Codemash 2016 Notes: Data Synchronization Patterns

Data Synchronization Patterns

Presenter Eric Maxwell

Good walk through of how to select an appropriate data transfer protocol for data services.  Focused mostly on rest and security.

  • Data transfer protocol
    • depends on environment
      • do you need service discovery, delivery requirement ? (soap)
      • do you need transaction management?  (soap)
      • How much does bandwidth cost you? (rest)
      • are your clients and servers speaking same language? (soap if so)
  • Focusing on rest
    • always use compression can get 80% gain
    • different way to turn on for each platform
    • Sync Tokens are bookmarks for new fetches
      • token is just a string
      • server doesn’t keep state regarding who got a token but knows a certain token maps to a time
  • Security
    • Privacy
    • Integrity and Trust
    • Always use https
      • Mutual ssl
        • when server wants to know talking to a valid client
          • client sends it’s public  key server decides if it likes it
          • we actually do this, we put a client cert on mobile device and use that to establish client is legtimate
    • Authentication
      • basic auth
        • credentials in header needs ssl
      • certificate based
    • Authorization
    • OAUTH 2.0
      • Authorization Server
      • Identification Service
      • Resource Owner
      • Client
      • Server with Resourcce
      • Process
        • client registers with authorization server get clientid and shared secret
        • resource owner makes request on client to get access to resource
        • client authenticates user
        • client sends user to authorization server to get permission gets access token
        • access token and clientid and shared secret needed for client to then get resource

Leave a Reply

Your email address will not be published. Required fields are marked *