My goodness, thereâs certainly a lot of REST talk these days. Iâm partly responsible; Paul Krill and I had a long talk at OSCON and he chose to pull out my dissing WS-* for his title: Sun technologist: SOAP stack a âfailureâ. This led to an incredibly long discussion thread on Yahoo Groupsâ (irritatingly-named) âservice-orientated-architectureâ forum. Damien Katz was another provocateur, firing off REST, I just don't get it and âThe web is built on REST. Therefore REST is goodâ Bullshit. This provoked Dare Obsanjo to a burst of restrained pedagogy in Explaining REST to Damien Katz. Let me stir this pot with a few questions, some vaguely heretical in flavor.
Has REST Been Fortunate in its Enemies?
I have been among the most vocal of those sneering at WS-*, and Iâm comfortable with what Iâve said. But that doesnât prove that the core WS-* ideas are wrong. Here are some of the handicaps WS-* struggled under:
Lousy foundational technologies (XSD and WSDL).
A Microsoft/IBM-driven process that was cripplingly product-linked and political.
Designers undereducated in the realities of the Web as it is.
Unnecessary detours into Architecture Astronautics.
As a result, we should be really careful about drawing lessons from the failure of WS-*. Specifically:
Just because the XSD type system is malformed, you canât conclude that the notion of schema-driven mapping between program data types and representation payloads is harmful.
Just because WSDL is a crock, you canât conclude that exposing a machine-readable contract for a service is a necessarily bad idea.
Just because UDDI never took off, you canât conclude that service registries are dumb.
Just because SOAP has a damaging MustUnderstand facility and grew a lot of ancillary specification hair, you canât conclude that some sort of re-usable payload wrapper is necessarily a dead-end path.
Just because the WS-* security specifications are overengineered and based on a shaky canonicalization spec, you canât conclude that message-level security and signing arenât sometimes real important.
And so on. I personally tend to think that schema-driven mapping is hopeless, contracts are interesting, registries are a fantasy, and payload wrappers are very promising. But I donât think that the history of WS-* is a very good argument for any of those positions.
Is Getting HTTP Right Good Enough?
REST, say its aficionados, is more than just HTTP. And thatâs true in theory. But in practice, there are a whole lot of benefits to just getting HTTP right. Suppose just hypothetically that your app violated a bunch of REST precepts, say by making heavy use of cookies and never embedding hyperlinks in what it sent. But suppose also that it was a really good HTTP citizen; getting the caching right, not misusing POST, and taking advantage of idempotency where possible. Well, you know, it might be a pretty good app, and scale startlingly well.
The reason that this scenario feels a little strained is that whoâve come to understand HTTP have usually picked up some of the rest of the REST canon along the way, and put it to use.
That granted, I think the benefits from getting HTTP right are really really big; enough that theyâre worth pursuing even if you donât care to join any four-letter religions. And if youâre trying to explain to management why youâre working on sweating the HTTP details, just tell âem youâre doing REST and youâve got buzzword cover.
What Does âHypermedia as the Engine of Application Stateâ Mean, Really?
Iâll be honest: Iâm not sure. On the other hand, one of the great advantages of being resource-centric, as in giving everything you care about a URI, is that whatever kind of messages youâre shipping around the network, URIs are easy to pack into them. And experience to date suggests that doing this leads to good results.
Is Statelessness Required?
Itâs really easy to understand why, in an ideal-world network application, if none of the client implementations contain state, the scalability payoff can be huge. In the perfect REST world, state lives in resources, resource identifiers, and the representations you pump around the net.
Well, yeah, but in this world, thatâs hard. For example, one of the places state shouldnât live is in cookies jammed down clientsâ throats. It says so right here in Royâs thesis.
But damn, theyâre useful. My intuition is that the architectural flaws are small enough, and the convenience-function benefits large enough, that theyâre with us for the long haul.
And I think thereâs a lesson here: that statelessness, like many other good things (Buddha-nature, purely descriptive markup) is an Aristotelian virtue; unattainable in an absolute sense, but rewarded to the extent you can practice it.
Is Being Message-Centric Good Enough?
The Web is attractive and thought-provoking because it succeeded in scaling to meet the needs of a global heterogeneous network where many had failed before, most notably CORBA and DCOM. The most obvious differentiator is that those other network programming frameworks tried to extend the notions of API and Object Model across the network. The Web doesnât do APIs or Object Models; itâs just a set of protocols, agreements regarding the exchange of short series of messages, and what has to be in those messages.
My single most deeply-held conviction about network computing is that attempts to abstract away the underlying message traffic are in the long run doomed. So hmmm, maybe is it not only good enough to do HTTP right, maybe all you need is to face up to the fact that itâs all about message interchange, and proceed from there (of course, youâll probably end up inventing something essentially like HTTP).
Are PUT and DELETE Essential?
During the design of AtomPub, a few people, including me, worried out loud about the use of PUT and DELETE in the protocol, simply because those functions arenât supported in browsers, hence also not in servers, and are not available at all to programmers on the dumber class of mobile devices.
We were shouted down by the purists, who said that PUT and DELETE are essential features of the architecture. And they had good arguments, especially around idempotency and ETags for safe concurrent update. But you know, unlike most other REST conversations, those are arguments from theory not practice. Iâm pretty convinced that AtomPub would work about as well if you overloaded the U and D in CRUD on POST, carefully and respectfully.
Having said that, Iâm beginning to believe that the theoretical benefits of PUT will work out pretty well in practice, and Iâm glad that AtomPub now gives PUT something useful to do.
Is âDo Like the Webâ a Good Argument?
A common argument from REST proponents is âThe Web works pretty well, so shouldnât you be taking Web Architecture seriously as you go about your engineering?â For a recent example, see my comment on Damien Katzâs piece linked above.
While Damien is unconvinced, I think itâs actually a pretty good argument. Iâve never talked to Roy about this, but my perception is that REST was reverse-engineered from his understanding of what makes the Web work, based on having been there when some of the most important pieces were being built. And judging by my experience of getting Web stuff to work, Royâs understanding is pretty much on the mark.
Anyhow, all the other strong REST arguments are theoretical. Thereâs a lot to like, on engineering-aesthetics grounds, about decentralized flat identifier namespaces, about the notion of Resource and Representation, about statelessness, about hypermedia, and so on. But all my favorite engineers are most impressed by arguments from practice not theory: âSee, like that.â
Where Are the Tools?
Iâm on record as thinking thereâs not much out there. Let me be specific on what I mean by tooling: facilities for use by programmers that do away with redundancies and irritants and boilerplate; that let you do things faster and better.
Once you get past ActiveResource, Restlet, and Jersey, Iâm not aware of much (but I bet thereâll be some shout-outs in the comments). Seems like an opportunity to me because, you know, REST really actually truly works, as religions go itâs a very practical one.
