Skip to content

EAD Notes

Read Write Resource-Oriented Services

Initializing search

Introduction
Development Process Management
Design Patterns
Web App Architecture
SOA and RESTful
Security
Development Methodologies
Extras

EAD Notes

Introduction
Introduction
- Syllabus
- Enterprise Application Architecture
  Enterprise Application Architecture
- Web Technology Concepts
  Web Technology Concepts
  - Protocols
  - Communication Types
  - Web Services
  - Data Exchange Formats
    Data Exchange Formats
    
    Data Exchange Formats
    
    Conversion between Data Exchange Formats
Development Process Management
Development Process Management
Design Patterns
Design Patterns
Web App Architecture
Web App Architecture
SOA and RESTful
SOA and RESTful
- Introduction
- Resource Oriented Architecture
- Analysis and Design
  Analysis and Design
  - Read Only Resource Oriented Services
  - Read Write Resource Oriented Services Read Write Resource Oriented Services
    Table of contents
    
    Design of Read/Write Resource-Oriented Services
    
    Issues: Authentication and Authorization
Security
Security
Development Methodologies
Development Methodologies
- AGILE
  AGILE
  - Principles
  - Methodologies
- Test Driven Development (TDD)
- Behaviour Driven Development (BDD)
Extras
Extras
- Questions
- Abbreviations

Table of contents

Design of Read/Write Resource-Oriented Services
- Issues: Authentication and Authorization

Read Write Resource Oriented Services

Design of Read/Write Resource-Oriented Services

How read/write resource oriented services are designed ?

The following steps are to be done to design a read/write resource-oriented service.

Figure out the dataset.
Split the dataset into resources.
For each resource.
- Name the resource with a URI.
  - 3 basic rules to name the resources with URLS:
    - Use path variables to encode hierarchical relationship: parent/child.
    - Use punctuation characters to separate children: parent/child1;child2.
    - Use query variables to imply input to the resource: parent?child=child1.
- Expose a subset of the uniform interface.
- Design the representation accepted from the client.
- Design the representation served to the client.
- Integrate the resource with other resources using links and forms.
- Consider the typical course of events: what’s supposed to happen?
- Consider error conditions: what might go wrong?
Build matrix with resource types as rows, and operations as columns
- Indicate what operations apply to which types
  - provide example URIs and discussion of what will happen
    - especially in the case of POST and PUT
      - POST: create resource
      - PUT: update resources
  - Two questions to help
    - Will clients be creating new resources of this type?
    - Who’s in charge of determining the new resource’s URI? Client or Server?

Issues: Authentication and Authorization

Now that we are allowing a client to change stuff on our server, we need
- Authentication: problem of tying a request to a user
- Authorization: problem of determining which requests to let through for a given user
HTTP provides mechanisms to enable this (HTTP Basic/Digest) and other web services roll their own (Amazon’s public/private key on subset of request)
Another Issue: Privacy
- Can’t transmit “private information” in the clear; need to use HTTPS
Another Issue: Trust
- How do you trust your client software to do the right thing?
  - Especially in today’s environment with malware becoming harder and harder to discern.

Previous Read Only Resource Oriented Services

Next Introduction

Copyright © 2022 Arjun Adhikari