SlideShare une entreprise Scribd logo

Interoperability rules for an European API ecosystem: do we still need SOAP?

Team per la Trasformazione Digitale
Team per la Trasformazione Digitale

How Italy is introducing REST API and a more reliable IT architecture in the Public Administration. Keynote by Roberto Polli, Full Stack Developer at Digital Transformation Team

Logiciels
1  sur  30
Télécharger pour lire hors ligne
INTEROPERABILITY RULES FOR AN EUROPEAN API ECOSYSTEM: DO WE STILL NEED SOAP? ROBERTO POLLI TEAM PER LA TRASFORMAZIONE DIGITALE —
The Italian Digital Team Old SOAP Framework SOAP & REST The New Framework Standardization & Reliability Future ideas Agenda
Make public services for citizens and businesses accessible in an easy manner, via a mobile first approach, with reliable, scalable and fault tolerant architectures, based on clearly defined APIs. Team Mission
Roberto Polli - love writing in Python, C and Java RHC{E,VA}, MySQL|MongoDB Certified DBA API Ecosystem @ TeamDigitale Who am I
From Enterprise to The Web
The Old SOAP Framework Ad-hoc encapsulation with a custom gateway
The Old SOAP Framework Processing errors (SOAP Faults) required de/serialization of XML No universal semantic for communicating service status (soap faults uses 500 for everything) Errors at peak loads caused further thrashing
The Old SOAP Framework Become a barrier for the creation of new services: - Very expensive (both for setup and maintenance/operation) - Complicates communication with non-governmental agencies - The IT world was moving beyond SOAP
Beyond SOAP SOAP was born in 1999: ● transfer-agnostic messaging protocol (HTTP, SMTP, ..) ● adds one layer, with computational and architectural costs ● virtually asynchronous exchanges (soap messages) Today: ● new HTTP Semantics RFC 7230-7238 released in 2014 ● services are inherently based on HTTP ● synchronous exchanges (eg. mail vs chat)
Beyond SOAP The new semantics allow to: ● route requests using Path and Method (Eg. idempotent vs non-idempotent) ● use Status and Headers for service management, don't have to process the body ● Caching, Conditional and Range Requests, ...
The New Framework ● Standardize HTTP APIs without SOAP ● API-first approach to REST APIs based on OpenAPI v3 ● Scheme standardization based on national, European and industry standards ● Availability strategy based on a distributed circuit-breaker and throttling patterns
The New Ecosystem School Town Hospital Police IRS (MEF) National Registry (ANPR) PHR (FSE)
Standardization
http binary messages HTTPS Always HTTPS Wrap queues (kafka, JMS, AMQP, …) with HTTPS for authentication and authorization Leverage STATUS, METHOD and PATH for auditing and routing
ago 6 14:04:50 ago-06 18:58:50,000 Aug 02 18:43:47.000 mer 9 ago 08:45:37 CEST 2018 Fri May 05 08:45:37 IST 2018-May-08 10:06:25 AM 05/12/2018 2018/12/05 12-05-2018 05/12/2018 2018-12-05 12-05-2018 Logs, dates: RFC5424 / 3339 2018-05-08T10:06:25Z 2018-05-08T10:06:25.000Z
cod_fiscale piva fiscalCode CF nato codice_fisc nome partIva cfiscale nato_a cf p_IVA fiscal_code PI name Ontology-based schemas tax_code vat_number given_name (from w3id.org/italia)
Reliability
Business Continuity Plan (European Interoperability Framework) Integrated management of load and failures Avoid cascading failures Reliability
Service management techniques (eg. circuit-breaker) Reliability
x-rate-limit-minute: 100 X-RateLimit-Retry-After: 11529485261 X-RateLimit-UserLimit: 1231513 X-RateLimit-UserRemaining X-Rate-Limit-Limit: name=rate-limit-1,1000 x-custom-retry-after-ms X-Rate-Limit-Remaining-month X-Rate-Limit-Reset: Wed, 21 Oct 2015 07:28:00 GMT x-rate-limit-hour: 1000 Service Management Headers Communicate service limits X-RateLimit-Limit: #request X-RateLimit-Remaining: #request X-RateLimit-Reset: #seconds Communicate service status HTTP 503 (service unavailable) HTTP 429 (too many requests) Retry-After: #seconds
{ "message": "Service Unavailable", "code": 123 }  { "status" : "error", "message": "Unable to communicate with database" } { "error": { "errors": [ { "reason": "required", "message": "Login Required", "locationType": "header", "location": "Authorization" } ], "code": 401, "message": "Login Required" } }" } {"error": { "code": "501", "message": "Unsupported functionality", "target": "query", "details": "" } Errors: RFC7807 RFC 7807 is an extensible format for errors { "type": "https://tools.ietf.org/html/rfc7231#section-6.6.4", "title": "Service Unavailable", "detail": "Service is active in forex hours", "status": 503, "instance": "/account/12345/msgs/abc", }
Future steps
Readable indicators: - use rates, not absolute values - use basic units (eg. Bytes, seconds, …) - use increasing Service Level Indicators, the higher the better Example: - availability is 0-100% - expose success rates, not error rates Standardized metrics
Set common and simple indicators: - availability: eg. the service was up for 95% of the time - success_rate: % of successful requests - target_response_time: expected latency at 95p Evaluating: - or responsiveness: the service meet the target_response_time for 90% of the time - or APDEX index: Standardizes metrics
Signing an exchange with a digital certificate is the basis for a non-repudiation framework. SOAP has a well-established (and criticized) standard for Signing and Encryption REST standards are Json Web Signatures|Encryption RFC7515 used by OpenID Connect (still criticized) Signatures and Encryption
Possible choices: - leave the signature to the application protocol (eg. json) - sign just the body (a sort of ws-security built with JWS) extending the objects with claims or adding an Headers - sign a fingerprint(request,header,body) via Headers Current request/response fingerprint functions and Signature headers proposals (eg. amz, draft-cavage, signed-exchanges) Signatures and Encryption
On digital certificates: - RSA is considered a legacy https://github.com/WICG/webpackage/pull/181 - EC keys are easily embedded in claims and headers On Headers - evaluate Structured Headers Example-DictHeader: en="Applepie", da=*w4ZibGV0w6ZydGUK=* - deprecate or adopt Digest Further discussions
References
https://forum.italia.it/c/piano-triennale/interoperabilita http://lg-modellointeroperabilita.readthedocs.io/it/latest/ New Italian Framework
Roberto Polli roberto@teamdigitale.governo.it @ioggstream @teamdigitaleIT @team-per-la-trasformazione-digitale teamdigitale.governo.it

