SeaHttp: A Resource-Oriented Protocol to Extend REST Style for Web of Things

Web of Things （WoT） makes it possible to connect tremendous embedded devices to web in Representational State Transfer （REST） style. Some lightweight RESTful protocols have been proposed for the WoT to replace the HTTP protocol running on embedded devices. However, they keep the principal characteristic of the REST style. In particular, they support one-to-one requests in the client-server mode by four standard RESTful methods （GET, PUT, POST, and DELETE）. This characteristic is however inconsistent with the practical networks of embedded devices, which typically perform a group operation. In order to meet the requirement of group communication in the WoT, we propose a resource-oriented protocol called SeaHttp to extend the REST style by introducing two new methods, namely BRANCH and COMBINE respectively. SeaHttp supports parallel processing of group requests by means of splitting and merging them. In addition SeaHttp adds spatiotemporal attributes to the standard URI for naming a dynamic request group of physical resource. Experimental results show that SeaHttp can reduce average energy consumption of group communication in the WoT by 18.5%, compared with the Constrained Application Protocol （CoAP）.     

Formalization and analysis of the REST architecture from the process algebra perspective

As one of the most promising architectural styles, REpresentational State Transfer (REST) was proposed to support a scalable and reliable design for large-scale distributed hypermedia systems such as the World Wide Web (WWW). However, the rapid development of RESTful systems brings the misunderstanding and misapplying of the REST architecture. As a consequence, considerable confusions about REST exist and many examples of supposedly RESTful applications violate key REST constraints. Thus, it is of significant importance to give a better and explicit understanding of REST architecture to guide the design and implementations of RESTful systems.In this paper, we give a formalization and analysis of the REST architecture from the perspective of Communicating Sequential Processes (CSP), which is one of the most famous process algebras. In particular, we present a formal model to capture essential features for the REST architecture, where components (together with one connector) of RESTful systems are modeled as CSP processes. Besides, resources are also abstracted as CSP processes. Furthermore, all the REST constraints, including Client–Server, Cacheable, Stateless, Uniform Interface, Layered and Code-On-Demand, are described in our framework and implemented in the model checker Process Analysis Toolkit (PAT) to check whether a system breaks REST constraints or not. It is difficult to ensure that a system is RESTful system, because many unRESTful systems may also contain unRESTful properties besides satisfying the six REST constraints. Thus, a complementary approach is proposed in this paper to check the system from a different perspective; that is, if a system breaks any specification of the REST constraints, then it is not a RESTful system. Finally, to show the feasibility of our approach, we illustrate a case study about an application scenario for environment monitoring. One feature of the proposed framework for the REST architecture is that it not only confines to HyperText Transport Protocol (HTTP) but can also be applied to other REST-compliant protocols, e.g., Constrained Application Protocol (CoAP). Consequently, through the general framework, a better understanding of the REST architecture can be achieved, and moreover, implementations and designs of RESTful systems can benefit from it.     

Web++ architecture,design and performance

We describe the design of a system for fast and reliable HTTP service which we call Web++. Web++ achieves high reliability by dynamically replicating web data among multiple web servers. Web++ selects the available server that is expected to provide the fastest response time. Furthermore, Web++ guarantees data delivery given that at least one server containing the requested data is available. After detecting a server failure, Web++ client requests are satisfied transparently to the user by another server. Furthermore, the Web++ architecture is flexible enough for implementing additional performance optimizations. We describe implementation of one such optimization, batch resource transmission, whereby all resources embedded in an HTML page that are not cached by the client are sent to the client in a single response. Web++ is built on top of the standard HTTP protocol and does not require any changes either in existing web browsers or the installation of any software on the client side. In particular, Web++ clients are dynamically downloaded to web browsers as signed Java applets. We implemented a Web++ prototype; performance experiments indicate that the Web++ system with 3 servers improves the response time perceived by clients on average by 36.6%, and in many cases by as much as 59%, when compared with the current web performance. In addition, we show that batch resource transmission can improve the response time on average by 39% for clients with fast network connections and 21% for the clients with 56 Kb modem connections. This revised version was published online in August 2006 with corrections to the Cover Date.     

