Skip to content

Read Only Resource Oriented Services

Design of Read Only Resource-Oriented Services

How read-only resource oriented services are designed ?

The follwing steps are to be done to design a read/write resource-oriented service.

  1. Figure out the dataset.
  2. Split the dataset into resources.
  3. For each resource.
    • Name the resource with a URI.
      • 3 basic rules to name the resources with URLS:
        • Use path variables to encode hierarchical relationship: parent/child.
        • Use punctuation characters to separate children: parent/child1;child2.
        • Use query variables to imply input to the resource: parent?child=child1.
    • Expose a subset of the uniform interface.
    • Design the representation accepted from the client.
    • Design the representation served to the client.
    • Integrate the resource with other resources using links and forms.
    • Consider the typical course of events: what’s supposed to happen?
    • Consider error conditions: what might go wrong?

Issues: Authentication and Authorization

  • Now that we are allowing a client to change stuff on our server, we need
    • Authentication: problem of tying a request to a user
    • Authorization: problem of determining which requests to let through for a given user
  • HTTP provides mechanisms to enable this (HTTP Basic/Digest) and other web services roll their own (Amazon’s public/private key on subset of request)
  • Another Issue: Privacy
    • Can’t transmit “private information” in the clear; need to use HTTPS
  • Another Issue: Trust
    • How do you trust your client software to do the right thing?
      • Especially in today’s environment with malware becoming harder and harder to discern.