Recommandé

Open DMPs: Machine Actionable open data management planning (Presentation at ...
Open DMPs: Machine Actionable open data management planning (Presentation at ...Open DMPs: Machine Actionable open data management planning (Presentation at ...
Open DMPs: Machine Actionable open data management planning (Presentation at ...
OpenAIRE
 
TCP1P.net Meetup Vision, Objectives and Roadmap
TCP1P.net Meetup Vision, Objectives and RoadmapTCP1P.net Meetup Vision, Objectives and Roadmap
TCP1P.net Meetup Vision, Objectives and Roadmap
Stefan Ianta
 
Knowage 8 presentation
Knowage 8 presentationKnowage 8 presentation
Knowage 8 presentation
KNOWAGE
 
Smart Visualisations for IT & Enterprise Architecture Management with LeanIX
Smart Visualisations for IT & Enterprise Architecture Management with LeanIXSmart Visualisations for IT & Enterprise Architecture Management with LeanIX
Smart Visualisations for IT & Enterprise Architecture Management with LeanIX
LeanIX GmbH
 
LinkedIn-ATG-SI-2016May22-SE-V5
LinkedIn-ATG-SI-2016May22-SE-V5LinkedIn-ATG-SI-2016May22-SE-V5
LinkedIn-ATG-SI-2016May22-SE-V5
Stefan Ianta
 
Evolutionary Machine Intelligence in Smart Markets of microservices
Evolutionary Machine Intelligence in Smart Markets of microservicesEvolutionary Machine Intelligence in Smart Markets of microservices
Evolutionary Machine Intelligence in Smart Markets of microservices
Stefan Ianta
 
AMAG Forrester about SAP & Lean Enterprise Architecture Management using LeanIX
AMAG Forrester about SAP & Lean Enterprise Architecture Management using LeanIXAMAG Forrester about SAP & Lean Enterprise Architecture Management using LeanIX
AMAG Forrester about SAP & Lean Enterprise Architecture Management using LeanIX
LeanIX GmbH
 
Evolutionary Design Patterns for Software Development
Evolutionary Design Patterns for Software Development Evolutionary Design Patterns for Software Development
Evolutionary Design Patterns for Software Development
Stefan Ianta
 

