UT DALLAS Erik Jonsson School of Engineering Computer Science SECURED INFORMATION INTEGRATION WITH A SEMANTIC WEB BASED FRAMEWORK FEARLESS engineering What is a web service Everyone would agree with a general definition like this A Web service is a software system designed to support interoperable machine to machine interaction over a network Source W3C FEARLESS engineering SOAP WSDL and UDDI Most people understand Web Services to be the triumvirate of SOAP WSDL and UDDI SOAP Envelope Platform B Platform A Payload Application A SOAP Client Security Token SSL Web Application Service B WSDL Web Services Description Language UDDI Web Services Directory FEARLESS engineering 3 SOAP based web services Web services and SOAP are often considered the same FEARLESS engineering REST But SOAP is not the only kind of Web Service communication REST stands for REpresentational State Transfer Described in a thesis by Roy Fielding Day Software co founder of the Apache Software Foundation co author of HTTP and URI RFCs REST applies the architecture of the Web to Web Services Each URI is a distinct resource as in the browser based Web URIs be bookmarked and cached Don t reinvent the wheel Used by Amazon Google Flickr and many others FEARLESS engineering 4 REST In REST everything is a resource Resource Modelling is required at the outset Model each document and each process as a resource with a distinct URI Then use the standard HTTP verbs to interact with the resource GET Retrieve a representation of a resource Does not modify the server state A GET must have no side effects on the server side POST Create or update a representation of a resource PUT Update a representation of a resource DELETE Remove a representation of a resource FEARLESS engineering 5 Example of a REST Weather Service GET weatherforecast 02110 HTTP 1 1 Get the weather forecast for Boston POST weatherforecast HTTP 1 1 Upload a new weather forecast for San Jose by sending up an XML document which conforms to the appropriate Schema Response is a 201 Created and a new URI 201 Created Content Location weatherforecast 95101 PUT weatherforecast 95101 HTTP 1 1 Update an existing resource representation DELETE weatherforecast 02110 HTTP 1 1 Delete the resource representation FEARLESS engineering 6 Contrast with SOAP Weather service POST weatherforecast asmx HTTP 1 1 Send a SOAP message to get the weather in Boston POST weatherforecast asmx HTTP 1 1 Send a different SOAP message to create a forecast for San Jose Response is a custom SOAP response message POST weatherforecast asmx HTTP 1 1 Send another SOAP message to update the San Jose weather forecast POST weatherforecast asmx HTTP 1 1 Send another SOAP message to delete the Boston weather forecast Notice anything Everything is a POST All the details are in the SOAP messages FEARLESS engineering 7 Reinventing Protocols In REST HTTP is the protocol Well known simple and established Only four methods GET POST PUT DELETE A network admin can look at something like GET weatherforecast 02110 and understand what it is doing Requests can be bookmarked Responses can be cached By contrast in SOAP developers effectively create their own protocols Everything is a POST Rather than using GET POST PUT and DELETE the methods and operations are in the SOAP messages themselves A network admin just sees POSTs and cannot understand the purpose of the traffic without looking into the SOAP messages themselves FEARLESS engineering 8 More differences between SOAP and REST 1 SOAP is transport neutral SOAP can be used across FTP SMTP Message Queues But REST is tied to HTTP only 2 SOAP includes a whole stack of composable WS specifications WS Security for inserting security tokens into SOAP headers WSReliableMessaging WS Transactions etc etc etc But since WS builds on top of SOAP it does not apply to REST Proponents of REST would argue use HTTP infrastructure for reliable messaging and security Don t reinvent the wheel Experts argue that REST is as safe as HTTP FEARLESS engineering 9 REST in Practice REST is seen as more simple to develop than SOAP because you can create a QueryString just by concatenating strings together Most developers find it easier to concatenate strings together and then do a GET to a URI like Google s doGoogleSearch rather than to create a SOAP request SOAP products are getting easier to use though the gap is closing This simplicity is the main reason for REST s popularity FEARLESS engineering 10 REST s popularity a famous data point Source Jeff Barr Web Services Evangelist at Amazon com FEARLESS engineering 11 When to use SOAP instead of REST WS Security defines how to encrypt just part of an XML message e g to encrypt search strings into a search engine Rather than reinventing the wheel use SOAP for this WS includes reliable messaging and transaction support SOAP can be applied to FTP traffic and MQ REST can t So use SOAP for these applications SOAP supports attachments although there are three different specifications for how to do attachments right now MIME DIME MTOM Nevertheless use SOAP when you need to send around binary data or large attachments FEARLESS engineering 12 RESTful Interface in Blackbook Blackbook is a semantic web based framework which provides analysts an easy to use tool which federates queries across local and remote data sources to access valuable data Why REST in Blackbook Semantic data is a collection of different vocabularies and REST allows visualizers to show semantic data in an easy manner as compared to SOAP Implemented in following Blackbook modules 1 workspace workflow 2 workspace workspace 3 workspace blackbook FEARLESS engineering 13 Workflow Workflow is used to build complex processing sequences by stringing together BLACKBOOK algorithms A workflow process definition can be executed any number of times An individual execution of a process definition is called Process Instance Functionalities in RESTful Workflow 1 GET the process definition 2 DELETE the process definition 3 PUT the process definition 4 POST the process definition 5 PUT the process instance 6 GET the process instance FEARLESS engineering 14 Workspace Workspace subsystem is a general purpose storage system that uses a directory metaphor to organize content Currently the only items stored in the workspace are workflow process definitions and process instances In future user preferences and assertions content may be stored in the workspace Functionalities in RESTful Workspace 1 GET the root