Tales from the homeworld
Benjamin Carlyle (fuzzyBSc), benjamincarlyle at soundadvice.id.au, Brisbane, Australia, GMT+10:00in links: google google blogsearch technorati delicious
This work is licensed under a Creative Commons Attribution 2.1 Australia License.
Humour
REST Luminaries
xml
planets
projects
REST
humbug
Aussie Linux
Misc
Home
Events
Published: Mon Jul 14 21:18:08 EST 2008
Updated: Mon Jul 14 21:18:08 EST 2008
| Transfer direction | Who knows when to transfer? | Applicable Transfer Pattern |
|---|---|---|
| Server -> Client | Client | GET |
| Server -> Client | Server | Cyclic GET, or Subscribe |
| Client -> Server | Client | PUT |
in links:
google
google blogsearch
technorati
delicious
permanent link
Published: Wed Jul 2 20:38:52 EST 2008
Updated: Mon Jul 14 20:35:06 EST 2008
Transfer a defined set of information from its owner to an anonymous client in a form the client understands.
Servers often wish to expose information for general client consumption. In doing so, they do not wish to to introduce unnecessary coupling with the client. GET permits servers to expose information without exposing the method by which that information is produced, and without needing to keep track of individual clients.
The server wants to be able to support clients of different ages, some of whom will share the latest and greatest understanding of how to encode and parse particular kinds of data. Others will be left with legacy implementations. Likewise, the server may have been deployed for some time and may be running a legacy implementation while upgraded clients are present in the architecture.
Clients seek to minimise load on the server in processing their requests, load on the network in transferring messages, or on themselves in processing responses. Clients also need to be able to deal with possible error conditions, including communication failures.
The GET pattern provides a clean client/server separation that is able to survive independent upgrades of each over time, exercises control over traffic and processing waste, and deals with possible errors.
GET is appropriate whenever a client wants to acquire the whole of the information behind a known URL, and can decide when it wants to issue the request (subject to a cache miss). Here are some common means by which a URL is discovered:
Methods of determining when to issue a GET request include:
The GET pattern introduces a Uniform Interface for transferring identified sets of information from server to client. Clients and servers of different ages can communicate without impediment, and communication failures can be overcome.
The use of an acceptable types list in a GET request means that clients built during different phases of the architecture will generally be able to communicate. Document-based communication has a degree of flexibility built in with must-ignore parameters. The acceptable types list fills a gap when incompatible changes occur to the set of document types, for example a new type deprecates an old type such as atom depreciating rss for news feed syndication.
An explicit failure response allows problems in the architecture to be reported and repaired as required. The resubmit feature allows temporary or permanent changes to the architecture to be accommodated by components without explicit reconfiguration, simplifying management. Note, however, the potential security implications of allowing one component to reconfigure others. A predefined policy for which modifications are permitted and which are to be treated as failure cases can be useful in security-sensitive environments.
The potential exists in common transports such as HTTP for requests sent down parallel TCP connections or pipelined requests to be processed in a different order to that in which they actually return to Client. This could cause the client to become confused by "seeing" an older state after a more recent state. A simple solution is to hold off sending a GET request to a given URL when the previous related GET has not yet returned.
A client that is holding off sending the next GET request should queue the first such request for the identified URL. After this point it should not queue another GET request to the URL until the previous has been transmitted. There is no point queuing up multiple GET requests for the same URL. If the first request has not been issued by the time motivation to issue a second request comes around, a single request will fulfil the motivation behind both.
Twin consequences of the GET pattern are that interim states at URLs may be missed, and that the architecture as a whole does not become overloaded as the architecture is put under stress. Each GET retrieves the current state of the resource, so rapid changes may see the next GET arrive several changes after an earlier GET. These states will be lost unless an additional buffering mechanism is employed. The client will read back the current state rather than the old transitional states.
The flip-side of this behaviour is that clients are never stuck reading old data. They come completely up to date quickly and process the latest information available. Many algorithms for real-time processing will behave better under this scenario than if they are fed through old changes. The GET pattern can be adapted to a buffering model for algorithms that are sensitive to losses of interim states.
