1. The Rise of BaaS
A Utopia for Client-Side Developers
This is a comment.
1Saturday, March 15, 14
2. State of the Union
How client-side applications are built today
2Saturday, March 15, 14
3. CLIENT SIDE APP APIs
Web
Server
Hosting Tooling
DATA
MANAGEMENT
USER
MANAGEMENT
BUSINESS
LOGIC
BUSINESS LOGIC
* your backend serves up data that your client-
side code uses to render the different views
* when your view needs to change the client-
side code makes a request to the backend to
re-render the view via xhr or websocket
* talk to the backend to perform any action or to
talk to third-party api's
3Saturday, March 15, 14
• your backend serves up data that your client-side code uses to render the different views
• when your view needs to change the client-side code makes a request to the backend to re-render the view via xhr or websocket
• talk to the backend to perform any action or to talk to third-party api's
4. How often do you change your
backend to support the needs
of your client side app?
4Saturday, March 15, 14
5. How often must you
upgrade your back-end to
extend your application?
Constantly.
* data and access controls (all the security) lives
inside the backend so in order to extend your
application you have to build out new routes
5Saturday, March 15, 14
• data and access controls (all the security) lives inside the backend so in order to extend your application you have to build out new routes
6. The chase
begins
6Saturday, March 15, 14
The communication nightmare kicks-off, the standard formation in most companies is that the client-side guys handle the users world and the back-end guys write the backend.
Now, to make a change that the back-end doesn't support means that you have to coordinate with them to build out the feature.
So instead of focusing on building an amazing application for your customers, you end up spending time working with the back-end team and their schedule.
7. So what do we settle for?
APIs
DATA MANAGEMENT
Storage
7Saturday, March 15, 14
The communication nightmare kicks-off
8. Every application has unique requirements
DATA MANAGEMENT
USER
MANAGEMENT
HOSTING
SECURITY
8Saturday, March 15, 14
Blog:
• Comments, users and posts
• Each post has a user and many comments
• You want to order the posts by date and select a range of them, perhaps you also want to filter by category
• Similar, for comments, you want to order by date and select a range of them
• For users, you need some sort of authentication and user management system
• For creating posts, you want some type of user admin role
9. Let’s face reality, we’ve been
reinventing the wheel
And it’s a fracking head-ache.
9Saturday, March 15, 14
10. This approach has consequences
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
11. This approach has consequences
• Tightly coupled to the
server
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
12. This approach has consequences
• Tightly coupled to the
server
• Inflexible
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
13. This approach has consequences
• Tightly coupled to the
server
• Inflexible
• Expensive
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
14. This approach has consequences
• Tightly coupled to the
server
• Inflexible
• Expensive
• Incomplete
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
15. This approach has consequences
• Tightly coupled to the
server
• Inflexible
• Expensive
• Incomplete
• Limited extensibility
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
16. This approach has consequences
• Tightly coupled to the
server
• Inflexible
• Expensive
• Incomplete
• Limited extensibility
• The list as you know,
does not end here
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
17. Imagine for a moment, the
ultimate back-end.
One that could fuel
any & every feature.
11Saturday, March 15, 14
19. We’re obsessive about
this problem.
13Saturday, March 15, 14
Started as co-browse, started transitioning BaaS because we found we needed every component, and none existed.
24. The Vision: BaaS
One really really awesome
round wheel, we all share.
15Saturday, March 15, 14
25. CLIENT SIDE APP APIs
Web
Server
Hosting Tooling
DATA
MANAGEMENT
USER
MANAGEMENT
BaaS
BUSINESS LOGIC
16Saturday, March 15, 14
26. CLIENT SIDE APP APIs
Web
Server
Hosting Tooling
DATA
MANAGEMENT
USER
MANAGEMENT
BaaS
BUSINESS LOGIC
16Saturday, March 15, 14
27. CLIENT SIDE APP APIs
Web
Server
Hosting Tooling
DATA
MANAGEMENT
USER
MANAGEMENT
BaaS
BUSINESS LOGIC
16Saturday, March 15, 14
28. CLIENT SIDE APP APIs
Web
Server
Hosting Tooling
DATA
MANAGEMENT
USER
MANAGEMENT
BaaS
BUSINESS LOGIC
16Saturday, March 15, 14
29. Ok that looks awesome
Let’s make it a reality!
