| Developer Links |
 |
White
Papers
White Papers, Articles and Conference presentations |
|
|
|
| Home
/ XML-RPC Interface / Decision History |
XML-RPC Interface Decision History
Contents
Discussions on OpenACS
Hi All,
I just wanted to announce that we (]project-open[) are
going to publish very soon a generic XML-RPC bridge for
the database API. Please find the details below and let
us know what you think. We've are still in an advanced planning
phase, so there is still some room to influence our design.
The package will be licensed under GPL V2.0.
SOA:
There is an incredible hype around this little acronyme
("Service Oriented Architecture") these days. Both SAP and
Oracle are rewriting (or at least pretending to...) their
applications to support this concept.
To me SOA means a kind of "component architecture" for
web services (WS). You have "components" (WS) and you've
got "glue code" (scripts, XML routers, Workflows, MS-BizTalk,
...) that connects the different WSs amongst each other
and impose a certain business logic and some sequencing.
So given this definition (please let me know if you think
I got it wrong), we'd propose nothing less then a complete
"SOAization" of OpenACS / ]project-open[. Using this interface,
any external application with the right credentials would
be able to integrate with and "remote-control" an OpenACS
instance.
SOA might imply SOAP as a communication protocol (Does
it? It's become just such a fuzzy term), so somebody might
argue that our XML-RPC-based approach isn't really SOA compatible.
However, we could easily create a SOAP-version of our generic
interface in the future. Any opinions?
Interface Requirements:
During some recent customer surveys it turned out that
"integratability" was #1 inhibitor for our potential ]project-open[
customers. Our customers frequently have legacy systems
written in MS-Access etc. that need to read from and write
to ]po[. So they are preoccupied by the integrated approach
of ]po[ and need to be reassured that there applications
will continue to be supported.
On the other hand there is usually very little budget available
while most of our customers are not very "IT-sophisticated".
So the integration needs to be easy and transparent (easy
to debug).
Interface Generic Architecture:
Normally we'd need hunderts of different XML-RPC calls
in order to access and modify the hundereds of object types
in OpenACS / ]project-open[. However, after some discussions
we've come up with the idea that OpenACS is really just
a database (objects "live" in the DB, instead of "living"
in the memory). So we'd only need four different API calls
to access any type of object:
-
"LOGIN": Authenticate and generate
a session key
-
"SELECT": Retreive the fields of
an object from the database
-
"UPDATE": Modify the fields of
an object
-
"PLPGSQL": Execute a object__new()
or object__delete() procedure to create and delete objects
The integration with our "DynFields" (formerly known as
"FlexBase") metadata model allows us additionally to access
fields in "extension tables". For example we've got a table
"im_employees" in ]project-open[ that contains payroll information
for users of type "employee". Fields in this table are automatically
selected and updated with the XML-RPC calls.
Interface Communication Protocol:
We've been looking at all three options for the interface.
We have finally decided to go with XML-RPC, because it is
the _easiest_. Here are the details:
-
XML-RPC is the oldest XML-based
interface standard. It's been kind of deprecated with
respect to SOAP in the last years. However, it's much
easier to use then full-blown SOAP.
-
SOAP is the standard today for
XML-based communication. In particular there is the cool
WSDL feature that allows yout to meta-describe your communication
protocol in XML, so that the usual tools (MS, IBM, ...)
can automatically create proxies/interface objects for
the SOAP messages.
-
REST is a cool newcomer these
days. The main difference to SOAP is that related objects
are _reference_ (included as URIs in the XML text) instead
of _embedded_ (included inside the XML document as subobjects).
In REST every object (user, forum item, ...) has its on
URI (a slightly generalized type of URL).
We're sticking with HTTP over SSL ("HTTPS") for security.
For authentication we're probably going to use a session
key that is generated using the "LOGIN" message.
Dependencies with ]project-open[:
We'll try to keep the XML-RCP-Bridge free from dependencies
to ]po[.
