Web services Martin Kuba, ÚVT MU Brief web services history ● 1989 - WWW invented ● 1991 - HTTP 0.9 specified ● 1992 - Internet at Masaryk University :-) ● 1993 - Mosaic web browser ● 1993 - CGI interface for executing programs ● 1995 - JavaScript introduced by Netscape ● 1996 - SSL 3.0 ● 1998 - XML 1.0 ● 1998 - SOAP 1.1 by Microsoft ● 2003 - SOAP 1.2 by W3C (never used) ● 2004 - WS-Interoperability Basic Profile Brief web services history (2) ● 2000 - REST defined by Roy Fielding ● 2001 - JSON format invented ● 2004 - GMail and Google Maps ● 2004 - Web 2.0 hype, Mash-ups ● 2005 - AJAX (Asynchronous JavaScript) ● 2005 - Yahoo! offers JSON web services ● 2006 - OpenID 2.0 ● 2008 - HTML5 (First Public Working Draft) ● 2010 - OAuth 1.0 ● 2010 - mobile devices with Android ● 2012 - OAuth 2.0 Brief web services history (3) ● 2013 - responsive web design as answer to mobile devices with differing screen sizes ● 2006-2013 - cloud computing (Amazon 2006, Microsoft 2008, Google 2013) ● 2014 - HTML5 finalised SOAP versus REST ● enterprises prefer complicated stack ○ XML ○ SOAP, WSDL, WS-Interoperability ○ WS-* (WS-Security, WS-Addressing, ...) ○ persistent connections - queues ○ RPC based ○ complex tools and frameworks ● Internet crowd prefers simplicity ○ JSON ○ web APIs described as HTTP requests to URLs ○ AJAX in browsers ○ transient connections - TCP/IP, HTTP ○ scalable using REST Web APIs ● well-known APIs ○ Google APIs (Calendar, GMail, Maps, Picasa, ...) ○ Facebook API ○ Twitter API ○ based on HTTP+JSON+SSL+OAuth ● third party clients ○ web, mobile (Android, iOS, ...), desktop, embedded ● OAuth ○ developer registers an application at API provider ○ user authorises the application to use certain operations in the API, giving the application a token ○ application uses the token to use the API on behalf of the user JSON - JavaScript Object Notation ● simple specs at http://json.org ● implemented parsers for every language ● native in web browsers The same Google Cal event in XML AJAX ● Asynchronous JavaScript And XML ● does not need XML, uses JSON often ;-) ● based on introduction of XMLHttpRequest JavaScript object to web browsers ● asynchronous request to web server ● response processed in JavaScript ● same-origin policy (protocol,host,port) ● Cross-origin resource sharing (CORS) ● example: Google Web Toolkit (GWT) REST ● Representational State Transfer ● software architecture style for creating scalable web services ● invented by Roy Fielding, author of HTTP 1.1 ● resources identified by URIs ● representations of resources as JSON, XML or other formats ● uses HTTP methods GET, PUT, DELETE and POST for manipulating resources Mash ups ● combine data from various sources ● typically a Google map with some geospatial data ○ ships - http://www.marinetraffic.com/ ○ aircrafts - http://www.flightradar24.com/ www.marinetraffic.com www.flightradar24.com Federated identity ● many authentication mechanisms were developed for the web ○ username+password (hard to remember) ○ X509 digital certificate (complicated to get) ○ digest, Kerberos etc. (not much support in browsers) ● users forget passwords to rarely used accounts ● in federated identity, account from one organisation can be reused at others ● identity providers ○ OAuth - Google, Facebook, Twitter, ... ○ OpenID - Google, MojeID.cz, Seznam.cz, anybody ○ SAML - in academia - universities, Academy etc. SOAP/WSDL web services ● preferred in the enterprise world ● used as API for the Czech eGovernment "Data Boxes" ● SOAP is Simple Object Access Protocol ● WSDL is Web Service Description Language ● WS-Interoperability Basic Profile needed to ensure interoperability ○ requires SOAP1.1 ● many WS-* extensions