Welcome!

Java IoT Authors: Carmen Gonzalez, Liz McMillan, Jyoti Bansal, Elizabeth White, Mano Marks

Related Topics: Microservices Expo, Java IoT

Microservices Expo: Article

The Right End of REST

REST is all about distributed hypermedia applications. They’re the point of REST.

One of our Licensed ZapThink Architects, Michael Poulin, struggled with our recent ZapFlash, Where is the SOA in REST-Based SOA? In a forum post, Poulin asked:

If we have a UI that works with the middle- and back-end resources, do we care if … REST or Web Services are used behind the UI? If [the] UI all of a sudden becomes the orchestrator on its own (which contradicts the essence of Service with interfaces where one of [them is the] UI), how [may the] UI journey/workflow … be attributed to the communication channels - REST calls - running behind it? What constitute[s] “A REST application” … and how [does it differ] from non-REST application[s], especially from the architecture perspective? Where [is] the Architecture and where [is] the architecture Implementation?

Poulin is not alone in his confusion. The topic of REST is a minefield: it seems that most people don't understand it, even when they write authoritatively on the subject. And the true authoritative source, Dr. Roy Fielding, speaks in the precise yet obscure prose of an academic, often sowing as much confusion as he does clarity. And yet, the answers lie in Fielding's explanations, even though studying them feels a bit like sitting at the feet of the Buddha, hoping for enlightenment.

Unraveling REST
Let's begin with Wikipedia, a source Fielding bemoans as being a poor substitute for truth. Be that as it may, it's an expedient starting point. Wikipedia defines REST as "a style of software architecture for distributed hypermedia systems such as the World Wide Web." I always thought this definition was rather silly: after all, how many distributed hypermedia systems can you think of other than the Web? But in fact, this definition leads us to the answers to both of Poulin's core questions: first, what constitutes a REST application, and second, where is the architecture and where is its implementation?

Of course, Fielding's precise definition of REST differs from the Wikipedia simplification. According to Fielding, "the Representational State Transfer (REST) style is an abstraction of the architectural elements within a distributed hypermedia system." And therein lies the key to Poulin's second question: REST is an abstraction.

Of course, abstractions are nothing new-they are the basic tool of any architect, and a topic ZapThink has spoken about numerous times. But most people don't quite grok just how abstract REST is. For example, do you think that REST is HTTP-specific? No, it's not. It deals with abstracted hypertext protocols, of which HTTP is the most familiar. Does REST call for uniform interfaces consisting of GET, POST, PUT, and DELETE operations? No again. Those are examples of uniform interface operations, but REST itself doesn't specify them, other than an abstracted GET operation. And of course, resources are abstractions of server capabilities or entities, not the capabilities or entities themselves, while representations are abstractions of media type instances, not the instances themselves. Even the terms "client" and "server" are abstractions: a REST client may actually run on a physical server, and a REST server may serve as a client. In fact, there's nothing "client/server" about REST.

So when Wikipedia uses the phrase "a style of software architecture for distributed hypermedia systems such as the World Wide Web," it's pointing out that REST applies constraints to abstracted distributed hypermedia systems, of which the Web is only the most familiar example.

Confused yet? You're not alone, and that's the point. Architects look at the level of abstraction behind REST and wonder, "how can this mess be useful?" while developers look at it and think, "OK whatever, let's build a RESTful API and go from there." At that point, the architects take off their architect hats and dive into the technical details alongside the coders. The result? A lot of noise and confusion, ostensible RESTful APIs that are not really RESTful at all, and the mistaken belief that you can comply with some of the REST architectural constraints but not all of them, and still be doing some kind of REST.

And that brings us to Poulin's first question: what is a REST application anyway?

REST Applications: More than Bricks & Mortar
A REST application is a distributed hypermedia application, of course - something you apply a distributed hypermedia system to in order to accomplish some goal. Easy to say, but deceptively difficult to understand, until you realize that REST is all about distributed hypermedia applications. They're the point of REST. If you think you're "doing" REST without the goal of building a distributed hypermedia application, you're missing the point of REST entirely.

Unfortunately, most people who are trying to do REST, simply put, are missing the point of REST entirely!

It's as though we're trying to build a brick building, so we hire an architect who comes up with plans for a brick building. But we look at the plans and we don't really understand them, but we know we want to build with bricks, so we spend all our time figuring out the best way to mix mortar. Once we've come up with really good mortar, we convince ourselves we know how to build the building, even though we still don't understand the plan.

