Web Server Design Week 16 Old Dominion University Department of Computer Science CS 495/595 Spring 2012 Michael L. Nelson <mln@cs.odu.edu> 04/24/12
Representational State Transfer http is an implementation of REST http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm REST is best understood in contrast to Remote Procedure Call (RPC) style interfaces like SOAP http://en.wikipedia.org/wiki/Representational_State_Transfer http://en.wikipedia.org/wiki/SOAP_(protocol) The simplest explanation is RESTful URIs are nouns, and RPC URIs are verbs it is not true that REST URIs do not have arguments / query strings Philosophies: RPC: http is just a transport protocol to tunnel an application-specific protocol; other protocols (e.g., SMTP or future protocols) can be used too REST (http implementation): http already has basic mechanisms for almost anything you need and will be around forever. Embrace it in your system design.
All You Need is CRUD… Operation SQL HTTP Create Insert POST, PUT Read/Retrieve Select GET Update PUT Delete/Destroy Delete DELETE http://en.wikipedia.org/wiki/Create,_read,_update_and_delete
Example Design RPC: REST: http://example.com/userApp?method=getUser&arg1=X&arg2=Y http://example.com/userApp?method=addUser&arg1=X&arg2=Y http://example.com/userApp?method=removeUser&arg1=X&arg2=Y http://example.com/userApp?method=updateUser&arg1=X&arg2=Y http://example.com/userApp?method=getLocation&arg1=X&arg2=Y http://example.com/userApp?method=addLocation&arg1=X&arg2=Y http://example.com/userApp?method=removeLocation&arg1=X&arg2=Y http://example.com/userApp?method=updateLocation&arg1=X&arg2=Y http://example.com/userApp?method=listUsers&arg1=X&arg2=Y http://example.com/userApp?method=listLocations&arg1=X&arg2=Y http://example.com/userApp?method=findLocation&arg1=X&arg2=Y http://example.com/userApp?method=findUser&arg1=X&arg2=Y RPC: http://example.com/users/ http://example.com/users/{user} (one for each user - where {user} is either the user name or the user id) http://example.com/findUserForm http://example.com/locations/ http://example.com/locations/{location} (one for each location - where {location} is the location name or the location id) http://example.com/findLocationForm REST: adapted from: http://en.wikipedia.org/wiki/Representational_State_Transfer
Amazon S3 “Simple Storage Service” Premise: http://aws.amazon.com/s3 part of a family of Amazon Web Services (AWS), including “Elastic Compute Cloud (EC2)” and “Simple Queueing Service (SQS)” Premise: cheap, remote storage service accessible via http http://aws.amazon.com/s3/pricing/ no initial fee, no maintenance fee $0.11 per GB/month storage (first 50TB) $0.12 per GB/month transferred (first 10TB) private/public X read/write access available
Core Concepts Registration: Bucket Object AWS access key ID semantic free name space for your account Secret access key used to authenticate to AWS Bucket namespace for referencing your objects; must be globally unique you can have 1-100 buckets per AWS access key buckets hold 0 or more objects Object files (placed in buckets); up to 5GB in a single object “key” is the identifier for the object placed in a bucket
Access Points SOAP and REST interfaces provided 3 different URLs for REST access: http://s3.amazonws.com/bucket/key http://bucket.s3.amazonws.com/key http://bucket/key Where: bucket = your namespace key = identifier of the object in the bucket For more info: http://docs.amazonwebservices.com/AmazonS3/2006-03-01/VirtualHosting.html
Examples: These are the same (& real): http://s3.amazonaws.com/doc/2006-03-01/AmazonS3.wsdl http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl These would be the same (but not real): http://s3.amazonaws.com/MichaelNelsonFords/1966/Fairlane427 http://michaelnelsonfords.s3.amazonaws.com/1966/Fairlane427 http://fords.michaelnelson.org/1966/Fairlane427
Authenticating to AWS Can authenticate to AWS via: “Authorization” http header using the AWS authentication scheme cf. “Basic” & “Digest in RFC-2616 URL arguments http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAuthentication.html HMAC: Keyed-Hashing for Message Authentication RFC-2104: http://www.ietf.org/rfc/rfc2104.txt
A Tour of the REST API for S3 http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAPI.html
GData: Atom + REST http://en.wikipedia.org/wiki/Atom_(standard) http://code.google.com/apis/gdata/ http://code.google.com/apis/gdata/docs/2.0/basics.html