1. REST REPRESENTATIONAL STATE TRANSFER Scott Ainsworth & Louis Nguyen (Group 1) Old Dominion University, CS 791: Web Syndication Formats, January 29, 2008

2. Presentation Overview  Motivation Behind REST  What is REST?  A Simple Example  The Web: a RESTful design  REST in more depth  REST Characteristics  Why REST?  REST vs. Web Services  REST is a Syndication Enabler 2

3. Motivation Behind REST  Roy Fielding instrumental in Web architecture  Went back for Ph.D.  Called it REST  Formally define the Web architecture 3

4. What Is REST?  A Simple, Concrete Example  Suppose we have a Web bulletin board  Suppose we need to view, update, and delete messages  Suppose we follow common procedural programming practices 4

5. What Is REST?  What message actions are required?  Create message  View message  View message for update  Delete message 5

6. What Is REST?  How do these actions map to HTTP and Web pages?  Note the dependence on GET. Why is this? 6 ActionHTTP MethodURL Create MessagePOSThttp://bbs/msg.php?m=create View MessageGEThttp://bbs/msg.php?m=view&id=12 Update MessagePOSThttp://bbs/msg.php?m=update&Id=12 Delete MessageGEThttp://bbs/msg.php?m=delete&id=12

7. What Is REST?  In addition to GET and PUT, HTTP protocol also includes:  PUT: create or replace an object  DELETE: delete an object 7

8. What Is REST?  How do the message actions map in REST? 8 ActionHTTP MethodURL Create MessagePOSThttp://bbs/message/new View MessageGEThttp://bbs/message/12 Update MessagePUThttp://bbs/message/12 Delete MessageDELETEhttp://bbs/message/12

9. What Is REST?  HTTP methods POST, GET, PUT, and DELETE are often compared with Create, Read, Update, and Delete (CRUD) operations associated with database functions: HTTPCRUD POSTCreate, Update GETRead PUTCreate, Update DELETEDelete HTTP methods do not always correspond directly with a single database operation. 9

10. World Wide Web: A RESTfull Design  The Web is example of RESTfull design that conforms to REST principles.  The Web consist of HTTP, content types (HTML, etc), and DNS.  HTML includes JavaScripts and applets to support code on demand (COD), which allows downloading and executing of code locally. COD provides improved extensibility and configurability, and better access to resources 10

11. World Wide Web: A RESTfull Design  HTTP is a communications protocol used as a transport to request and retrieve information on the Web  Uniform Interface: URIs, methods, status codes, headers, and content types  Safe Methods: GET, HEAD, OPTIONS, and TRACE Retrievals should not change the state of the server, ie. No side effects GET with side effects: useful for delete/insert message from a database (GET /edit.cgi?action=new)  Unsafe Methods: POST, PUT, DELETE 11

12. World Wide Web: A RESTfull Design  HTTP based on client-server principle: separation of web server and browser  When RESTful, HTTP is stateless  Client request, and every thing needed to complete the request, can be processed by the any server without knowing previous request  Stateless transaction example Buyer: Do you have a 1966 Ford Mustang for sale in Norfolk, VA? Ebay Server1: Yes, there’s one in near ODU and one in Ocean View area. Which one are you interested in? Buyer: I’m interested in buying a 1966 Ford Mustang near ODU in Norfolk, VA. Is it still for sale? Ebay Server2: Yes, here you go: ebay.com/odu_mustang 12

13. REST vs. RCP Approach  Remote Procedure Call (RPC) application exposed one or more resources  Provides unique set method invocation  Resources are hidden and RCP applications must have knowledge of the resources in order to locate and communicate with it  REST is more object oriented  Resources are highly visible and provided by URL  Client can interact with resources uniformly and navigate/transverse between URL w/o much knowledge of the resources 13

14. Example of RPC Application  RPC Operations getUser()addUser()removeUser()updateUser() getLocation()addLocation()removeLocation() updateLocation()listUsers()listLocations() findLocation()findUser()  RPC Client Code exampleAppObject = new ExampleApp('example.com:1234') exampleAppObject.removeUser('001') 14

15. Example of REST Application  REST Define Resources http://example.com/users/ http://example.com/users/{user} (1 for each user) http://example.com/findUserForm http://example.com/locations/ http://example.com/locations/{location} http://example.com/findLocationForm  REST Client Code userResource = new Resource('http://example.com/users/001') userResource.delete() userResource.findLocationForm() 15

16. REST vs. Web Services (RPC) Web ServicesREST ProtocolsSOAP (Simple Object Access Protocol) over HTTP. HTTP Request Mechanism XML over HTTP, usually POSTHTTP Actions (verbs)Many different actions, which are hidden within the request body. Standard HTTP methods (GET, PUT, POST, DELETE) SecurityAdditional SOAP-specific security layer. Web server security Web ServerHTTP and Web server are simple conduits with much of their power and capability are bypassed HTTP and Web server exploited to fullest extent 16

17. REST in More Depth  Architecture and Architectural Style  REST Characteristics  Elements  Configurations  Constraints, Principles, Guidelines 17

18. REST is about Architecture  Software architecture  An abstraction of the elements, configurations, constraints, principles, and guidelines that govern a system’s design and evolution.  Software architectural style  A set of constraints that restrict a software architecture. 18

19. First Definition of REST A software architectural style for networked application architectures. 19

20. REST Architectural Characteristics  Elements  Components: Perform computation. Take data as input and produce data as output. Examples: Web Servers, Gateways, Proxies, Applications, DBMSes, Web Browsers.  Connectors define interactions between components and encapsulate the details of transferring resource representations. Examples: HTTP and DNS libraries, browser caches, standard protocols.  Data File contents, HTML, XML, etc. Examples: User row in database, User data in XML. 20

