It would seem to me that that is the opposite from how the JavaScript
API works, where you have to query for supported fields, and then
specify which fields you want to retrieve.
While having always all fields return is somewhat convenient to the
end user, are we not worried about the extra bandwidth consumption and
IO strain on the social data back-end? There are a -lot- of possible
fields which might be spread out over quite a few sources, and always
collecting all of them when applied to a massive scale can have an
impact on performance.
When it always returns everything, i don't see why a developer would
specify which fields to retrieve , why not always fetch (the default)
all fields, even if you just need a name?
Just a thought :)
-- Chris
Perhaps an approach might be for the spec to allow the server to
decide what will be returned in the default set, and also provide a
list of available fields. If the gadget developer wants more than the
default set, they will have to ask for them ?
Thinking further, as a gadget developer, on the minimization of
roundtrip, and reducing the number of chained async calls, one
approach could be for the gadget to request the fields they want, and
the restful api to respond with the default set, and any additional
requested field, indicating (by some json structure) which fields
were not available.
Putting all this on the URL would encourage developers not to request
everything, and increase the possibilities for http caching.
I guess if this looks like an approach, its something for the future.
Ian
Chris,
Ahh I wasn't thinking client servers, but either way, if the spec
doesn't minimize the impact on the server then its going to hit
scalability regardless of client.
4 -- 10k per request, feels acceptable, but what is not acceptable is
200x10K for the friends list. Does the spec say that when a friends
list is returned the full profile of each friend must be sent ? I
should go and read some more.
It would be a little worrying to expect that the server might be
required to generate this much json. On current tests in java thats
~50ms per request just to serialize the json, leaving out getting the
object tree or raw data. On the same platform the whole request
should really be < 10ms.
Perhaps there should some form of depth specification in the request
to give control over how populated the response tree is ? (ie
populate down to 3 levels, pointers beyond that) That would allow a
full Friends list, with lazy loading of more detailed metadata.
Ian
It also raises permission issue - the default everything model is
problematic, and users need to be ware that this is the permission
they are giving, as opposed to the 'just the fields that are
required' model that suits most apps - a personal contact manager
merging app is unusual in the depth of trust needed in it, compared to
most applications that won't need phone numbers and home addresses for
all your friends.
The other reason a full representation is needed is that if an
application wants to modify a field in a Person resource, the AtomPub
model is that you should GET the whole resource, change the fields
client-side, and PUT the modified version back. Again, this has an
implicit trust model where the client has full access. In practice,
particularly for Person, containers are unlikely to allow this to any
client app. This is done to avoid having a separate filed-level delete
option, so fields removed are assumed to be deleted by design.
Clearly, if the client has a narrow remote representation that doesn't
round-trip correctly, this can lead to data loss.
So I agree the default should be a minimal set, but we should add a
simple option to get all fields (@all in the fields param perhaps).
This raises the issue of PUTting or POSTing with a fields parameter to
indicate which fields to write back, which may be a good answer, but
is at variance with AtomPub practice, as it doesn't have an idea of
server-controlled merge.
> I can see how this might make sense in the portable contacts case,
> where 'give me everything in on shot and I'll merge it' is attractive
> (especially when combined with the updatedSince option), but even
> there the chances that both parties support the union of all fields is
> unlikely.
Thats exactly why i proposed to leave the portable contacts out of the
scope of the RESTful spec discussion if we can; I would much rather
get to a well working, well documented RESTful spec first that makes
sense to everyone, and then add support for portable contacts, then
take away our ability to still change it due to the portable contacts
requirements. (Doesn't mean we can't keep it in mind, mind you, but
lets not restrict our selves either to thinking there can only be one
road that leads to rome).
> It also raises permission issue - the default everything model is
> problematic, and users need to be ware that this is the permission
> they are giving, as opposed to the 'just the fields that are
> required' model that suits most apps - a personal contact manager
> merging app is unusual in the depth of trust needed in it, compared to
> most applications that won't need phone numbers and home addresses for
> all your friends.
That is a good point and probably something we should add to the
RESTful spec, right now it says it returns 'all the fields', while i
think the intention (remembering Smarr's Google IO presentation on
this topic) that a user can choose to give permission to certain parts
of his profile information (probably you don't want to allow every
site access to all your private email addresses and your home fax
number for instance?). The current wording of the spec doesn't touch
on this, so people (consumers and SNS's alive) might assume they don't
have to deal with the permissions, and that could lead to some nasty
headlines in the media (open, unrestricted REST API's made the media
once before for myspace i believe)
> The other reason a full representation is needed is that if an
> application wants to modify a field in a Person resource, the AtomPub
> model is that you should GET the whole resource, change the fields
> client-side, and PUT the modified version back. Again, this has an
> implicit trust model where the client has full access. In practice,
> particularly for Person, containers are unlikely to allow this to any
> client app. This is done to avoid having a separate filed-level delete
> option, so fields removed are assumed to be deleted by design.
> Clearly, if the client has a narrow remote representation that doesn't
> round-trip correctly, this can lead to data loss.
Kevin had a good remark about this ... probably we would want to allow
a books application to modify the favorite books field for instance,
while we probably don't want it to modify, say, the password field :)
So it's good that the spec 'allows for the concept of modifying the
persons record' in it's self.
The spec does mention partial updates, but currently lists it as 'to
be determined', i guess that's hopefully where we'll find the answer
to the above situation.
- Cassie
One step further might be to make the container spec a generated
feature (as in gadget feature) containing all the container setup,
avoiding most of the round trips, and pumping the result directly
into the javascript scope. There would need to be an alternative for
server-server interactions.
Ian
On the gadget / javascript side of things the supportedFields is
already injected into scope through the initial configuration, when
you look at a gadget source you'll see something like:
gadgets.config.init({
<snip lots of stuff>
"supportedFields":{
"person":
["id
","name
","thumbnailUrl","profileUrl","id","name","thumbnailUrl","profileUrl"],
"activity":["id","title","id","title"]
},
<snip>
});
And there is a API available in open social to get the supported
fields (and their key name) through javascript for the gadgets, which
already used by a lot of gadgets, and seems to be working well. No
need for any new features or anything, that's already part of how it
works :)
The question is "How do we expose the same information to the external
RESTful service consumer" And for that a /people/@supportedFields and /
activities/@supportedFields would be a good solution.
On Jul 19, 2008, at 12:05 PM, Ian Boston wrote:
> One step further might be to make the container spec a generated
> feature (as in gadget feature) containing all the container setup,
> avoiding most of the round trips, and pumping the result directly
> into the javascript scope. There would need to be an alternative for
> server-server interactions.
That's what shindig/config/container.js is for, and it's injected into
the JS scope through the gadgets.config.init({}) call.
eg
/containerSupport
returns as selected subset of JSON structure passed to
gadgets.config.init(...);
Although we have a small number of types at the moment, I suspect
that there will be more, and it leaves and extension point open for
real SNS implementations.
Ian
Ian