UWS as a REST protocol

Matthew Graham mjg at cacr.caltech.edu
Mon Feb 26 09:35:49 PST 2007 

Hi,

That's a good point and delete is probably one of the operations where 
you really do want some degree of security. I have used TLS with NVO 
proxy certificates with no problem - although I think this was just a 
programmatic client and not a browser.

    Cheers,

    Matthew

Guy Rixon wrote:
> Hi Matthew,
>
> I can't see how to do message-level security for HTTP-delete; there's nothing
> to sign or encrypt other than the transport details. In general, I think we
> are OK for TLS; but I want to see it working with proxy certificates.
>
> Cheers,
> Guy
>
> On Mon, 26 Feb 2007, Matthew Graham wrote:
>
>   
>> Hi Guy,
>>
>> I think that this looks very promising and is line with similar thoughts
>> that I have had about a RESTful interface for VOSpace - I've started
>> writing these up and will hopefully have time to finish this some time
>> soon.
>>
>> One general comment I have is that if we are going to do REST then let's
>> do it properly and make proper use of the full HTTP verbs: GET, PUT,
>> POST and DELETE. These are fully supported under HTTP v1.1 and any
>> programming language worth its salt can handle them. The issue as you
>> note is browser support but rich web clients will be based on JavaScript
>> or Ruby or something similar which can also handle these.
>>
>> My other concern is security. With SOAP-based web services we have
>> WS-Security to make us feel comfortable that we are safe; with REST, the
>> only real "security standard" is HTTPS - are we happy that this is
>> sufficient? I'm unhappy about relying on transport-level security but
>> the only alternative is that we invent some message-level security
>> mechanism of our own for IVOA REST services: note that the Amazon S3
>> service does not regard HTTPS as sufficient and has its own
>> message-level security.
>>
>>     Cheers,
>>
>>     Matthew
>>
>> Guy Rixon wrote:
>>     
>>> Hi,
>>>
>>> there has been a lot of debate recently in the industry about SOAP vs. REST as
>>> the basis of web services.  I've written an IVOA Note on how UWS might be
>>> presented as a REST service: please see
>>>
>>> http://www.ivoa.net/Documents/latest/UWS-REST.html
>>>
>>> Based on the worked examples in the note, and on a prototype I'm working on,
>>> the chances for making a good, RESTful UWS are high. I reckon it would be more
>>> useful - simpler, easier, more-generally applicable - than a SOAP-based
>>> protocol. In particular, I like the idea of adding UWS options to protocols
>>> like SIAP and TAP without lathering them up.
>>>
>>> My personal preference is to work, from here on, just on the RESTful form of
>>> UWS and to abandon the SOAP version. Since, AFAIK, I'm the only one who has
>>> writen any SOAP UWS code I think this should be OK. Please let me know your
>>> views.
>>>
>>> Cheers,
>>> Guy
>>>
>>> Guy Rixon 				        gtr at ast.cam.ac.uk
>>> Institute of Astronomy   	                Tel: +44-1223-337542
>>> Madingley Road, Cambridge, UK, CB3 0HA		Fax: +44-1223-337523
>>>
>>>
>>>       
>
> Guy Rixon 				        gtr at ast.cam.ac.uk
> Institute of Astronomy   	                Tel: +44-1223-337542
> Madingley Road, Cambridge, UK, CB3 0HA		Fax: +44-1223-337523
>
>

More information about the grid mailing list