WebSockets versus REST?
For the past few years WebSockets has been gaining in popularity and availability. At the end of last year it moved one step closer to a standard by becoming a W3C Candidate Recommendation. Oracle and others have also recently submitted a request to start a standardisation effort around WebSockets (JSR 356) in the next version of Java Enterprise Edition. All of the major browsers, such as Chrome, Firefox, Safari and IE, support one of the WebSockets revisions and will ultimately adopt whatever the standard eventually becomes. In a relatively short period of time, WebSockets has almost become an integral part of the Web. However, there remains a segment of developers who are uncertain as to how or whether WebSockets fits into the architectural style of the Web: REST. Some, such as Nathan Evans, go so far as to suggest that WebSockets could overshadow REST:
After reading up about the standard in detail and absorbing the various online discussion around it, it is becoming increasingly clear to me that this standard is going to steal a large chunk of mind share from RESTful web services. What I mean is that there will come a stage in product development where somebody will have to ask the question:
"Right guys, shall we use WebSockets or REST for this project?"
I expect that WebSockets will, within a year or two, begin stunting the growth of RESTful web services – at least as we know them today.
In his article Nathan believes that based on his experiences of using REST, it is not the "silver bullet" that some other people portray it as, although he admits that WebSockets is also not perfect. He then outlines a number of reasons why WebSockets is a threat to REST, including "sub-par" REST frameworks reliance on text-based protocols. Some of the important benefits that WebSockets offers over REST include bi-directional interactions:
The true bi-directional capability offered by WebSockets is a first for any HTTP-borne protocol. It is something that neither SOAP nor REST have. And which Comet/push/long-polling can only emulate, inefficiently. The bi-directional capability is inherently so good that you could tunnel a real-time TCP protocol such as Remote Desktop or VNC over a WebSocket, if you wanted.
Nathan believes that the benefits of WebSockets outweigh those of REST (HTTP) and that developers will migrate towards WebSockets in preference to it.
REST will probably remain the default choice for projects that need highly visible and cross-platform interoperable web services. Projects without those requirements will probably opt for WebSockets instead and either run JSON over it, or use a bespoke wire protocol. [...] Even though they are competing, the good thing is that REST and WebSockets can actually co-exist with one another. In fact, because they are both built upon HTTP fundamentals they will actually complement each other.
However, Nathan isn't the only one to raise the question of "WebSockets or/versus REST". For instance, Shay Bannon wondered in 2010 whether it is even possible to use the principles of REST with WebSockets:
First and foremost, how do you represent a URI? Second, how do you represent the HTTP methods (GET, PUT, POST, …)? And last, how do you represent HTTP uri parameters and headers? It seems like maybe a solution for this is to built some sort of schema into the content that goes into that text string. Something like a JSON string that has a “uri” field, and “params” and so on. But thats annoying, since with HTTP, you can create very simple gateways that simply use the headers or parameters without needing to parse the body…
He wonders why WebSockets does not have notion of URI or header, and as a result whether there is a need for a REST-over-WebSockets specification before people reinvent REST and end up doing so "not in a uniform manner"? At the time he received a mixed response to this article. For instance one respondant, who mentioned he worked for a WebSockets company, so perhaps not too objective, stated:
REST and WebSocket communication seems to be two different types of distributed computing plumbing. REST is the old-school, sit on top of HTTP, synchronous style of web rpc. WebSocket is the newer, sit along side HTTP, usually asynchronous style of web communication. Imho, in the long term, WebSocket will dramatically reduce the need for REST for WAN computing. With WebSocket, all the protocols we've known and loved for the past few decades can now be extended over the web without the clumsy and performance-sucking mapping to HTTP.
My take is REST involves the conventional request/response paradigm. In contrast sockets cater for the comet/long polling scenario where the line of communication stays open for several communication cycles. Also, the initial handshake to WS still occurs from HTTP, so in reality they are not mutually exclusive. I also thought the whole point of the WS protocol was to get rid of the cruft in the HTTP Headers as it becomes redundant and just adds to the payload size.
However, while agreeing that REST and WebSockets can and should co-exist, several commenters disagreed with the notion of a REST-over-WebSockets specification at all, with one adding:
if you consider REST in the Fielding sense, with a web of addressable objects (or resources), then that doesn't really work in a duplex comms format. You don't expect the resources to initiate the conversation. WebSockets will transform the web (if they take off), but not as a protocol for REST-style communications.
And another giving a more detailed point of view:
WebSockets are like a conversation between two people with ADD. It's full duplex, so both sides can talk at the same time, and both sides have to keep their listening caps on *while* they're talking. REST is stateless and synchronous, dealing only with request->response. You would have to expand the concept of REST to get the benefit of unprompted server->client communication. I could see there being a library that implements REST in WebSockets, but it would only be useful for applications that already have a RESTful API and want to get the benefit of reduced overhead that a single connection would afford without refactoring their code.
