Using semantics for automating the authentication of Web APIs

Recent technology developments in the area of services on the Web are marked by the proliferation of Web applications and APIs. The implementation and evolution of applications based on Web APIs is, however, hampered by the lack of automation that can be achieved with current technologies. Research on semantic Web services is there fore trying to adapt the principles and technologies that were devised for traditional Web services, to deal with this new kind of services. In this paper we show that currently more than 80% of the Web APIs require some form of authentication. Therefore authentication plays a major role for Web API invocation and should not be neglected in the context of mashups and composite data applications. We present a thorough analysis carried out over a body of publicly available APIs that determines the most commonly used authentication approaches. In the light of these results, we propose an ontology for the semantic annotation of Web API authentication information and demonstrate how it can be used to create semantic Web API descriptions. We evaluate the applicability of our approach by providing a prototypical implementation, which uses authentication annotations as the basis for automated service invocation

A Framework for Automating the Invocation of Web APIs

Web APIs, characterized by their relative simplicity and their natural suitability for the Web, have become increasingly dominant in the world of services on the Web. Despite their popularity, Web APIs are so heterogeneous in terms of the underlying principles adopted and the means used for publishing them that discovering, understanding and notably invoking Web APIs is nowadays more an art than a science. In this paper, we present our work towards supporting the automated invocation of Web APIs. In particular, we describe a framework that provides a unique entry point for the invocation of most Web APIs that can be found on the Web, by exploiting non-intrusive semantic annotations of HTML pages describing Web APIs in order to capture both their semantics as well as information necessary to carry out their invocation

Middleware-based Database Replication: The Gaps between Theory and Practice

The need for high availability and performance in data management systems has been fueling a long running interest in database replication from both academia and industry. However, academic groups often attack replication problems in isolation, overlooking the need for completeness in their solutions, while commercial teams take a holistic approach that often misses opportunities for fundamental innovation. This has created over time a gap between academic research and industrial practice. This paper aims to characterize the gap along three axes: performance, availability, and administration. We build on our own experience developing and deploying replication systems in commercial and academic settings, as well as on a large body of prior related work. We sift through representative examples from the last decade of open-source, academic, and commercial database replication systems and combine this material with case studies from real systems deployed at Fortune 500 customers. We propose two agendas, one for academic research and one for industrial R&D, which we believe can bridge the gap within 5-10 years. This way, we hope to both motivate and help researchers in making the theory and practice of middleware-based database replication more relevant to each other.Comment: 14 pages. Appears in Proc. ACM SIGMOD International Conference on Management of Data, Vancouver, Canada, June 200

Microservice API Evolution in Practice: A Study on Strategies and Challenges

Nowadays, many companies design and develop their software systems as a set of loosely coupled microservices that communicate via their Application Programming Interfaces (APIs). While the loose coupling improves maintainability, scalability, and fault tolerance, it poses new challenges to the API evolution process. Related works identified communication and integration as major API evolution challenges but did not provide the underlying reasons and research directions to mitigate them. In this paper, we aim to identify microservice API evolution strategies and challenges in practice and gain a broader perspective of their relationships. We conducted 17 semi-structured interviews with developers, architects, and managers in 11 companies and analyzed the interviews with open coding used in grounded theory. In total, we identified six strategies and six challenges for REpresentational State Transfer (REST) and event-driven communication via message brokers. The strategies mainly focus on API backward compatibility, versioning, and close collaboration between teams. The challenges include change impact analysis efforts, ineffective communication of changes, and consumer reliance on outdated versions, leading to API design degradation. We defined two important problems in microservice API evolution resulting from the challenges and their coping strategies: tight organizational coupling and consumer lock-in. To mitigate these two problems, we propose automating the change impact analysis and investigating effective communication of changes as open research directions

MergePoint: A Graphical Web-App for merging HTTP-Endpoints and IoT-Platform Models

More and more devices are connected to Internet of Things Platforms in various application domains. The resulting device integration effort is moderated by the concrete integration syntax and the technical abilities of the device integrator. Therefore, researchers from various communities have been investigating and designing component coupling architectures to achieve interoperability for more than 30 years. Emerging Smart Home scenarios challenges classical integration approaches as no single formal integration standard exists. In this paper we introduce a reference architecture called MergePoint that automates HTTP-Endpoint integration with smart home platforms such as openHAB in a plug-and-play manner. Based on a prototypical system implementation, our empirical evaluation demonstrates that average integration time can be reduced by 78% and average tool usability score is increased by 65% compared to textual integration approaches. MergePoint can serve as a reference implementation for practitioners that want to automate the integration between HTTP-Endpoints and IoT Platform Models