The main issues is the "DynFields" SQL Metadata system which
hasn't been included in OpenACS yet. However, we've mainly
going to use the table "acs_attributes" to extract information
about "extension tables" and dynamic attributes, so you
could edit the contents of this table manually without DynFields.
As said in the into, we've already taken some decisions
(XML-RPC and the generic interface idea), but everything
else is still flexible.
Cheers,
Frank
frank_dot_bergmann@project_dash_open.com
http://www.project-open.com/
We did something similar at Galileo, is a SOAP implementation
to run any query through SOAP, and get the results in the
client, an manipulate those as you usually do with the standard
db_* API. I've been wondering if the community will be interested
in something like this....
Hi Frank,
I've been considering a general wsrp service also.
As I see it,
-
the service should use openacs
authenticate and permissions (via http/https) before executing
a call and/or screen based on ip and a hash, etc etc.
-
the call should be to a tcl API
instead of db_* so that values can be easily customized
to meet requirements that would complicate db_*, for example
to allow general audit features to work (since ecommerce
packages use them and this is wsrp).
-
there would be a table mapping
"allowed" calls to specific protocol access and openacs
tcl api (all other requests are refused and optionally
logged).
-
there would be different urls
within the package for different protocols, for example:
soap, xml, cgi, and other third party standards (such
as legacy ones). I think this approach would largely prevent
the splintering of services into innumerable packages,
as is possible with OpenACS on the client side, at least
when using payment-gateway which requires another package
for handling each protocol (currently either ezic-gateway
or authorize-gateway only).
-
the package would be.. package
aware so it could be mounted any number of times in any
number of places and provide different services to each.
I'm also open to suggestions..
Install the PostgreSQL
ODBC driver and you can integrate with MS Access at the SQL
level. Add a single extra layer and you can only integrate
at the Visual Basic level.
Usually the simplest option
is the best one.
Hi,
Just a few answers/comments:
> Install the PostgreSQL ODBC driver
This is basicly the idea of the interface: Document the
PostgreSQL API once and use the documentation for both,
direct ODBC (LAN) and WS (Internet) access. This is why
I've called the package a "bridge" (-> OO bridge pattern).
> run any query through SOAP
Hi Roc, that sounds very interesting. Could you provide
us with the source code? It would be nice if we could offer
both SOAP and XML-RPC. I'm not sure whether we'd integrate
it "Phase 1", but we'd definitely adapt the design of the
package in order to be extensible.
> 1. the service should use openacs authenticate and
> permissions (via http/https) before executing a
> call and/or screen based on ip and a hash, etc etc.
Hi Torben, that was our idea as well. There is a security
token scheme from some bulk mail package from Malte Sussdorff
that we'd use. So the user would authenticate once against
OpenACS auth, obtain a hashed auth token and execute multiple
calls with this token. The only issue with this is that
the token has a unlimited livetime today. We might have
to change that...
> 2. the call should be to a tcl API instead of db_* so
> that values can be easily customized to meet
> requirements that would complicate db_*, for
> example to allow general audit features to work
> (since ecommerce packages use them and this is wsrp).
Right, we're using the TCL API already for our prototype.
Also, we need to extract fields from "extension tables"
as defined in acs_attributes, so we had to discard early
the use of the db_* interface.
But I don't understand the "audit" thing and how that relates
to ecommerce. Could you elaborate, please?
> 3. there would be a table mapping "allowed" calls
> to specific protocol access and openacs tcl api
> (all other requests are refused and optionally logged).
Do you refer to introducing permissions, similar to the
ones of the PostgreSQL database user? Maybe read and write
permissions per object? That's an interesting idea. We've
only been considering a all-or-nothing scheme until now.
> 4. there would be different urls within the package
> for different protocols, for example: soap, xml, cgi,
> and other third party standards (such as legacy ones).
Right, that was our idea.
