The next E-VAN is on the 20th and we're looking for questions/topics
for Ian and Jim to discuss, if you want to know more about MEST/REST/
guerilla SOA/consumer-driven contracts then this your chance.
Details on the session and a few links can be found on the following
blog post:
On Sat, Jul 11, 2009 at 4:23 PM, Colin Jack <colin.j...@gmail.com> wrote:
> Hi,
> The next E-VAN is on the 20th and we're looking for questions/topics
> for Ian and Jim to discuss, if you want to know more about MEST/REST/
> guerilla SOA/consumer-driven contracts then this your chance.
> Details on the session and a few links can be found on the following
> blog post:
Just to clarify, do you mean in SOA in general, particularly with REST or
just in general distributed system development?
Maybe even going a step further, have they met particular situations where
the security requirements suited WS-* instead of REST/MEST?
2009/7/12 Ryan Riley <ryan.ri...@panesofglass.org>
> I'm curious on best practices for implementing security. I am aware of the
> options, just not the available tools or practices for the implementation.
> On Sat, Jul 11, 2009 at 4:23 PM, Colin Jack <colin.j...@gmail.com> wrote:
>> Hi,
>> The next E-VAN is on the 20th and we're looking for questions/topics
>> for Ian and Jim to discuss, if you want to know more about MEST/REST/
>> guerilla SOA/consumer-driven contracts then this your chance.
>> Details on the session and a few links can be found on the following
>> blog post:
I was thinking in particular of REST, using WSSE, OAuth, SAML, or encrypted Atom feeds (besides HTTP Basic and Digest auth). I like the second question you have, as well. I'm assuming libraries or practices exist for the above, but I am not aware of them (except in the last case). I've heard Jim mention all these before, but examples for when and how to use each would be nice. This is the single biggest issue I have convincing others to consider REST and HTTP as an ESB, and while I know the options, I haven't had examples to show, nor the time to figure it out myself. :(
On Sun, Jul 12, 2009 at 11:42 AM, Colin Jack <colin.j...@gmail.com> wrote: > Excellent, and ta for sharing.
> Just to clarify, do you mean in SOA in general, particularly with REST or > just in general distributed system development? > Maybe even going a step further, have they met particular situations where > the security requirements suited WS-* instead of REST/MEST?
> I was thinking in particular of REST, using WSSE, OAuth, SAML, or encrypted
> Atom feeds (besides HTTP Basic and Digest auth). I like the second question
> you have, as well. I'm assuming libraries or practices exist for the above,
> but I am not aware of them (except in the last case). I've heard Jim mention
> all these before, but examples for when and how to use each would be nice.
> This is the single biggest issue I have convincing others to consider REST
> and HTTP as an ESB, and while I know the options, I haven't had examples to
> show, nor the time to figure it out myself. :(
> On Sun, Jul 12, 2009 at 11:42 AM, Colin Jack <colin.j...@gmail.com> wrote:
>> Excellent, and ta for sharing.
>> Just to clarify, do you mean in SOA in general, particularly with REST or
>> just in general distributed system development?
>> Maybe even going a step further, have they met particular situations where
>> the security requirements suited WS-* instead of REST/MEST?
- How about REST and how to deal with the need for versioning your
interface? Is it needed and if not, what's the best approach for
dealing with this?
- How does a RESTful service deals with discoverability?
- How do I expose events through a REST service (publish/subscribe
scenarios)? How does REST deal with operations that have side effects
and the need for events?
- Can a REST service be used by an ESB or is there no need for it or
is it even a bad practice? What are the alternatives?
- Uber Noob question: What's the deal with HATEOAS and REST and why is
it important? What is it and what are the benefits?
Grtz,
On Jul 12, 9:26 pm, Colin Jack <colin.j...@gmail.com> wrote:
> Yup definitely sounds like a good topic, when you say you've heard Jim
> discuss them before have you got a link as I'd be interested.
> 2009/7/12 Ryan Riley <ryan.ri...@panesofglass.org>
> > I was thinking in particular of REST, using WSSE, OAuth, SAML, or encrypted
> > Atom feeds (besides HTTP Basic and Digest auth). I like the second question
> > you have, as well. I'm assuming libraries or practices exist for the above,
> > but I am not aware of them (except in the last case). I've heard Jim mention
> > all these before, but examples for when and how to use each would be nice.
> > This is the single biggest issue I have convincing others to consider REST
> > and HTTP as an ESB, and while I know the options, I haven't had examples to
> > show, nor the time to figure it out myself. :(
> > On Sun, Jul 12, 2009 at 11:42 AM, Colin Jack <colin.j...@gmail.com> wrote:
> >> Excellent, and ta for sharing.
> >> Just to clarify, do you mean in SOA in general, particularly with REST or
> >> just in general distributed system development?
> >> Maybe even going a step further, have they met particular situations where
> >> the security requirements suited WS-* instead of REST/MEST?
