evolve`13 keynote: scrambled eggs
DESCRIPTION
A scrambled talk on some of the major issues I am working on at Adobe, including HTTPbis, DNT, advice on the REST architectural style and API versioning, software evolvability, and a sneak peek at a potential feature for Adobe AEM (CQ) to support continuous deployment.TRANSCRIPT
1
S c ra m b l e d E g g s• Roy T. Fielding, Ph.D. | Senior Principal Scientist, Adobe
I T ’ S A M Y ST E R Y
2
I T ’ S A M Y ST E R Y
Open SourceApache
2
I T ’ S A M Y ST E R Y
Open SourceApache
StandardsHTTPbis + HTTP/2Do Not Track
2
I T ’ S A M Y ST E R Y
Open SourceApache
StandardsHTTPbis + HTTP/2Do Not Track
So!ware Architecture
REST
2
I T ’ S A M Y ST E R Y
Open SourceApache
StandardsHTTPbis + HTTP/2Do Not Track
So!ware Architecture
REST
2
I T ’ S A M Y ST E R Y
Open SourceApache
StandardsHTTPbis + HTTP/2Do Not Track
So!ware Architecture
REST
Wouldn’t it be nice if CQ supported …
2
STA N D A R D S : H T T P
HTTP/1.1Almost done, reallyIESG last call next week or so
HTTP/2.0Standardization of Google’s SPDYSession-layer Tunnel for HTTP with Compression (?)
• Should have been called TCP++, or TLS++
Improvement for session-heavy, authenticated sites• http://trac.tools.ietf.org/wg/httpbis/trac/wiki
3
STA N D A R D S : D O N OT T R A C K
Tracking is pervasivebecause it feeds personalization and UX
4
5
profile data
Green arrows represent the flow of consumer data.Blue arrows represent the flow of 3rd party information & offerings.
This diagram represents a typical flow of information related to some online behavioral advertising. Not all online behavioral advertising operates exactly like this diagram.
..
Browser on Personal Computer
Ad Network
BUY ONE,
GET ONE!SPECIALOFFER!
Web Analytics Provider
News Website
Other Websites
Merchant
Secondary Ad Networks
Profiling Service
AGE
INCOMELEVEL
HOBBIES
statistics & consumer behavior
contextual &tailored ads
contextual &tailored ads
demographics &online activity
demographicdata
(from registration)
demographics,past purchases
aggregateanalytics data
* depending on contract limitations
webpage
interestsegments
BUY ONE,
GET ONE!SPECIALOFFER!
URL + analyticscookie
URL + ad cookie1
URL + pre-existing
cookie
redirect URL
Online Behavioral Advertising
URL + ad cookie2
URL + news site
cookie
STA N D A R D S : D O N OT T R A C K
Tracking is pervasivebecause it feeds personalization and UX
Data collection across unrelated contexts is a privacy concern
6
7
Doctor
Medical Prescriptions
Green arrows represent the flow of consumer data.Blue arrows represent the flow of 3rd party information & offerings.
This diagram represents a typical flow of information related to some medical and pharmaceutical companies. Not all medical and pharmaceutical companies operate exactly like this diagram.
Patient
Pharmaceutical Company
Health Insurance
Pharmacy Public Health Agency
(disease tracking)
prescription
billing
marketing
prescription
refill reminders
Pharmacy AnalyticsCompany
marketing
prescriptiondata
aggregateprescription
statistics
aggregateprescription
statistics
aggregateprescription
statistics
personalprofile data
[FTC]
7
Doctor
Medical Prescriptions
Green arrows represent the flow of consumer data.Blue arrows represent the flow of 3rd party information & offerings.
This diagram represents a typical flow of information related to some medical and pharmaceutical companies. Not all medical and pharmaceutical companies operate exactly like this diagram.
Patient
Pharmaceutical Company
Health Insurance
Pharmacy Public Health Agency
(disease tracking)
prescription
billing
marketing
prescription
refill reminders
Pharmacy AnalyticsCompany
marketing
prescriptiondata
aggregateprescription
statistics
aggregateprescription
statistics
aggregateprescription
statistics
personalprofile data
[FTC]
profile data
Other Websites
Profiling Service
AGE
INCOMELEVEL
HOBBIES
demographics &online activity
STA N D A R D S : D O N OT T R A C K
Tracking is pervasivebecause it feeds personalization and UX
Data collection across unrelated contexts is a privacy concern
Governments want to stop it,but they don’t know how
Privacy advocates incite fear and doubt
Poor business data practices justify them!
