[Pki-devel] Proposed RESTful interface to dogtag
Adam Young
ayoung at redhat.com
Tue Oct 18 00:43:30 UTC 2011
On 10/17/2011 08:35 PM, Adam Young wrote:
> On 10/17/2011 08:10 PM, Jack Magne wrote:
>> On 10/17/2011 01:18 PM, Ade Lee wrote:
>>> Hi all,
>>>
>>> I tried to put this on the dogtag wiki, but it did not seem to work.
>>> Will chat with Matt.
>>>
>>> In the meantime, here is a copy for you guys to look at and comment on.
>>> It has most everything except the installation servlets and token
>>> operations (for which I need to think about the object model). If you
>>> look at the mapped servlets, you'll get a sense of what operations are
>>> covered in each URL mapping.
>>>
>>> This is a first cut -- hopefully a good starting point for discussion.
>>> So please comment away!
>>>
>>> Ade
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>>
>> Thanks Ade. Just a few questions after having a look.
>>
>> 1. I noticed we have the following key related resources:
>>
>>
>> PUT /pki/key "Add a key"
>>
>> POST /pki/key "Modify a key"
>>
>> In my quick readings, it appeared that the POST method was favored
>> for creating brand new resources where PUT was used to modify
>> existing ones?
> I think you have it backwards. PUT is the normal way for creating
> things. The POST operation is very generic and no specific meaning can
> be attached to it. In general, use POST when only a subset of a
> resource needs to be modified and it cannot be accessed as its own
> resource; or when the equivalent of a method call must be exposed.
>
> http://developer.mindtouch.com/REST/REST_for_the_Rest_of_Us says this
> about POST:
>
> " usually either create a new one, or replace the existing one with
> this copy, where as POST is kinds of a catch all. "
>
> We could possibly use PUT for both add and modify if we wanted.
>
>
> I tend to favor making objects immutable, and to replacing whole
> objects when possible. However, I know that is not always possible,
> especially when working with a pre-existing API. So I'd say lets try
> to stick to PUT semantics where possible, but deliberately use POST
> when we are making finer grain API calls.
And...now I am going to contradict that. I see that the general wisom
is to use POST if you want the server to create the unique ID for you,
and PUT if you know it a-priori....so we will probably be using POST for
things like Cert creation where the Serial number comes from the server.
>
>>
>> I also noticed that you have two GET versions of "pki/key". Is that
>> kind of duplication encouraged? Or is that really just the same api
>> entity with different input payloads?
>>
>> 2. You suggested I take a look at some of the TKS TokenServlet stuff.
>> I noticed that we have a simple short list of servlets that appear to
>> return very short lived resources. Examples being, session keys ,
>> encrypted data , and a block of randomly generated data.
>>
>> I would imagine it would be a POST op like something as follows:
>>
>> POST /pki/tks/sessionKey , which would return a link to the key
>> itself? But does it make sense to have a "resource" for something so
>> short lived, or does this concept even belong in such a design?
>
> In general, REST works best if the service is stateless. Session
> based information should be minimized if possible.
>
>
>>
>> 3. I was just curious about the Java back-end for this design. Will
>> we be using the JAX-RS stuff that provides annotations in the java
>> code in order to hook all of this up?
>
> I am not a fan of annotations. Under other circumstances, I might be
> prone to say "well, that is the way of the world" and go with JAX-RS,
> but since we don not yet have a set of Entity objects that would drive
> the JAX-RS, I am more prone to look at other alternatives. THere are
> good libraries for serializing to JSON or XML that should be
> sufficient for our needs, and that will keep us from having to make
> our API conform to JAX-RS. So my inclination is to say no to JAX-RS
> to start.
>
>>
>> thanks,
>> jack
>
>
> Ade's document has founds its way into the wiki world:
>
> http://pki.fedoraproject.org/wiki/Dogtag_Future_Directions
>
>
> I might have made some Wiki errors in translation. If this
> contradicts Ade's spreadsheet, assume the spreadsheet is Canonical.
>
>
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20111017/9f2c340b/attachment.htm>
More information about the Pki-devel
mailing list