2 soap/ws-* and rest: complementary communication styles mark rees microsoft services new zealand...
Post on 05-Jan-2016
213 Views
Preview:
TRANSCRIPT
2
SOAP/WS-* And REST:Complementary Communication Styles
Mark ReesMicrosoft Services New Zealand
Session Code: ARC 306
3
SOAP, WS-*, and WCF
REST and WCF
Comparing SOAP/WS-* and REST: Making the Right Choice
Agenda
4
Web Services Today
Two approaches to Web servicesare in use today
SOAP and the WS-* specificationsRepresentational State Transfer (REST)
There is some competition between proponents of each approachBeginning with the .NET Framework 3.5, Windows Communication Foundation (WCF) provides built-in support for both
Microsoft is agnostic in this debate
5
WCF Service
WCF Client
HTTP, TCP, MSMQ, etc.
Transport Channel
Transport Channel
Channel A
Channel B
Channel C
Channel A
Channel B
Channel C
WCF Communication BasicsChannels
WCF communication relies on channelsChannels can be grouped into channel stacksThe lowest channel in a stack is always the transport channel
6
WCF Communication BasicsBindings
A WCF interface is associated with one or more bindingsEach binding creates a channel stack with specific functions
Binding 3Binding 1 Binding 2
WCF Service[ServiceContract]interface IExampleB{. . .}
[ServiceContract]interface IExampleA{. . .}
Transport Channel X
Channel A
Transport Channel X
Channel C
Transport Channel Y
Channel B
Channel C
Channel A
Channel B
7
SOAP/WS-* And WCF
8
POST /AccountAccess/Accounts.svcHost: www.quickbank.comSOAPAction: GetBalance…<soap:Envelope xmlns:soap= … <soap:Body> <GetBalance xmlns= … <Account>2</Account> </GetBalance> </soap:Body></soap:Envelope>
WCF Client
WCF Service
Account 1
Account 2
Account 3
Access Via SOAPIllustrating the approach
9
Access Via SOAPA WCF interface
[ServiceContract]interface IAccount{ [OperationContract] int GetBalance(int account); [OperationContract] int UpdateBalance(int account, int amount);}
Indicates that this interface should be exposed a
a service
Indicates that this method should be exposed as a
remotely callable operation
10
Access Via SOAPA WCF binding
<endpoint address="http://www.qwickbank.com/AccountAccess/
Accounts.svc" contract=“AccountApp.IAccount" binding="basicHttpBinding“ />
Specifies where the service can be found
Specifies theservice’s interface
Specifies the binding that should be used to talk to the service
11
BasicHttpBinding
HTTP Transport (Text Message
Encoding)
Channel
WCF Application
WCF Binding For SOAPUsing HTTP
Sends standard XML SOAP messages
over HTTP
12
Describing WS-*Messaging and security
MessagingWS-Addressing: Allows using SOAP over any transport protocol, not just HTTPMessage Transmission Optimization Mechanism (MTOM): Allows sending binary data efficiently
SecurityWS-Security: Defines a way to convey various security tokens and moreWS-Trust: Defines how to request and receivesecurity tokensWS-SecureConversation: Allows establishing a security context, e.g., for more efficient encryption
13
Describing WS-*Reliability, transactions, policy, and metadata
ReliabilityWS-ReliableMessaging: Allows reliable end-to-end communication through SOAP intermediaries
TransactionsWS-AtomicTransaction, WS-Coordination: Define howto do two-phase commit for ACID transactions
PolicyWS-Policy: Allows defining policies in various areas, e.g., security policies with WS-SecurityPolicy
Acquiring interface definitionsWS-MetadataExchange: Allows accessing a service’s WSDL definition and more
14
WSHttpBinding
WCF Application
Reliable Session
Symmetric Security
Channel
Transaction Flow
HTTP Transport (Text Message
Encoding)
WCF Binding For SOAP/WS-*Using HTTP
Implements WS-AtomicTransaction
Implements WS-ReliableMesssaging
Implements WS-Security
15
WSTcpBinding
WCF Application
Reliable Session
Symmetric Security
Channel
Transaction Flow
TCP Transport (Binary Message
Encoding)
WCF Binding For SOAP/WS-*Using TCP
Sends binary SOAP messages over TCP
16
Access Via SOAP/WS-*Specifying WCF bindings
Using WS-Security, WS-ReliableMessaging, and/or WS-AtomicTransaction with WSHttpBinding or WSTcpBinding requires configuring the binding correctly
These configurations can get complicatedEspecially for securityWCF’s Configuration Editor Tool (SvcConfigEditor.exe) helps some
17
WS-* In The Real World
WCF isn’t yet the dominant technologyfor Web services on Windows
Which makes the WS-* technologies lesswidely available
Cross-vendor interoperability for SOAP and the WS-* technologies isn’t perfect
Developers expect types to move unchanged from .NET to XML to Java (and back), which is hard
18
REST And WCF
19
WCF Service
GET www.quickbank.com/Accounts/2
Account 1
Account 2
Account 3
Access Via RESTIllustrating the approach
WCF Client
20
Defining RESTAn architectural style
Two core principlesEverything is accessed through a uniform interfaceAll data is identified with a URI
Some subsidiary principlesBe cacheable whenever possibleBe statelessMore . . .
