Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
API Craft
Message from discussion HATEOAS -> Level 3 REST?

View parsed - Show only message text

Received: by 10.42.110.75 with SMTP id o11mr9011214icp.6.1334640557487;
        Mon, 16 Apr 2012 22:29:17 -0700 (PDT)
X-BeenThere: api-craft@googlegroups.com
Received: by 10.231.0.82 with SMTP id 18ls3068209iba.4.gmail; Mon, 16 Apr 2012
 22:29:14 -0700 (PDT)
Received: by 10.50.217.193 with SMTP id pa1mr6417036igc.1.1334640554913;
        Mon, 16 Apr 2012 22:29:14 -0700 (PDT)
Received: by 10.50.217.193 with SMTP id pa1mr6417035igc.1.1334640554902;
        Mon, 16 Apr 2012 22:29:14 -0700 (PDT)
Return-Path: <m...@amundsen.com>
Received: from mail-ob0-f174.google.com (mail-ob0-f174.google.com [209.85.214.174])
        by gmr-mx.google.com with ESMTPS id t9si6159274igb.1.2012.04.16.22.29.14
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 16 Apr 2012 22:29:14 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.214.174 is neither permitted nor denied by best guess record for domain of m...@amundsen.com) client-ip=209.85.214.174;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 209.85.214.174 is neither permitted nor denied by best guess record for domain of m...@amundsen.com) smtp.mail=...@amundsen.com
Received: by obbta14 with SMTP id ta14so6469327obb.33
        for <api-craft@googlegroups.com>; Mon, 16 Apr 2012 22:29:14 -0700 (PDT)
        d=google.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding:x-gm-message-state;
        bh=zhE3s4nZ8IsDKjITSfzREj0Z3HJKRG890c9/jXPHx2E=;
        b=RxrZWyH14RRTr1LD/a2h2SFfHRZR3i/9k1JORdAoNkhN5RZNsAalgI/2aVf//6OUvr
         mla9QtUmJ2p5+mCSwV8XcaF0I9iJZmGXz0U17vw8KuzBxH74b/8mepuj35uDRIYORWlu
         Im8FXg+I9fPRhErgELi/sEvSVNoZN93/1D6Clf5PsnCX+plIDweQ9g0UDSPwqC+wgdQk
         jWC29EEdQj4vUQGfgZLYr4y3lTaZrs+U9n3FLr4qwdnsV9J8P9puk4BByFeQNfSfbSMp
         dpDaw0wxEgW+InvIO/h8yg1+WI3wBK5Cdp5UGdcnfZRrATixeV9KGuu1MTYJgn6iOuCc
         5rwA==
MIME-Version: 1.0
Received: by 10.60.0.201 with SMTP id 9mr19063742oeg.59.1334640554340; Mon, 16
 Apr 2012 22:29:14 -0700 (PDT)
Received: by 10.182.80.100 with HTTP; Mon, 16 Apr 2012 22:29:14 -0700 (PDT)
In-Reply-To: <CALeNzwkmw3Soa_F4mSrz3vw6_5d6BY4GtPXV3Yy_DUuK-hV...@mail.gmail.com>
References: <78ea3380-118e-4a9e-bc00-801846587...@t2g2000pbg.googlegroups.com>
	<27749108.1392.1334507126242.JavaMail.geo-discussion-forums@pbep2>
	<CALeNzwkmw3Soa_F4mSrz3vw6_5d6BY4GtPXV3Yy_DUuK-hV...@mail.gmail.com>
Date: Tue, 17 Apr 2012 01:29:14 -0400
Message-ID: <CAPW_8m6A6i3dm9CdB76WJzqMwmsqtkQXaPN-Bd+y98FwSsm...@mail.gmail.com>
Subject: Re: HATEOAS -> Level 3 REST?
From: mca <m...@amundsen.com>
To: api-craft@googlegroups.com
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQlmsXRDhSNgp+Hh+nBZEgoFBhhDBIZFwE08yf/1wVnVaCwRkAim23bNzN8EffYiCFpsOwYf

I think a viable approach is to start w/ Fielding's list of REST
constraints, drop the ones that "don't make sense" for WebAPI and, if
needed, include additional constraints that WebAPI requires (but are
missing from REST).

