Moved from etherpad, so that we can flesh out session topics for the SOA track.
## SOA infrastructure: Content / storage API
- layering: vs. stateless services
- Public versus private APIs
- Pub/sub event bus
- Required attendees: (same as SOA)
## Common required design goals/aspects for stateless services
- Demand management, "back pressure"
- Operational / practical: monitoring, deployment
- 3rd party users / distribution / scaling down
- Required attendees: Gabriel Wicke, Services team, Faidon Liambotis, Sean, Chris Steipp
## Content representation / UI / skins
Really in the 'editing' track. TODO: Figure out if other front-end stuff / caching fits in there.
- move to HTML primary storage / wikitext editing?
- Front-ends built on top of APIs
- Fast logged-in views: ESI vs. client-side customizations & no-JS fall-back
## SOA proliferation through specification
- specification-driven service design
- specification-driven documentation
- Swagger UI sandboxes make services easy to grok
- low client-side development/consumption impedance
- promotes the creation of numerous and innovative (client) applications
- breakout/workshop: quick client generation with swagger-codegen?
## The road to multi-DC operation
- issues: replication consistency, caches
- possible solutions
- how this affects our software architecture
## Looking ahead: Virtualization, CI and continuous deployment
- want to share hardware between services while improving isolation for perf and security
- moving towards virtualization both in production and CI
- what does this mean for our deployment strategy / tools?
- [dark deploys](https://www.facebook.com/note.php?note_id=96390263919) with deployment orchestration integrating with monitoring?
- do HET deploy with different VMs?
- role of betalabs vs. dark deploys
## Scaling down for third-party users
- define minimum resources for a basic MediaWiki install (strawman ex: [$2.99 / month VM with 1G of RAM](http://www.ovh.com/us/vps/vps-classic.xml)?)
- simple & small implementations of common services for testing and small installs
- setup automation / packaging for VMs
## Platform choices for new services
- SOA gives us freedom to choose (and change) technology per service / task
- don't want to go overboard though, as each additional technology has a cost
- current main development platforms: PHP, client-side JS & Node.js, some Java
- trends: industry and WMF
- new candidates: Hack, Go, Rust
- relative strengths for our use cases
- successful outcome:
- shared understanding of relative strengths and trends
- possibly guidance on what to choose in which area
- awareness of new options
## Security in a distributed environment
- advantages of isolation between services vs. challenges of multitude of entry points
- ideas on how to address this: [SOA auth RFC](https://www.mediawiki.org/wiki/Requests_for_comment/Service-oriented_architecture_authentication)
See also: T85154