|
|
|
| By Jason Bloomberg |
Article Rating: |
|
| December 17, 2012 08:45 AM EST |
Reads: |
3,128 |
REST quiz of the day: which is more important when following REST: updating the resource state or updating state on the client? Most developers are likely to say that REST focuses on updating resource state on the server. After all, POST, PUT, and DELETE all do so. GET is the only HTTP verb that fetches resource state without changing it.
If you've been reading ZapThink's discussion on REST, you probably realize that those developers are incorrect. Updating resource state is clearly an important part of REST, but updating state on the client is even more important. Why? Because client state is the foundation for distributed hypermedia applications. And after all, such applications are the point of REST.
In fact, the RESTful world distinguishes between resource state and application state, which is the state information the client maintains. And since hypermedia are the engine of application state, it makes sense that application state is more important to REST than resource state. After all, REST is representational state transfer. The representations are what the resources send to the clients, including application state information that belongs on the client.
HATEOAS and the Cloud
The topic of application state came up in an interesting discussion during our recent Cloud Computing for Architects course in San Diego. I was explaining how it's important to maintain a stateless application tier in the Cloud, because we want to put the components on that tier (Web servers, application servers, ESBs, etc.) onto virtual machine (VM) instances. In order to achieve the elasticity and resilience of the Cloud, then, we can't afford to maintain state information on such instances. We always have the option of persisting such state information, making it a part of the resource state, but relying too heavily on our resource state limits our scalability. The clear alternative is to transfer state information to the client, and let hypermedia be the engine of application state (otherwise known as the dreaded HATEOAS REST constraint).
One of the attendees in the class was confused by this discussion. He pointed out that if we use the client (say, a browser) to maintain state in a stateful application like an eCommerce shopping cart, then such state information must either go into hidden form fields or into the URL, so that the server can pass it along to the browser from one request to the next. But if the user is clicking a link rather than submitting a form, then they are executing a GET, and with a GET, the only place to put state information from the client to the server is in the URL. And we all know that URLs have a maximum length. What do we do, he asked, if we have too much state information for the URL? For example, we might have dozens of items in our cart. Was I suggesting passing the entire contents of each cart - product descriptions, prices, etc. - in the URL?
The answer, of course, is no. I say "of course" because such a question would be silly for anyone who truly understands REST. But I must admit, it took me a while to think through my response. The problem was that I have a background as a Web developer, and my student may have also built his share of Web sites back in the day as well. And back in the 1990s, before REST, in the early days of HTML and JavaScript, maintaining state in a browser was problematic. All we had were cookies and the aforementioned hidden form fields and URL query strings. And since people can turn their cookies off, we never wanted to rely on them. So yes, back in the day, if the user is clicking a link (i.e., performing a GET), the URL was all you had to work with.
With REST, however, we're working with an abstracted client. It need not be a browser, and in fact, it need not have a user interface at all. A RESTful client may serve as an intermediary, for example. Even when the client has a UI, it could be any type of application. For example, most mobile apps are written natively to the mobile environment (iPhone or Android, for the most part), and will continue to be at least until HTML5 is fully baked.
Even when the client is a browser, however, we have numerous ways of maintaining application state. Each approach, as you might expect, has its strengths and weaknesses:
- Cookies - long a part of the HTTP protocol, cookies are universally supported and almost as universally reviled. We love them for enabling the "remember me" feature on Web sites with logins we visit frequently, and we hate them for enabling advertisers to track our browsing habits. Few app developers would rely on them for much else.
- Hidden form fields - every Web developer's secret sauce. You can put whatever you want into such fields, and as long as the user submits the corresponding form, the contents of hidden fields go along for the ride. The problem is that hidden form fields only work with POST. In REST, POST is only for initializing a subsidiary resource, so if that's not what you're doing, then you don't want to POST. The other downside to hidden form fields is that application state information must always make a round trip to the server and back again, whether the server needs to do anything with it or not.
- Frames - Frames made their debut in 1996 in Netscape Navigator 2.0, the same browser that introduced JavaScript to the world. Iframes came soon after. Both types of frames allowed new pages in the frame while maintaining state information in JavaScript variables in the enclosing page. In either case, however, updating the content of a frame doesn't change the URL in the browser's location field. As a result, reloading or following a bookmarked page takes you back to square one, deleting all state information.
- JavaScript-only updates - More recent advances to the Document Object Model (DOM), in particular the innerHTML property, allow JavaScript to update any <div> element after the page is loaded. And since JavaScript can also perform all manner of RESTful calls, it's possible to make it appear that any or all of a page is changing, even though the page itself isn't actually reloading. As with frames, JavaScript variables can store state information, but also similar to frames, the URL the user sees doesn't change when your script interacts with the server.
