Read Write Resource Oriented Services
Design of Read/Write Resource-Oriented Services
How read/write resource oriented services are designed ?
The following steps are to be done to design a read/write resource-oriented service.
- Figure out the dataset.
- Split the dataset into resources.
-
For each resource.
- Name the resource with a URI.
- 3 basic rules to name the resources with URLS:
- Use path variables to encode hierarchical relationship:
parent/child
. - Use punctuation characters to separate children:
parent/child1;child2
. - Use query variables to imply input to the resource:
parent?child=child1
.
- Use path variables to encode hierarchical relationship:
- 3 basic rules to name the resources with URLS:
- Expose a subset of the uniform interface.
- Design the representation accepted from the client.
- Design the representation served to the client.
- Integrate the resource with other resources using links and forms.
- Consider the typical course of events: what’s supposed to happen?
- Consider error conditions: what might go wrong?
- Name the resource with a URI.
-
Build matrix with resource types as rows, and operations as columns
- Indicate what operations apply to which types
- provide example URIs and discussion of what will happen
- especially in the case of POST and PUT
- POST: create resource
- PUT: update resources
- especially in the case of POST and PUT
- Two questions to help
- Will clients be creating new resources of this type?
- Who’s in charge of determining the new resource’s URI? Client or Server?
- provide example URIs and discussion of what will happen
- Indicate what operations apply to which types
Issues: Authentication and Authorization
- Now that we are allowing a client to change stuff on our server, we need
- Authentication: problem of tying a request to a user
- Authorization: problem of determining which requests to let through for a given user
- HTTP provides mechanisms to enable this (HTTP Basic/Digest) and other web services roll their own (Amazon’s public/private key on subset of request)
- Another Issue: Privacy
- Can’t transmit “private information” in the clear; need to use HTTPS
- Another Issue: Trust
- How do you trust your client software to do the right thing?
- Especially in today’s environment with malware becoming harder and harder to discern.
- How do you trust your client software to do the right thing?