02/17/08 :: [SOA] REST: CRUD-Oriented Architecture - III  [permalink]

|

I think Tim Bray nailed it (maybe involuntarily).

Joe Gregorio of Google, in How to do RESTful Partial Updates, proposed overloading PUT to update resources in a way that’s constrained using URI templates.

It's Important. The problem Joe’s trying to solve keeps coming up.

It's hard...the POST-a-feed idea came up. And in fairly short order after that, it got shot down. People thought up all sorts of corner cases and problems. The two that stick to my mind were authorization and error handling. Can you specify different auth data for each of the ten thousand entries in the feed, and how do you react when twenty-seven of the ten thousand fail to update for some reason or another?

I can tell you authoritatively that we do not have consensus here; rough, smooth, or any other kind

Tim, have you ever considered that you are trying to solve the wrong problem? Don't you understand that CRUDing from the consumer side is hopeless? Don't you understand that a resource is not just a blob of data that you can manipulate at will? Don't you understand that when you are CRUDing around you are pushing millions of LOCs on the consumer side that have nothing to do there? Don't you understand that CRUDing around results in strong coupling between the representation consumer and the resource owner?

Tim, don't you understand that there is a fundamental difference between expressing the changes you made to a resource representation as part of an inter-action and the expression of what you want the resource to look like once it is updated? Why would a resource consumer had to anything to do with the later? Don't you think the former is a much more reasonable thing to express?

Tim, don't you get it that inter-actions are the only way forward? Don't you agree that a resource lifecycles (i.e. an inter-action model) are able to handle any kind of error condition -and trans-actions- in a far more efficient way (whether it is part of a batch or individual request)? When the 27th interaction fails, we have an inter-action context. The resource lifecycle knows what to do, you don't push this logic at the collection level. Same is true for authorization.

I know, in your mind, inter-actions and resource lifecyles, is not RESTful, because you are erroneously thinking that the resource lifecycle belongs to the application state, when in reality it doesn't. So you are hitting a dead end -a cul-de-sac- because you will be spinning for the next decade without ever finding a solution. No wonder you can't find a consensus. 

How much longer will we have to endure CRUD Oriented Architectures?