Audit

7 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB HTTP(S)/TLS Solve the Problem?

8 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Some Issues Eve can see the encrypted messages but cannot extract information, e.g. user ID/PW, account numbers, …  Privacy Bob and Alice still need some form of shared secret, e.g. UID/password, API Keys, for authentication –Alice knows that UID and password –Bob knows the UID and password hash. Eve can, however, –Change and corrupt the message  no integrity. –Capture and replay a message. The message could be the logon message. Remember, securing the pipe HTTPS/TLS occurs –Based on Bob’s certificate, which is public. –Alice may not have a certificate. –Eve resending a logon message allows Eve to become Alice. Alice may naturally move between IP addresses, e.g. at home versus at work versus mobile phone.

9 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Some Additional Issues -- “ Layered Systems ” The HTTP(S) connection may not be fully end-to-end, e.g. –Firewalls –Proxies The messages may flow through a value added intermediary, e.g. –Message queue –Notification service

10 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Secure the Message Header Data Hash Header Data Header Alice –Computes a message hash using a known algorithm, e.g. MD5 –Encrypts the message hash with the shared secret, e.g. API secret key Bob –Decrypts the transmitted message hash with the shared secret –Computes the overall message hash using the known algorithm –The hash comparison will fail if Eve changed the message  integrity –Bob and Alice agreed on what Alice would hash, and Alice encrypted the information with a secret Eve does not know  authentication

11 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Danger Remember when I said in the 1 st lecture, “Don’t Panic?” Well, now would be a good time to panic. This explanation –Is a gross over simplification! –And is not a valid security solution! The explanation clarifies some concepts that we discussed –AWS API key pairs. –Signing information in REST headers –etc. Provides initial insight into why some of the stuff is there.

12 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Future Assignments

13 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB We are going to build a composite app Evolve the simple CRM service –Implementation using new functions, e.g. notification, workflow, rules/policy, new database types, reports, … –“Portal” for on the glass integration of multiple sites. Use a SaaS, web callable product, price, billing, … API Build a very simple, multi-tenant web commerce application (catalog, cart, …) CRM Service Multi-Tenant Commerce Service SaaS Account/ Billing API Cloud Infrastructure APIs S3 SQS OpenID …

14 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Representational State Transfer (REST) People confuse –Various forms of RPC/messaging over HTTP –With REST REST has six core tenets –Client/server –Stateless –Caching –Uniform Interface –Layered System –Code on Demand

15 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB REST Tenets Client/Server (Obvious) Stateless is a bit confusing –The server/service maintains resource state, e.g. Customer and Agent info. –The conversation is stateless. The client provides all conversation state needed for an API invocation. For example, –customerCursor.next(10) requires the server to remember the client’s position in the iteration through the set. –A stateless call is customerCollection.next(“Bob”, 10). Basically, the client passes the cursor position to the server. Caching –The web has significant caching (in browser, CDNs, …) –The resource provider must –Consider caching policies in application design. –Explicitly set control fields to tell clients and intermediaries what to cache/when. Motivation for the concepts of explicit/implicit cursors and pagination.

16 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB I Lied Think about the commerce application –There are going to be many, many message exchanges –Browse –Add to cart –Remove from cart –etc. The commerce application needs to remember –What has gone into the cart during this commerce session –What I have searched for during this commerce session –Don’t ask me, “Are you interested in metric wrenches?” –When I am shopping for textbooks. –Just because I looked for screwdrivers three years ago. Technically, –I could have the client store and provide all session information on every request –But, … this is fragile and complicated So, the application –Generates a session key/ID –The client requests always contain the session key either in a cookie or URL (URL rewrite) –Maintains session state in a “database.” –Invalidates the session key/ID when the client logs out or the session times out.

17 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Session and URL Rewrite

18 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Class Implications We are going to start building a simple commerce application This is a natural evolution/reapplication of what you have already done –Customer info creation, deletion, etc. –Searching for things in a database, just applied to new data (catalog entries) –Creating things in a database, just applied to new data (shopping cart) –Using headers in REST messages, just applied to session keys But, you will apply some new concepts –Creating/terminating sessions –Using session specific data to tailor application –Storing data not easily mapped to relational data models, e.g. product descriptions Request Handler BOBO DB 1. HTTP GET/POST/… 2. Parse and validate request 3. Retrieve session context/info 4. Select “business object.verb base on GET/POST data and context info. 5. Access/Update DB through framework 6. Application logic 9. Send HTML response

19 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB New Topics

20 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Publish/ Subscribe and Notification

21 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Amazon Web Services

22 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Google Cloud Pub/Sub

23 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Topic Trees e1 e2 Subscribe to /sales Will see e1 and e2 If they match the filter

24 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB RabbitMQ

25 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB RabbitMQ

26 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Class Implications Install and setup RabbitMQ (or something similar) –On a private machine, e.g. your desktop development systems –Or EC2, GCE or something similar Define a topic schema and configure Rabbit MQ, e.g. –customer.name –address.zipcode. Extend the CRM system –Emit notifications (publish to RabbitMQ) for Create, Update, Delete of Customer –Web pages allowing Agents to create subscriptions, e.g. –“New customer in zipcode=12345” –“Change in customer for agentID=“898” –And specify how the agent wants to be notified, e.g. , SMS