> prevent the splintering of services into innumerable
> packages
I think I understand. So the extensibility towards SOAP
would probably be the first step towards such a "unified"
architecture, so we're back with Rocael and his SOAP interface.
Thanks a lot for the feedback so far, I really appreciate
it.
Frank
frank_dot_bergmann@project_dash_open.com
http://www.project-open.com/
Hi Frank,
The ecommerce auditing feature basically tracks changes
that users and admins make to editable data, see: http://openacs.org/doc/ecommerce/audit
and a discussion on making this service available to any
package or user action: http://openacs.org/forums/message-view?message%5fid=456993
You ask: Do you refer to introducing permissions, similar
to the ones of the PostgreSQL database user? Maybe read
and write permissions per object?
The mapping/filtering would be in addition to any permissions
that are implemented at the url level and object level (including
checking for read/write/create/delete permission on a called
object before taking action on it).
Creating a general service
has the potential of making the website vulnerable to complete
tcl api access in a manner similar to how developer-support
provides tcl api access to admins, or user input fields
are vulnerabilities for certain attacks by blue meanies
etc. If there will be any user-level or package-admin level
configurable services (which saves having to hard code each
one), then there needs to be a way to screen calls before
they get processed in any way --similar to how html and
html attributes are screened in user input now.
Frank, you write:
"..The only issue with this [item 1, authentication] is
that the token has a unlimited livetime today. We might
have to change that..."
I imagine implementing a hash that works similar to how
the session cookies work, where a component of the hash
requires re-authenticating after a certain period and it
ties in to existing session procs.
Since this is between machines, maybe it could use the
shortest of the session intervals, SessionRenew (or a combination
of SessionRenew and SessionTImeout ) in the kernel parameters
etc.
Anyway, I'm not certain of
the details beyond this.
Frank, I love the
basic idea of SOA'izing OpenACS. Not because of the "SOA"
buzzword - I don't care about that - but because this sort
of flexible remote programmatic control can be hugely useful.
However, this statement worries me:
We've come up with the idea that OpenACS
is really just a database [...]
The problem is that although the above is a useful metaphor
and guideline, it is nowhere near 100% true of OpenACS in
practice - nor should it be!
For example, look at how user creation is handled. Last
time I checked, the Tcl user creation procs call a whole
bunch of different helper procedures, in an entirely
non-obvious fashion. There is an underlying simple-looking
PL/SQL object-like API, but in fact it is not sufficent,
it only does part of the work. Correctly creating
a new OpenACS user is totally dependent on calling the correct
Tcl proc. Now, that particular example could probably be
alleviated by refactoring the existing OpenACS use creation
code. But there must be many other examples. E.g., cacheing.
Sooner or later, your XML-RPC SOA stuff is going to need
some way to say, "Change X, and then please also flush the
corresponding cache Y."
Non-trivial real-world integration with remote systems
is going to require access to the OpenACS Tcl API in some
fashion. Access to merely the PL/SQL (or plpgsql) API is
not sufficient.
Moreever, it would probably be a bad idea to make
the PL/SQL API sufficient! At least arguably, the gratuitous
over-dependence on PL/SQL introduced in ACS 4.0 is one of
OpenACS's core weaknesses - and OpenACS hackers much more
expert than me seem to think so too.
Ideally, going forward I would like to see a complete,
well-factored Tcl API running in AOLserver, which uses PL/SQL
only where specifically useful, with no attempt
to give the PL/SQL API full coverage. (I suspect Gustaf
has some thoughts and has done some work along those lines,
perhaps from a relatively XoTcl-centric angle.)
SOA-style programmtic control would then logically hook
into this clean and comprehensive Tcl API. However, there's
no reason you have to implement one before the other, you
could build in some sort of general SOA Tcl interface now,
use that to write whatever ad-hoc SOA functionality you
really need right now, and then only later revisit a refactoring
of the underlying OpenACS APIs. Indeed, getting SOA to work
out in the wild, on real-world projects, would probably
give you a lot of ideas about where and how you'd like to
improve the OpenACS APIs in the future.
