Forum OpenACS Development: Re: SOA? - Generic XML-RPC Bridge to Database API

Collapse
Posted by Torben Brosten on
Hi Frank,

I've been considering a general wsrp service also.

As I see it,

1. the service should use openacs authenticate and permissions (via http/https) before executing a call and/or screen based on ip and a hash, etc etc.

2. the call should be to a tcl API instead of db_* so that values can be easily customized to meet requirements that would complicate db_*, for example to allow general audit features to work (since ecommerce packages use them and this is wsrp).

3. there would be a table mapping "allowed" calls to specific protocol access and openacs tcl api (all other requests are refused and optionally logged).

4. there would be different urls within the package for different protocols, for example: soap, xml, cgi, and other third party standards (such as legacy ones). I think this approach would largely prevent the splintering of services into innumerable packages, as is possible with OpenACS on the client side, at least when using payment-gateway which requires another package for handling each protocol (currently either ezic-gateway or authorize-gateway only).

5. the package would be.. package aware so it could be mounted any number of times in any number of places and provide different services to each.

I'm also open to suggestions..