REST at work REST the best A real sleeper REST vs. SOAP

Is Web services development too complicated? A small but influential group of Web developers thinks so. These developers advocate a new approach - one they say is simpler than the World Wide Web Consortium's Simple Object Access Protocol-based model favored by application development tool makers such as BEA Systems, IBM and Microsoft. This new architectural approach, called Representational State Transfer (REST), also results in more scalable code, they say.

Among the more noteworthy REST backers are Roy Fielding, chair of the Apache Foundation; and Sam Ruby, a senior developer and Web services guru at IBM (although IBM itself does not support REST). And developers at Web powerhouses Amazon and Google have experimented with REST to create interfaces to their popular Web services. Recently Thomson Publishing Asia Pacific used REST to create a Web-based typesetting service for its legal publishing group in Sydney, Australia.

REST at work

REST relies on a single application protocol (HTTP), universal resource indicators (URI) and standardized data formats, through XML. It employs established HTTP methods such as GET and POST to direct applications. So instead of creating a standard, machine-readable way for applications to discover and use application components on remote systems - the way SOAP is being used for Web services - REST developers use URIs to create a common ground so applications can use HTTP and XML to share data. REST developers use XML documents rather than application-method calls to tell distributed programs how to use each other's data.

REST proponents say that using the SOAP protocol to access the functions of remote programs directly is doomed to suffer from the same type of interoperability problems that hobbled previous distributed computing architectures such as DCOM and Common Object Request Broker Architecture.

Security problems also will plaque SOAP, says Mark Baker, an independent Web architecture consultant and one of the maintainers of a REST resource site for developers. Because firewalls do not understand the meaning of SOAP-based Web services messages, they will never let those messages pass, he says.

REST messages don't have this problem, Baker says, because they only use operations specified in the HTTP standard - operations that are well-understood by firewall applications and administrators. (Vendors, of course, are addressing the SOAP issue by developing Web services security standards and products, just as they developed firewalls and security standards for HTTP.)

Whitepapers

• Selecting Effective Virtual Directories
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users
• IT Departments on Data Security: A Research Concepts Survey
• Laptop Security Tool Helps Allina Hospitals Track 97% of IT Assets

View more SOFTWARE whitepapers

Webcasts

• Managing the End User Experience-A Real World Example of Success
• Lowering the Cost of Email Archives
• Google Webcast: Why archive email? Top challenges and best practices
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SOFTWARE webcasts

Special Reports

• Application Performance Management Executive Guide
• Executive Guide: Building a Service Oriented Architecture
• IT Buyers Guide To: Collaboration

View more SOFTWARE special reports