Informally, “Web 2.0” is a group of programming practices for building rich, collaborative, mashed-up Web applications. A Web browser hosts an interactive client that communicates REST-fully using the JSON data format. IBM WebSphere DataPower SOA Appliances bridge Web 2.0 to more formal enterprise standards like WS-* or to legacy data. This allows businesses to engage in emerging spaces like social networking, cloud computing, and Software as a Service (SaaS).

Interactive Customer Engagement over the WebModern Web applications are evolving from static pages and forms into interactions that rival native desktop programs like email clients, street mapping software, and customer relationship management systems. Customers and partners across all industries demand the same level of interactivity and data access for their information as well. Unfortunately, critical business data are often locked away in difficult to modify applications or formats.

Integrated, Real-Time Data SourcesBy deploying the IBM WebSphere DataPower Integration Appliance XI50 or XML Security Gateway XS40, enterprises can quickly unleash real-time data for consumption by dynamic Web applications. The XI50 additionally has the ability to connect to legacy data and to handle non-XML formats. As the XI50 and XS40 are simplified appliances, little modification to the underlying hosting application is needed.

Secure, Authorized Access to Private and Public Services As service oriented architectures (SOA) evolve to include public as well as private endpoints, these “cloud” architectures have a natural fit with DataPower. The XI50 and XS40 can both be a proxy to or a consumer of service endpoints, isolating them from attacks or unnecessary processing. With a full complement of data formats and protocols, including JSON and REST, the DataPower appliances can

1) Authenticate, Authorize, and Audit inbound or outbound traffic. 2) Proxy between clients and servers providing isolation, filtering and

cryptographic & XML offloading.3) Help Protect against novel threats like XML attacks, HTTP

vulnerabilities, or distributed denials of service.4) Mediate and Bridge between protocols, data formats, or even security

tokens (within cryptographically circumscribed boundaries). Bridging between SOAP/XML and REST/JSON is a particularly interesting use case as this means that these parallel architectural styles can be brought together efficiently.

Purpose-Built Appliance for Reliability & PerformanceThe family of DataPower products are carefully designed and implemented for simplified operation and high performance. The appliances are built with redundant, hot-swappable power supplies and fans for reliability. For mission-critical high-availability appliances can be grouped in clusters. With no extraneous access ports and a tamper-evident design, DataPower appliances are also intended for uses in a network DMZ. Additionally an option for FIPS 140-2 certification is available for enhanced cryptographic key protection.

Secure, Bridge, & Enrich Web 2.0 Patterns

Learn how the XI50 and XS40 can help you open markets that rely on emerging Web 2.0 technologies.

WebSphere® DataPower® SOA AppliancesJSON and REST Services Application Note

Standards-Based InteroperabilityThe DataPower family is designed to integrate with existing XML, JSON and Web Services infrastructure through WSDL, UDDI, SOAP SNMP, REST, WS-MQ and other standards. Also supported are the following security standards: WS-Security, WS-Security Policy, WS-Policy, SSL, TLS, SAML, Kerberos, XML-Enc, XML-Dsig, X.509 certificates (DER, PEM, PKCS #8, #12), CRL’s, OCSP, LDAP, CSR, PKCS #7 S/MIME, and others.

WebSphere DataPower AdvantageBuilding successful SOA solutions requires an in-depth knowledge of how real customers make use of Web Services and SOA to achieve their business goals. DataPower is a component of the broad WebSphere Smart SOA portfolio. DataPower customers span diverse fields including finance, insurance, telecom, federal and state government, energy, publishing. DataPower is field-proven to deliver an all-in-one security, management, and performance SOA solution.

���®

Ease of UseDataPower’s WebGUI and interoperability with WebSphere Registry and Repository make it easy to implement sophisticated management and security policies without custom code.

