Service Oriented UIs Principals and Practice

About This Presentation

Title:

Service Oriented UIs Principals and Practice

Description:

Service Oriented UIs. Principals and Practice. Michael Barker - Valtech. What is... Client utilises a service-oriented back end. Conversational state is ... – PowerPoint PPT presentation

Number of Views:54

Avg rating:3.0/5.0

Slides: 25

Provided by: downloadM

Category:

more less

Transcript and Presenter's Notes

Title: Service Oriented UIs Principals and Practice

1
(No Transcript)
2
Service Oriented UIsPrincipals and
Practice Michael Barker - Valtech
3
Agenda

What is...
Service Orientation?
A Service Oriented UI?
Case Study
How does a SOUI affect...
API Design?
Security?
Performance and Scalability?
Automated Testing?
When is it appropriate?

4
What is Service Orientation?

Its a bit vague...
Vendor/platform agnostic interface to a system
Interface has a number of traits
Loose Coupling
Service Contract
Statelessness
Autonomy, Abstraction, Reusablility,
Composability, Discoverability...
Originally for integration

5
What is a Service Orientated UI (SOUI)?

Characterised by
Client utilises a service-oriented back end.
Conversational state is managed on the client.
Client deployment is lightweight (e.g. in a
browser).
Driven by a requirement for rich UI behaviour
Term coined in InfoQ Article
A.k.a. SOFEA
Service Oriented Front End Architecture

6
What is a Service Oriented UI?
7
What is a Service Oriented UI?
8
SOUI Technologies

Silverlight
Flash (Flex)?
Google Web Toolkit
AJAX not necessarily
Java Applets (JavaFX)?

9
Advantages

Clear separation of UI code and data
Clear separation of client and server code
Richer UI behaviour
Potential sharing of thin/thick client code

10
Disadvantages

Higher requirements on connecting clients
Javascript enabled, plug-ins installed, etc.
Stateless services may require more thought
during design
Security
Performance
Replication of logic on client and server

11
Alternatives

Model-View-Controller
ASP.net MVC
JSF
Ruby on Rails
and all the rest...
Model-View-Presenter
Hack it into one big PHP/JSP/ASP page
All generally execute logic on the server

12
Case Study

A large government project to replace a series of
green screen applications (Oracle Forms 1.0)?
Strict set of non-functional requirements
Web-based (ease of deployment)?
Rich behaviour (no browser refresh for
validation, etc.)?
No Java, Flash or Active-X
Solution JavaScript XmlHttpRequest.
Late 2003 AJAX term coined in 2005.

13
Service API Design

Stateless services to support a UI can differ for
stateless services for integration
Often single shot (re-authenticate every
request)?
UIs are chattier
Minimise state (use of HTTP session)?
Use HTTP sessions for non-functional aspects

14
Security Authentication

Resubmit credentials with each request
Need SSL
Cookies
Not stateless, requires replication
Message Authentication Codes
Requires some low level library access

15
Security Message Authentication Codes

C Submit credentials
S Authenticate client
S Create and return session key
One-way hash user name, date, server secret
C Submit data, user name and MAC
One-way hash data, user name, session key
S Regenerates MAC and compares to supplied

16
Security Authorisation Gotchas
17
Security Authorisation Gotchas
public interface MailService ListltFoldergt
GetFolders(string mailboxName)
ListltSummarygt GetSummaries(string folderId)
Message GetMessage(string messageId)
18
Security Authorisation Gotchas
public interface MailService ListltFoldergt
GetFolders(string mailboxName)
ListltSummarygt GetSummary(string mailboxName,
string path)
Message GetMessage (string mailboxName,
string path,
int messageIndex)
19
Security Authorisation Gotchas

Authorisation is simplified when accessing
through an administrable object
Pure access by key can lead to leaking of
concepts across tiers (broken encapsulation)?

20
Performance Scalability