Security in REST at wirespeed.

I was attending a seminar on Datapower given by IBM at chennai. Then it came to me how easy it is to establish security at wire speed using this device, if the system is designed using REST principles. As per REST Principles, two of the main components with respect to business are a) Resource and b) how they are accessed. A Resource as per REST principle is, let me quote felding

.... information that can be named can be a resource: a document or image, a temporal service (e.g. "today's weather in Los Angeles"), a collection of other resources, a non-virtual object (e.g. a person), and so on......

In effect, what we are saying is a person or any other information that is business critical needs t be identified as a resource . Some of the resources are customers, suppliers, orders, Products, Bin, Warehouse, etc. This is similar to identifying entities in the current paradigm. Access to these resources , if somehow are secured, then we have established security. Felding thesis suggest these resources should be allowed only through a resource identifier, and as per his thesis it should be a URL. For example if there is an order which has an order date, then as per REST Principles, a naming convention as per URI should be designed. One approach to this naming convention could be http:www.mycompany.com/order/1/orderdate . This URL points to order date of the order number 1 in company mycompany. A get on this URL , would give you a date. Now this can be easily accessed by any browser or application universally. Now using datapower, we can limit who has access to this URI pattern thereby achieving Security. Given that datapower acheives this in an ASIC, we can acheive access security at wirespeed.

Is "Interaction Engine or Choice Machine" the Application Architecture for REST?

on from earlier posts, and following up on felding's thesis

A model application is therefore an engine that moves from one state to next by examining and choosing from among the alternative state transitions in the current set of representations.

An example that is depicted by Fielding is how a web browser works. Let us see how we can create such a model application, which will examine and choose its actions from a plethora of choices. As part of this discussion, let us also see how PI calculus support such a model. Let us dissect these words and see whether this can be explained with mathematics.

• What does examining and choosing mean ?
• The whole application works by examining and choosing. This means an application consists of configuraton or collection of choices. These choices could be set of examining choices and/or choices to be examined in an environment. The application moves forward, or the application state changes, when a choice is selected. Or in other terms, the examining choice and examined choice interact.
• For this interaction to happen, the application model should provide a way to define both these types of choices. I.e. capability to examine and capability to be examined.
• Besides this, the application tool should also provide syntax to organize how and when these choices are exposed to each other.
• Besides the syntax to organize choices, the application should also provide way to organize these choices in an very modular fashion.

These kind of applications cannot be achieved by traditional programming. Rather this needs new way of thinking and hence new theories. How concurrency theory like pi calculus, can help to explain such a application is next. This will also lead to new tools.

• Examining and choosing explained in pi calculus
• Unlike traditional computing (which is based on algorithms), the pi calculus ( which is concurrent by nature) assumes there are no control statements or primitive values like numbers, boolean, string, variables, etc. Rather the central premise of pi calculus belief is that all these primitive structures are a name (or a representation) and each of these primitive value exposes different interaction possibliities or choices. The process moves forward, through state transitions. This state transitions happen, when the interaction possibilities or choices becomes interactions. In pi calculus, the control is achieved by controlling these interactions.
• The choices (i.e. representations in REST) are similar to actions in PI calculus. The examined choices can be an action, and an choice that has the potential for examination is the complementary action. when two complementary actions/choices are brought together they interact or react. For e.g. Say the choice is to accept first_name and another choice is to give first_name, these choices of one showing capability to give and the other showing capability to accept is called complementary choices or action. When they are brought in proximity, they react and application takes the next transition.
• These actions/choices can be brought together to interact in an process. Process is the final execution abstraction, all actions work in a process. As we mentioned earlier, the process moves forward through interaction/reaction. These reactions can be controlled by placing complementary actions in configurations or shapes so that thier reactions/interactions can be controlled. Unlike the earlier programming, there is no direct manipulation, rather the control is acheived by indirect manipulation of these actions. A process has no external trigger, once it is started, it brings actions together to provide the process effect.
• To achieve these controlled reactions, these actions/choices need to be organized in configurations. This is achieved by, by using operations which can be used to create these process configurations. The different operations to organize choices/actions are below:
• Sequence - A sequence is used to sequence two actions one after the other.
• Choice - Two actions can be offered to depict two separate state transition. This is equivalent to a if statement in the case of algorithms or current programming paradigm.
• Parallel/Compose - Two choices in parallel. i.e both choices are composed together. It is composition that creates the theatre/space for reaction.
• Earlier we mentioned that all systems should provide constructs so that it can be comprehended easily. This is acheived in traditional programming by modules/subroutines. In PI calculus AGENT is a construct which produces the same effect. An Agent is a configuration of actions. These can be composed into a process. An agent once it is composed, is triggered by an action. This action is triggered by reaction with a complementary action. Once this is triggered, the action configuration represented by the agent is merged with the process as per the operations mentioned earlier. So an agent is event driven.

I hope i could explain this, I know this is quite difficult to comprehend. I will elaborate on this in the comming posts with pictures.