In the realm of operating systems, perhaps the most storied OS is the Unix family. Originally developed by Bell Labs in the 1970s, Unix became the foundation upon which the Internet was built. As a result, the Internet was designed with standards and technologies that behaved in a Unix-like fashion. This usually meant communication protocols that sent strings of text through network nodes, which were received by open sockets and parsed to extract data and commands. While Unix proved to be a robust platform for development, it also presented some security challenges and proved to be susceptible to error.
Today, engineers have developed safer, more elegant protocols for information transmission including REST APIs and the JSON data format standard. These were predominantly developed and implemented by the Internet Engineering Task Force (IETF), an OpenStand Affirming Partner. Today, REST and JSON are being applied to existing Internet standards to improve those standards, to improve performance and security as we move into an Internet of Things (IoT) era. According to tech blogger Larry Seltzer, “The oldest REST standard appears to be RFC 6690: Constrained RESTful Environments (CoRE) Link Format, dated August 2012. It defines the response format from the server for resource enumeration but, somewhat oddly, does not use JSON for that format. RFC 7252: The Constrained Application Protocol (CoAP) from June 2014 is related to RFC 6690. Both are aimed at embedded applications once referred to as mobile to mobile, but now known far and wide as the Internet of Things.”
According to Selzer, the advantages of using REST APIs and JSON are obvious, “Code to use the standards would conform to the conventions increasingly used by Internet programmers. It would look like just another API call, as opposed to the cornucopia of kludges one finds in Internet standards. Finally, structuring data in JSON facilitates bounds checking and other security best practices.” He goes further to assert that in the future we will see REST APIs and JSON being used to update many other Internet standards.
Selzer points to the “Whois” standard for database queries as one standard in desperate need for a security overall. Whois was standardized in the early days of the ARPANET as a way of identifying domains, people, and other resources on a network. Utilizing the Whois function is easy: simply open a socket to port 43 on the domain’s Whois server (note: you can also get this by doing a similar Whois query to whois.iana.org for the top-level domain of the domain you’re looking for), then send the domain name to the socket, followed by \r\n (carriage return and line feed). What you get back is a long and basically unstructured string from which you can piece together the data you are searching for.
The ‘heir apparent’ to the Whois standard is called Registration Data Access Protocol (RDAP), which has been defined in a collection of RFCs (Request For Comment) issued by IETF. The following RFCs comprise the definition of RDAP:
- Networks by IP address
- Autonomous system numbers by number
- Reverse DNS metadata by domain
- Nameservers by name
- Registrars by name
- Entities (such as contacts) by identifier
- Servers are not required to support all of these functions.
Instead of a strong of data, JSON Queries return would JSON, such as this example:
“events” : [
“eventAction” : “registration”,
“eventActor” : “SOMEID-LUNARNIC”,
“eventDate” : “1990-12-31T23:59:59Z”
“eventAction” : “last changed”,
“eventActor” : “OTHERID-LUNARNIC”,
“eventDate” : “1991-12-31T23:59:59Z”
The transition from conventional Whois protocol to RDAP may result in resistance from more traditional, old-school developers who merely prefer the “old way” of doing things. However, the development of REST and JSON versions of Internet standards remains an exciting ongoing opportunity to update and improve existing Internet protocols to improve performance and security.
There are ways that you can help support OpenStandards across all technologies. Share about OpenStand to your friends and on your social networks.