Skip to content

Read Write Resource Oriented Services

Design of Read/Write Resource-Oriented Services

How read/write resource oriented services are designed ?

The following steps are to be done to design a read/write resource-oriented service.

  1. Figure out the dataset.
  2. Split the dataset into resources.
  3. For each resource.

    • Name the resource with a URI.
      • 3 basic rules to name the resources with URLS:
        • Use path variables to encode hierarchical relationship: parent/child.
        • Use punctuation characters to separate children: parent/child1;child2.
        • Use query variables to imply input to the resource: parent?child=child1.
    • Expose a subset of the uniform interface.
    • Design the representation accepted from the client.
    • Design the representation served to the client.
    • Integrate the resource with other resources using links and forms.
    • Consider the typical course of events: what’s supposed to happen?
    • Consider error conditions: what might go wrong?
  4. Build matrix with resource types as rows, and operations as columns

    • Indicate what operations apply to which types
      • provide example URIs and discussion of what will happen
        • especially in the case of POST and PUT
          • POST: create resource
          • PUT: update resources
      • Two questions to help
        • Will clients be creating new resources of this type?
        • Who’s in charge of determining the new resource’s URI? Client or Server?

Issues: Authentication and Authorization

  • Now that we are allowing a client to change stuff on our server, we need
    • Authentication: problem of tying a request to a user
    • Authorization: problem of determining which requests to let through for a given user
  • HTTP provides mechanisms to enable this (HTTP Basic/Digest) and other web services roll their own (Amazon’s public/private key on subset of request)
  • Another Issue: Privacy
    • Can’t transmit “private information” in the clear; need to use HTTPS
  • Another Issue: Trust
    • How do you trust your client software to do the right thing?
      • Especially in today’s environment with malware becoming harder and harder to discern.