Just to get it out of the way: BLOCKCHAIN ! ! !.

Even dough I recently do not work with blockchain, I still believe in the technology. I do not believe in the currencies, they are mostly fraught. That still does not change anything on the value of blockchain.

So far, I worked with three big blockchain systems. Hyperledger Fabric, Hyperledger Sawtooth and BigchainDB. They all have in common the different focus of use case. They try to make business and organizations work more effective together.

Working with these systems, I learned log about the architectures of blockchain and business applications. In Fabric there is a great separation of responsibilities for the different components. These components (endorser/orderer/ledger) can each execute one part of the infrastructure and make sure to process lots of transactions. As a storage Fabric can use various database management systems.

Sawtooth is storing data in a local merkle tree. I believe you are not able to store as much data in the sawtooth store as you can do in Fabric or bigchainDB. There is an other feature that surprised be a lot. They have the ability to let the users generate their rsa-key-pair in the browser. Also the user can create and sign transactions in browser so that the sever never need to see the private key. As I had analysed, it would be possible to implement that feature as well for fabric. but it would require a major rewrite of the SDK.

On the technical part it is nice and good, still I see there is space for a system, that is able to cover many use cases that other blockchain architectures do not have in mind. I see that todays blockchain systems do not have the sovereignty of organizations of companies in mind. Sure, it would be a dream if companies would share data more openly. Still I do not believe that companies and government organizations would ever be able (and for sure not willing) to open all data goes into the decision for the execution of transactions. I believe organizations and individuals have to be able to do independent decisions if they accept certain transactions or not(during the endorsement process).

A second huge feature I see missing is what I call fragmentation. I believe to participate on a blockchain it should not be required to download and verify each and every transaction. I have my wallet, My car or my house or my stock portfolio, I don’t care about the wallet of my neighbor, I don’t care about the fishing licence of Joe Public in Bavaria and for sure i don`t care about the beer bottle with the id ‘a83aebd7-8a6c-46cc-83c8-8b99bba195d5’ was warm when it was served in London. Still I want to be sure, that when someone makes a decision to stand by it (within reasonable limits).

And third, setting up a blockchain system has to be reasonable easy to manage. Almost like the famous 5-minutes installation of a wordpress website. As long as setting up blockchain systems requires large teams of developers, and expert knowledge in economy, politics and computer science, I do not believe that blockchain has a real chance for a wide adoption.

You know, based on that assumption, I believe it would be possible to combine the advantages of all systems and create a blockchain architecture, that consist of distributed components for great scalability, allow user determined management of their crypto materials, support lots of transactions on a single channel, store huge amounts of data in a ledger database, verify a transaction against a blockchain without downloading and storing all data ever.

how can that be done? look at the next post.

Talking about some technology is difficult. You are passionate about some technology, just some technique, some idea how you want to structure your code, a lib or anything that you learned to know and think that could be useful for your projects. You like that, what ever it is. You think that might be changing your work. Then of course you want tell someone about that. But they don’t get the point.

That might have different reasons.

lack of interest
lack of understanding
is currently passionate about something else

Pretending to understand and talk about very general/low level stuff

Pretending he had a similar solution by doing something different and telling you about his interesting stuff, that you don’t care

Pretending to be interested, knowing they can never catch up in a reasonable time to understand

you find someone who understand it, who is giving you further good thoughts, but they are so busy doing other stuff.

Find someone else, find someone who got the point and is willing to use it in a project with you.

XML is loosing traction, it seems that every new API uses JSON or alike. But still there are big data sets only available in XML. As I already had a great XML-parser, that is extremely fast, has a clean API and provides an AST/DOM, I had to fill the last important feature missing for that parser. Until now it was only possible to parse about 10-40 Megabyte strings.

I thought long and I started a few times implementing a parser that is still very fast and has all the features and on top of that is able to parse though large files. Such as a Wikipedia-dump or the openStreetMap-world file. But now about at the fifed try, I found a solution to handle streams. I solved it by taking assumptions about the shape of large xml-files. Large XML files usually consist of a root element, containing a long list of items. The new parser is going to provide items one by one. It uses a nodejs-Streams. That makes it possible to use a stream reader for compressed files and use the plane-data stream for the xml-parser.

Each item provided from the xml is an ast on its own and can easily be simplified by the framework. That makes working with xml-files not just much faster then ever before in JS it is also much more convenient. Developer have an API they are probable already familiar with.

If I would be you and have to work with XML data, I would definitely use tXml!!! If you can really choose, choose JSON.

Currently I am an intensive user of visual studio code. It is an editor, developed by microsoft, that is extendable with many plugins. My favorit feature is the typescript integreation and its intelisence.

Recently it supports type recognition based on JSdoc comments. reason enough to look deeper into JSdoc. And I found it awefull to defined types. That is so much to type and by that error prone. Below you find a tool, that let you generate some JSdoc comment, from a JSON object. That is usefull for database or API responses.

Restful is a pattern to provide an API to manage resources on a server, providing a uniform deal to create, access and change data. In a previous post I have shown the json-sever. With that server, I made several tests and even extended its API. The json-server takes a JSON-file and provide an access through a auto-generated API.

But I never made a complete app using that server, until recently. Because every time I meet some issues that would require a lot of coding that I was not willing to spend for small side projects. But I could not get RESTapis out of my mind, so I studied studied some resources to answer all questions that are open. In this small series of posts I want to talk about some.

The first is this one, about Authentication, it is the one you are currently reading. The next will be about actual designs, means about how parameter and responses should look. It will also provide good resources with good API-definitions and actual implementations. After that, I will actually take a look of implementing a restAPI in nodejs and auto generated APIs, with additional feature: how objects will be validated, security guarantied and business rules applied.

Authentication

Often I had the question, how should I do authentication and how does resources look, that are related to the current user. Messages to me, messages from me, my photos, my results, orders, what ever. On top of that, I was asking myself how should a restful API actually look like. The JSON-Server is so simple that it is instantly fun to play with it. But quickly I reached several points, that throw questions that need to be answered but for the small side projects they are to big.

Login

First was the authentication, is making a session actually restful? My answer to that is actually yes. Many people come to different opinions, but it is not to important. The important thing is that you know how to do authentication. Typically I had some auth-module that has provided an RPC method for login and an other to get information about the current session.

For my first complete restful app, I actually provided a kind of a virtual resource. Many frameworks would name that a Controller or API-Handler. The Controller that I made received login information through a POST-request and provided the current session information to the GET and the DELETE for logout.

token + signatures

When the API is not meant to be called by a browser, working with sessions is not comfortable and when using web-APIs I never saw that. So the authentication is send on every request. Depending on the importance of that API, there was just a token. So the provider can monitor my request and limit the results and number of requests. Sometimes it is fine to just use https for encryption. But because many http implementations do not validate the certificates APIs require to add a signature to a request.

implementation

Using nodejs with express, both types of authentication can be ensured using middleware that is running before the middleware for the actual API is executed. No matter if you are using sails.js, JSON-server or an other rest-API providing framework, you can use standard middleware such as express-session, curf or express-body-parser. With your applications specific authentication middleware you only need to invest once and the authentication will be solved.