On Thu, 28 Aug 2003, David Forslund wrote: ... > >An example may help: > >Let's say if we call "http://calculator.tools.org/add?a=2&b=3"; and get > >5 as the returned value, then this is a "callable_from_URL" adding > >machine. > > We do this all the time, but it is simply passing arguments into an > existing "application" or piece of code. This can be done in most any > language. JSP does this, so do servlets. I don't see anything here that > has anything to do with Zope or Java.
Dave, You are righ, it does not matter how the application is implemented. The "callable_from_URL" interface gives convenient access to the application independent of implementation details. My point was that this _feature_ increases usability and facilitates interoperability. ... > >We do this all the time. I write a bunch of python routines and call them > >by their respective URL. (This is what Zope is, basically.) > > Just what is done in Java/JSP. You aren't executing arbitrary python > only the code you have set up to be called by the URL. True, but since I can bundle any collection of arbitrary python (or non-Python) code, a "callable_by_URL" application can execute any arbitrary python and non-Python code. ... > What I've seen on some applications is for a client to pass in arbitrary > SQL code to the server which is then executed. This is what is > undesirable. It is not what you are doing, thus my "dangerous" > statement doesn't apply. I see what you mean by "calling arbitray code". At some level, any parameter being passed into any application can cause un-intended effects. Applications (inclusive of all code to the bare CPU) must deal with the uncertainties associated with "programmability". ... > >Robustness requires many more considerations than interface. Staying with > >our discussion about application interface, an URL-callable interface has > >important usability advantages. > > But has poor security management. Could you support this assertion with more information, references, or examples? How does calling an application via URL imply more difficulty performing security management? > What I'm referring to is availability of a service when needed, not the > quality of the interface. Why would it be harder to ensure availability of a "URL_callable" application? "URL_callable" is just an application interface (ok, it implies transport via http too). There is huge market pressure to provide highly available "URL_callable" applications. Perhaps these R+D efforts can mitigate much of the availability issues. > If I want to have a system that works when I want it, I may need to have > all the services near by. Even if we are using CORBA, having all services nearby increases likelihood of availability. The bottom line is that http may provide sufficient availability (in conjunction with lots of redundant hardware and bandwidth). From the point of view of hardware/networking cost, "URL_callable" may be inferior to CORBA and Java messaging, for example. However, the superior usability of "URL_callable" (not to mention the installed base) has been winning developers and projects. ... > >Has a nice tutorial too: > > http://zopexmlmethods.sourceforge.net/ > > Very good. But I don't see how this whole approach is any easier to use than > in any other language. How would you apply a XSLT to an XML document in JSP? Let's compare the same example application written in Zope vs. JSP. ... > It would be nice if I could simple plug in some Java applications into > Zope. I know that it is possible to plug Perl and PHP into Zope. I have not heard about plugging Java into Zope but anything is possible. ... > is python, but having jython talk to python at the language level > doesn't seem to be happening. Am I mistaken? Beats me, I don't know anything about how JPython talks to Python. > It appears that is quite trivial to execute python code from Java, but very > difficult > to go the other way unless I'm running something like jython. Can I run Zope > with jython? Then I could lnk all of these capabilities together. ... Here are some probable reasons why what you are proposing has not happened yet: http://mail.zope.org/pipermail/zope-dev/2000-March/004000.html http://mail.python.org/pipermail/python-list/2000-January/019936.html In summary, URL_callable interface for applications is "language" independent and worthwhile considering since we all have our own favorite programming languages and computing platforms. Instead of waiting for "common language runtime (CLR)", I think the URL_callable interface already provides most of the benefits. Best regards, Andrew --- Andrew P. Ho, M.D. OIO: Open Infrastructure for Outcomes www.TxOutcome.Org