JSON and REST Details

Additional Functions

The XML Security Gateway XS40 and the Integration Appliance XI50 also perform other essential management & security functions, including

• XML Firewall• Encryption & Signature• Fine-Grained Access Control• Routing • FIPS 140-2 key protection• Service Virtualization• Service Level Management• Policy Enforcement

Third-party trademarks are the property of their respective owners.

IBM, the IBM logo, ibm.com, Smart SOA, WebSphere, and DataPower are registered trademarks of international Business Machines Corporation, in the United

States, other countries, or both.

© 2009 IBM Corporation Template 1.0 JSON REST Services Rev. 1.1.3 2009-10All Rights Reserved

���IBM Corporation, Software Group, Route 100, Somers, NY 10589 U.S.A.

www.ibm.com

For more examples and information contact your IBM WebSphere representative or IBM Business Partner.

Or visit www-01.ibm.com/software/integration/datapower/index.html

Summary and Product Information • JSON and REST support in WebSphere DataPower appliances (firmware v3.8.0 or higher) can make reaching Web 2.0 driven markets simpler, easier, and more cost effective while minimizing risk, complexity, and business latency.• The most popular WebSphere DataPower Integration Appliance XI50 is designated by Machine Type / Model (MTM) 9235-4BX; The most popular DataPower XML Security Gateway XS40 model is designated by MTM 9235-3BX. Other models sport HSMs, XG4, and/or non-spinning extra flash memory. The XB60 and XM70 also support JSON and REST.•Please see http://www-01.ibm.com/common/ssi/rep_ca/1/897/ENUS109-581/ENUS109-581.PDF (IBM Announcement 109-581) for more US details. Non-US countries, please refer to your country-specific announcement. Thank you.

An Example: JSON and REST bridging to SOAP 1. A typical, modern JSON Web application on a browser updates a payment status of a user’s account, for example. This request arrives at the IBM WebSphere DataPower Integration Appliance XI50 over a REST-style invocation using the HTTP verb “PUT”.2. Using inbound HTTP verb processing (outbound is also supported), and URI manipulation, the XI50 handles the request appropriately as a an update.3. Applying the XI50’s HTTP Convert action while specifying JSON as the default input encoding automatically invokes the conversion to XML (JSONx). A standard transform action can form the new request into the shape expected by the App Server hosting a SOAP Web Service.4. The SOAP Web Service responds with a SOAP document, which conversely is transformed into JSONx on the XI50 and automatically back into JSON. The SOAP Web Service is none the wiser that the original request started as a REST-borne JSON message.5. The JSON is returned to the browser which is happily unaware that its service request was fulfilled by a SOAP Web Service.

JavaScript Object Notation (JSON) JSON is a general data interchange format. It is minimal, textual, and a subset of JavaScript. JSON is often used by Web browser clients instead of XML because it can be processed directly inside a browser’s scripting language.

DataPower can parse and process JSON payloads, turning them into JSONx (JSON modeled in XML). Using DataPower's built-in JSONx processing and schema, it is possible to have a processing policy that converts existing XML to JSONx, then have it automatically converted to valid JSON. With JSONx, these new applications benefit from the full power, security, and ease of the DataPower appliance.

REpresentational State Transfer (REST)REST is a web programming architectural style that expresses the HTTP standard (RFC2616) as a set of best practices. It is the realization of HTTP-as-application-protocol that facilitates high performance (horizontal scaling, caching, offloading) distributed computing. While it lacks standardization around the most stringent security and reliability capabilities, it is a valuable and solid underpinning of many Web-based application programming interfaces (APIs) and in dynamic Web interfaces.

Customer at browser

App Server hosting SOAP Web Service

JSON data

{Name:John}

JSONx data SOAP data

IntegrationAppliance XI50

<Name> John

<Name/>

<Status> paid

<Status/>

<Body> .. John

<Body/>

<Body> ..paid

<Body/>

REST HTTP verb ‘PUT’

{Status:paid}

SOAP Action‘Update’

1

2 3

45