REST API设计分析及实证研究

REST API已成为访问和使用Web服务的重要途径, 为开发基于服务架构的应用系统提供了可复用接口. 但是, REST API的设计质量参差不齐, 因此有效、合理的设计指导规范对于规范和提高REST API设计质量具有现实意义和应用价值. 首先, 基于REST API的本质内涵, 建立了一个多维度、两层次的REST API设计指导规范分类体系RADRC (REST API design rule catalog), 并对当前主流的25条设计指导规范进行分类. 其次, 针对已有规范提出相应的检测方法, 并实现了REST API设计指导规范遵循情况的分析与检测工具RESTer. 最后, 使用RESTer开展REST API设计实证研究, 分析了APIs.guru收录的近2000个真实REST API的文档, 从中分析提取相应的REST API信息, 进一步检测并统计当前REST API的设计特征和设计指导规范遵循情况. 研究发现不同应用类别的REST API在资源和操作模式上存在差异, 使得不同类别REST API在设计规则和总体架构方面各有特点. 实证研究结果有助于深入了解当前REST API及其设计规则的特征、现状和不足, 对于提高REST API设计质量和改进设计指导规范具有实际意义.     

基于 REST 风格的科学计算环境 Web服务 API

基于 Web 页面的计算门户提供了简单易用的用户使用界面,这些门户需要访问异构的计算机群。本文研究和实现基于 REST 风格的科学计算环境 Web 服务 API (SCEAPI-REST),其核心思想是充分利用 Web 服务在复杂系统中的集成优势以及 REST 风格的 API 跨平台和跨编程语言的特性,为开发者提供简单易用的计算机群开发接口,包括用户管理、资源查询、作业管理和文件传输等功能。基于 SCEAPI-REST,开发人员不再需要解决机群访问的繁杂问题,只需要专心构建面向科学计算的终端软件。该 API 已经应用到计算化学、材料科学、生物信息等多个领域的专业社区和工具软件。     

StoRHm: a protocol adapter for mapping SOAP based Web Services to RESTful HTTP format

A protocol adapter ideally suited to enable enterprises to gradually transition from SOAP Web Services to RESTful HTTP Web Services without impacting existing clients is presented in this paper. The inherent advantage of such a transition is the visibility of RESTful HTTP messages to Web intermediaries such as caches. In contrast, SOAP messages are opaque, which disables Web intermediaries. While both approaches can use HyperText Transfer Protocol (HTTP) for message transfer, the paradigms contrast sharply. SOAP uses an interface specific approach whereas RESTful HTTP uses a Uniform Interface approach. SOAP marks up its payload with eXtensible Markup Language (XML) whereas in certain situations RESTful HTTP requires no XML. We present the disadvantages of the SOAP approach and outline how the RESTful HTTP approach solves these issues. We present results showing opaque SOAP messages transformed into transparent RESTful HTTP messages. We present StoRHm (SOAP to RESTful HTTP mapping), a protocol adapter which maps SOAP messages to RESTful HTTP format.     

基于ASP.NET Web API框架的校园一卡通手机客户端研究

详细介绍基于ASP.NET Web API框架设计的校园一卡通手机客户端的实现。通过引用一卡通相关的Web Service,再封装Web API接口供手机端以HTTP方式调用。校园一卡通手机客户端使用户可以利用碎片化时间,随时随地处理校园卡有关业务,突破了传统校园卡应用的时空局限,开创了新局面。     

基于CC3200的气象数据采集与远程通信系统

针对我国草原牧场环境数据采集的需求,同时为了解决气象站数据传输与远程监测问题,提出了一种基CC3200芯片的数据实时检测与远程通讯的自动气象要素采集系统设计方案。由德州仪器推出的CC3200器件,其主控芯片内置具有Wi-Fi功能的无线MCU,其上包含嵌入式TCP/IP和TLS/SSL堆栈,以及多个互联网协议,支持CC3200器件为采集节点同时作为HTTP 客户端,并以无线方式传递数据。无线AP模式下的Web服务器以REST API接口接收气象数据,用户可通过网页实现远程监控牧场环境数据。     