GET can be implemented with HTTP using the following mappings:
GET url HTTP/1.1 Accept: weighted acceptable types list If-condition
HTTP/1.1 200 OK Content-Type: type Cache-Control: cache document
All 2xx series response codes can be treated as Success responses for GET
HTTP/1.1 304 Not Modified
HTTP/1.1 400 Bad Request reason
Unknown 1xx series response codes can be treated as a Fail for GET. 300 Multiple Choices is a non-implementable Resubmit response for automated clients, so should also be treated as Fail alongside other 3xx series codes that are not understood. 4xx series response codes are Fail, except for 401 Unauthorised and 407 Proxy Authentication Required. These are Resubmit responses and should only be treated as failures if they are not understood. 5xx series responses should be treated as Fail, except for 503 Service Unavailable and 504 Gateway Timeout. These are Resubmit and Response Lost responses, respectively.
Any of: 301 Moved Permanently, 302 Found, 303 See Other, 305 Use Proxy, 307 Temporary Redirect, 401 Unauthorized, or 407 Proxy Authentication Required.
Any loss of communication before a response is received. This may include application or TCP/IP level timeouts, or an explicitly terminated connection. The 504 Gateway Timeout response is also equivalent to Response Lost, and indicates a loss occured somewhere past the TCP connection made directly by the client.
Request request;
request.url="http://example.com/publication-dates"
if cache_manager.fresh(request.url)
{
// Do nothing. Our cache entry is still fresh.
}
else if (blocked())
{
// Only queue one request for the URL
request_pending(url) = true
}
else
{
try_again:
request.accept=parser.accept
request.condition=cache_manager.condition(request.url)
switch (request())
{
Success(document, type, cache):
cache_manager.update(document, type, cache)
process(parser(document, type))
Condition Not Met():
// Do nothing.
// We have already processed the
// latest data with our last request.
Fail(reason):
log(reason)
Resubmit(required_changes):
if policy(request, required_changes)
request.modify(required_changes)
jump try_again
else
log("Policy forbids request modification")
Response Lost():
if policy(request, no required changes)
jump try_again
else
log("Too many retries")
}
}
GET is widely used on the Web, both under direct human control and under automation. Various aspects of GET are not always used well.
Common errors in applying the GET pattern include:
in links:
google
google blogsearch
technorati
delicious
permanent link
Published: Wed Jul 2 20:38:52 EST 2008
Updated: Sat Jul 5 21:53:36 EST 2008
Intercede between client and server to achieve performance or functionality benefits.
Server S wants to serve get requests for five clients, but does not have resources to serve GET requests for all directly. A layer of indirection is added between the server and its clients that shields the server from requests for resources that already have cached documents. The cache returns responses on behalf of the server, reducing the need to generate responses from scratch.
An arbitrary number of layers can be added, each treating the next as Server and the previous as Client.
The Layering pattern increases latency for requests that are forwarded unmodified, but can provide performance and functionality improvements when caching or other modifications are applied successfully.
Introducing layers increases the complexity of security, architecture evolution, and simple component testing models. Security and trust become an issue as intermediaries move further from the ownership of either Server or Client. Intermediaries literally are the feared man in the middle of security parlance. An intermediary that chooses to function against the interests of either Client or Server will lead to compromised communication.
Evolution of the architecture can be stymied by intermediaries. Upgrade of client and server to participate in a new operation or pattern is often not sufficient. The presence of old intermediaries under control of neither the Client's agency or the Server's agency mean that work-arounds and fallbacks may be required when they otherwise would not be required.
Testing of components can also suffer. Testing against common Server implementations is not sufficient if an intermediary introduces an unknown factor. Intermediaries may re-order pipelined request messages, splitting a single TCP connection at the Client end into multiple connections by the time they reach the Server. This is a potential source of out of order processing and other mischief that testing only a Client/Server combination may fail to reveal.
Layering is widely used on the Web. It is used to implement caching in most HTTP client libraries. Caches are still sometimes used in ISPs to reduce traffic costs on behalf of clients that issue GET requests to similar sets of URLs. Layering is very commonly used as part of the network on the server-side, with load balancing and vertical scaling techniques strongly leveraging this pattern. Content Distribution Networks are becoming more commonly leveraged to serve a global audience with low latency.
in links:
google
google blogsearch
technorati
delicious
permanent link
Published: Sat Jul 5 21:43:39 EST 2008
Updated: Mon Jul 14 21:01:19 EST 2008
Request that a defined set of information be created or replaced based on client-provided content in a form the server understands.