In this way, you define a stable, general set of constraints (not
rules, more like guidelines<g>) that can apply across platforms,
frameworks, specific applications, etc.

Starting with Fielding's Constraints:
1 - Client/Server
2 - Stateless
3 - Cache
4 - Uniform Interface
  4.1 + Identification of Resources
  4.2 + Resource Representations
  4.3 + Self-Descriptive Messages
  4.4 + Hypermedia
5 - Layered System
6 - Code on Demand

Things to Drop
Seems to me WebAPI should drop items 2, 4.4, and 6.
It's possible that (since stateless is not a requirement for WebAPI),
4.3 can be dropped, too.
Is support for Cache (3) required here?
Is content-negotiation (selecting a format at runtime) a requirement (4.2)?

Things to Add
A - Well-defined URI construction rules (need more detail here, I suspect)
B - Is support for cookies (or some session identifier) required?
C - Other architectural requirements?

Just a suggestion, of course.

mca
http://amundsen.com/blog/
http://twitter.com@mamund
http://mamund.com/foaf.rdf#me




On Tue, Apr 17, 2012 at 01:01, Greg Brail <g...@apigee.com> wrote:
> I think that the idea of "levels of maturity" makes some sense as long as=
 it
> understands that we are not all progressing in a linear fashion (as Brian
> wrote) from "neanderthal" to "enlightened" or whatever.
>
> I would instead consider aspects such as:
>
> Is the API documented so that a third-party developer can use it without
> personal knowledge of the source code or the phone number of the develope=
rs?
> Is there a way to sign up and use the API, even in a limited way, via
> self-service or mostly-self-service?
> Is the API protected from invalid inputs like SQL injection and invalid
> JSON/XML?
> Is the API protected from out-of-control clients that overuse resources?
> Is the API protected from denial-of-service attacks in some way?
> Does the API appropriately use authentication?
> Does the API appropriately use encryption?
> Does the API make appropriate authorization checks and maintain a set of
> roles that make sense to its users and prevent abuse?
> Does the API allow clients to control how much data is received so that i=
t
> can efficiently serve slow devices on slow networks?
> Can the infrastructure behind the API scale to meet traffic demands?
> Can the infrastructure behind the API survive system failures and even
> failure of an entire data center?
> Does the API provide readable and well-documented error responses?
> Does the API team understand what kinds of developers will be using it?
> Is the API written in a way that those target developers will be able to =
use
> (SOAP for .NET programmers, HATEOAS for,=A0well, people who like that sor=
t of
> thing, "Pragmatically RESTful" for me personally)?
>
> I'm sure that there are more...
>
> On Sun, Apr 15, 2012 at 9:25 AM, MattM <matthewmclartys...@gmail.com> wro=
te:
>>
>> I think establishing the maturity model is a great way to approach this.
>> =A0If the audience gets Levels 1 and 2 quickly, then you don't need to s=
pend a
>> lot of time (no loss). =A0If they DON'T get it quickly, then clearly the=
y need
>> to hear it and won't be ready for HATEOAS without it.
>>
>> Does anyone else on here agree that this maturity model (that was create=
d
>> a few years ago) could use a few more levels, possibly around areas like
>> security, service levels, and other non-functional areas? =A0Could be an
>> interesting group assignment.
>>
>> Thanks, Matt
>>
>> On Saturday, 14 April 2012 08:58:13 UTC-7, Matthew Bishop wrote:
>>>
>>> Like many of you, our company struggles with both saying and
>>> understanding HATEOAS. A few months ago I had to try to explain this
>>> to a new group of staff members and I tried using "Level 3 REST"
>>> instead. I pointed to the Richardson Maturity Model at
>>> http://martinfowler.com/articles/richardsonMaturityModel.html
>>>
>>> It worked. People got what I was talking about much easier because the
>>> Level 3 was framed in reference to the other Levels.
>>>
>>> I'm no longer using the term HATEOAS but Level 3 from now on. What do
>>> you think?
>
>
>
>
> --
> Gregory Brail =A0| =A0Technology =A0| =A0Apigee

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google