27 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Current Assignment Data Access Service CustomerDS AgentDS ContactDS Business Service CRM Services Customer Facade Agent Facade V V V Q UI Controller REST API Web UI Controller may be on server or in browser (e.g. Angular) Standalone App Amazon SQS SQS Adaptor

28 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB “ Next Assignment ” Data Access Service CustomerDS AgentDS ContactDS Business Service CRM Services Customer Facade Agent Facade VVV REST API “RabbitMQ” Subscriptions Notification Service Install and configure RabbitMQ Write a simple application that enables agents to CRUD subscriptions, specifying –Topics –Notify method Listens for events on Rabbit MQ and uses AWS API to notify agent using SNS or SES Modify CRM app to automatically emit events for CUD of customer

29 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB SaaS Multi- Tenancy Introduction

30 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Some Terminology Software as a service (SaaS) is –A software licensing and delivery model –In which software is licensed on a subscription basis –And is centrally hosted. Multitenancy refers to a principle in software architecture where –A single instance of the software runs on a server, serving multiple tenants. –A tenant is a group of users sharing the same view on a software they use. –With a multitenant architecture, a software application is designed to provide every tenant a dedicated, private instance including –Data –Configuration –User management –Tailored application logic –SLAs and non-functional properties. –Multitenancy contrasts with multi-instance architectures where separate software instances operate on behalf of different tenants.

31 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB A Perspective on SaaS and Multi-Tenancy The application must have special functionality to enable tenant specific customization –Branding: allowing each organization to customize the look-and-feel of the application to match their corporate branding. –Workflow: Accommodating differences in workflow to be used by a wide range of potential customers. –Extensions to the data model: supporting an extensible data model to give customers the ability to customize the data elements managed by the application to meet their specific needs. –Policies and rules –Access control: letting each client organization independently customize access rights and restrictions for each user. Two special applications that “manage” the actual application –Business Support Service, e.g. –Sign-up –add user –add feature –Editor enabling certain roles to –Add fields to the database –Specify maximum number of allowed entries in a shopping cart –Add step to order approval workflows –etc.

32 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Step 1: Multi-Tenant Database A customer logon associates a tenant ID with each session, e.g. –Logging on as –Associates tenantID=21 with the created session All data operations automatically “add” the tenant ID, e.g. –Select * from customer where customerID=1234 is actually –Select * from customer where customerID=1234 and tenantID=21

33 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Some New Data Models

34 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Query Results {author, “Ferguson”} {includes, {paper, {author, “Ferguson”}}} {references, {book, {author, “Ferguson”}}}

35 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Data and Rendering Two different renderings Of the same underlying document

36 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Content Management System Some Terminology A content management system (CMS) is a computer application that –Allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. –Such systems of content management provide procedures to manage workflow in a collaborative environment. A web content management system is a bundled or stand-alone application –To create, deploy, manage and store content on Web pages. –Content includes text and embedded graphics, photos, video, audio, … –Content includes code that displays content in a specific way –A Web CMS may catalog and index content, select or assemble content at runtime, or deliver content to specific visitors in a requested way, such as other languages.

37 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB CMS Data Model

38 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Why Don ’ t I Just Use … A relational database? RDBs do not handle –Dynamic taxonomies/folders particularly well. –Relatively free form tagging and query of items. –You can realize the model in relational, but you have to write a specific schema. –Your code is awkward and you write “framework,” which is a CMS. A file system? –File systems do not handle arbitrary metadata well. I want to find documents with author=“Ferguson” not containing the text “Ferguson.” –I want to publish or rollback all changes made by Bob in the last 24 hours. –Jim must approve all contributions of type “Press Release.” MongoDB? –Handle hierarchical and dynamic tags well. –Not great for images, audio, … –Would still need some framework code.

39 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Apache Jackrabbit

40 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB The Simple Commerce Application Needs a CMS Product classification, e.g. –Classification I: Books, Magazines, Videos –Classification II: Sports, Engineering, Business Relatively freeform, queryable information –Artist Type = {Author, Editor, Contributor, Reviewer, …}.Name={…} –Format = {eBook, paperback, audiobook, …} Fragments of a rendering, e.g. –Images –Reviews –Descriptive prose –TOC Various renderings, e.g. –Summary in a search result –Full information

41 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Project Implications Your commerce application will implement a simple CMS using Amazon S3 –Bucket per tenant –A set of base document object elements, e.g. –Image –Description –Review –A logical classification of products, e.g. –Publication –eBook –Movie –Compound product descriptions that contain a set of base elements, e.g. –Image –Description –Authors

42 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB Amazon S3

43 © Donald F. Ferguson, All rights reserved.Modern Internet App Development – Lecture 6: REST Continued, A Little Security, SaaS, Some DB The Assignment You do not need to write code (yet) You are doing a logical data model –What buckets do you have? –What is the folder structure in the buckets? –What are the base content types? –What are the composite content types? –What is the defined metadata type for each content type? –What are some sample renderings? Pilot and manually set up in S3 –With sample data –Using the web UI.