21. REST Architectural Characteristics  Configurations  Relationships define and constrain the relationships between components, connectors, and data at run time.  Examples: “Connections must use HTTPS” “Users must be authenticated using PKI” 21

22. REST Operational Characteristics  Constraints, Principles, and Guidelines  Client-Server: separate presentation from data storage.  Stateless: all communication between the client and server must contain everything required to complete the request.  Cache: all data must be marked cacheable or non-cacheable improving network efficiency by allowing client to reuse response data. 22

23. REST Operational Characteristics  Constraints, Principles, and Guidelines  Uniform Interface: interfaces between components are uniform. Generally URIs, HTTP, and XML.  Layered System: provides loose coupling and scalability (through tiers and load balancing).  Code-On-Demand: allows downloading and executing code locally to access components: Javascript, java applets, Active-X. 23

24. Full Definition of REST A software architectural style based on the de facto World Wide Web architecture for networked client- server application architectures that requires stateless connections, cachable data, scalable implementations, uniform interfaces, client code-on-demand. 24

25. Why REST?  Separates representation and identification from process.  Leverages Web server capabilities, reducing application complexity and code.  Security  Logging  Scalability  Simple, common set of actions/methods  Matches the “natural” architecture of the Web.  Much less complicated infrastructure than RPC- based mechanism. 25

26. REST and Web Syndication  REST is about resources  Syndication is about resources  Simple relationship 26

27. Amazon S3  Amazon S3 is a Simple network Storage Service.  Provides cheap storage with read/write and pub/private access for the internet apps  Support REST and SOAP APIs  REST API is quickly understood in 7-page tutorial  SOAP API WSDL is 7 pages of XML with no explanations at all! 27

28. Amazon S3  S3 Core Concepts  Authorization: uses AWS key and private key  Objects: data files placed in buckets  Buckets: unique namespace for referencing your objects  Keys: unique identifier for an object Ex: http://cs.odu.edu/cs791/REST/doc1.ppthttp://cs.odu.edu/cs791/REST/doc1.ppt cs791 is a bucket and REST/doc1.ppt is the key Getting Started Guide: http://docs.amazonwebservices.com/AmazonS3/2006-03-01/gsg/ http://docs.amazonwebservices.com/AmazonS3/2006-03-01/gsg/ WSDL: http://s3.amazonaws.com/doc/2006-03-01/AmazonS3.wsdlhttp://s3.amazonaws.com/doc/2006-03-01/AmazonS3.wsdl Using the REST API: http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAPI.html http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAPI.html 28

29. Summary  REST is an architectural style that  Focuses on resources  Minimizes verbs  Leverages existing Web server capabilities  REST encourages  Loose coupling Separation of representation and process Separation of security and logging from application  Maximum exploitation of Web servers and HTTP 29

30. Questions and Discussion  You are designing a system than manages widgets. Construct RESTfull URLs for  Retrieving a widget,  Adding a widget,  Updating a widget,  Deleting a widget, and  Retrieving lists of widgets. Use “widgetmage” for the domain. 30

31. Questions and Discussion  How does the layered system characteristic enable scalability?  How does it enable expansion? 31

32. Questions and Discussion  Which operational characteristics also enable scalability and expansion? How? 32

33. Questions and Discussion  Why does RPC/SOAP require its own security layer? 33

34. Questions and Discussion  Under what circumstances would SOAP-based Web Services (RPC) be a better choice than REST? 34

35. Questions and Discussion  What are the advantages of statelessness? 35

36. References  Fielding, Roy Thomas. “Architectural Styles and the Design of Network-based Software Architectures.” Diss. University of California, Irvine: 2000.  Software Engineering Institute. “Published Software Architecture Definitions.” 23 January 2008. Carnegie Mellon University. http://www.sei.cmu.edu/architecture/published_definitions.html.http://www.sei.cmu.edu/architecture/published_definitions.html  “Resources as Objects.” RESTwiki. 11 May 2007. 23 January 2008. http://rest.blueoxen.net/cgi- bin/wiki.pl?ResourcesAsObjects.http://rest.blueoxen.net/cgi- bin/wiki.pl?ResourcesAsObjects  “REST In Plain English.” RESTwiki. 20 September 2007. 23 January 2008. http://rest.blueoxen.net/cgi-bin/wiki.pl?RestInPlainEnglish. http://rest.blueoxen.net/cgi-bin/wiki.pl?RestInPlainEnglish  “The REST Triangle.” RESTwiki. 17 November 2007. 23 January 2008. http://rest.blueoxen.net/cgi-bin/wiki.pl?RestTriangle. http://rest.blueoxen.net/cgi-bin/wiki.pl?RestTriangle  “What is REST?” RESTwiki. 11 May 2007. 23 January 2008. http://rest.blueoxen.net/cgi- bin/wiki.pl?WhatIsRest.http://rest.blueoxen.net/cgi- bin/wiki.pl?WhatIsRest  Fielding, R. T. and R.N. Taylor. “Principled Design of the Modern Web Architecture.” Architecture of the World Wide Web: 2000.  Amazon.com. “Amazon S3 Getting Started Guide.” 29 January 2008. http://docs.amazonwebservices.com/AmazonS3/2006-03-01/gsg/. http://docs.amazonwebservices.com/AmazonS3/2006-03-01/gsg/ 36

37. Extras 37

38. REST Operational Characteristics 38

39. REST Operational Characteristics 39

40. REST Operational Characteristics 40

41. REST Operational Characteristics 41