- Signed scripts - What about simply writing arbitrary content to the user's hard drive? Browser publishers have been monkeying with this capability since signed scripts debuted in the 1990s. The problem with giving the browser write privileges, of course, is security. One flaw and hackers can easily take over your computer. Needless to say, this capability never took off, although plugins like Adobe Flash can allow the ability to write to the users' hard drive.
- DOM storage - Today we have DOM storage. Think cookies on steroids. Every modern browser can essentially store a JSON object that persists as the browser loads different pages. You have the option of maintaining such information for a browser session (you lose it when you quit the browser) or persisting it across browser sessions (where the browser writes the data to a file). This capability also enables developers to write browser apps that can function properly when the user is offline. The downside to DOM storage is that it only works in newer browsers - although Firefox, Internet Explorer, Chrome, and Safari all support it.
- URL query string - finally, let's discuss storing state information in the URL. Yes, there's a character limit - the HTTP spec recommends sticking to 255 characters or less, although most browsers and Web servers support much longer URLs. So, how much can you cram into 255 characters? More than you might expect, if you use a tool like RISON for compacting JSON to squeeze more of it into each URL. Don't like RISON? There are alternatives available or you can create your own approach. Even with such techniques, however, there is still a size limit, and all such information must make the round trip to server and back.
The ZapThink Take
Based on the discussion above, you should have no more concerns about storing application state on the client. There are always tradeoffs, but one of the scenarios above should handle virtually every application state issue you're likely to come up with. Feel free to transfer application state to the client and rest assured you're following REST.
That is, of course, if you really are following REST, which means that you're building a hypermedia application. And while POST, PUT, and DELETE update resource state for hypermedia applications, every representation from resource back to client updates client state. Even a GET, which never changes resource state, still changes the application state. In other words, clicking a link or submitting a form loads a new page. Of course REST behaves that way.
While this article focused more on maintaining state on the client, therefore, REST is more concerned with updating state on the client. The real point here is that we have the luxury of choosing to maintain the state information we require while running an application whose state is supposed to change. Either way, hypermedia are the engine of application state.
Image source: bloggyboulga
Jason Bloomberg is President of ZapThink, a Dovèl Technologies Company.
He is a thought leader in the areas of Enterprise Architecture, Service-Oriented Architecture, and Cloud Computing, and helps organizations around the world better leverage their IT resources to meet changing business needs. He is a frequent speaker, prolific writer, and pundit.
Mr. Bloomberg is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovèl Technologies in August 2011. His book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation.
Mr. Bloomberg has a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting). He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).
Cloud Expo Breaking News By Liz McMillan  With the right tools, file storage today can be in the cloud or on-premise, with seamless and secure access and publishing regardless of location. Novel, high-speed transport technologies that alleviate the bottlenecks and limitations of traditional data movement protocols are now intrinsically enabled for cloud object storage, such as Amazon Web Services S3 and Microsoft Windows Azure. Companies of all types and sizes can use the latest technology to ingest and distribute large media files to a... May. 18, 2013 10:45 AM EDT Reads: 1,165 | By Jeremy Geelan  Organizations across the world are increasingly starting to see the benefits of moving more and more services to the cloud. The focus on the cost-saving potential of cloud is rapidly shifting to completely transforming the business with cloud. As organizations are investing enormous sums on technology they are starting to realize that in order to maximize the return on investment and accelerate the business transformation process the first area of focus should be people. By ensuring the organiza... May. 18, 2013 10:45 AM EDT Reads: 1,240 | By Liz McMillan  Enterprise cloud adoption revolves around pushing the BYOD movement and focusing on data security.
In his session at the 12th International Cloud Expo, Ross Brouse, COO and President of Solar VPS, will cover how cloud adoption is driven by consumerism, humanity’s need to socialize, our addiction to new gadgets and the ability of data to stay secure in a growing collaborative world. The cloud is a drug and we’re just getting hooked.
Ross Brouse is the COO and President of Solar VPS. He is a tr... May. 18, 2013 10:00 AM EDT Reads: 1,006 | By Jeremy Geelan  New, "Super-Sized" 4-Day Cloud Computing Bootcamp is a brief introduction to cloud computing carefully created and devised to help you keep up with evolving trends like Big Data, PaaS, APIs, Mobile, Social and Data Analytics. Solutions built around these topics require a sound cloud computing infrastructure to be successful while assisting customers harvest real benefits from this transformational change that is happening in the IT ecosystem. May. 18, 2013 10:00 AM EDT Reads: 717 | By Jeremy Geelan  The world’s first vendor neutral marketplace for IaaS (Infrastructure as a Service) cloud computing is being built. This marketplace fills the current gap in the value chain by offering standardized products and by addressing the needs of providers and consumers of cloud computing resources. Zimory is the technical partner for the settlement process of this project.