Also, above I repeatedly say "Tcl API" because that happens
to be what OpenACS uses, but in this context Tcl is largely
incidental - what I'm really talking about here is OpenACS's
"application server API", and for better understanding,
that's probably the term that should be used when talking
to outsiders.
If OpenACS actually needed to support another in-process
programming language, defining bindings for it to the canonical
Tcl-based app server API would be pretty straightforward.
But of course, such multi-language support is much harder
and messier if you don't have a really good and
clean canonical API - which is basically the current de
facto situation in OpenACS.
Note, semi-related, the zipfile of the old code I posted
back March
2005 to allow a client AOLserver to login under SSL
to a remote OpenACS server is still available on my website.
Our forthcoming
SOAP / WSDL package will expose arbitrary Tcl procs to external
SOAP invocation.
Will be released some time
soon..
Hi,
First of all thanks for the great feedback. There are many
consideratations that we'll include in the design.
Torben wrote:
> Creating a general service has the potential of making
> the website vulnerable to complete tcl api access in a
> manner similar to how developer-support provides tcl api
> access to admins, or user input fields are
> vulnerabilities for certain attacks by blue meanies etc.
I guess you're right. However, a simple, all-or-none version
of the package would be reasonable first step in a project
with several phases, wouldn't it? We'd have to make sure
thought that we can reasonably introduce suitable permissions
later. The first step for us is to connect with some trusted
3rd party applications, which would get full access.
One simple way could be SELECT/UPDATE/INSERT operations
per _object_type_ (not per table). With DynField we've got
a mapping anyway from object_type to tables, so there would
be no issues with using object types in the API. Then you
could add permissions per user group and object type. That's
quite easy, performant and consistent. What do you think?
> I imagine implementing a hash that works similar to how
> the session cookies
Right, that's the way.
Andrew wrote:
> > We've come up with the idea that OpenACS is really
> > just a database [...]
>
> The problem is that although the above is a useful
> metaphor and guideline, it is nowhere near 100% true
> of OpenACS in practice - nor should it be!
Hi Andrew, I see you point. However, we're probably still
going to go that way. That's because it's "low hanging fruit".
It will probably take us some 2-3 days to implement the
entire f... API for about 80 different object types. It
would take us weeks and months to do it on the TCL API level.
Also, we've based ]project-open[ pretty much on the database,
and all of our main objects are perfectly accessible on
the DB level.
So I guess we will have to stick with the SQL and PlPg/SQL
access if we want to get a moderately complete API. Also,
there would be an incredible _testing_ complexity with a
TCL API, because TCL and the API are dynamically typed,
and any integrator would get zillions of little issues (or
do you have an idea for efficient testing with a high coverage?).
However, we could design the API so that we could deal
with exceptions such as your "user" case. We could catch
these exceptions (asuming that there is a finite number
of them!) and "redirect" them to a TCL function. What do
yo think?
> could build in some sort of general SOA Tcl interface
> now, use that to write whatever ad-hoc SOA functionality
> you really need right now
That's not an options for use, because it's our customers
who demand a complete interface, so that they can write
their own integrations with their own team.
Maybe I'm a bit simplistic, but I had to learn the hard
way that 80% solutions win (and what part of OpenACS is
not an 80% solution?), because they're the only ones that
get implemented in a limited amount of time. I really like
the "Make simple things easy to do, and make hard things
possible" approach. Atleast this API is going to be working
and to be quite complete...
Bests,
Frank
frank_dot_bergmann@project_dash_open.com
http://www.project-open.com/
Frank, your arguments
and plans sound basically reasonable to me. Beyond that, I
haven't studied these issues enough to have any more ideas.
Since obviously you have, I'll just assume you're on the right
track. ;)
|
|