Recommandé

Open DMPs: Machine Actionable open data management planning (Presentation at ...
Open DMPs: Machine Actionable open data management planning (Presentation at ...Open DMPs: Machine Actionable open data management planning (Presentation at ...
Open DMPs: Machine Actionable open data management planning (Presentation at ...
OpenAIRE
 
TCP1P.net Meetup Vision, Objectives and Roadmap
TCP1P.net Meetup Vision, Objectives and RoadmapTCP1P.net Meetup Vision, Objectives and Roadmap
TCP1P.net Meetup Vision, Objectives and Roadmap
Stefan Ianta
 
Knowage 8 presentation
Knowage 8 presentationKnowage 8 presentation
Knowage 8 presentation
KNOWAGE
 
Smart Visualisations for IT & Enterprise Architecture Management with LeanIX
Smart Visualisations for IT & Enterprise Architecture Management with LeanIXSmart Visualisations for IT & Enterprise Architecture Management with LeanIX
Smart Visualisations for IT & Enterprise Architecture Management with LeanIX
LeanIX GmbH
 
LinkedIn-ATG-SI-2016May22-SE-V5
LinkedIn-ATG-SI-2016May22-SE-V5LinkedIn-ATG-SI-2016May22-SE-V5
LinkedIn-ATG-SI-2016May22-SE-V5
Stefan Ianta
 
Evolutionary Machine Intelligence in Smart Markets of microservices
Evolutionary Machine Intelligence in Smart Markets of microservicesEvolutionary Machine Intelligence in Smart Markets of microservices
Evolutionary Machine Intelligence in Smart Markets of microservices
Stefan Ianta
 
AMAG Forrester about SAP & Lean Enterprise Architecture Management using LeanIX
AMAG Forrester about SAP & Lean Enterprise Architecture Management using LeanIXAMAG Forrester about SAP & Lean Enterprise Architecture Management using LeanIX
AMAG Forrester about SAP & Lean Enterprise Architecture Management using LeanIX
LeanIX GmbH
 
Evolutionary Design Patterns for Software Development
Evolutionary Design Patterns for Software Development Evolutionary Design Patterns for Software Development
Evolutionary Design Patterns for Software Development
Stefan Ianta
 
TANGO Project in a Nutshell Flyer
TANGO Project in a Nutshell FlyerTANGO Project in a Nutshell Flyer
TANGO Project in a Nutshell Flyer
Oliver Barreto Rodríguez
 
APIdays Paris 2019 - The Netherlands' National API Strategy by by Frank Terps...
APIdays Paris 2019 - The Netherlands' National API Strategy by by Frank Terps...APIdays Paris 2019 - The Netherlands' National API Strategy by by Frank Terps...
APIdays Paris 2019 - The Netherlands' National API Strategy by by Frank Terps...
apidays
 
The Next Big Thing
The Next Big ThingThe Next Big Thing
The Next Big Thing
LeanIX GmbH
 
FIWARE Overview
FIWARE OverviewFIWARE Overview
FIWARE Overview
Fernando Lopez Aguilar
 
Knowage official presentation 2018
Knowage official presentation 2018Knowage official presentation 2018
Knowage official presentation 2018
KNOWAGE
 
Iterative Architecture: Your Path to on-time Delivery
Iterative Architecture: Your Path to on-time DeliveryIterative Architecture: Your Path to on-time Delivery
Iterative Architecture: Your Path to on-time Delivery
Asanka Abeysinghe
 
Knowage roadmap-2022 (1)
Knowage roadmap-2022 (1)Knowage roadmap-2022 (1)
Knowage roadmap-2022 (1)
KNOWAGE
 
FIWARE Global Summit - Knowage: FIWARE Data Visualization GE
FIWARE Global Summit - Knowage: FIWARE Data Visualization GEFIWARE Global Summit - Knowage: FIWARE Data Visualization GE
FIWARE Global Summit - Knowage: FIWARE Data Visualization GE
FIWARE
 
APIdays Paris 2019 - Customer First Strategy through API-led Connectivity by...
APIdays Paris 2019 - Customer First Strategy through API-led Connectivity by...APIdays Paris 2019 - Customer First Strategy through API-led Connectivity by...
APIdays Paris 2019 - Customer First Strategy through API-led Connectivity by...
apidays
 
sMART Store of Cypher-Annotated Microservices
sMART Store of Cypher-Annotated MicroservicessMART Store of Cypher-Annotated Microservices
sMART Store of Cypher-Annotated Microservices
Stefan Ianta
 
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile MeetupGraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
LeanIX GmbH
 
Building the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE LabBuilding the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE Lab
Fernando Lopez Aguilar
 
