Tag Archives: Web 2.0

Using URI Templates on XML Security Gateways

Earlier this fall, Anil John put out the following Twitter challenge:

“@Vordel, @layer7, @IBM_DataPower If you support REST, implement support for URI templates in XML Security Gateways”

Somebody brought Anil’s tweet to our attention this week, and Jay Thorne, who leads our tactical group, put together a nice example of just how to do this using SecureSpan Gateways.

URI templates are a simple idea to formalize variable expansion inside URI prototypes. A receiving system can then trivially parse out substituted components of the URI and use these as input. There’s an IETF submission here that describes the approach. It turns out that it was co-authored by my old friend and ex-IBM colleague Dave Orchard. Another co-author is Mark Nottingham, who I worked with at the WS-I. I guess I should have looked into this earlier. Sorry guys.

Here’s a real example of how URI templates work. Let’s begin with the template:

http://somesite/Template/{Noun}/{Verb}/{Object}

The braces represent variables for run time substitution. Suppose these variables equaled:

Noun=Dog
Verb=bites
Object=man

The result of the substitution would then be:

http://somesite/Template/Dog/bites/man

Which is pretty easy to parse up and process by a web application residing at http://somesite/Template

URI templates are also very easy to process on a SecureSpan Gateway. Here’s a policy that demonstrates how to access the variables in the URI. Basically, all this policy does is parse up the URI, audit the results, and echo the content back to the sender:

I’ll bind this policy to a particular URI range on my SecureSpan gateway virtual instance. This happens to be running with an HTTP listener on port 8080 on my Macbook Pro:

Now let’s walk through the policy in detail. The first assertion uses a regular expression to parse the URI.:

It places the content of the expansion variables Noun, Verb, Object into Vars[1] , Vars[2] and Vars[3] respectively. The next two assertions in the policy simply audit the resulting variables into the SSG audit subsystem; this can sink to cluster storage, or go off box. Finally, the policy populates a template XML document with the contents of the variables and echos this back to the original sender:

When I fire up my browser and hit the REST service http://scottssg:8080/Template/Dog/bites/man I get:

Obviously in a real policy, you would do something more interesting than just echoing parameters, such as route the message to a particular internal host based on template content. And you can certainly compose outgoing URIs using existing variable substitution capability in SecureSpan. The take away is this is very simple to implement, and I think that it highlights that here at Layer 7, we think that supporting RESTful services is just as important as supporting SOAP.

Avoiding the Toll Road into the Cloud

I have a new article I co-wrote with Andrew Finall and Jay Thorne now published on GigaOm. It’s about leased lines to the cloud, an especially timely topic given yesterday’s announcement from Amazon about its Virtual Private Cloud service (more on this in an upcoming post).

eBizQ Forum Question: Are Web Services Protocols Such as SOAP and REST and AJAX Effective for Building SOA Off of Mainframe, Large Systems or Legacy Environments?

Joe McKendrick poses this interesting question on the eBizQ forum. The question of when to use MOM, SOAP, REST is one that I’m really interested in.

On Twitter, Social Media, and Privacy

The greatest threat to our own privacy remains ourselves. CNET reports that a twitter user believes that his home was robbed because he tweeted about being on vacation. Couldn’t see that one coming…

This is a huge problem with social media. So much of it is a thinly veiled conceit, and few think about how this information could be used against them. Sometimes the exploits can be quite subtle. The article on CNET makes some really good points about determining someone’s location through geotagged flickr photos, including where they live and when/where they are out of town.

We spend a lot of time with legislation around privacy (e.g. HIPAA) and infrastrcture that enforces privacy policy, but in the end we are our own worst enemies.

Right now, I’m at home. Sharpening my knives.

Video 1/4: The Challenges of Web 2.0 Security

I did a series of videos in the fall of 2008 about Web 2.o, SOA, entitlements, etc. These were on the Layer 7 home page until recently, when we went through another re-design. The videos still exist on YouTube, but we did nothing to promote them so they haven’t been seen by too many people. I’m going to re-post them here over the next week for posterity.

This is the first time I had done this kind of media. I spent the day down at Media2o in Gastown. Bradley Shende and his crew are real pros, and I really enjoyed the whole experience. But I do have to confess: it’s a lot harder than it looks. I’ve done loads of talks at conferences, web casts, etc, and I honestly went in believing that I would knock it off in one take each and be out in time for lunch.

Was I ever wrong. Even with the aid of a teleprompter, it took hours of video to get these four short pieces. We were all pretty tired by the end of the day. I learned an important lesson here. You just can’t underestimate how a different media will impact how you perform. I can still barely watch these without cringing.

Hopefully I’ll get a chance to do this again. And I’m going to practice a lot more in front of a mirror this time…

The Web 2.0 Uniform

Web 2.0 is (in priority order):

  • A conference
  • A handful of technology
  • All that social stuff
  • A look

One thing I noticed by suddenly engaging with all of those things like Twitter that I actively avoided in the past is that they are all surprisingly usable (WordPress included–this is good stuff). In the last year I’ve really begun to re-evaluate JavaScript and what you can realistically do with it. And I have to admit that the mix of JavaScript and some Flash is a pretty powerful combination (I’ve been playing with Flash charting packages a lot).

Here’s a great summary of some of the leading Web 2.0 looks and UI elements. jQuery continually amazes me.