Using bundles for Web content delivery

The protocols used by the majority of Web transactions are HTTP/1.0 and HTTP/1.1. HTTP/1.0 is typically used with multiple concurrent connections between client and server during the process of Web page retrieval. This approach is inefficient because of the overhead of setting up and tearing down many TCP connections and because of the load imposed on servers and routers. HTTP/1.1 attempts to solve these problems through the use of persistent connections and pipelined requests, but there is inconsistent support for persistent connections, particularly with pipelining, from Web servers, user agents, and intermediaries. In addition, the use of persistent connections in HTTP/1.1 creates the problem of non-deterministic connection duration. Web browsers continue to open multiple concurrent TCP connections to the same server. This paper examines the idea of packaging the set of objects embedded on a Web page into a single bundle object for retrieval by clients. Based on measurements from popular Web sites and an implementation of the bundle mechanism, we show that if embedded objects on a Web page are delivered to clients as a single bundle, the response time experienced by clients is better than that provided by currently deployed mechanisms. Our results indicate that the use of bundles provides shorter overall download times and reduced average object delays as compared to HTTP/1.0 and HTTP/1.1. This approach also reduces the load on the network and servers. Implementation of the mechanism requires no changes to the HTTP protocol.     

A replication framework for program‐to‐program interaction across unreliable networks and its implementation in a servlet container

We propose a service replication framework for unreliable networks. The service exhibits the same consistency guarantees about the order of execution of operation requests as its non‐replicated implementation. Such guarantees are preserved in spite of server replica failure or network failure (either between server replicas or between a client and a server replica), and irrespective of when the failure occurs. Moreover, the service guarantees that in the case when a client sends an ‘update’ request multiple times, there is no risk that the request be executed multiple times. No hypotheses about the timing retransmission policy of clients are made, e.g. the very same request might even arrive at different server replicas simultaneously. All of these features make the proposed framework particularly suitable for interaction between remote programs, a scenario that is gaining increasing importance. We discuss a prototype implementation of our replication framework based on Tomcat, a very popular Java‐based Web server. The prototype comes into two flavors: replication of HTTP client session data and replication of a counter accessed as a Web service. Copyright © 2005 John Wiley & Sons, Ltd.     

表述性状态转移网络服务平台的研究及实施

电子商务的蓬勃发展使得越来越多的采购商们倾向于利用互联网络进行采购。然而,尽管大部分商业网站都提供了详细周全的产品查询功能,但是当采购商们需要查询大量产品,譬如电子产品元器件,来进行采购时,往往费时费力。而网页这种适宜人类用户进行查询浏览的界面形式并不适合程序来自动处理,一个原因就是网页结构的变化会影响网页数据的抽取过程。本文利用网络服务的思想,使数据抽取通过网站提供的独立于网页的服务来完成,从而避免网页结构变化的影响。在剖析了表述性状态转移面向资源以及对资源进行操作的统一接口特性后,本文指出表述性状态转移用于网络服务的优势。基于这种思想,利用CXF框架和Spring技术构建一个表述性状态转移风格的服务平台,该平台向客户提供查询电子产品信息的网络服务。在此服务支持下,客户端程序可以利用XML解析工具方便地抽取所需要的数据信息。     

基于Web Services的高考服务系统的设计和开发

Web Services是一种构建应用程序的应用实体,形成特定条件下的API;同时也是一个可互操作的分布式应用程序平台,并能在所有支持HTTP协议操作系统上实施运行。在网络中服务方提供了一个Web Services平台,该平台不仅提供相关的网络服务,而且会提供一种标准来描述它的服务;而客户可以在网络中其它任何一点调用该服务,并且可以得到足够的信息来得知如何调用。本文设计并开发一款基于Web Services技术的高考服务系统,即在移动终端开发客户端系统,并通过Web Services获取服务器提供的各种信息。在系统中采用多种算法完成模拟志愿填报、高校查询、学习计划等多种模块,并提供高考动态、工具娱乐、心理辅导等多种工具模块,能够帮助考生在高考过程中得到更好的发挥。     

一个基于服务请求语言的统一Web服务框架

提出一种基于服务请求语言的统一Web服务框架UWSF。该框架通过统一的服务发布构件对外提供Web服务,并以服务项为单位进行组织,客户端通过对服务项的灵活组合获得各种定制的服务。引入服务请求语言作为客户端服务请求以及交互策略的描述手段。服务请求在服务端解释执行,使得双方的交互过程能够在会话环境中进行,并且减少了由于中间结果传榆造成的带宽占用。服务端执行基于状态图的流程级交互控制以及基于权限检查接口的服务项级权限控制,保证了会话过程的合法性与完整性。     

