E-VAN with Ian Robinson and Jim Webber
13 views
Skip to first unread message
Colin Jack
Jul 11, 2009, 5:23:46 PM7/11/09
to Virtual ALT.NET
Hi,
The next E-VAN is on the 20th and we're looking for questions/topics
for Ian and Jim to discuss, if you want to know more about MEST/REST/
guerilla SOA/consumer-driven contracts then this your chance.
Details on the session and a few links can be found on the following
blog post:
http://europevan.blogspot.com/2009/07/ian-robinson-and-jim-webber-on-20th.html
Thanks,
Colin
The next E-VAN is on the 20th and we're looking for questions/topics
for Ian and Jim to discuss, if you want to know more about MEST/REST/
guerilla SOA/consumer-driven contracts then this your chance.
Details on the session and a few links can be found on the following
blog post:
http://europevan.blogspot.com/2009/07/ian-robinson-and-jim-webber-on-20th.html
Thanks,
Colin
Ryan Riley
Jul 12, 2009, 12:23:22 PM7/12/09
to virtua...@googlegroups.com
I'm curious on best practices for implementing security. I am aware of the options, just not the available tools or practices for the implementation.
Ryan Riley
ryan....@panesofglass.org
http://panesofglass.org/
http://wizardsofsmart.net/
Ryan Riley
ryan....@panesofglass.org
http://panesofglass.org/
http://wizardsofsmart.net/
Colin Jack
Jul 12, 2009, 12:42:30 PM7/12/09
to virtua...@googlegroups.com
Excellent, and ta for sharing.
Just to clarify, do you mean in SOA in general, particularly with REST or just in general distributed system development?
Maybe even going a step further, have they met particular situations where the security requirements suited WS-* instead of REST/MEST?
2009/7/12 Ryan Riley <ryan....@panesofglass.org>
Ryan Riley
Jul 12, 2009, 12:51:35 PM7/12/09
to virtua...@googlegroups.com
I was thinking in particular of REST, using WSSE, OAuth, SAML, or encrypted Atom feeds (besides HTTP Basic and Digest auth). I like the second question you have, as well. I'm assuming libraries or practices exist for the above, but I am not aware of them (except in the last case). I've heard Jim mention all these before, but examples for when and how to use each would be nice. This is the single biggest issue I have convincing others to consider REST and HTTP as an ESB, and while I know the options, I haven't had examples to show, nor the time to figure it out myself. :(
Colin Jack
Jul 12, 2009, 3:26:50 PM7/12/09
to virtua...@googlegroups.com
Yup definitely sounds like a good topic, when you say you've heard Jim discuss them before have you got a link as I'd be interested.
2009/7/12 Ryan Riley <ryan....@panesofglass.org>
Jan Van Ryswyck
Jul 13, 2009, 1:42:52 AM7/13/09
to Virtual ALT.NET
My noob questions:
- How about REST and how to deal with the need for versioning your
interface? Is it needed and if not, what's the best approach for
dealing with this?
- How does a RESTful service deals with discoverability?
- How do I expose events through a REST service (publish/subscribe
scenarios)? How does REST deal with operations that have side effects
and the need for events?
- Can a REST service be used by an ESB or is there no need for it or
is it even a bad practice? What are the alternatives?
- Uber Noob question: What's the deal with HATEOAS and REST and why is
it important? What is it and what are the benefits?
Grtz,
On Jul 12, 9:26 pm, Colin Jack <colin.j...@gmail.com> wrote:
> Yup definitely sounds like a good topic, when you say you've heard Jim
> discuss them before have you got a link as I'd be interested.
>
> 2009/7/12 Ryan Riley <ryan.ri...@panesofglass.org>
> >http://panesofglass.org/
> >http://wizardsofsmart.net/
- How about REST and how to deal with the need for versioning your
interface? Is it needed and if not, what's the best approach for
dealing with this?
- How does a RESTful service deals with discoverability?
- How do I expose events through a REST service (publish/subscribe
scenarios)? How does REST deal with operations that have side effects
and the need for events?
- Can a REST service be used by an ESB or is there no need for it or
is it even a bad practice? What are the alternatives?
- Uber Noob question: What's the deal with HATEOAS and REST and why is
it important? What is it and what are the benefits?
Grtz,
On Jul 12, 9:26 pm, Colin Jack <colin.j...@gmail.com> wrote:
> Yup definitely sounds like a good topic, when you say you've heard Jim
> discuss them before have you got a link as I'd be interested.
>
>
> > I was thinking in particular of REST, using WSSE, OAuth, SAML, or encrypted
> > Atom feeds (besides HTTP Basic and Digest auth). I like the second question
> > you have, as well. I'm assuming libraries or practices exist for the above,
> > but I am not aware of them (except in the last case). I've heard Jim mention
> > all these before, but examples for when and how to use each would be nice.
> > This is the single biggest issue I have convincing others to consider REST
> > and HTTP as an ESB, and while I know the options, I haven't had examples to
> > show, nor the time to figure it out myself. :(
>
> > Ryan Riley
> > ryan.ri...@panesofglass.org
> > I was thinking in particular of REST, using WSSE, OAuth, SAML, or encrypted
> > Atom feeds (besides HTTP Basic and Digest auth). I like the second question
> > you have, as well. I'm assuming libraries or practices exist for the above,
> > but I am not aware of them (except in the last case). I've heard Jim mention
> > all these before, but examples for when and how to use each would be nice.