That's the state of REST today. People look at REST's four architectural constraints, and say, hmm, I don't understand the fourth one - Hypermedia as the Engine of Application State (HATEOAS). But I think I can figure out the bits about resources and representations. What they're failing to realize is the hypermedia bit is the point of what they're doing, just as actually building the building according to plan is the point of the mortar.

The mortar-first approach to REST has been institutionalized in the form of the Richardson Maturity Model, which suggests that HATEOAS is at the highest level of maturity, and it's perfectly fine to start at the lower levels and work your way up. In other words, it's fine to start construction once you have good mortar; you'll figure out the plan eventually. Clearly, that's no way to build a house!

The Right End of REST
What is it about HATEOAS that's so difficult? State engines? Computer Science 101, puhleeze. Hypermedia? Not really that confusing, either. After all, hypertext is just a document with links in it to other documents, and by generalizing hypertext to the term hypermedia, we're simply allowing for media other than HTML documents and the like. After all, a video or sound file could have a link in it, right? So, where's the confusion?

The confusion lies in the second letter A - application. As in distributed hypermedia application. The point of REST, remember? The architectural starting point for any implementation that REST constraints are appropriate for is the design of the hypermedia application that meets the given business requirements. If you look at the business requirements, and your expertise as an architect tells you that a distributed hypermedia application isn't the right thing to build, then don't use REST.

On the other hand, a distributed hypermedia application might be just the ticket. The next question you should ask is: how dynamic should this application be? In other words, what agility does the business require? Put the analysis that provides the answer to that question in your Agility Model. Then let the Agility Model - not the Richardson Maturity Model - guide your design.

RESTful Agility Levels
To illustrate the agility levels for distributed hypermedia applications that should frame your Agility Model, let's work through some concrete examples. As you go through these levels, compare them to the Richardson model.

Level 1: Static hypermedia application, consisting of a set of static Web pages containing nothing but HTML, interconnected by links. Not particularly agile. Is it REST? Yes, but in a very simplistic way. Does it meet your requirements? Probably not. (Level 1 is good enough for our ZapFlashes, however, in case you hadn't noticed.)

Level 2: Hypermedia application consisting of static Web pages that contain HTML and client-side JavaScript (no funky Ajax or the like). Pages link to each other, and the links may be dynamic, based upon client-side logic in the JavaScript.

Level 3: Hypermedia application consisting of dynamic Web pages built on the fly on the Web server, using php or Java Server Pages or whatever server scripting environment floats your boat. Pages link to each other, but the links may be dynamic, based upon server-side logic.

Level 4: Hypermedia application consisting of a set of dynamic representations that conform to a variety of media types (HTML documents, XML documents, images, video, you name it), where those representations have links to other representations, and furthermore, the links may be dynamic, based upon client-side or server-side logic or both, as appropriate.

Once you have determined the agility requirements for your application, now you may think about how best to implement its components - the hyperlinked representations. Answering that question finally leads you to a consideration of the resources that generate those representations. But you don't start with the resources, you start with the hypermedia application. You finish with the resources.

The ZapThink Take
The examples in the agility levels above are just that: examples. Particular implementation decisions that may be appropriate for a given situation. The architecture, however, is the overall, best practice-driven approach for beginning with the business challenge and working through the levels of abstraction to come up with a working implementation at the end. As an architectural style, REST is simply a set of constraints on the architecture: one way of doing things that makes it easier to solve certain problems. The architect must decide whether REST or any other style is appropriate for the problem at hand, but if you choose REST, then you must begin with the distributed hypermedia application you wish to build.

Hopefully I've answered Poulin's questions (I'm sure he'll let us know if I haven't). But there's still a part of his post left to address. If you read to the end, you'll see he wonders what happened to ZapThink. Well, Michael, we're a part of a larger company now, to be sure, but I'm still here, and I continue to do my best to push the envelope of architectural understanding. That's why we continue to update our Licensed ZapThink Architect course, which is now at version 9, and includes expanded content on REST-Based SOA, as you might expect. We hope to see you in a future class - and if you're in the Washington DC area, please come to our ZapForum networking event on October 12th and meet the "new" ZapThink. RSVP to [email protected] if you'd like to join us!

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).

@ThingsExpo Stories
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
Discover top technologies and tools all under one roof at April 24–28, 2017, at the Westin San Diego in San Diego, CA. Explore the Mobile Dev + Test and IoT Dev + Test Expo and enjoy all of these unique opportunities: The latest solutions, technologies, and tools in mobile or IoT software development and testing. Meet one-on-one with representatives from some of today's most innovative organizations
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in Embedded and IoT solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 7-9, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and E...
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, introduced the technologies required for implementing these idea...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud enviro...
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now ...
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.