« Is security is the killer feature of WS-*?
[Lazyweb] Viewing AtomPub services documents in Firefox »

ApacheCon REST presentation

November 14th, 2007

What does one do after going to QCon and Oredev? ApacheCon of course. I barely made it on my plane out of Sweden. I arrived at the airport checkin thinking the arrival time of the flight was the departure time. Oops.

Here’s my presentation that I did on building RESTful HTTP services. Really its just a bunch of practical stuff that you should know when you get in bed with HTTP.

I was jazzed before the talk as I had somehow managed to teach Sam Ruby something about HTTP that he didn’t know. Expect: 100-continue. You can use the Expect header to ensure that the server will be willing to process the request. Sam brought up an example where you might be uploading a large image from a cellphone and you need to be authenticated to do so. You certainly don’t want upload the image and then get an unauthorized response! The solution to this is to have a client send an Expect: 100-continue header. After the client sends the headers it waits for the server to respond with either a “100 Continue” message or some other status like “401 Unauthorized”. Provided that the client gets a 100, it can continue sending the message. If it gets some other message, the connection is immediately closed and then the client can decide what to do next - like authenticate itself.

This entry was posted on Wednesday, November 14th, 2007 at 7:26 pm and is filed under REST, Web Services.

7 Responses to “ApacheCon REST presentation”

  1. Mike Herrick Says:
    November 15th, 2007 at 8:46 am

    Great slides Dan.

  2. mult.ifario.us : HTTP 100 Tidbit Says:
    November 15th, 2007 at 7:20 pm

    [...] Dan’s presentation, I hadn’t heard of 100 (Continue), but then I ran into it today. A client had an issue with a .NET [...]

  3. Mark Baker Says:
    November 15th, 2007 at 7:53 pm

    “ensure” is tad strong, considering that there are many HTTP 1.1 servers that don’t respect Expect. It’s too bad that it was introduced too late in the standardization process (you’ll notice it’s not in RFC 2068).

  4. Dan Diephouse Says:
    November 15th, 2007 at 10:29 pm

    Mark: I was coming at it from the POV of a developer who is developing a service and can ensure these things. But, you’re right - it cannot be relied upon for just any ol’ HTTP server.

  5. sixtus Says:
    November 17th, 2007 at 7:02 pm

    On slide 6 there is a bug: Resource do have a state, communication with resources is stateless.

    Also, on slide 34, I really do think POST == COMMIT (think of visibility, INSERT is directly visible). As always, POSTing to create targets a different URL than the PUT (and my POST == COMMIT).

    Otherwise: Great presentation!

  6. Maximilian Schulz Says:
    December 9th, 2007 at 3:39 pm

    About the slides I don’t know - haven’t checked them, but the little hint about the Expect header is great.

  7. immeraMom Says:
    February 5th, 2008 at 11:14 pm

    Nice site keep it up!

    ————————————–
    http://www.dasofte.com

Leave a Reply