In his session at 12th Cloud Expo | Cloud Expo New York [June 10-13, 2013], Zimory CEO Rüdiger Baumann session will introduce th... May. 18, 2013 10:00 AM EDT Reads: 3,189 | By Jeremy Geelan  Companies around the world are moving into on-premise private cloud environments. Many connect their private cloud to their public cloud service providers. In his session at 12th Cloud Expo | Cloud Expo New York [June 10-13], Brian Patrick Donaghy will talk about examples of what worked, what failed and why we should think about this evolution. May. 18, 2013 10:00 AM EDT Reads: 1,807 | By Jeremy Geelan  Enterprises can't close their doors just because integration tools won't cope with the volume of information that their systems produce. As each day goes by, their information will become larger and more complicated, and enterprises must constantly struggle to manage the integration of dozens (or hundreds) of systems.
Apache Hadoop has quickly become the technology of choice for enterprises that need to perform complex analysis of petabytes of data, but few are aware of its potential to hand... May. 18, 2013 09:00 AM EDT Reads: 3,318 | By Jeremy Geelan  Companies around the world are collecting massive amounts of data everyday that’s sitting around and not being utilized. Take for example the fact that companies collect demographic and location-based data via mobile devices all the time, but have to figure out how to monetize that data. In this session, Joyent CTO and founder Jason Hoffman will examine the state of Big Data, taking a look at what we're doing now to discussing what's on the horizon, as companies prepare and realign their busines... May. 18, 2013 08:00 AM EDT Reads: 965 | By Jeremy Geelan  Planning scalable environments isn't terribly difficult, but it does require a change of perspective. During this session we'll broaden our views to think on an Internet Scale by dissecting a video publishing application built with The SoftLayer Platform, Message Queuing, Object Storage, and Drupal. By examining a scalable modular application build that can handle unpredictable traffic, you'll be able to grow your development arsenal and pick up a few strategies to apply to your own projects. May. 18, 2013 06:00 AM EDT Reads: 2,205 | By Liz McMillan  Learn about the complex regulations surrounding HIPAA compliance and other considerations for running sensitive data in the Cloud.
In their session at the 12th International Cloud Expo, Ken Ziegler, CEO of Logicworks, and Frank Nydam, Director of Healthcare Solutions at VMware, will discuss the best practices for leveraging virtualization and cloud technologies without sacrificing security or compliance. Care providers, State and Federal entities, integrators and SaaS providers large and small... May. 18, 2013 06:00 AM EDT Reads: 1,895 |
|
|
|
|
|
|
A recent Gartner study states that the function of the modern CIO is in flux and that his or her future focus must incorporate digital assets (aka cloud-based data and applications) to remain relevant. Towards the goal of riding the sea change a compiler of stacks to a broker of business needs, secu...
New technologies allow schools, colleges and universities to analyze absolutely everything that happens. From student behavior, testing results, career development of students as well as educational needs based on changing societies. A lot of this data has already been stored and is used for statist...
I'd like to address a recent blog post in CloudTweaks titled, "Cloudera Not Cutting It With Big Data Security." The author makes a number of very salient and valid points about Hadoop security… or lack thereof.
Indeed the Apache Hadoop platform, which includes HDFS and MapReduce and other projects ...
In the coming years, big data will change the way organisations and societies are operated and managed. Big data however, is not the only trend that will impact significantly how organisations operate. Another major trend at the moment is gamification. Gamification will change the way organisations ...
We all talk about cloud differently, but is there a way we should be speaking about this tech?
Cloud computing is now a widely reported, if not accepted, IT movement that, depending on who you talk to, has changed or is changing the way businesses utilize infrastructure.
The age of data center automation is upon us. Whether it's cloud or SDN or devops in general, automation as a means to achieve efficiency and, one hopes, free up resources that can be then redirected to focus on innovation.
As is always the case when we begin to move further upwards, abstracting ...
Windows Azure Virtual Networks offers the power to open up several cross-premises use case scenarios, including Active Directory Disaster Recovery, SQL Database Replication, Windows Server 2012 DFS-R File Replication, Accelerated Cloud File Services with BranchCache, Hybrid Web Applications and MORE...
As the infrastructure cloud market (IaaS and PaaS) continues to grow rapidly, we are seeing quite a few customers who are delivering an application – whether it is a mission-critical or SaaS application – and basing their solution on VMware.
VMware Security Cloud Encryption cloud keyboard Cloud Enc...
Have you heard of products like IBM’s InfoSphere Streams, Tibco’s Event Processing product, or Oracle’s CEP product? All good examples of commercially available stream processing technologies which help you process events in real-time.
I’ve been asked what I consider as “Big Data” versus “Small Dat...
My fellow Technical Evangelists and I have authored a content series that steps through building your very own Private Cloud by leveraging Windows Server 2012, our FREE Hyper-V Server 2012, Windows Azure Infrastructure Services ( IaaS ) and System Center 2012 Service Pack 1.
Week-by-week, we walk ...
Subscribe to Cloud Computing Journal Email News Alerts
Subscribe via RSS