HTTP协议及其发展

ＨＴＴＰ（超文本传输协议）是浏览器与Ｗｅｂ服务器共同遵守的协议。本文详细介绍了ＨＴＴＰ协议的消息格式、工作原理及客户机服务器间的互连方式。     

嵌入式Web服务器端脚本引擎设计与实现

由于嵌入式设备的资源有限,RAM和ROM都非常小.为了在资源受限的情况下实现Web服务功能,在分析HTTP1.1的基础上,设计了一种简化的嵌入式Web服务器的软件结构.在参照MicrosoftASP技术的基础上,定义了实现嵌入式Web服务器端脚本解析的主要函数和接口,并给出了脚本引擎调用方法.结合C语言编程,成功地实现了HTTP连接和脚本解析.     

XMLHttp对象在嵌入式Web实时系统中的应用

就Ajax技术中的XMLHttp对象在基于web的嵌入式远程控制与实时监测系统中的应用开发进行了研究,并基于MicrochipTCP／IP协议栈给出了具体的实现方法,有效地解决了客户端Web与嵌入式HTTP服务器的交互问题。     

Dynamic argument embedding: preserving state on the World Wide Web

At the IBM T.J. Watson Research Center we implemented a way of preserving state during HTTP sessions by modifying hypertext links to encode state information. We call the method dynamic argument embedding, and it was developed in response to problems we encountered implementing the Coyote Virtual Store, a transaction-processing system prototype. Virtual store applications, such as IBM's NetCommerce and Netscape's Merchant System, typically need to maintain information such as the contents of shopping baskets while customers are shopping. We wanted our application to be flexible enough to maintain such state information without restricting the sorts of HTML pages a customer might view. We also wanted a system that did not require extensions to the hypertext transfer protocol (HTTP) and so could be implemented on any standard Web server and client browser. Finally, we wanted to permit customers to access several accounts at once by using the browser's cache to concurrently store pages corresponding to multiple invocations of the virtual store application     

Adaptive security architecture for protecting RESTful web services in enterprise computing environment

In this modern era of enterprise computing, the enterprise application integration (EAI) is a well-known industry-recognized architectural principle that is built based on loosely coupled application architecture, where service-oriented architecture (SOA) is the architectural pattern for the implementation of EAI, whose computational elements are called as “services.” Though SOA can be implemented in a wide range of technologies, the web services implementation of SOA becomes the current selective choice due to its simplicity that works on basic Internet protocols. Web service technology defines several supporting protocols and specifications such as SOAP and WSDL for communication with client and server for data interchange. A new architectural paradigm has emerged in SOA in recent years called REpresentational State Transfer (REST) that is also used to integrate loosely coupled service components, named RESTful web services, by system integration consortiums. This SOA implementation does not possess adequate security solutions within it, and its security is completely dependent on network/transport layer security that is obsolete owing to latest web technologies such as Web 2.0 and its upgraded version, Web 3.0. Vendor security products have major implementation constraints such as they need secured organizational environment and breach to SOA specifications, hence introducing new vulnerabilities. Herein, we examine the security vulnerabilities of RESTful web services in the view of popular OWASP rating methodologies and analyze the gaps in the existing security solutions. We hence propose an adaptive security solution for REST that uses public key infrastructure techniques to enhance the security architecture. The proposed security architecture is constructed as an adaptive way-forward Internet-of-Things (IoT) friendly security solution that is comprised of three cyclic parts: learn, predict and prevent. A novel security component named “intelligent security engine” is introduced which learns the possible occurrences of security threats on SOA using artificial neural networks learning algorithms, then it predicts the potential attacks on SOA based on obtained results by the developed theoretical security model, and the written algorithms as part of security solution prevent the SOA attacks. This paper is written to present one of such algorithms to prevent SOA attacks on RESTful web services along the discussion on the obtained results of the conducted proof-of-concept on the real-time SOA environment. A comparison of the proposed system with other competing solutions demonstrates its superiority.