A first-rate description of RESTRESTful Web Services, by Leonard Richardson and Sam Ruby
21
Access Via RESTA WCF interface[ServiceContract]interface IAccount{ [OperationContract] [WebGet] int GetBalance(string account); [OperationContract] [WebInvoke] int UpdateBalance(string account, int amount);}
Sends request using HTTP GET
Sends request using HTTP POST (by default)
22
The Semantics Of HTTP VerbsA closer look
REST typically depends on HTTP’s verbsPrimarily GET, PUT, POST, and DELETE
The semantics of some, e.g., GET, are well-definedThe semantics of POST are less clear
From the HTTP 1.1 spec:POST is designed to allow a uniform method to cover the following functions:
- Annotation of existing resources; - Posting a message to a bulletin board, newsgroup, mailing list, or similar group of articles; - Providing a block of data, such as the result of submitting a form, to a data-handling process; - Extending a database through an append operation.
The actual function performed by the POST method is determined by the server ...
23
WCF Support For RESTSpecifying verbs and data formats
The Method parameter for WebInvoke allows specifying HTTP verbs other than POST, e.g.,:[WebInvoke(Method="PUT")]
The ResponseFormat parameter for WebGet and WebInvoke allows specifying how information is sent:
XML (the default)JavaScript Object Notation (JSON)Binary
24
WCF Support For RESTWorking with URIs
RESTful communication typically requires workingwith lots of URIs
Every resource has its own URIURIs for a particular application commonly havea common format
Such as Accounts/<number>URI templates can make it easier to work with large numbers of similar URIs, providing
A way to express URI patternsSupport for working with URIs that match those patterns
25
Access Via RESTSpecifying a WCF binding
The configuration is fairly simple:Specify binding=“webHttpBinding”Set the webHttp behavior for this endpoint
Alternatively, an application can use WebServiceHost instead of ServiceHost
This defaults to webHttpBinding with the webHttp behaviorNo configuration is needed
26
WebHttpBinding
WCF Application
Channel
HTTP Transport (Web Message
Encoding)
WCF Binding For RESTUsing HTTP
Sends XML, JSON, or binary data
over HTTP
27
Truth In Naming
Calling SOAP-based services “Web services” makes no sense
It has little to do with Web technologies
REST-based services truly deserve the name “Web services”
They’re entirely based on Web technologies:HTTP and URLs
28
Comparing SOAP/WS-* And REST:Making The Right Choice
29
Areas For Comparison
Exposing operations vs. exposing resourcesSOAP/WS-* and REST emphasize different things
CapabilitiesSOAP/WS-* and REST provide different functions
30
Operations Versus ResourcesWhat is exposed?
