Hi Mike,
I've been on a similar journey. Here are a few of my thoughts, hopefully helpful.
Tooling
The most mature tooling I've found is (perhaps unsurprisingly) is JAX-RS 2.0.
That said there are some gaps, notably:
i) meaningful support for vendor media types beyond "you can use a string to define it" and the "why aren't you just using the provided JSON/XML support” sentiment, and
ii) support for hypermedia controls (beyond link header support of RFC5988), and
iii) lack of support for 'general delegation of resource based concerns' - e.g. where is the annotated method that returns the permitted methods for this resource? Should I use a filter, but then I'm outside of the resource context. Should I use a custom annotation -it would be alright for resources with static list of supported methods. But what if the list is (reasonably) dynamic. My laboured point here is that support for such integration is not there and this makes using HTTP harder than it could be.
iv) media type authoring is painful. The IETF have have moved from nroff to templated XML, but it still takes persistence to make any progress in this area. This is a shame. If it were easier I'm sure there would be more uptake to share vendor specific types and consequently provide the backdrop for standardisation of shared interests.
Education
There are a few issues here:
1. HTTP/1.1 Spec
The HTTP spec is a complex beast, largely be necessity. The trouble is that it takes a while to understand that the spec is necessarily not prescriptive.
For example, the use of the Allow header is mandatory for a 405 response, but is also perfectly valid for all manner of responses (notably GET) to convey the permitted methods on the resource.
But the spec doesn't say that you MUST use the allow header in a GET response (that would be an over constraint) but only that you can (it's a permitted response header). My point, the spec doesn’t offer “support” in terms of what you should do, and this is too vague / too much effort for some.
2. Mis-information
It’s hard to be exhaustive here but there are many sources of notionally authoritative protocols that are Restful, that are far from it.
For example, typically heralded in the texts is atom+xml, but Roy had several battles during the early stages of the spec where he argued against the approach taken by Atom as *not* being restful, ‘rel=edit’ springs to mind.
It’s genuinely hard to glean the signal from the noise given the expanse of the latter.
3. Media-type design
By his own omission, through reasons of time constraint, Roy omitted a chapter on media-type design considerations from his thesis. Whilst he has continually re-inforced the message that the bulk of effort in a Restful design using HTTP should be on the media type, this is open to interpretation - frankly I really wish he’d do a .bis to the thesis and add the chapter.
However, given that backdrop there are two main camps of thinking, those who would author specific (eventually standardised) media types for a given domain, and those who chose to encode the meaning in the media type. The latter (typically schema based) is attractive as it notionally supports re-use (c.f. overhead of authoring a media type), but in actuality I think entirely misses the point. The point being that it is the media type itself that conveys the meaning, not a vehicle to separately define the meaning.
Further and perhaps somewhat inflammatory I often wonder why JSON is a media type and not just an encoding type. Thought experiment - what does the application/json media type tell you about the domain - nothing - just how to encode data-types. I’m not denying how useful it is, nor the progress that’s been made with it, only that it’s not really that descriptive.
4. Confusion of application state and resource state
The history of web apps (maintaining application state on the server) confuses where the application state vs resource state is maintained.
I had a very enlightening conversation with Jan Algermissen (very helpful / knowledgable chap) of which my takeaway was clumsily ‘the client intent is the client intent”. This helps remind me that in a Restful architecture the server does not dictate the path of the client. If the client wants to do a PUT request, it does so. All the server can do is respond, and the client by ready to handle the potential error scenarios.
For example, the general Amazon purchasing workflow guides a user through a purchasing action. But consider a separate user, a review-bot that’s job is to collate review information. It’s application state is about following review links, not about the purchase workflow - the client’s intent is the clients intent!
Filling the affordance gap
You’ll forgive me but I don’t like the term “affordance”, it’s just too open to abuse.
From my perspective, the combination of the application protocol and hypermedia controls (in their various forms - links, allow header etc) allow us to talk meaningfully about the interface. When we start abstracting this into “affordances” we add a further layer of complexity onto something that’s already complex enough, but (echoing Kevin’s comments) complexity to standardise the interface - priceless.
Best
Paul