EVOLVE'13 | Keynote | Roy Fielding
29 likes24,520 views
This document discusses various standards and best practices related to web development. It covers topics like HTTP standards including HTTP/1.1, HTTP/2.0, and Do Not Track. It also discusses software architecture principles like REST and ways to approach versioning APIs. Other topics covered include evolvability in software, tracking user data across contexts, and potential solutions to privacy concerns through feature flags.
![7
Doctor
Medical Prescriptions
Green arrows represent the flow of consumer data.
Blue arrows represent the flow of 3rd party information & offerings.
This diagram represents a typical flow of information related to some medical and pharmaceutical companies.
Not all medical and pharmaceutical companies operate exactly like this diagram.
Patient
Pharmaceutical Company
Health Insurance
Pharmacy Public Health Agency
(disease tracking)
prescription
billing
marketing
prescription
refill reminders
Pharmacy Analytics
Company
marketing
prescription
data
aggregate
prescription
statistics
aggregate
prescription
statistics
aggregate
prescription
statistics
personal
profile data
[FTC]](https://image.slidesharecdn.com/201308-fielding-evolve-130904132219-/85/EVOLVE-13-Keynote-Roy-Fielding-12-320.jpg)
![7
Doctor
Medical Prescriptions
Green arrows represent the flow of consumer data.
Blue arrows represent the flow of 3rd party information & offerings.
This diagram represents a typical flow of information related to some medical and pharmaceutical companies.
Not all medical and pharmaceutical companies operate exactly like this diagram.
Patient
Pharmaceutical Company
Health Insurance
Pharmacy Public Health Agency
(disease tracking)
prescription
billing
marketing
prescription
refill reminders
Pharmacy Analytics
Company
marketing
prescription
data
aggregate
prescription
statistics
aggregate
prescription
statistics
aggregate
prescription
statistics
personal
profile data
[FTC]
profile data
Other Websites
Profiling Service
AGE
INCOME
LEVEL
HOBBIES
demographics &
online activity](https://image.slidesharecdn.com/201308-fielding-evolve-130904132219-/85/EVOLVE-13-Keynote-Roy-Fielding-13-320.jpg)
![25
ALWAYS SHIP TRUNK
why web applications are different …
problems that none of the
revision control systems solve …
how you can solve some of them yourself
[Paul Hammond (Typekit)] http://www.paulhammond.org/2010/06/trunk/
based on real deployment experience at Flickr, Etsy, Typekit, ...](https://image.slidesharecdn.com/201308-fielding-evolve-130904132219-/85/EVOLVE-13-Keynote-Roy-Fielding-36-320.jpg)
![FLIP SWITCHES VIA CONSOLE
29
• easy UI for (proportional) enabling or disabling of frags
• activation by frag, recorded with timestamps
• activation by AB testing, recorded for comparative analytics
[Ross Harmes, http://www.flickr.com/photos/rossharmes/4153769740/]](https://image.slidesharecdn.com/201308-fielding-evolve-130904132219-/85/EVOLVE-13-Keynote-Roy-Fielding-43-320.jpg)
EVOLVE'13 | Keynote | Roy Fielding
- 1. 1 Scrambled Eggs • Roy T. Fielding, Ph.D. | Senior Principal Scientist, Adobe
- 3. IT’S A MYSTERY Open Source Apache 2
- 4. IT’S A MYSTERY Open Source Apache Standards HTTPbis + HTTP/2 Do Not Track 2
- 5. IT’S A MYSTERY Open Source Apache Standards HTTPbis + HTTP/2 Do Not Track So!ware Architecture REST 2
- 6. IT’S A MYSTERY Open Source Apache Standards HTTPbis + HTTP/2 Do Not Track So!ware Architecture REST 2
- 7. IT’S A MYSTERY Open Source Apache Standards HTTPbis + HTTP/2 Do Not Track So!ware Architecture REST Wouldn’t it be nice if CQ supported … 2
- 8. STANDARDS: HTTP HTTP/1.1 Almost done, really IESG last call next week or so HTTP/2.0 Standardization of Google’s SPDY Session-layer Tunnel for HTTP with Compression (?) • Should have been called TCP++, or TLS++ Improvement for session-heavy, authenticated sites • http://trac.tools.ietf.org/wg/httpbis/trac/wiki 3
- 9. STANDARDS: DO NOT TRACK Tracking is pervasive because it feeds personalization and UX 4
- 10. 5 profile data Green arrows represent the flow of consumer data. Blue arrows represent the flow of 3rd party information & offerings. This diagram represents a typical flow of information related to some online behavioral advertising. Not all online behavioral advertising operates exactly like this diagram. . . Browser on Personal Computer Ad Network BUY ONE, GET ONE! SPECIAL OFFER! Web Analytics Provider News Website Other Websites Merchant Secondary Ad Networks Profiling Service AGE INCOME LEVEL HOBBIES statistics & consumer behavior contextual & tailored ads contextual & tailored ads demographics & online activity demographic data (from registration) demographics, past purchases aggregate analytics data * depending on contract limitations webpage interest segments BUY ONE, GET ONE! SPECIAL OFFER! URL + analytics cookie URL + ad cookie1 URL + pre-existing cookie redirect URL Online Behavioral Advertising URL + ad cookie2 URL + news site cookie
- 11. STANDARDS: DO NOT TRACK Tracking is pervasive because it feeds personalization and UX Data collection across unrelated contexts is a privacy concern 6