REST Focused on accessing named resources(which usually means data) Every application exposes its data throughthe same interface
SOAP Focused on accessing named operations, each of which implements some logicDifferent applications provide different functionality, and so each one has a different interface
31
RESTful Data AccessAmazon’s Simple Storage Service (S3)
S3 allows storing Objects in BucketsMuch like storing files in directories
Example operations:GET Object: Returns the contents of this objectGET Bucket: Returns a list of objects in this bucketPUT Object: Creates a new objectPUT Bucket: Creates a new bucketDELETE Object: Deletes an objectDELETE Bucket: Deletes a bucket
32
RESTful Data AccessThe benefits of caching
For many (most?) services, the majority of client requests are reads
In a RESTful service, all reads rely on HTTP GET
The results of a GET are commonly cachedThis can allow better performance and more scalability for RESTful services exposed overthe Internet
33
SOAP-based Operation AccessThe banking interface shown earlier
A service for banking functions might include operations such as
GetBalance(Account)UpdateBalance(Account, Amount)
These work well with either REST or SOAPSuppose the interface must also include
Transfer(FromAccount, ToAccount, Amount)This doesn’t map well to REST’s data-oriented model
It’s exposing logic, not data access
34
SOAP/WS-* and RESTA capability summary
Conveying security tokens WS-Security HTTP, SSL
Protocol for invoking operations SOAP HTTP
Transport protocol HTTP, TCP, others HTTP
Language for describing interfaces
WSDL No standard
Acquiring security tokens WS-Trust No standard
Establishing a security context WS-SecureConversation SSL
Providing end-to-end reliability WS-ReliableMessaging No standard
Supporting distributed ACID transactions
WS-AtomicTransaction, WS-Coordination
No standard
Defining policy WS-Policy, et al. No standard
Acquiring interface definitions WS-MetadataExchange No standard
SOAP/WS-* REST
35
Broad Standardization Versus Keep it SimpleTwo views of the world
Broad standardizationProvides a wide range of functionalityAllows interoperability, since everyone providesthe capability in the same wayIncreases the odds of correct implementation, since each vendor implements (and tests) the capability once rather than each application developerdoing it
Keep it SimpleYou probably won’t need it, so keep things simple
36
SecurityREST
RESTful services commonly use HTTPS
Standards for carrying security tokensHTTP for username/passwordSSL for X.509 certificates
This is sufficient for many scenarios
37
SecuritySOAP/WS-*
SOAP-based services can use HTTPSStandards for carrying security tokens
WS-Security forUsername/passwordX.509 certificateSAML tokenKerberos ticket
WS-Security also defines how to useXML Signature for integrityXML Encryption for privacy
WS-Trust definesHow to acquire security tokens
38
TransactionsUsing WS-AtomicTransaction
ACID transactions that span multiple applications and/or databases are an important part of enterprise computing
They’re not all that common, but they’restill important
ACID transactions don’t usually make sense across the Internet
They’re mostly used within an enterpriseWS-AtomicTransaction addresses this problem
It relies on WS-Coordination
39
TransactionsA simplified WS-AtomicTransaction example
Java EE
Browser1) Submit request 3) Invoke operation via SOAP, conveying
transaction context as defined by WS-Coordination
.NET Framework
2) Update .NET Application
4) UpdateEJB Application
Internet
Transaction Coordinator
5) Perform two-phase commit as defined by WS-Atomic Transaction
Transaction Coordinator
40
Reliability
RESTAssumes the application deals with communication failures via application retries
SOAP with WS-ReliableMessagingBuilds acknowledgement/retry logic into the communications stackCan provide end-to-end reliability through one or more SOAP intermediaries
41
Making A ChoiceSOAP/WS-* or REST?
Neither is right for every situationEach has its place
Some questions to ask:Does the service expose data or logic?
REST can be a good choice for exposing dataSOAP/WS-* can be better for exposing logic
Does the service need the capabilities of WS-*, or is a simpler RESTful approach sufficient?What’s best for the developers who will build anduse the service?
SOAP’s operation-oriented approach will feel more natural to many
42
Conclusion
Both SOAP/WS-* and REST have good futures
WCF supports both
The best decisions come from reason,not emotion
43
For Further Reading
Dealing with Diversity: UnderstandingWCF Communication Options in the .NET Framework 3.5
http://www.davidchappell.com/articles/white_papers/WCF_Diversity_v1.0.docx
44
Q & A
45
Resources
www.microsoft.com/teched Tech·Talks Tech·Ed BloggersLive Simulcasts Virtual Labs
http://microsoft.com/technet
Evaluation licenses, pre-released products, and MORE!
http://microsoft.com/msdn
Developer’s Kit, Licenses, and MORE!
46
Please complete anevaluation
47
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED
OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
top related