gettin all zoidal on ya
AtomPub services documents return a content type of application/atomsvc+xml. How does one tell Firefox to just view this in the browser and NOT save it to disk? This question came up on the Abdera list as well, but no one had a good solution.
What does one do after going to QCon and Oredev? ApacheCon of course. I barely made it on my plane out of Sweden. I arrived at the airport checkin thinking the arrival time of the flight was the departure time. Oops.
Here’s my presentation that I did on building RESTful HTTP services. Really its just a bunch of practical stuff that you should know when you get in bed with HTTP.
I was jazzed before the talk as I had somehow managed to teach Sam Ruby something about HTTP that he didn’t know. Expect: 100-continue. You can use the Expect header to ensure that the server will be willing to process the request. Sam brought up an example where you might be uploading a large image from a cellphone and you need to be authenticated to do so. You certainly don’t want upload the image and then get an unauthorized response! The solution to this is to have a client send an Expect: 100-continue header. After the client sends the headers it waits for the server to respond with either a “100 Continue” message or some other status like “401 Unauthorized”. Provided that the client gets a 100, it can continue sending the message. If it gets some other message, the connection is immediately closed and then the client can decide what to do next - like authenticate itself.
I said something along these lines at QCon last week and got some strange looks. I’m happy to see that Don Box is saying its quite important as well. People may takes digs at the complexity of the WS-* specs, but security is damn complex and the WS-SX specs are pretty quite good. If you start looking for equivalent functionality in the Just Use HTTP world you won’t find any.
Sam Ruby has chimed in as well, but I’m not sure what his point is - its a little too terse for me. Maybe he’s hinting that some could write a more RESTful binding. Or that its not in their interest to use WS-SX because its too complex.
Maybe the question we need to ask is how do we do WS-SX related stuff over Just HTTP? Mark Pilgrim did a little work on WSSE, but I don’t think thats sufficient. I’m not sure all the WS-Security token stuff can be mapped to HTTP headers. I’m also not sure its worthwhile trying to make WS-Trust into a more RESTful service other than aesthetics. I don’t see any potential for GET operations in those specs which is where HTTP adds a lot of value.
Which means we might just want to keep WS-Trust around. Kind of like how Infocard already does. Which brings us back to: how do we use WS-Security tokens - username/passwords, saml tokens, tokens from WS-Trust, etc - with HTTP resources? Someone is going to have to sit down and figure this all out.
(Hopefully this makes sense - I am not a WS-Trust expert. But I take comfort in the fact that maybe only 3 or my readers even know what it does. If thats you: I threaten to ban your comments if you expose me! :-))
I just made it into Malmo tonight for the Oredev conference this week. I’ll be giving a talk on Mule and Web Services - my first official Mule talk. It should be fun!
Between this, ApacheCon and QCon I think I overbooked myself. This is what I get when I say yes and don’t check my calendar though!
James Snell: Wrong. All of this is complex. Technology is complex. It does nobody any good to argue that one particular way of building applications is less complicated than any other way of building applications. WS-* is complex. REST is complex. It’s all complex. Complexity is not the issue. The real issues are things like utility, consistency, accessibility, etc.
Not much I can add to that.
I presented my talk yesterday on AtomPub. You can find the slides here.
Its been quite interesting to research and I’ve learned a lot about building services on the web. Thanks to James Snell and others on the Abdera list for helping me with some larger APP questions that I had. The answers were worked into this presentation.
While APP is not the one true protocol, I think I’m hooked. I’ve been doing a fair amount of work on Abdera in my spare time and have put together a Mule Abdera transport as well. It makes it pretty trivial to consume feeds, publish entries and build services with Abdera. One of my broader goals is to make integration as easy as possible with HTTP for those bringing together a variety of platforms and systems. Mule is a great platform to help do that, but more details on that next week when I have more time to write!
The other talks at the QCon SOA track were great. I thoroughly enjoyed all of them and it was probably one of the best tracks I’ve ever attended. Some highlights:
I’m very please to be both attending and speaking at QCon this week. While I’m retiring for the evening, which usually is not my style (damn cold!), I’m looking forward to seeing everyone and meeting lots of faces for the first time tomorrow.
If you’re here and want to meet up, shoot me an email or call the cell (+1.616.318.3474).
Here’s an amusing story from my from my friend staying in Nanjing, China:
i was sitting in KFC taking a break from some much needed shopping today, thinking how nothing in china is really worth licking your fingers for, when a fairly large rat darted through the restaurant. immediately all the girls who worked there began to shriek. the rat made another lap through the dining area and into the kids play area. it was promptly blocked into that area with more commotion than necessary. the patrons mostly just kept eating. i’d have taken pictures of it but a couple high school girls took up a position to stare at me as i ate so i didn’t really need to bring more attention to myself by snapping pictures of the playground execution.
the worst part is i just watched ratatouille.