Moved from etherpad, so that we can flesh out session topics for the SOA track.
## Service-oriented architecture
- Short intro & view back
- Layering: Stateful vs. stateless services
- special challenges at the state layer: avoid SPOFs, replication and consistency, scaling
- High-level functional groups / service candidates
- SOA support infrastructure
- RESTBase: storage, content API and service orchestration
- Auth service
- PHP API
- public vs. private APIs
## Common design goals and issues
- Demand management, "back pressure"
- Operational / practical: monitoring, deployment
- 3rd party users / distribution / scaling down
- Required attendees: Gabriel Wicke, Services team, Faidon Liambotis, Sean, Chris Steipp
## SOA proliferation through specification
- specification-driven service design
- specification-driven documentation
- Swagger UI sandboxes make services easy to grok
- low client-side development/consumption impedance
- promotes the creation of numerous and innovative (client) applications
- breakout/workshop: quick client generation with swagger-codegen?
## The road to multi-DC operation
- issues: replication consistency, caches
- possible solutions
- how this affects our software architecture
## Looking ahead: Virtualization, CI and continuous deployment
- want to share hardware between services while improving isolation for perf and security
- moving towards virtualization both in production and CI
- what does this mean for our deployment strategy / tools?
- [dark deploys](https://www.facebook.com/note.php?note_id=96390263919) with deployment orchestration integrating with monitoring?
- do HET deploy with different VMs?
- role of betalabs vs. dark deploys
- Participants: Alex, Greg, Gabriel, ?
## Scaling down for third-party users
- define minimum resources for a basic MediaWiki install (strawman ex: [$2.99 / month VM with 1G of RAM](http://www.ovh.com/us/vps/vps-classic.xml)?)
- simple & small implementations of common services for testing and small installs
- setup automation / packaging for VMs
## Platform choices for new services
- SOA gives us freedom to choose (and change) technology per service / task
- don't want to go overboard though, as each additional technology has a cost
- current main development platforms: PHP, client-side JS & Node.js, some Java
- trends: industry and WMF
- new candidates: Hack, Go, Rust
- relative strengths for our use cases
- successful outcome:
- shared understanding of relative strengths and trends
- possibly guidance on what to choose in which area
- awareness of new options
## Security in a distributed service environment
Tracked in more detail in T86049.
- advantages of isolation between services vs. challenges of multitude of entry points
- what we learned from experience in our current architecture
- what others learned from experience in a SOA setting
- how to address challenges: [SOA auth RFC](https://www.mediawiki.org/wiki/Requests_for_comment/Service-oriented_architecture_authentication)
- CSP and other headers
- appropriate use of CORS
- when to use OAuth
## Ideas for content representation / UI / skins
Really in the 'editing' track. TODO: Figure out if other front-end stuff / caching fits in there.
- Move to HTML primary storage / wikitext editing?
- Micro-contributions using Parsoid HTML: API needs, how it could look
- API-powered front-ends: mobile already very far
- Fast logged-in views for mobile web and desktop: ESI vs. client-side customizations & no-JS fall-back
- again, mobile very close already
See also: T85154