Data Synchronization Patterns
Presenter Eric Maxwell
Good walk through of how to select an appropriate data transfer protocol for data services. Focused mostly on rest and security.
- Data transfer protocol
- depends on environment
- do you need service discovery, delivery requirement ? (soap)
- do you need transaction management? (soap)
- How much does bandwidth cost you? (rest)
- are your clients and servers speaking same language? (soap if so)
- depends on environment
- Focusing on rest
- always use compression can get 80% gain
- different way to turn on for each platform
- Sync Tokens are bookmarks for new fetches
- token is just a string
- server doesn’t keep state regarding who got a token but knows a certain token maps to a time
- Security
- Privacy
- Integrity and Trust
- Always use https
- Mutual ssl
- when server wants to know talking to a valid client
- client sends it’s public key server decides if it likes it
- we actually do this, we put a client cert on mobile device and use that to establish client is legtimate
- when server wants to know talking to a valid client
- Mutual ssl
- Authentication
- basic auth
- credentials in header needs ssl
- certificate based
- basic auth
- Authorization
- OAUTH 2.0
- Authorization Server
- Identification Service
- Resource Owner
- Client
- Server with Resourcce
- Process
- client registers with authorization server get clientid and shared secret
- resource owner makes request on client to get access to resource
- client authenticates user
- client sends user to authorization server to get permission gets access token
- access token and clientid and shared secret needed for client to then get resource