UWS as a REST protocol

Guy Rixon gtr at ast.cam.ac.uk
Mon Feb 26 08:54:32 PST 2007 

Hi Matthew,

I can't see how to do message-level security for HTTP-delete; there's nothing
to sign or encrypt other than the transport details. In general, I think we
are OK for TLS; but I want to see it working with proxy certificates.

Cheers,
Guy

On Mon, 26 Feb 2007, Matthew Graham wrote:

> Hi Guy,
>
> I think that this looks very promising and is line with similar thoughts
> that I have had about a RESTful interface for VOSpace - I've started
> writing these up and will hopefully have time to finish this some time
> soon.
>
> One general comment I have is that if we are going to do REST then let's
> do it properly and make proper use of the full HTTP verbs: GET, PUT,
> POST and DELETE. These are fully supported under HTTP v1.1 and any
> programming language worth its salt can handle them. The issue as you
> note is browser support but rich web clients will be based on JavaScript
> or Ruby or something similar which can also handle these.
>
> My other concern is security. With SOAP-based web services we have
> WS-Security to make us feel comfortable that we are safe; with REST, the
> only real "security standard" is HTTPS - are we happy that this is
> sufficient? I'm unhappy about relying on transport-level security but
> the only alternative is that we invent some message-level security
> mechanism of our own for IVOA REST services: note that the Amazon S3
> service does not regard HTTPS as sufficient and has its own
> message-level security.
>
>     Cheers,
>
>     Matthew
>
> Guy Rixon wrote:
> > Hi,
> >
> > there has been a lot of debate recently in the industry about SOAP vs. REST as
> > the basis of web services.  I've written an IVOA Note on how UWS might be
> > presented as a REST service: please see
> >
> > http://www.ivoa.net/Documents/latest/UWS-REST.html
> >
> > Based on the worked examples in the note, and on a prototype I'm working on,
> > the chances for making a good, RESTful UWS are high. I reckon it would be more
> > useful - simpler, easier, more-generally applicable - than a SOAP-based
> > protocol. In particular, I like the idea of adding UWS options to protocols
> > like SIAP and TAP without lathering them up.
> >
> > My personal preference is to work, from here on, just on the RESTful form of
> > UWS and to abandon the SOAP version. Since, AFAIK, I'm the only one who has
> > writen any SOAP UWS code I think this should be OK. Please let me know your
> > views.
> >
> > Cheers,
> > Guy
> >
> > Guy Rixon 				        gtr at ast.cam.ac.uk
> > Institute of Astronomy   	                Tel: +44-1223-337542
> > Madingley Road, Cambridge, UK, CB3 0HA		Fax: +44-1223-337523
> >
> >
>

Guy Rixon 				        gtr at ast.cam.ac.uk
Institute of Astronomy   	                Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA		Fax: +44-1223-337523

More information about the grid mailing list