REST (Representational State Transfer – difficult to remember, let’s just call it REST) is one of those things – you never heard of it until a month ago and suddenly it’s everywhere you look.
I’ve been working with web services for a little while now. SOAP seems to be the industry standard, though you hear mentions of XML-RPC.
REST is different. The seminal work for REST is not, strangely, a W3C or IETF document – it’s a dissertation for a PhD in philosophy (philosophy in information and computer science, granted).
All sources insist heavily on the fact that it’s not a set standard, but rather, well, a grouping of ground rules/architectural style:
- XML
- but no RPC (Remote Procedure Calling your objects)
- HTTP (GET/POST/DELETE/PUT for write Read/Update/Delete/Update) is enough, you don’t need an extra layer of protocol, like SOAP – the response contains HTTP status codes
- each ‘resource’ (as i understand it’s the entity you query – not clearly defined) has its own URI
Here’s the REST wiki. REST and Rails are often heard together, and since i’m dabbling in Rails more and more, i might give it a shot.
The simplicity of the ‘architectural style’ is attractive – but i need to read more because some bits are still missing.
What about security ? Is this really going to work for any situation ? Will it make it to a standard ? The SOA ideal is to have something that any application/technology can integrate, so acceptance all over is necessary.
The acronym is certainly nice – and also liable to generate a lot of semi-funny geek puns. I’ll refrain from ending with one.
I don’t really like SOAP. Too much fluff. And although most services offer an XML interface, some also offer a Json interface, which is much more concise and easier to use in most languages.
Regarding REST security: how about SSL? That’s the way popular services with a REST API do it. Del.icio.us for example. Or you send the credentials using simple HTTP-based authentication.
Regarding integration: maybe it’ll take some more time to integrate REST services since they all use a different way of approaching the services (different XML schema for example), but like I said: I prefer REST over SOAP.
SSL is limited security – it all depends of the hashing and encryption algorithm that are used.
For authentication of client, you need two-way SSL, so not that straightforward.
That being said, I don’t know much about REST, so i’ll definitely read up on it.
mooie site btw