Web services
Martin Kuba, ÚVT MU
Brief web services history
● 1989 - WWW invented
● 1991 - HTTP 0.9 specified
● 1992 - Internet at Masaryk University :-)
● 1993 - Mosaic web browser
● 1993 - CGI interface for executing programs
● 1995 - JavaScript introduced by Netscape
● 1996 - SSL 3.0
● 1998 - XML 1.0
● 1998 - SOAP 1.1 by Microsoft
● 2003 - SOAP 1.2 by W3C (never used)
● 2004 - WS-Interoperability Basic Profile
Brief web services history (2)
● 2000 - REST defined by Roy Fielding
● 2001 - JSON format invented
● 2004 - GMail and Google Maps
● 2004 - Web 2.0 hype, Mash-ups
● 2005 - AJAX (Asynchronous JavaScript)
● 2005 - Yahoo! offers JSON web services
● 2006 - OpenID 2.0
● 2008 - HTML5 (First Public Working Draft)
● 2010 - OAuth 1.0
● 2012 - OAuth 2.0
SOAP versus REST
● enterprises prefer complicated stack
○ XML
○ SOAP, WSDL, WS-Interoperability
○ WS-* (WS-Security, WS-Addressing, ...)
○ persistent connections - queues
○ RPC based
○ complex tools and frameworks
● Internet crowd prefers simplicity
○ JSON
○ web APIs described as HTTP requests to URLs
○ AJAX in browsers
○ transient connections - TCP/IP, HTTP
○ scalable using REST
Web APIs
● well-known APIs
○ Google APIs (Calendar, GMail, Maps, Picasa, ...)
○ Facebook API
○ Twitter API
○ based on HTTP+JSON+SSL+OAuth
● third party clients
○ web, mobile (Android, iOS, ...), desktop, embedded
● OAuth
○ developer registers an application at API provider
○ user authorises the application to use certain
operations in the API, giving the application a token
○ application uses the token to use the API on behalf
of the user
JSON - JavaScript Object Notation
● simple specs at http://json.org
● implemented parsers for every language
● native in web browsers
The same Google Cal event in XML
AJAX
● Asynchronous JavaScript And XML
● does not need XML, uses JSON often ;-)
● based on introduction of XMLHttpRequest
JavaScript object to web browsers
● asynchronous request to web server
● response processed in JavaScript
● same-origin policy (protocol,host,port)
● Cross-origin resource sharing (CORS)
● example: Google Web Toolkit (GWT)
Mash ups
● combine data from various sources
● typically a Google map with some geospatial
data
○ ships - http://www.marinetraffic.com/
○ aircrafts - http://www.flightradar24.com/
www.marinetraffic.com
www.flightradar24.com
Federated identity
● many authentication mechanisms were
developed for the web
○ username+password (hard to remember)
○ X509 digital certificate (complicated to get)
○ digest, Kerberos etc. (not much support in browsers)
● users forget passwors to less used accounts
● in federated identity, account from one
organisation can be reused at others
● identity providers
○ OAuth - Google, Facebook, Twitter, ...
○ OpenID - Google, MojeID.cz, Seznam.cz, anybody
○ Shibboleth - in academia - universities, Academy
etc.
SOAP/WSDL web services
● preferred in the enterprise world
● used as API for the Czech eGovernment
"Data Boxes"
● SOAP is Simple Object Access Protocol
● WSDL is Web Service Description Language
● WS-Interoperability Basic Profile needed to
ensure interoperability
○ requires SOAP1.1
● many WS-* extensions