what is the difference between Restful web services and WSDL?

Question

Possible Duplicate:
WSDL vs REST Pros and Cons

can any one explain what is the difference between Restful web services and WSDL(Web Service and Description Language). And which one is more secure and how?

Thanks

Answer 1

WSDL is used to describe SOAP services. You're really asking for a comparison of SOAP and REST.

There is no inherent security difference between SOAP and RESTful services. Most likely any security issues will be with your specific implementation of them.

SOAP is more like RPC - it focuses on calling commands on a remote server. REST is resource oriented - you interact with the server by adding, retrieving, updating and deleting resources on the remote server, which corresponds to actions.

eg. With SOAP service you might call an updateAccount(account_id, details) method to save changes, but with a REST service you might PUT information to /account/<account_id>.

In Java, JAX-RS is a good place to start with RESTful services.

Answer 2

WSDL "Web Services Descriptor Language" is the standard for defining the content and behavior of SOAP based web services. It is part of a collection of WS* standards that define "Web Services". These standards cover discovery, transport, message format, authentication, non-repudation etc. etc.. These are formal standards managed by W3C.

REST is a style of network programming where every request is made in the form of a valid URL to identify the "key" of the object in combination with an http GET, PUT, POST, or DELETE action to identify what you want to do to it.

REST is a style rather than a standard messages can be in XML, JSON or any format you choose.

My opinion is that REST is great for doing simple things simply. SOAP etc. is great for complex "enterprise" level interactions with sophisticated security and workflow requirements, but, its overkill for simpler services.

As for security REST does not help you. But using standard web security (sessions, cookies, SSL etc. ) you can secure a RESTful service pretty well.

SOAP has built in bulletproof security but its configuration heavy requiring LDAP servers and managing public/private key pairs. Unless you really need it its best left alone.