[cap-talk] an attempt at web-calculus in a paragraph for hackers
tyler.close at gmail.com
Thu Dec 8 20:01:17 EST 2005
On 12/7/05, Toby Murray <toby.murray at dsto.defence.gov.au> wrote:
> (I'm writing this as I go, so it'll probably come out a fair bit rougher
> than it should)
> Some of this might also be technically incorrect -- I'm not totally
> across the web-calculus in detail. I'm also pretty unfamiliar with
> web-services in general. My aplogies in advance.
It looks pretty good. Thanks for putting in the effort. Comments inline below...
> The web-calculus is a web services framework that is both inherently
> simple and secure. It is particuarly useful for developing
> next-generation applications that require tight access controls without
> the need for current usability-inhibiting security technologies, such as
> passwords. In the Waterken implementation, web-calculus services are
> written by constructing java objects, whose interfaces are automatically
> exposed to the web browser via HTTP GET requests, and whose methods may
> be invoked using HTTP POST requests.
There's another important aspect of the GET operation. In many
applications, objects have associations with other objects, in
addition to having methods. The Waterken Server also assigns a URL to
each association. A GET operation on such a URL retrieves the current
target of the association. In this way, you can walk an application's
object graph using only GET operations, ie: by clicking on links in a
web browser. For example, if you do a "View Source" on
<https://yurl.net/id/23cmtnprx24xrf3lbtrzulfj5en2hx62>, you see the
Doing a GET operation on
<https://yurl.net/id/ltzfhwe7b6p24cqohlknmtln7yh7omkd> invokes the
getValue() method of the org.yurl.Author instance. See:
The return value for the GET operation is the current wiki page
associated with that Author.
Many web applications involve a lot of just surfing the server side
state with GET operations. By reifying each association as a separate
closure/resource, the web-calculus protocol supports this kind of
> User interfaces, rendered by the
> web-browser, are constructed by employing XSL transformations. The
> automatic mapping of java objects onto the HTTP protocol provides a
> number of advantages. Firstly, it provides a powerful web-services
> platform for object-oriented programmers that may be otherwise
> unfamiliar with web-services development.
Indeed it was a key design goal to produce a programming environment
in which Java programmers could create web application using their
preferred syntax, Java, and remain blissfully unaware of XML, should
they so choose.
> Secondly, it provides a
> natural path by which current Java applications can be migrated to the
> web, allowing developers to take advantage of the growing popularity of
> the web-services platform while being able to make use of an existing
Using the Waterken Server, you can certainly create such an interface
to pre-existing Java applications, but they may not be the best web
applications. For example, a common OOP pattern is to have a separate
getter for each mutable property of an object. In a network
application, it is preferrable to fetch a single snapshot of all the
mutable properties of an object. For example, the org.yurl.Author
interface does not have separate getters for each of the page version,
page title, and page wiki text. The interface has a single getter
which fetches a single Page object which carries all of these
properties. To make good web applications, you will want to adopt this
idiom, popularized by REST. It is likely that existing Java code does
not follow these idioms. Still, webizing the existing code may help
you get started.
> Finally, it exposes the natural powers inherent in the Java
> object model to the web,.particularly reflection. This enables the basic
> protocol to be kept incredibly simple, since all it needs to support is
> method invocation (HTTP POST requests) and object introspection (HTTP
> GET requests). As such, the web-calculus is vastly simpler than current
> standards such as SOAP and XML-RPC, but is at leat as powerful.
Wow, sounds pretty good. ;)
The web-calculus is the union of REST and capability-based security:
Name your trusted sites to distinguish them from phishing sites.
More information about the cap-talk