FIWARE Wednesday Webinars - Cities as Enablers of the Data Economy: Smart Dat...
FIWARE Wednesday Webinars - Cities as Enablers of the Data Economy: Smart Dat...FIWARE Wednesday Webinars - Cities as Enablers of the Data Economy: Smart Dat...
FIWARE Wednesday Webinars - Cities as Enablers of the Data Economy: Smart Dat...
FIWARE
 
CD March 2016 - What is HYPERCAT?
CD March 2016 - What is HYPERCAT?CD March 2016 - What is HYPERCAT?
CD March 2016 - What is HYPERCAT?
Comit Projects Ltd
 
Values & Vision - Cloud Sandboxes for BIG Earth Sciences
Values & Vision - Cloud Sandboxes for BIG Earth SciencesValues & Vision - Cloud Sandboxes for BIG Earth Sciences
Values & Vision - Cloud Sandboxes for BIG Earth Sciences
terradue
 
Day 13 - Creating Data Processing Services | Train the Trainers Program
Day 13 - Creating Data Processing Services | Train the Trainers ProgramDay 13 - Creating Data Processing Services | Train the Trainers Program
Day 13 - Creating Data Processing Services | Train the Trainers Program
FIWARE
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
Fernando Lopez Aguilar
 
Building Intelligent Solutions with Graphs, Stefan Kolmar, Neo4j
Building Intelligent Solutions with Graphs, Stefan Kolmar, Neo4jBuilding Intelligent Solutions with Graphs, Stefan Kolmar, Neo4j
Building Intelligent Solutions with Graphs, Stefan Kolmar, Neo4j
Neo4j
 
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
OW2
 
Knowage Location Intelligence @ bdp2020
Knowage Location Intelligence @ bdp2020Knowage Location Intelligence @ bdp2020
Knowage Location Intelligence @ bdp2020
KNOWAGE
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
SmartWave
 
Role of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EIRole of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EI
WSO2
 

Contenu connexe

Tendances

Iterative Architecture: Your Path to on-time Delivery
Iterative Architecture: Your Path to on-time DeliveryIterative Architecture: Your Path to on-time Delivery
Iterative Architecture: Your Path to on-time Delivery
Asanka Abeysinghe
 
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile MeetupGraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
LeanIX GmbH
 
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
OW2
 

Tendances (20)

TANGO Project in a Nutshell Flyer
TANGO Project in a Nutshell FlyerTANGO Project in a Nutshell Flyer
TANGO Project in a Nutshell Flyer
 
APIdays Paris 2019 - The Netherlands' National API Strategy by by Frank Terps...
APIdays Paris 2019 - The Netherlands' National API Strategy by by Frank Terps...APIdays Paris 2019 - The Netherlands' National API Strategy by by Frank Terps...
APIdays Paris 2019 - The Netherlands' National API Strategy by by Frank Terps...
 
The Next Big Thing
The Next Big ThingThe Next Big Thing
The Next Big Thing
 
FIWARE Overview
FIWARE OverviewFIWARE Overview
FIWARE Overview
 
Knowage official presentation 2018
Knowage official presentation 2018Knowage official presentation 2018
Knowage official presentation 2018
 
Iterative Architecture: Your Path to on-time Delivery
Iterative Architecture: Your Path to on-time DeliveryIterative Architecture: Your Path to on-time Delivery
Iterative Architecture: Your Path to on-time Delivery
 
Knowage roadmap-2022 (1)
Knowage roadmap-2022 (1)Knowage roadmap-2022 (1)
Knowage roadmap-2022 (1)
 
FIWARE Global Summit - Knowage: FIWARE Data Visualization GE
FIWARE Global Summit - Knowage: FIWARE Data Visualization GEFIWARE Global Summit - Knowage: FIWARE Data Visualization GE
FIWARE Global Summit - Knowage: FIWARE Data Visualization GE
 
APIdays Paris 2019 - Customer First Strategy through API-led Connectivity by...
APIdays Paris 2019 - Customer First Strategy through API-led Connectivity by...APIdays Paris 2019 - Customer First Strategy through API-led Connectivity by...
APIdays Paris 2019 - Customer First Strategy through API-led Connectivity by...
 
sMART Store of Cypher-Annotated Microservices
sMART Store of Cypher-Annotated MicroservicessMART Store of Cypher-Annotated Microservices
sMART Store of Cypher-Annotated Microservices
 
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile MeetupGraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
GraphQL in LeanIX Enterprise Architecture Management @ Bonnagile Meetup
 
Building the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE LabBuilding the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE Lab
 
FIWARE Wednesday Webinars - Cities as Enablers of the Data Economy: Smart Dat...
FIWARE Wednesday Webinars - Cities as Enablers of the Data Economy: Smart Dat...FIWARE Wednesday Webinars - Cities as Enablers of the Data Economy: Smart Dat...
FIWARE Wednesday Webinars - Cities as Enablers of the Data Economy: Smart Dat...
 
