XML Schema Problem
Bill Burke on problems with XML schema
As you rev your service and your schema you’re going to have to support a lot of different media types. What would make things easier is if XML Schema supported polymorphism. That way a client could ask for “application/vnd1+xml” format and still receive and validate a newer version of the schema. Please correct me if I’m wrong, but I don’t think you can do this in XML schema. Yes you could extend various types from the parent to create a newer version of a schema, but a validator would not be able to enforce a polymorphic relationship with its parent AFAIK.
XML can deal with this problem, but not XSD (with some exceptions). The solution is to throw the schema to the wind.
Organic Code
My very short checklist
- Uses simple and localized constructs
- Yields to evolution
- Is self-revealing
Fixing HTTP Authentication
Brendan Taylor on Why It’s Worth Fixing HTTP Authentication (through Ryan Tomayko):
(HTTP authentication) is in fact it is preferable to cookie-based authentication in several ways:
- it can be more secure than HTML forms when SSL is not available. Digest authentication only sends hashed passwords. Servers can trade system resources for immunity to replay and session hijacking attacks (see section 4.5 of RFC2617).
- it can be completely stateless; multiple servers running the same site don’t need to share a session store when Basic authentication is used.
- it simplifies caching. Responses to unauthenticated requests are cached normally, responses to authenticated requests go uncached.
- it works well with AJAX and with automated clients. Do you really need separate authentication mechanisms for your front-end and for your API?
I can’t agree more. The last two make it even more attractive when compared to forms/cookies based authentication.
To make this work, all the server has to do is to provide some hypertext in its 401 responses to kickstart registration or some hints about obtaining credentials.
Canonical URIs
As I was arguing about a month ago, things can be accessed from multiple URIs, and without analyzing representations, it is difficult to conclude that those URIs are indeed pointing to the same thing. Search engines have now recognized this issue, and would like servers to include a new canonical link relation to inform them of a canonical URI. For search engines, this simplifies de-duping.
Here is the example from the Yahoo! search blog.
<link rel="canonical" href="http://www.example.com/products" />
This is similar to one of the solutions I suggested in my original post on resource identity.
See this post by http://searchengineland.com for more details on this from Google, Yahoo! and Microsoft.
Rob Sayre on JSONML
JsonML allows browsers to process RFC 3252 protocols.
To parse his statement, there is no need to read RFC 3252. Here is a brief snippet for your convenience.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ip PUBLIC "-//IETF//DTD BLOAT 1.0 IP//EN" "bloat.dtd">
<ip>
<header length="474">
<version value="4"/>
<tos precedence="Routine" delay="Normal" throughput="Normal"
relibility="Normal" reserved="0"/>
<total.length value="461"/>
<id value="1"/>
<flags reserved="0" df="dont" mf="last"/>
<offset value="0"/>
<ttl value="255"/>
<protocol value="6"/>
<checksum value="8707"/>
<source address="10.0.0.22"/>
<destination address="10.0.0.1"/>
<options>
<end copied="0" class="0" number="0"/>
</options>
<padding pad="0"/>
</header>
<payload>
</payload>
</ip>
<grin>:)</grin>
Update: Here is a better "grin" suggested by Stefan Tilkov:
<emotionml xmlns="http://www.w3.org/2008/11/emotionml">
<emo:emotion>
<emo:category set="everydayEmotions" name="fun"/>
<emo:intensity value="0.9"/>
</emo:emotion>
</emotionml>
Geohashing
It is a hierarchical spatial data structure which subdivides space into buckets of grid shape.
This is a fascinating idea. Geohash is a hash of longitude and latitude values of a given location, that has an interesting property. Geohash values of nearby locations share the same first several characters of the hash, and therefore can be used to find neighboring places.
Cycling Plan for 2009
This post is over a month late, but better late than never. Apart from regular training, here are some rides that I am planning to do this year.
CAPTCHA vs. Akismet
Since I moved from Movable Type to Wordpress just over five months ago, I have been using Akismet for dealing with comment spam. So far, my experience has been great.
Since then, Akismet caught over 17,000 spam comments, i.e. about 130 per day. During this time, there were just 24 false positives and 1 false negative. Very impressive.
Resource Identity and Cool URIs – Take Two
In response my Resource Identity and Cool URIs, Stefan Tilkov wrote an interesting post with some counter points.
In this post, I would like to expand on the thoughts behind my suggestion to include identifiers in representations, and clear a couple of non-issues.
Data Formats
Bill de hÓra wrote an excellent post on Snowflake API, in which he speculates about two developments and one debate for data APIs in 2009. The two developments, viz., "putting links into API data" and "standardisation of feed metadata" are achievable, despite resistance by some who may find that consistently providing metadata and links is unnecessary. That resistance is easy to understand, but however, it is important to realize that serendipitous reuse depends on such consistency.