Servers often wish to expose the ability for clients to alter server-side information. This alteration might take the form of booking an airline flight, updating an existing journal entry, taking down a warning notice, or almost any other interaction. Machine communication can generally be expressed as the transfer of information, and that is the way that the PUT pattern fills a great range of possible application requirements.
The PUT pattern shares a number of features with the GET pattern. The server wants to expose its information by a method that does not reveal how information updates are processed, without having to keep track of the clients, and without introducing unnecessary coupling with the client.
The server wants to be able to support clients of different ages, some of whom will share the latest an greatest understanding of how to encode and parse particular kinds of data. Others will be left with legacy implementations. Likewise, the server may have been deployed for some time and may be running a legacy implementation while upgraded clients are present in the architecture.
The PUT pattern provides a clean client/server separation that is able to survive independent upgrades of each over time, minimise traffic and processing waste, and deals with possible errors. Unlike GET, this is not a data synchronisation exercise for the client. The client is not trying to acquire a current snapshot of server state for processing. Instead, it is handing information to the server which it may thereafter quickly forget. PUT is a pattern for information hand-over.
PUT is appropriate whenever a client wants to update the whole of the information behind a known URL, and can decide when it wants to issue the request. Here are some common means by which a URL is discovered:
The PUT pattern introduces a Uniform Interface for handing over identified sets of information from client to server. Clients and servers of different ages can communicate without impediment, and communication failures can be overcome.
The PUT pattern may require a change of thinking by developers with an imperative messaging background. PUT is not a request to make a particular change or particular kind of change to a set of data to reach an undefined end state. Instead, it is a request to make a set of data match a defined end state without specifying how the transition should be made. This is preferable to the imperative approach when it comes to network communications, because requests can be accidentally submitted multiple times without changing the meaning of the original request. Each subsequent request is interpreted as: "Please make no changes". This feature is called idempotency, and is necessary for dealing with any Response Lost message.
The use of an acceptable types list in a Types Not Understood response means that clients and servers built during different phases of the architecture will generally be able to communicate. Document-based communication has a degree of flexibility built in with must-ignore parameters. The acceptable types list fills a gap when incompatible changes occur to the set of document types, for example a new type deprecates an old type such as atom depreciating rss for news feed syndication.
An explicit failure response allows problems in the architecture to be reported and repaired as required. The resubmit feature allows temporary or permanent changes to the architecture to be accommodated by components without explicit reconfiguration, simplifying management. Note, however, the potential security implications of allowing one component to reconfigure others. A predefined policy for which modifications are permitted and which are to be treated as failure cases can be useful in security-sensitive environments. Incorrect reconfiguration of PUT requests can lead to the client issuing incorrect requests to other Servers, so policy should generally be tighter than that enforced for GET requests.
The potential exists in common transports such as HTTP for requests sent down parallel TCP connections or pipelined requests to be processed in a different order to that in which they were issued by Client. This could cause the server to use the wrong update, while the client sees only success responses. A simple solution is to hold off sending a PUT request to a given URL when the previous related PUT has not yet returned.
A client that is holding off sending the next PUT request should queue the first such request for the identified URL. After this point it should replace the queued PUT with each new request to the URL until the previous has been transmitted. There is no point queuing up multiple PUT requests for the same URL. The latest request should completely replace the effect of any previous one. This directs the server to transition its information directly from its starting state to its end state. In doing so, it can provide any internal optimisations available for efficient processing.
Twin consequences of the PUT pattern are that interim states at URLs may be lost, and that the architecture as a whole does not become overloaded as it is put under stress. Clients voluntarily discard intermediate states, so a server might have to make several internal transitions in order to catch up.
The flip-side of this behaviour is that servers are never stuck processing old data. They come completely up to date quickly. Many algorithms for real-time processing will behave better under this scenario than if they are fed through old requests. The pattern can be adapted to PUT to a new URL for each request for algorithms that are sensitive to discarding of interim states.