> > This is the single biggest issue I have convincing others to consider REST
> > and HTTP as an ESB, and while I know the options, I haven't had examples to
> > show, nor the time to figure it out myself. :(
>
> > Ryan Riley
> >http://panesofglass.org/
> >http://wizardsofsmart.net/
Colin Jack
Jul 14, 2009, 5:07:40 AM7/14/09
to virtua...@googlegroups.com
Thanks for all the questions guys, if anyone else has any can you get them in ASAP so we can put them together and submit them along with some others I've been sent.
Anyway I have a metric tonne myself have including:
1) Are Atom feeds really a viable alternative to messaging within the enteprise?
2) Are the problems with ESBs really more to do with poor decision making and practices? If so are we not better to focus on the important aspects of ESBs and hold vendors to account when they misuse the term?
3) Consumer-driven contracts seem a great approach but there aren't a lot of practical solutions out there, what have you guys learned from applying the practice on projects at ThoughtWorks?
4) Guerilla SOA, gimme more.
5) You guys have published some excellent content on your high level approach to SOA but I'm interested in the end-to-end process you undertake, from inception onwards. How do you identify your top level services? These services have to balance being business meaningful whilst also being useful to IT (loose coupling), does this raise noticable issues?
6) Do you ever combine REST/MEST/WS-* on projects, if so when would you choose one over another?
Very rough, but I have a tonne more.
2009/7/13 Jan Van Ryswyck <jan.van...@gmail.com>
Richard Evans
Jul 14, 2009, 7:00:09 AM7/14/09
to Virtual ALT.NET
We have a desire to build in versioning into our SOA. Reasons for this
are to minimise risk and manage change carefully. The SOA deals with
high value transactions.
Given that for a versioned service you would at the very least version
the interface/contract, what is your opinion on versioning at the
implementation level?
Implementation level
If something goes wrong in a given system, one of the first places to
fault find is to look at what has changed. If you can say a given
version of a service has had no change interface and implementation
wise, the fault is less likely to have occured within the service. The
drawback to this approach is that the version of the service can
stagnate, and become difficult to migrate to the latest code. The
benefit is that clients of the service have high confidence in the
system because they know nothing is changing.
Contract Level
Another school of thought is that given a sufficiently full regression
test pack we should be less concerned with the implementation and more
about the contracts/interfaces/behaviour. Thus with the introduction
of each new version we can move older versions of services onto the
latest code. This keeps our code up to date and the test pack
maintains our confidence in the behaviour of the system. Given enough
successful iterations the approach becomes part of everday life.
Obviously if the test pack is insufficient, a change could break a
client. At this point you could argue the consumer contract is not
sufficient and it is the responsibility of the client. The client
could argue, why did you change it when it was working okay?
My opinion is that both options have something to offer, I'd be
interested to know your opinion on the matter.
are to minimise risk and manage change carefully. The SOA deals with
high value transactions.
Given that for a versioned service you would at the very least version
the interface/contract, what is your opinion on versioning at the
implementation level?
Implementation level
If something goes wrong in a given system, one of the first places to
fault find is to look at what has changed. If you can say a given
version of a service has had no change interface and implementation
wise, the fault is less likely to have occured within the service. The
drawback to this approach is that the version of the service can
stagnate, and become difficult to migrate to the latest code. The
benefit is that clients of the service have high confidence in the
system because they know nothing is changing.
Contract Level
Another school of thought is that given a sufficiently full regression
test pack we should be less concerned with the implementation and more
about the contracts/interfaces/behaviour. Thus with the introduction
of each new version we can move older versions of services onto the
latest code. This keeps our code up to date and the test pack
maintains our confidence in the behaviour of the system. Given enough
successful iterations the approach becomes part of everday life.
Obviously if the test pack is insufficient, a change could break a
client. At this point you could argue the consumer contract is not
sufficient and it is the responsibility of the client. The client
could argue, why did you change it when it was working okay?
My opinion is that both options have something to offer, I'd be
interested to know your opinion on the matter.
Neil
Jul 14, 2009, 9:52:47 AM7/14/09
to Virtual ALT.NET
I'm a noob with ESBs and have been looking at a few different ones
recently (in particular Mule & ServiceMix) and have found them to give
me very powerful tools to solve all sorts of problems. The negativity
towards ESBs from the elite of our field makes me nervous however that
I'm not really seeing their costs that outweigh the benefits, or the
alternatives that provide better solutions. Do ESBs have a useful
function, if so what, when, where, and how?
> http://europevan.blogspot.com/2009/07/ian-robinson-and-jim-webber-on-...
>
> Thanks,
>
> Colin
recently (in particular Mule & ServiceMix) and have found them to give
me very powerful tools to solve all sorts of problems. The negativity
towards ESBs from the elite of our field makes me nervous however that
I'm not really seeing their costs that outweigh the benefits, or the
alternatives that provide better solutions. Do ESBs have a useful
function, if so what, when, where, and how?
>
> Thanks,
>
> Colin
Reply all
Reply to author
Forward
0 new messages