CD March 2016 - What is HYPERCAT?
CD March 2016 - What is HYPERCAT?CD March 2016 - What is HYPERCAT?
CD March 2016 - What is HYPERCAT?
 
Values & Vision - Cloud Sandboxes for BIG Earth Sciences
Values & Vision - Cloud Sandboxes for BIG Earth SciencesValues & Vision - Cloud Sandboxes for BIG Earth Sciences
Values & Vision - Cloud Sandboxes for BIG Earth Sciences
 
Day 13 - Creating Data Processing Services | Train the Trainers Program
Day 13 - Creating Data Processing Services | Train the Trainers ProgramDay 13 - Creating Data Processing Services | Train the Trainers Program
Day 13 - Creating Data Processing Services | Train the Trainers Program
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Building Intelligent Solutions with Graphs, Stefan Kolmar, Neo4j
Building Intelligent Solutions with Graphs, Stefan Kolmar, Neo4jBuilding Intelligent Solutions with Graphs, Stefan Kolmar, Neo4j
Building Intelligent Solutions with Graphs, Stefan Kolmar, Neo4j
 
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
SpagoBI version 6 rebranded as Knowage offers unpaired analytical experience,...
 
Knowage Location Intelligence @ bdp2020
Knowage Location Intelligence @ bdp2020Knowage Location Intelligence @ bdp2020
Knowage Location Intelligence @ bdp2020
 

Similaire à Interoperability rules for an European API ecosystem: do we still need SOAP?

Role of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EIRole of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EI
WSO2
 
Ws Soa V6 Theory And Practice
Ws Soa V6 Theory And PracticeWs Soa V6 Theory And Practice
Ws Soa V6 Theory And Practice
Pini Cohen
 
REST - What's It All About? (SAP TechEd 2012, CD110)
REST - What's It All About? (SAP TechEd 2012, CD110)REST - What's It All About? (SAP TechEd 2012, CD110)
REST - What's It All About? (SAP TechEd 2012, CD110)
Sascha Wenninger
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web services
Neil Ghosh
 
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API Recommendations
Jeelani Shaik
 

Similaire à Interoperability rules for an European API ecosystem: do we still need SOAP? (20)

2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
 
Role of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EIRole of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EI
 
Ws Soa V6 Theory And Practice
Ws Soa V6 Theory And PracticeWs Soa V6 Theory And Practice
Ws Soa V6 Theory And Practice
 
MuleSoft London Community October 2017 - Hybrid and SAP Integration
MuleSoft London Community October 2017 - Hybrid and SAP IntegrationMuleSoft London Community October 2017 - Hybrid and SAP Integration
MuleSoft London Community October 2017 - Hybrid and SAP Integration
 
Api 101
Api 101Api 101
Api 101
 
REST - What's It All About? (SAP TechEd 2012, CD110)
REST - What's It All About? (SAP TechEd 2012, CD110)REST - What's It All About? (SAP TechEd 2012, CD110)
REST - What's It All About? (SAP TechEd 2012, CD110)
 
[WSO2 Summit EMEA 2020] Accelerate and Secure Services Integration with WSO2 ...
[WSO2 Summit EMEA 2020] Accelerate and Secure Services Integration with WSO2 ...[WSO2 Summit EMEA 2020] Accelerate and Secure Services Integration with WSO2 ...
[WSO2 Summit EMEA 2020] Accelerate and Secure Services Integration with WSO2 ...
 
Oracle SOA Suite in use – a practical experience report
Oracle SOA Suite in use – a practical experience reportOracle SOA Suite in use – a practical experience report
Oracle SOA Suite in use – a practical experience report
 
RefCard API Architecture Strategy
RefCard API Architecture StrategyRefCard API Architecture Strategy
RefCard API Architecture Strategy
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web services
 
IT Modernization For Process Modernization
IT Modernization For Process ModernizationIT Modernization For Process Modernization
IT Modernization For Process Modernization
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case Studies
 
AWS Serverless API Management - Meetup
AWS Serverless API Management - MeetupAWS Serverless API Management - Meetup
AWS Serverless API Management - Meetup
 
APIs and Services for Fleet Management - Talks given @ APIDays Berlin and Ba...
APIs and Services for Fleet Management - Talks given @ APIDays Berlin and Ba...APIs and Services for Fleet Management - Talks given @ APIDays Berlin and Ba...
APIs and Services for Fleet Management - Talks given @ APIDays Berlin and Ba...
 
