• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!


RESTful WebFlow

Page history last edited by nathandw 14 years, 7 months ago

WebFlow (WIP)

What is WebFlow?

WebFlow is a more structured form of the "programmable web". WebFlow is the culmination of WebHooks, WebScripts and WebServices. WebFlow can be described as workflow for the web. Consider the following WebFlow example:

1. My bill is received from my cable company (WebHook)

2. The current price of NetFlix is checked (WebScript consuming a WebService)

3. The balance of my checking account is checked (WebScript consuming WebService)
3. A text message is sent to my cell phone (WebScript consuming WebService). The message contains my cable balance, my account balance and a reminder to join NetFlix! The text message also asks me if I want to pay my cable bill. Begrudgingly I text back "Yes", I can't miss "Dexter".
4. Approval is recieved (WebHook).
5. Payment is posted to a payment gateway (WebScript consuming WebService)
6. Payment confirmation is received (WebHook)
7. A text message is sent letting my know my payment was processed. (WebScript consuming WebService)
8. The payment is added to my pending payments list in Quicken (WebScript consuming WebService)
9. An extra $10 bucks is transfered to my entertainment budget for being such a savvy guy (WebScript consuming WebService).

You may be thinking that you already have some of these services, you get text messages from you cell phone company when payment is due, you may even be able to text them back and approve payment. But that's about it, you don't truly have control. If you wanted to send yourself an email or IM or launch a WMD at your cable company you can't. The problem is that most of these service know nothing about each other, which is expected, could you imagine my cable bill if they spent the time to integrate with every possible service on the web. So instead my cable company, and all the other services I use, can publish notifications using WebHooks, I can then write simple WebScripts that use the information from a WebHook to call WebServices for other services such as my bank or payment gateway. In this way I can connect all of these services into a WebFlow.




Now that I have this awsome new WebFlow I may want to share it. The problem is I may have hard coded private information such as my bank account number and password directly into the WebScripts that compose my WebFlow. If I were to publish this WebFlow anyone viewing it would have my bank account info. Not Good! Ok, so I guess I need to rework the code so that it pulls this information from... Hmmm... Where do I store that? Further more, what if I were to grab a WebFlow that a Bad Guy had created and it sends my bank info to his email address. All the sudden WebFlow is a scary proposition. In order for WebFlow to gain wide spread use there must be built in mechanisms to handle these issues.  


The solution to these problem is a WebProfile. My WebProfile is a place where I can store passwords and other private information. When I pass a WebFlow to a friend I keep my profile so none of my private information is passed along with the WebFlow. My friend then attaches her profile to the WebFlow and is able to use it. My WebProfile protects me from myself and Bad Guys; what happens if I accidentally tweet my bank account number and password? My WebProfile encrypts all my private data so when I access that data from a WebScript I get encrypted versions so even if I do post it to Twitter all anyone will see is a jumble of characters. I can login to my WebProfile and edit my information but when accessed from WebScripts it is always encrypted. So how do I login to my bank if my username and password are encrypted? I login to my WebProfile and add my bank as a trusted service. When I pass my username and password to my bank it uses a key that I provided it to decrypt my credentials. When my bank responds it will encrypt private data such as my account number using my key, so once again my private data is encrypted. When I pass this data to a payment gateway that I have approved it can decrypt my account info and process a payment. I am not a security guru but I believe there are Federated technologies like OpenID that are designed to manage these kinds of interactions. The WebFlow spec needs to identify how existing or new technologies can be utilized to enable this scenario. 


Comments (2)

nathandw said

at 3:15 pm on Oct 9, 2009

Concepts like Federation (OpenId) come to mind. Could SSL be used to lock all messages going in and out of a WebScript? For example, if I communicate with my bank I must do so from within a secure WebScript session. All messages in secure sessions are encrypted and message recipients must request a decryption key from the data source. So my cable company must request a decryption key from my bank in order to read the message. If we use this sort of encryption how can I view a message on my phone?

Daniel Parker said

at 3:36 pm on Oct 9, 2009

Nathan, I would move your example up to the top. I had a hard time understanding your terminology and ideas until after I read the example.

You don't have permission to comment on this page.