Read Only Resource Oriented Services
Design of Read Only Resource-Oriented Services
How read-only resource oriented services are designed ?
The follwing steps are to be done to design a read/write resource-oriented service.
- Figure out the dataset.
- Split the dataset into resources.
- For each resource.
- Name the resource with a URI.
- 3 basic rules to name the resources with URLS:
- Use path variables to encode hierarchical relationship:
parent/child
. - Use punctuation characters to separate children:
parent/child1;child2
. - Use query variables to imply input to the resource:
parent?child=child1
.
- Use path variables to encode hierarchical relationship:
- 3 basic rules to name the resources with URLS:
- Expose a subset of the uniform interface.
- Design the representation accepted from the client.
- Design the representation served to the client.
- Integrate the resource with other resources using links and forms.
- Consider the typical course of events: what’s supposed to happen?
- Consider error conditions: what might go wrong?
- Name the resource with a URI.
Issues: Authentication and Authorization
- Now that we are allowing a client to change stuff on our server, we need
- Authentication: problem of tying a request to a user
- Authorization: problem of determining which requests to let through for a given user
- HTTP provides mechanisms to enable this (HTTP Basic/Digest) and other web services roll their own (Amazon’s public/private key on subset of request)
- Another Issue: Privacy
- Can’t transmit “private information” in the clear; need to use HTTPS
- Another Issue: Trust
- How do you trust your client software to do the right thing?
- Especially in today’s environment with malware becoming harder and harder to discern.
- How do you trust your client software to do the right thing?