At 306 Case Study The Newest Shipping Systems Its All About Rapid Informa...
At 306 Case Study The Newest Shipping Systems Its All About Rapid Informa...At 306 Case Study The Newest Shipping Systems Its All About Rapid Informa...
At 306 Case Study The Newest Shipping Systems Its All About Rapid Informa...
 
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API Recommendations
 
zendframework2 restful
zendframework2 restfulzendframework2 restful
zendframework2 restful
 
Spring and Pivotal Application Service - SpringOne Tour - Boston
Spring and Pivotal Application Service - SpringOne Tour - BostonSpring and Pivotal Application Service - SpringOne Tour - Boston
Spring and Pivotal Application Service - SpringOne Tour - Boston
 
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
 

Plus de Team per la Trasformazione Digitale

Plus de Team per la Trasformazione Digitale (20)

Developers Italia and the New Guidelines: Let the Open Source Revolution Start!
Developers Italia and the New Guidelines: Let the Open Source Revolution Start!Developers Italia and the New Guidelines: Let the Open Source Revolution Start!
Developers Italia and the New Guidelines: Let the Open Source Revolution Start!
 
I siti dei comuni italiani - Designers Italia
I siti dei comuni italiani - Designers ItaliaI siti dei comuni italiani - Designers Italia
I siti dei comuni italiani - Designers Italia
 
Verso una Repubblica Digitale
Verso una Repubblica DigitaleVerso una Repubblica Digitale
Verso una Repubblica Digitale
 
I fondi per la trasformazione digitale e le azioni verso lo switch off dei se...
I fondi per la trasformazione digitale e le azioni verso lo switch off dei se...I fondi per la trasformazione digitale e le azioni verso lo switch off dei se...
I fondi per la trasformazione digitale e le azioni verso lo switch off dei se...
 
Cresce la diffusione di Spid: gli strumenti e le linee guida per l’integrazio...
Cresce la diffusione di Spid: gli strumenti e le linee guida per l’integrazio...Cresce la diffusione di Spid: gli strumenti e le linee guida per l’integrazio...
Cresce la diffusione di Spid: gli strumenti e le linee guida per l’integrazio...
 
La nuova CIE come piattaforma abilitante per servizi digitali e nel mondo fis...
La nuova CIE come piattaforma abilitante per servizi digitali e nel mondo fis...La nuova CIE come piattaforma abilitante per servizi digitali e nel mondo fis...
La nuova CIE come piattaforma abilitante per servizi digitali e nel mondo fis...
 
La ripartenza di ANPR e il patto tra fornitori dei Comuni, Team Digitale e So...
La ripartenza di ANPR e il patto tra fornitori dei Comuni, Team Digitale e So...La ripartenza di ANPR e il patto tra fornitori dei Comuni, Team Digitale e So...
La ripartenza di ANPR e il patto tra fornitori dei Comuni, Team Digitale e So...
 
L’opportunità di integrare pagoPA: la digitalizzazione dei processi attravers...
L’opportunità di integrare pagoPA: la digitalizzazione dei processi attravers...L’opportunità di integrare pagoPA: la digitalizzazione dei processi attravers...
L’opportunità di integrare pagoPA: la digitalizzazione dei processi attravers...
 
Il progetto IO come opportunità per i partner tecnologici di tutti gli enti p...
Il progetto IO come opportunità per i partner tecnologici di tutti gli enti p...Il progetto IO come opportunità per i partner tecnologici di tutti gli enti p...
Il progetto IO come opportunità per i partner tecnologici di tutti gli enti p...
 
Responsible disclosure. La sicurezza è responsabilità di tutti
Responsible disclosure. La sicurezza è responsabilità di tuttiResponsible disclosure. La sicurezza è responsabilità di tutti
Responsible disclosure. La sicurezza è responsabilità di tutti
 
Uno sguardo sul piano di abilitazione all’utilizzo delle tecnologie cloud, ne...
Uno sguardo sul piano di abilitazione all’utilizzo delle tecnologie cloud, ne...Uno sguardo sul piano di abilitazione all’utilizzo delle tecnologie cloud, ne...
Uno sguardo sul piano di abilitazione all’utilizzo delle tecnologie cloud, ne...
 