PUT can be implemented with HTTP using the following mappings:
PUT url HTTP/1.1 Content-Type: type Expect: 100-continue document
DELETE (PUT null) is a DELETE request to the URL in HTTP
HTTP/1.1 100 ContinueAfter reading and processing document:
HTTP/1.1 200 OK
Note that 100 Continue handling is optional
All 2xx series response codes can be treated as Success responses for PUT. If the request was a DELETE, then 404 Not Found and 410 Gone are also treated as Success codes.
HTTP/1.1 415 Unsupported Media Type Accept: weighted acceptable types list
HTTP/1.1 400 Bad Request reason
Unknown 1xx series response codes can be treated as a Fail for PUT. 3xx series codes that are not understood should be treated as Fail. 4xx series response codes are Fail, except for 401 Unauthorised and 407 Proxy Authentication Required. These are Resubmit responses and should only be treated as failures if they are not understood. 404 Not Found and 410 Gone are excluded from the failed codes list for DELETE requests, as they may be returned as the result of a duplicate request that has already succeeded. 5xx series responses should be treated as Fail, except for 503 Service Unavailable and 504 Gateway Timeout. These are Resubmit and Response Lost responses, respectively.
Any of: 301 Moved Permanently, 302 Found, 303 See Other, 305 Use Proxy, 307 Temporary Redirect, 401 Unauthorized, or 407 Proxy Authentication Required.
Any loss of communication before a response is received. This may include application or TCP/IP level timeouts, or an explicitly terminated connection. The 504 Gateway Timeout response is also equivalent to Response Lost, and indicates a loss occured somewhere past the TCP connection made directly by the client.
Request request;
request.url="http://example.com/publication-date/first-edition"
information = date(2008-07-05)
if (blocked())
{
// Only queue the latest document
// Overwrite any previous request
request_pending(url) = information
}
else
{
request.document_and_type = information.default_encode()
try_again:
switch (request())
{
Success():
// Do nothing. The update has completed.
Type Not Understood(weighted acceptable types list):
// Re-encode information in an acceptable form
request.document_and_type =
information.encode(
weighted acceptable types list
)
jump try_again;
Fail(reason):
log(reason)
Resubmit(required_changes):
if policy(request, required_changes)
request.modify(required_changes)
jump try_again;
else
log("Policy forbids request modification");
Response Lost():
if policy(request, no required changes)
jump try_again;
else
log("Too many retries");
}
}
PUT is widely used less widely than GET on the Web, and is primarily a feature of automation.
in links:
google
google blogsearch
technorati
delicious
permanent link
Published: Wed Jul 2 20:38:52 EST 2008
Updated: Sun Jul 6 12:25:07 EST 2008
Support serendipitous reuse across an architecture
Producer P and consumer C want to transfer a document. P has a particular abstract data schema in mind, and C has a compatible schema. Registry ensures that P encodes and transmits the information in a form that C understands.
The methods for applying patterns of information transfer and forms in which information are encoded may be defined either by local convention or by a wider convention. Local protocols may be "jargonised" versions of more widely-applicable protocols. In time, jargon may move from a satellite architecture such as that of a particular enterprise and become standardised in a wider setting such as the Web.
Registry is applicable for REST architectures large and small. However, architectures with only a small number of components may not need a formal registry.
The orthogonal nature of document types, operations, and URLs throughout the architecture allow for freedom of evolution. This separation and evolution is supported through the major patterns of the architecture as old and new components interact, including GET and PUT.
The balance of control and freedom is capable of delivering application-level forwards and backwards compatibility that lasts for a relative eternity in our industry. For example, HTML and HTTP have been able to continuously evolve over a time-frame spanning decades.
More domain-specific document types will likely have shorter lifespans as they develop from local conventions to a point of widespread global agreement. However, as critical mass is created a semantic web where machines can communicate generally based on widely-understood conventions is likely to emerge without specific coordination or intervention.
The IETF defines a registry and change management process that includes a list of protocol interactions for document transfer (HTTP/1.1) and legal document types (the IANA).
in links:
google
google blogsearch
technorati
delicious
permanent link