With WebSockets almost at the point of becoming a standard, as well as being supported and used in browsers, mobile and in the cloud, it is interesting to wonder how much of an impact they will have on developers who are currently using REST and HTTP, or do they address a different developer segment? Worse still, are we at risk as some believe, of "breaking the Web"?
With the advancement of HTML5 (canvas, local storage, web workers, ...) and CSS3, full blown applications can be run in the browser. Along with the always-on connectivity, we can build apps very similar to the ones that we used to build in a thick client/server world.
About WebSocket being low-level: agree with one comment: just like in the TCP world developers were not coding at the TCP frame level, but were using higher level business protocols; WebSocket was designed to be the transport layer as well. There are implementations of higher level business protocols, such as XMPP, JMS, AMQP, VNC (RFB) that you can use directly from your browser-based HTML5 apps.
Peter Moskovits - Kaazing Developer Evangelist
Does it work directly on TCP or on HTTP? The request headers seem to have HTTP in them if you refer wikipedia.
A WebSocket connection starts live out as an HTTP connection which goes through a protocol upgrade to a WebSocket. When the initial request is made it is made over HTTP with an additional header requesting the upgrade. A WebSocket capable server will respond with HTTP 101 - switching protocol response and a WebSocket handshake will take place. Once the WebSocket is established the HTTP protocol is no longer active and the WebSocket runs directly over the established TCP connection.
WebSocket & REST
Overtime it may be that, as developers get used to WebSockets, those REST services may be retired in favour of implementing the same or newer services over WebSockets using a messaging system that supports request/response, queueing and publish/subscribe.
Re: WebSocket & REST
I use the pattern of loading the initial (json) representation via a normal request and then pushing subsequent state changes over a websocket served from the same URL. All you need to implement this is a stack that enables you to mix both approaches from the same server. I use python/pyramid/eventlet and a small library on top of that called stargate: boothead.github.com/stargate/. I'm sure there are equivalents in most green thread based frameworks.
interesting when combined with cloud computing service end points
HTTP should have allowed two-way communication from the get-go
If HTTP had allowed two-way communication, life would have been much easier today.
WebSockets is just a way of negotiating a plain old two-way socket connection using HTTP and then HTTP moves out of the way.
I don't see how WebSockets have any relevance to REST (unless you have a mindset that anything over HTTP is automatically REST).
BTW the only decent two-way, SOA stack that I know works well is Windows Communication Foundation (WCF) with its 'Duplex' binding.
WebSocket vs. Comet
I detailed my perspective on this topic a few months ago on Comet Daily: cometdaily.com/2011/07/06/push-technology-comet...
That would revolutionize the way multi-modal services are implemented
Also, I think REST would evolve in different directions and not just fade out in favor of WebSockets. Some patterns of REST usage may become less attractive however other patterns may appear that become more appealing than ever. For example, I can already think in terms of a Transactional-REST whereby I can wrap REST calls in a transaction boundary - between beginTransaction/endTransaction. How about pushing distributed transactions real far - across webservices? Wouldn't it be nice to have T-REST that you can include within your regular distributed transaction scope? I don't think that's easily doable to-day.
Philosophically, the Web would acquire features that would enable it to become a first class Service rather than just a Resource. Exactly how that would affect technological evolution is beyond limits.
different definitions of 'the web'
I believe that any widespread success with websockets will be based on asynchronous, message-oriented application layer protocols layered on top of this (e.g. AMQP, XMPP, STOMP etc). Having every system roll their own protocol would be a retrograde step.
Though there are cases where it seems to me that an asynchronous message oriented approach provides a more natural fit, I think the REST style covers a wider range of applications and I hope people continue to employ it where applicable. I think it is one of the more impressive feats of concrete, detailed analysis of architectural decisions I have seen. I do think that message-oriented systems can achieve many of the same benefits (and some additional ones!), but as yet the accumulated knowledge has not been encapsulated so clearly.
Websockets, a disaster?
God! I shouldn't be commenting on this...
2. If WebSockets is a protocol, the question would then be if REST can be implemented using that protocol instead of the widely used HTTP, and what are the consequences.
3. About services on the web, there are more than one implementation out there. The ones thinking that they have REST web services (when they really have HTTP ones) may fear the uprising of WebSocket Web Services, which may be possible, but each have different implementation cons and pros and makes no sense to compare them but to decide for one of them.
WebSockets, publish/subscribe, and REST constraints
The 100% RESTful approach to this same problem is polling, possibly polling of a delta resource. The REST alternative would periodically (say, once every few seconds) or on demand (say, when the user moves the mouse) send a request to a resource that either captures the total set of dynamic state for the page, or the list of recent changes. This results in a delay of up to the time that the page waits to send this request, plus the time that it takes to fulfil the request before the update can be displayed. The poll rate is therefore carefully chosen to ensure that it provides an adequate level of responsiveness to the user while not hammering the server too hard with requests.