Con le linee guida sull’acquisizione e il riuso del software nella PA il merc...
Con le linee guida sull’acquisizione e il riuso del software nella PA il merc...Con le linee guida sull’acquisizione e il riuso del software nella PA il merc...
Con le linee guida sull’acquisizione e il riuso del software nella PA il merc...
 
Un design system allineato alle best practice internazionali, aperto ai contr...
Un design system allineato alle best practice internazionali, aperto ai contr...Un design system allineato alle best practice internazionali, aperto ai contr...
Un design system allineato alle best practice internazionali, aperto ai contr...
 
Le community di Designers Italia e Developers Italia: strumenti collaborativi...
Le community di Designers Italia e Developers Italia: strumenti collaborativi...Le community di Designers Italia e Developers Italia: strumenti collaborativi...
Le community di Designers Italia e Developers Italia: strumenti collaborativi...
 
Il ruolo della privacy nella trasformazione digitale: ostacolo o opportunità?...
Il ruolo della privacy nella trasformazione digitale: ostacolo o opportunità?...Il ruolo della privacy nella trasformazione digitale: ostacolo o opportunità?...
Il ruolo della privacy nella trasformazione digitale: ostacolo o opportunità?...
 
Un’opportunità per il mercato dei pagamenti. Come cambia lo scenario dei paga...
Un’opportunità per il mercato dei pagamenti. Come cambia lo scenario dei paga...Un’opportunità per il mercato dei pagamenti. Come cambia lo scenario dei paga...
Un’opportunità per il mercato dei pagamenti. Come cambia lo scenario dei paga...
 
Un asse per l’innovazione: il protocollo d’intesa tra il Team Digitale e la C...
Un asse per l’innovazione: il protocollo d’intesa tra il Team Digitale e la C...Un asse per l’innovazione: il protocollo d’intesa tra il Team Digitale e la C...
Un asse per l’innovazione: il protocollo d’intesa tra il Team Digitale e la C...
 
Dal Piano Triennale al White Paper
Dal Piano Triennale al White PaperDal Piano Triennale al White Paper
Dal Piano Triennale al White Paper
 
Il ruolo dei partner tecnologici nel processo di trasformazione dei servizi p...
Il ruolo dei partner tecnologici nel processo di trasformazione dei servizi p...Il ruolo dei partner tecnologici nel processo di trasformazione dei servizi p...
Il ruolo dei partner tecnologici nel processo di trasformazione dei servizi p...
 
Data & Analytics Framework - Raffaele Lillo, Chief Data Officer of Digital Tr...
Data & Analytics Framework - Raffaele Lillo, Chief Data Officer of Digital Tr...Data & Analytics Framework - Raffaele Lillo, Chief Data Officer of Digital Tr...
Data & Analytics Framework - Raffaele Lillo, Chief Data Officer of Digital Tr...
 

Dernier

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
VictorSzoltysek
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 

Dernier (20)

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 

Interoperability rules for an European API ecosystem: do we still need SOAP?

