Modeling RESTful Data Services Mike Flasko Program Manager

Modeling RESTful Data Services Mike Flasko Program Manager Microsoft DTL 327

Agenda Scenarios for Data Services “RESTfulness” Modeling Data Services Structure Security Behavior Caching Versioning What’s Next…

Scenarios for Data Services Data in RIA’s Online Services DLL + XAML Data (XML, etc) • Loosely coupled clients and • Client-server designed and Resource-centric: Get. Customers(), Get. Orders(customer. ID) servers deployed together OR • Easy access Authenticate(…) • Operation-centric: Easy deployment • Functionality surfaces in user interface • State, functionality through service interface

REST-ish Service Interfaces RESTful • State and functionality in terms of resources • Expose uniform interface • Follows REST constraints • Client-server • Stateless • Layered • Cacheable Web Friendly • Not necessarily RESTful • Heavy use of URLs • Not just for addressing • GET/POST simple XML/JSON documents • Low barrier of entry

Creating a Resource-centric Service Interface Service Structure

Service Structure Flexible interface! = database interface Model as appropriate for a service interface Application-level concepts Latency, payload size considerations Optimize for caching Consider optimistic concurrency requirements Server-side schema versus service schema Access rights control service level schema Maintain full model for server-side code

Who can access the service? Authentication

Authentication Consider your target scenario AJAX/Silverlight applications “Forms” authentication works well Login in HTML forms or within Silverlight Wide-open RESTful service interface Standard schemes much more important Basic + SSL is often “good enough” Live. ID for account reuse “Integrated” is great for Intranets

Who can do what with the service? Access Control

Access Control Use query and change interceptors Policies apply regardless of access path Query path is composition-based, highly efficient Role-based access control For actions Row-level security For entities

Behaviors in a resource-centric interface? State-based Behavior

Behavior on State Transitions Actions are modeled as state transitions Process. Sales. Order() Order. Status=“Ready” Change interceptors to detect transitions Perform secondary side-effects Kick-off workflows, etc. Methods are available if you need them Methods exposed as “service operations” Use the “CRUD litmus test”

Make Use of Widespread Infrastructure Using Caching

Utilizing Cache Infrastructure ETags for more than concurrency checks Use conditional requests Be careful with… Vary header Expiration policy Authentication affects cache policy Ensure client & server cache policies are set

Service Versioning Protocol and Schema Versioning

Versioning “Protocol” versioning Addressing, Serialization, Interaction model Data services includes versioning support “in the box” Service Schema Versioning Allow missing elements Preserve unknown elements With significant change, version the endpoint

Service Schema Versioning Schema Changes Impact on Existing Clients Add required members An exception is thrown for missing values. Remove non-required members Data lost at the service (exception thrown) Modify existing member data types If types are compatible no exception, but may receive unexpected results Add non-required members Client unaffected (missing values are set to defaults)

What's next… Short and Long Term Plans

ADO. NET Data Services v 1. 5 Focused on service capabilities Row count – everybody asked for this : ) Feed customization BLOBs with streaming interface for media Data-binding for the. NET & Silverlight Server-driven paging “Fancy” providers with full flexibility Installs without overwriting 1. 0 runtime CTP 1 available now, RTM around this fall

Summary You can build fully functional RESTful services with ADO. NET Data Services Behaviors, access control, etc. can be modeled using a resource-centric interface We are extending data services to provide more base functionality

Related Content Breakout Sessions • DAT 308 Design Patterns for Application Architecture with the ADO. NET Entity Framework • DTL 401 Applied Entity Framework • DTL 312 The ADO. NET Entity Framework: Tips and Tricks • And more…

DTL Track Resources Visit the DPR TLC for a chance to win a copy of Visual Studio Team Suite. Daily drawing occurs every day in the TLC at 4: 15 pm. Stop by for a raffle ticket. http: //www. microsoft. com/visualstudio/en-us/products/teamsystem/default. mspx Please visit us in the TLC blue area

Resources www. microsoft. com/teched www. microsoft. com/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http: //microsoft. com/technet http: //microsoft. com/msdn Resources for IT Professionals Resources for Developers www. microsoft. com/learning Microsoft Certification and Training Resources

Complete an evaluation on Comm. Net and enter to win!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.