The Web sockets approach is likely to have the following properties:
1. The server is able to send information to the client so long as the TCP connection is not blocked, so update latency is reduced
2. The server may handle fewer requests, because some of these requests will transformed into updates across the WebSockets TCP connection
3. It is likely that heartbeats will still be required on the TCP connection to ensure from the server side that a dead connection is eventually cleaned up (this heartbeat can be relatively slow) and from the client side that the server is still actively sending updates - otherwise it will need to reset its connection. The client will need to send heartbeats at a rate that is similar to what would have been required in the HTTP polling case, although they could be up to an order of magnitude longer. For example, a 1s poll might only need a 10s heartbeat because while the 1s poll has to ensure low latency in the normal case the 10s heartbeat only needs to ensure acceptable latency in the unusual "my server has failed" case.
Web Sockets break REST constraints as follows, as compared to the polling or polling + delta encoding approach.
Stateless: Web sockets maintain a TCP connection between requests that will cause the application to malfunction if it were to go away. This means that servers using this design will use more memory than stateless servers. It also means that a single server going down can have more impact than it would have had in the stateless approach, although the client may be able to reestablish the connection and continue working in this case so long as sufficient heartbeat messages are exchanged.
Cache: Web sockets cannot benefit from cache, so can't share updates between different clients easily. However, pub/sub can be used to replace the Cache constraint as a data replication strategy. If done right it produces a stateful but otherwise simple model. pub/sub if done right using standard protocols can even be visible to intermediaries and allow them to participate in notification distribution networks.
Uniform Contract: The information sent across web sockets does not comply with uniform contract. Intermediaries do not know what is going on over those connections, and can't do anything to help or hinder that communication. Firewalls cannot make sense of the data to enforce policy decisions and intermediaries cannot be transparently inserted to help in the dissemination of information.
Layered System: Layered System is largely broken because proxies and gateways cannot be transparently inserted. Instead the web socket is going to request a direct connection to the server itself. Again this has potentially negative security and performance impacts.
* Pub/sub can be an effective solution where the latency tolerance of an application is very low (such as applications where the end to end latency tolerance is less than a second or two).
* Web sockets for pub/sub only really make sense in relatively low latency-tolerant applications with information that is relevant to only a few clients. As compared to browsers polling at a low rate the websockets solution is hungry on server resources, is unable to use intermediaries to transparently distribute information and introduces new failure modes.
Re: WebSockets, publish/subscribe, and REST constraints
o Delivering Security Over Native Full-duplex Web Connections - a free whitepaper from Kaazing's founder & CTO: blog.kaazing.com/2012/02/17/free-websocket-secu...
o HTML5 WebSocket Security is Strong - a generic WebSocket security overview: blog.kaazing.com/2012/02/28/html5-websocket-sec...
o Kaazing WebSocket Gateway Security is Strong - a security post on the Kaazing WebSocket Gateway: may be an interesting read, even if you don't use Kaazing: blog.kaazing.com/2012/02/29/kaazing-websocket-g...
JAMP (JSON messaging over WebSocket) Re: different definitions of 'the web'
Actually, quietly in the background, but after this post decided to make it more public and put up a github page, etc.
The primary goal of JAMP is to provide structure for a JSON-based messaging over a WebSockets connection. JAMP will support a next generation SOA/REST style communication.
Think of JAMP as SOAP on a strict diet and based on JSON and the interfaces of your programming languages instead of XML and WSDL+XML schema.
JSON Actor Message Protocol defines a bidirectional messaging protocol using JSON as a payload serialization format.
Messages are typed and addressed. Both unidirectional messages and bidirectional queries are supported. JAMP can be sent on messaging and framing protocols like WebSockets, HTTP (REST), AMQP, or STOMP.
JAMP is a very simple and easy to implement serialization protocol, coming from the JSON school of design.
JAMP is the logical next step in REST/SOA evolutionary architectures to fit WebSockets, STOMP and AMQP. It augments STOMP and AMQP by adding a common serialization that is easily available and marshalable to many different languages. It aguments REST by giving you many more verbs, and a async messaging architecture to build your services on top of.
It should be possible for a seasoned developers to write their own JAMP bindings for their programming language of choice in a couple of days or even less if they use an existing JSON parser.
Some links of note:
JAMP Visual Tutorial.
Language binding and routing
IETF JAMP Draft
It is not restful
Is Websockets just a way to workaround a firewall?
Uwe Zdun, Rafael Capilla, Huy Tran, Olaf Zimmermann Mar 09, 2014
Olav Maassen, Liz Keogh & Chris Matts Mar 08, 2014