This should bean easy problem to fix
8
9
Online Advertising Industry
US FTC European Commission
Privacy Advocates
B U T O N LY I F W E W O R K TO G E T H E R
… and now state governments are getting involved too …
S O F T W A R E A R C H I T E C T U R E
What isthe best practice for
versioninga REST API?
10
S E R I O U S LY, W H I C H I S B E T T E R ?
Should I include a version number in the URL hierarchy?• http://example.com/v1/users
Should I include a version number on the resource name?• http://example.com/users.v1
Should I include a version number as a query parameter?• http://example.com/users?api=v1
Should I include a version number in the media type?• Content-Type: application/vnd.myname.v1+json
11
R E ST
RESTis so!ware engineering on the scale of
DECADES
12
R E ST
RESTis designed primarily to improve
EVOLVABILITY
13
14
E V O LV A B I L I T Y
Evolvability is the ability to change over time, in response to changing user needs
or a changing environment,without starting over
15
Degree of Evolvability
Arch
itect
ural
Sca
le
So!wareEvolution
IndependentEvolution
Self-ModifyingSo!ware
15
Degree of Evolvability
Arch
itect
ural
Sca
le
So!wareEvolution
IndependentEvolution
Self-ModifyingSo!ware
15
Degree of Evolvability
Arch
itect
ural
Sca
le
So!wareEvolution
IndependentEvolution
Self-ModifyingSo!ware
R E ST
Hypertext as the Engine of Application State
16
S0 S2S1 S3R o y
*
*
R E ST
Follow Your Nose
17
S0 S2S1 S3R o y
*
*
R E ST
Follow Your Nose
18
S0 S2S1 S3R o y
*
*
R E ST
Follow Your Nose
19
S0 S2S1 S3R o y
*
*
R E ST
Follow Your Nose
20
S0 S2S1 S3R o y
*
*
R E ST
Hypertext as the Engine of Application State
each state can be dynamiceach transition can be redirected
21
S0 S2S1 S3R o y
*
*
R E ST
What isthe best practice for
versioninga REST API?
22
R E ST
What isthe best practice for
versioninga REST API?
22
DON’TVersioning an interface
is just a “polite” wayto kill deployed applications
S E R I O U S LY ?
23
S E R I O U S LY ?
When was the last time you sawa version number on a website?
23
S E R I O U S LY ?
When was the last time you sawa version number on a website?
a REST API is just a websitefor users with a limited vocabulary(machine to machine interaction)
23
B R E A K I N G CO M PAT I B I L I T Y I S B A D
Websites are supposed to retainbackwards compatibility
(avoid broken links)
If you want to break with the past,use a different hostname,
with new branding!
24
25
A LW A Y S S H I P T R U N K
why web applications are different …
problems that none of therevision control systems solve …
how you can solve some of them yourself
[Paul Hammond (Typekit)] http://www.paulhammond.org/2010/06/trunk/based on real deployment experience at Flickr, Etsy, Typekit, ...
26
A LW A Y S S H I P T R U N K
26
A LW A Y S S H I P T R U N K
What would a revision control system built for supporting deployed web applications be like?
26
A LW A Y S S H I P T R U N K
What would a revision control system built for supporting deployed web applications be like?
right?
26
A LW A Y S S H I P T R U N K
What would a revision control system built for supporting deployed web applications be like?
right?
Wouldn’t it be nice if CQ supported …
F R A G S
Feature Flags
for conditional activationof content fragments during
continuous deployment
27
G LO B A L CO N F I G U R AT I O N S E T T I N G S
28
if (frags(“saml_auth”)) {credentials = saml.authenticate(user);
}else {credentials = httpAuth.check(user);
}
• testable for conditional content (i.e., everything)• readable via all development interfaces• writable with ops authority
F L I P S W I TC H E S V I A CO N S O L E
29
• easy UI for (proportional) enabling or disabling of frags• activation by frag, recorded with timestamps• activation by AB testing, recorded for comparative analytics
[Ross Harmes, http://www.flickr.com/photos/rossharmes/4153769740/]
A C T I V AT I O N - A W A R E M O N I TO R I N G
30
• dashboard interfaces for time-series graphs with activation markers• AB comparisons based on automated percentile activation• data available as more resources, for reuse by enterprise monitoring
F R A G S
Are you a CQ/AEM customer/prospect?
Do you want a feature like Frags?
Do you need more than what I described?
Ask for it!
(we prioritize features by customer demand)
31
32