Thursday, February 09, 2006

Remoting Technique in Personalized 2.0 Services

While I am wanting to connect to all services around the world, remoting from web browser is really needed. XMLHttpRequest, which is said to be a key element of Ajax, enables the browser to retrieve data asynchronously from server-side services. Due to this function, we can assume a web browser like a web service client. But by following reasons I don't like so much to use this.

The most disappointing thing about XMLHttpRequest is - it cannot reach services provided from other domains. This restriction might be come from some security or privacy concern. To avoid this restriction, a technique is often used, Cross Domain Proxy. However, the necessity of the server to be located in the same domain and proxy browser's all request prevents from scaling.

By the way, XMLHttpRequest is not the only one to get asynchronous data. There is another way for browser to retrieve service information dynamically - it is called On-demand Javascript and JSON combination.

JSON is a data format and can be directly parsed by Javascript engine. This is done by calling eval() function of Javascript. For some security reason eval function is not so recommended for the remotely retrieved data, but if the remote service itself is trusted eval() function is very useful.

However, in On-demand Javascript pattern, we don't use eval() function. There are several way to evaluate JSON data - JSON feed is one of the way to include remotely provided JSON object. The most useful way to do this is , I think, the idea called jsonp - (JSON padding). This is something like a protocol between JavaScript client and JSON server - giving callback function name inside of url parameter, and returning the Javascript callback function and JSON data as a function's argument. This idea is also seen in Yahoo Web Services with JSON output, and it works well.

One really good thing of On-demand Javascript and JSON, compared with XMLHttpRequest and Cross Domain Proxy, is that they don't have the complexity in authenticating user. Almost all web applications now maintain user's session by cookies, and they are automatically sent while requesting url. Because On-demand Javascript loading request is totally same as usual browser request, a JSON server can specify the requesting user by the cookies previously given.

On the other hand, Cross Domain Proxy can request remote resources, but the actual requester is local server, not browser, so no cookies available. Because authentication is always needed to access control or personalize service information, the local server has to keep the end user's credential for the remote service.

For these reasons, I adopt On-demand Javascript and JSON call for remoting technique. It can be regareded as one of the user centric approach. Anyway my true interest is to share personalized or individual data (that is, identity-aware data) from anywhere in the world. Next post is going to be about that.

Technorati tags: , , , ,

No comments: