Web services in a Web company Hugo Haas & Mark Nottingham W3C - - PowerPoint PPT Presentation

web services in a web company
SMART_READER_LITE
LIVE PREVIEW

Web services in a Web company Hugo Haas & Mark Nottingham W3C - - PowerPoint PPT Presentation

Jan 13, 2023 450 likes •671 views

Web services in a Web company Hugo Haas & Mark Nottingham W3C Workshop on Web Services for Enterprise Computing February 28, 2007 1 Yahoo! Web company Various platforms & tools: C/C++, PHP, Perl, some Java

slide-1
SLIDE 1

1

Web services in a Web company

Hugo Haas & Mark Nottingham

W3C Workshop on Web Services for Enterprise Computing February 28, 2007

slide-2
SLIDE 2

2

Yahoo!

  • Web company
  • Various platforms & tools:

– C/C++, PHP, Perl, some Java – Open-source

  • Several POVs about services
slide-3
SLIDE 3

3

Web services flavors

  • Anything which exposes an API
  • Several flavors:

– HTTP-based (I.e. not SOAP) – SOAP-based

  • Each have their advantages and

issues

slide-4
SLIDE 4

4

SOAP-based Web services

slide-5
SLIDE 5

5

Advertiser Web Services

slide-6
SLIDE 6

6

Yahoo! Mail: 2B+ SOAP messages / week

slide-7
SLIDE 7

7

What pushes people towards SOAP

  • Mainly: code generation
  • Who our customers are
  • Other reasons: historical, etc.
slide-8
SLIDE 8

8

Issues with SOAP

  • Interoperability: when the code

generation dream becomes a nightmare

  • WS-* support poor; typically, not used

at Y!

  • Complexity
slide-9
SLIDE 9

9

HTTP-based services

slide-10
SLIDE 10

10

Most of our external services

slide-11
SLIDE 11

11

Why?

  • Developers familiar with the Web
  • No special tool or library needed
  • Audience:

– Web developers doing PHP, Python, JavaScript, etc.

slide-12
SLIDE 12

12

Description and code generation

  • People want to write code fast
  • Big draw towards SOAP
  • However: beware of interoperability

issues

  • Description language:

– Documentation – Code generation

slide-13
SLIDE 13

13

Authentication headache

Web application Cache Service 1 Service 2 Partner Yahoo!

  • 1. User
  • 2. Partner
  • 3. Application
  • 4. Cache
  • 5. Service 1
slide-14
SLIDE 14

14

Limitations of existing HTTP authentication schemes

  • Limitation of the number of entities

identifiable

  • Cross-host in a domain
  • Basic auth:

– Poor security

  • Digest auth:

– Not widespread implementation – Chatty

  • Not to mention browser-side issues
slide-15
SLIDE 15

15

Real world work-arounds

  • Cookies
  • In-URL credentials
  • Custom authentication schemes
  • Custom headers
  • Main challenges:

– Tool support – Caching

slide-16
SLIDE 16

16

Major issue

  • Some requirements

– Support for multiple credentials – Support for both browser & tools – Cross-host – Support for custom login interface

  • SOAP not much better: WS-Security

not widespread

slide-17
SLIDE 17

17

Suggestions

slide-18
SLIDE 18

18

SOAP-based services

  • Stop doing more extensions!
  • Make the basic stuff work in an

interoperable way first

  • XML Databinding: saddened by lack of

vendor recognition of the issue

  • WSDL 2.0
  • Focus on interoperability
slide-19
SLIDE 19

19

HTTP-based services

  • Tools
  • Recognize the use of cookies for

authentication

  • Interest in HTTP auth in various places

(e.g. IETF)

– Put down requirements – Work with the community at large

slide-20
SLIDE 20

20