Thanks for all the questions guys, if anyone else has any can you get them
in ASAP so we can put them together and submit them along with some others
I've been sent.
Anyway I have a metric tonne myself have including:
1) Are Atom feeds really a viable alternative to messaging within the
enteprise?
2) Are the problems with ESBs really more to do with poor decision making
and practices? If so are we not better to focus on the important aspects of
ESBs and hold vendors to account when they misuse the term?
3) Consumer-driven contracts seem a great approach but there aren't a lot of
practical solutions out there, what have you guys learned from applying the
practice on projects at ThoughtWorks?
4) Guerilla SOA, gimme more.
5) You guys have published some excellent content on your high level
approach to SOA but I'm interested in the end-to-end process you undertake,
from inception onwards. How do you identify your top level services? These
services have to balance being business meaningful whilst also being useful
to IT (loose coupling), does this raise noticable issues?
6) Do you ever combine REST/MEST/WS-* on projects, if so when would you
choose one over another?
Very rough, but I have a tonne more.
2009/7/13 Jan Van Ryswyck <jan.van.rysw...@gmail.com>
> - How about REST and how to deal with the need for versioning your
> interface? Is it needed and if not, what's the best approach for
> dealing with this?
> - How does a RESTful service deals with discoverability?
> - How do I expose events through a REST service (publish/subscribe
> scenarios)? How does REST deal with operations that have side effects
> and the need for events?
> - Can a REST service be used by an ESB or is there no need for it or
> is it even a bad practice? What are the alternatives?
> - Uber Noob question: What's the deal with HATEOAS and REST and why is
> it important? What is it and what are the benefits?
> Grtz,
> On Jul 12, 9:26 pm, Colin Jack <colin.j...@gmail.com> wrote:
> > Yup definitely sounds like a good topic, when you say you've heard Jim
> > discuss them before have you got a link as I'd be interested.
> > 2009/7/12 Ryan Riley <ryan.ri...@panesofglass.org>
> > > I was thinking in particular of REST, using WSSE, OAuth, SAML, or
> encrypted
> > > Atom feeds (besides HTTP Basic and Digest auth). I like the second
> question
> > > you have, as well. I'm assuming libraries or practices exist for the
> above,
> > > but I am not aware of them (except in the last case). I've heard Jim
> mention
> > > all these before, but examples for when and how to use each would be
> nice.
> > > This is the single biggest issue I have convincing others to consider
> REST
> > > and HTTP as an ESB, and while I know the options, I haven't had
> examples to
> > > show, nor the time to figure it out myself. :(
> > > On Sun, Jul 12, 2009 at 11:42 AM, Colin Jack <colin.j...@gmail.com>
> wrote:
> > >> Excellent, and ta for sharing.
> > >> Just to clarify, do you mean in SOA in general, particularly with REST
> or
> > >> just in general distributed system development?
> > >> Maybe even going a step further, have they met particular situations
> where
> > >> the security requirements suited WS-* instead of REST/MEST?
We have a desire to build in versioning into our SOA. Reasons for this
are to minimise risk and manage change carefully. The SOA deals with
high value transactions.
Given that for a versioned service you would at the very least version
the interface/contract, what is your opinion on versioning at the
implementation level?
Implementation level
If something goes wrong in a given system, one of the first places to
fault find is to look at what has changed. If you can say a given
version of a service has had no change interface and implementation
wise, the fault is less likely to have occured within the service. The
drawback to this approach is that the version of the service can
stagnate, and become difficult to migrate to the latest code. The
benefit is that clients of the service have high confidence in the
system because they know nothing is changing.
Contract Level
Another school of thought is that given a sufficiently full regression
test pack we should be less concerned with the implementation and more
about the contracts/interfaces/behaviour. Thus with the introduction
of each new version we can move older versions of services onto the
latest code. This keeps our code up to date and the test pack
maintains our confidence in the behaviour of the system. Given enough
successful iterations the approach becomes part of everday life.
Obviously if the test pack is insufficient, a change could break a
client. At this point you could argue the consumer contract is not
sufficient and it is the responsibility of the client. The client
could argue, why did you change it when it was working okay?
My opinion is that both options have something to offer, I'd be
interested to know your opinion on the matter.
I'm a noob with ESBs and have been looking at a few different ones
recently (in particular Mule & ServiceMix) and have found them to give
me very powerful tools to solve all sorts of problems. The negativity
towards ESBs from the elite of our field makes me nervous however that
I'm not really seeing their costs that outweigh the benefits, or the
alternatives that provide better solutions. Do ESBs have a useful
function, if so what, when, where, and how?
On Jul 11, 10:23 pm, Colin Jack <colin.j...@gmail.com> wrote:
> The next E-VAN is on the 20th and we're looking for questions/topics
> for Ian and Jim to discuss, if you want to know more about MEST/REST/
> guerilla SOA/consumer-driven contracts then this your chance.
> Details on the session and a few links can be found on the following
> blog post:
|