  • 1. INTEROPERABILITY RULES FOR AN EUROPEAN API ECOSYSTEM: DO WE STILL NEED SOAP? ROBERTO POLLI TEAM PER LA TRASFORMAZIONE DIGITALE —
  • 2. The Italian Digital Team Old SOAP Framework SOAP & REST The New Framework Standardization & Reliability Future ideas Agenda
  • 3. Make public services for citizens and businesses accessible in an easy manner, via a mobile first approach, with reliable, scalable and fault tolerant architectures, based on clearly defined APIs. Team Mission
  • 4. Roberto Polli - love writing in Python, C and Java RHC{E,VA}, MySQL|MongoDB Certified DBA API Ecosystem @ TeamDigitale Who am I
  • 6. The Old SOAP Framework Ad-hoc encapsulation with a custom gateway
  • 7. The Old SOAP Framework Processing errors (SOAP Faults) required de/serialization of XML No universal semantic for communicating service status (soap faults uses 500 for everything) Errors at peak loads caused further thrashing
  • 8. The Old SOAP Framework Become a barrier for the creation of new services: - Very expensive (both for setup and maintenance/operation) - Complicates communication with non-governmental agencies - The IT world was moving beyond SOAP
  • 9. Beyond SOAP SOAP was born in 1999: ● transfer-agnostic messaging protocol (HTTP, SMTP, ..) ● adds one layer, with computational and architectural costs ● virtually asynchronous exchanges (soap messages) Today: ● new HTTP Semantics RFC 7230-7238 released in 2014 ● services are inherently based on HTTP ● synchronous exchanges (eg. mail vs chat)
  • 10. Beyond SOAP The new semantics allow to: ● route requests using Path and Method (Eg. idempotent vs non-idempotent) ● use Status and Headers for service management, don't have to process the body ● Caching, Conditional and Range Requests, ...
  • 11. The New Framework ● Standardize HTTP APIs without SOAP ● API-first approach to REST APIs based on OpenAPI v3 ● Scheme standardization based on national, European and industry standards ● Availability strategy based on a distributed circuit-breaker and throttling patterns
  • 14. http binary messages HTTPS Always HTTPS Wrap queues (kafka, JMS, AMQP, …) with HTTPS for authentication and authorization Leverage STATUS, METHOD and PATH for auditing and routing
  • 15. ago 6 14:04:50 ago-06 18:58:50,000 Aug 02 18:43:47.000 mer 9 ago 08:45:37 CEST 2018 Fri May 05 08:45:37 IST 2018-May-08 10:06:25 AM 05/12/2018 2018/12/05 12-05-2018 05/12/2018 2018-12-05 12-05-2018 Logs, dates: RFC5424 / 3339 2018-05-08T10:06:25Z 2018-05-08T10:06:25.000Z
  • 16. cod_fiscale piva fiscalCode CF nato codice_fisc nome partIva cfiscale nato_a cf p_IVA fiscal_code PI name Ontology-based schemas tax_code vat_number given_name (from w3id.org/italia)
  • 18. Business Continuity Plan (European Interoperability Framework) Integrated management of load and failures Avoid cascading failures Reliability
  • 19. Service management techniques (eg. circuit-breaker) Reliability
  • 20. x-rate-limit-minute: 100 X-RateLimit-Retry-After: 11529485261 X-RateLimit-UserLimit: 1231513 X-RateLimit-UserRemaining X-Rate-Limit-Limit: name=rate-limit-1,1000 x-custom-retry-after-ms X-Rate-Limit-Remaining-month X-Rate-Limit-Reset: Wed, 21 Oct 2015 07:28:00 GMT x-rate-limit-hour: 1000 Service Management Headers Communicate service limits X-RateLimit-Limit: #request X-RateLimit-Remaining: #request X-RateLimit-Reset: #seconds Communicate service status HTTP 503 (service unavailable) HTTP 429 (too many requests) Retry-After: #seconds
  • 21. { "message": "Service Unavailable", "code": 123 }  { "status" : "error", "message": "Unable to communicate with database" } { "error": { "errors": [ { "reason": "required", "message": "Login Required", "locationType": "header", "location": "Authorization" } ], "code": 401, "message": "Login Required" } }" } {"error": { "code": "501", "message": "Unsupported functionality", "target": "query", "details": "" } Errors: RFC7807 RFC 7807 is an extensible format for errors { "type": "https://tools.ietf.org/html/rfc7231#section-6.6.4", "title": "Service Unavailable", "detail": "Service is active in forex hours", "status": 503, "instance": "/account/12345/msgs/abc", }
  • 23. Readable indicators: - use rates, not absolute values - use basic units (eg. Bytes, seconds, …) - use increasing Service Level Indicators, the higher the better Example: - availability is 0-100% - expose success rates, not error rates Standardized metrics
  • 24. Set common and simple indicators: - availability: eg. the service was up for 95% of the time - success_rate: % of successful requests - target_response_time: expected latency at 95p Evaluating: - or responsiveness: the service meet the target_response_time for 90% of the time - or APDEX index: Standardizes metrics
  • 25. Signing an exchange with a digital certificate is the basis for a non-repudiation framework. SOAP has a well-established (and criticized) standard for Signing and Encryption REST standards are Json Web Signatures|Encryption RFC7515 used by OpenID Connect (still criticized) Signatures and Encryption
  • 26. Possible choices: - leave the signature to the application protocol (eg. json) - sign just the body (a sort of ws-security built with JWS) extending the objects with claims or adding an Headers - sign a fingerprint(request,header,body) via Headers Current request/response fingerprint functions and Signature headers proposals (eg. amz, draft-cavage, signed-exchanges) Signatures and Encryption
  • 27. On digital certificates: - RSA is considered a legacy https://github.com/WICG/webpackage/pull/181 - EC keys are easily embedded in claims and headers On Headers - evaluate Structured Headers Example-DictHeader: en="Applepie", da=*w4ZibGV0w6ZydGUK=* - deprecate or adopt Digest Further discussions