- 12. 7 Doctor Medical Prescriptions Green arrows represent the flow of consumer data. Blue arrows represent the flow of 3rd party information & offerings. This diagram represents a typical flow of information related to some medical and pharmaceutical companies. Not all medical and pharmaceutical companies operate exactly like this diagram. Patient Pharmaceutical Company Health Insurance Pharmacy Public Health Agency (disease tracking) prescription billing marketing prescription refill reminders Pharmacy Analytics Company marketing prescription data aggregate prescription statistics aggregate prescription statistics aggregate prescription statistics personal profile data [FTC]
- 13. 7 Doctor Medical Prescriptions Green arrows represent the flow of consumer data. Blue arrows represent the flow of 3rd party information & offerings. This diagram represents a typical flow of information related to some medical and pharmaceutical companies. Not all medical and pharmaceutical companies operate exactly like this diagram. Patient Pharmaceutical Company Health Insurance Pharmacy Public Health Agency (disease tracking) prescription billing marketing prescription refill reminders Pharmacy Analytics Company marketing prescription data aggregate prescription statistics aggregate prescription statistics aggregate prescription statistics personal profile data [FTC] profile data Other Websites Profiling Service AGE INCOME LEVEL HOBBIES demographics & online activity
- 14. STANDARDS: DO NOT TRACK Tracking is pervasive because it feeds personalization and UX Data collection across unrelated contexts is a privacy concern Governments want to stop it, but they don’t know how Privacy advocates incite fear and doubt Poor business data practices justify them! This should be an easy problem to fix 8
- 15. 9 Online Advertising Industry US FTC European Commission Privacy Advocates BUT ONLY IF WE WORK TOGETHER … and now state governments are getting involved too …
- 16. SOFTWARE ARCHITECTURE What is the best practice for versioning a REST API? 10
- 17. SERIOUSLY, WHICH IS BETTER? Should I include a version number in the URL hierarchy? • http://example.com/v1/users Should I include a version number on the resource name? • http://example.com/users.v1 Should I include a version number as a query parameter? • http://example.com/users?api=v1 Should I include a version number in the media type? • Content-Type: application/vnd.myname.v1+json 11
- 18. REST REST is so!ware engineering on the scale of DECADES 12
- 19. REST REST is designed primarily to improve EVOLVABILITY 13
- 20. 14 EVOLVABILITY Evolvability is the ability to change over time, in response to changing user needs or a changing environment, without starting over
- 24. REST Hypertext as the Engine of Application State 16 S0 S2S1 S3 R o y * *
- 25. REST Follow Your Nose 17 S0 S2S1 S3 R o y * *
- 26. REST Follow Your Nose 18 S0 S2S1 S3 R o y * *
- 27. REST Follow Your Nose 19 S0 S2S1 S3 R o y * *
- 28. REST Follow Your Nose 20 S0 S2S1 S3 R o y * *
- 29. REST Hypertext as the Engine of Application State each state can be dynamic each transition can be redirected 21 S0 S2S1 S3 R o y * *
- 30. REST What is the best practice for versioning a REST API? 22
- 31. REST What is the best practice for versioning a REST API? 22 DON’T Versioning an interface is just a “polite” way to kill deployed applications
- 32. SERIOUSLY? 23
- 33. SERIOUSLY? When was the last time you saw a version number on a website? 23
- 34. SERIOUSLY? When was the last time you saw a version number on a website? a REST API is just a website for users with a limited vocabulary (machine to machine interaction) 23
- 35. BREAKING COMPATIBILITY IS BAD Websites are supposed to retain backwards compatibility (avoid broken links) If you want to break with the past, use a different hostname, with new branding! 24
- 36. 25 ALWAYS SHIP TRUNK why web applications are different … problems that none of the revision control systems solve … how you can solve some of them yourself [Paul Hammond (Typekit)] http://www.paulhammond.org/2010/06/trunk/ based on real deployment experience at Flickr, Etsy, Typekit, ...
- 38. 26 ALWAYS SHIP TRUNK What would a revision control system built for supporting deployed web applications be like?
- 39. 26 ALWAYS SHIP TRUNK What would a revision control system built for supporting deployed web applications be like? right?
- 40. 26 ALWAYS SHIP TRUNK What would a revision control system built for supporting deployed web applications be like? right? Wouldn’t it be nice if CQ supported …
- 41. FRAGS Feature Flags for conditional activation of content fragments during continuous deployment 27
- 42. GLOBAL CONFIGURATION SETTINGS 28 if (frags(“saml_auth”)) { credentials = saml.authenticate(user); } else { credentials = httpAuth.check(user); } • testable for conditional content (i.e., everything) • readable via all development interfaces • writable with ops authority
- 43. FLIP SWITCHES VIA CONSOLE 29 • easy UI for (proportional) enabling or disabling of frags • activation by frag, recorded with timestamps • activation by AB testing, recorded for comparative analytics [Ross Harmes, http://www.flickr.com/photos/rossharmes/4153769740/]
- 44. ACTIVATION-AWARE MONITORING 30 • dashboard interfaces for time-series graphs with activation markers • AB comparisons based on automated percentile activation • data available as more resources, for reuse by enterprise monitoring
- 45. FRAGS Are you a CQ/AEM customer/prospect? Do you want a feature like Frags? Do you need more than what I described? Ask for it! (we prioritize features by customer demand) 31
- 46. 32