17Saturday, March 15, 14
30. Connectivity
web sockets and xhr-polling we have the
technology to create "full-duplex" connections
even in older browsers
this gives us a mechanism for pushing data
between server and client
18Saturday, March 15, 14
• web sockets and xhr-polling we have the technology to create "full-duplex" connections even in older browsers
• this gives us a mechanism for pushing data between server and client
31. Data Management
* already exists just needs an API
built for it on the client
* support querying
* transactions
* all json types
19Saturday, March 15, 14
• already exists just needs an API built for it on the client
• support querying
• transactions
• all json type
32. User Management
* built on-top of the data model
* standardized by convention
* id
* groups (or roles) built in
* extensible to store extra data
required
20Saturday, March 15, 14
• built on-top of the data model
• standardized by convention
• id
• groups (or roles) built in
• extensible to store extra data required
•
33. Security & Access Control
* having data on client means there are a lot of security concerns
* access control layer around who can read and write data based on
their id and groups
* input validation to guarantee data integrity
* output sanitization to prevent different forms of injection attacks
* enforced on server via schema of some form
21Saturday, March 15, 14
• having data on client means there are a lot of security concerns
• access control layer around who can read and write data based on their id and groups
• input validation to guarantee data integrity
• output sanitization to prevent different forms of injection attacks
• enforced on server via schema of some form
34. Tooling
* API is a black box you won’t control
* tooling is *really* important
* even with less surface area, there will
still be bugs
* so what type of tooling do we need?
22Saturday, March 15, 14
35. Data Tooling
• Ability to view the data
• Ability to export and import backups
• Ability to run arbitrary queries on the data
• Audit logs for monitoring how data changes
• Schema visualizer
◦ Exploring how access controls are enforced
◦ Testing input validation and output sanitization
• Available via Web UI and CLI
23Saturday, March 15, 14
• Ability to view the data
• Ability to export and import backups
• Ability to run arbitrary queries on the data
• Audit logs for monitoring how data changes
• Schema visualizer
• Exploring how access controls are enforced
• Testing input validation and output sanitization
• Available via Web UI and CLI
36. Organizational Tooling
• Support for multiple collaborators
• Support for multiple environments
• Varying access controls based on environment
• Ability to perform data migrations
24Saturday, March 15, 14
• Support for multiple collaborators
• Support for multiple environments
• Varying access controls based on environment
• Ability to perform data migrations
37. Hosting
* to truly remove the operational burden, we also need to provide static application
hosting
* but it can't just host static html, css, js -- it needs to be living and breathing as
well
* schema provides access control to routes and redirect controls
25Saturday, March 15, 14
• to truly remove the operational burden, we also need to provide static application hosting
• but it can't just host static html, css, js -- it needs to be living and breathing as well
• schema provides access control to routes and redirect controls
53. “The whole is
greater than the
sum of its parts.”
– Aristotle
28Saturday, March 15, 14
54. Data Synchronization
* evolved from BaaS movement
* user a modifies data, automatically updates the view of user b
* possible because of the full-duplex connection and event subscriptions
* subscribe to “change” events in data model
* server pushes new data and client-side api trigger event listener
* by leveraging this pattern you now have “real-time” out of the box, you
don’t have to manage this! It’s given to you!
* show code example of what this looks like!
29Saturday, March 15, 14
55. Offline Support
* now we have this mechanism for forcing our view to re-render
* with this we can update the view of the application when the
user reconnects (from sleep mode, or connects to wifi, etc.)
* all the data transferred to the client from the server is cached
so we can have read-only offline mode support out of the box
*
30Saturday, March 15, 14
57. In this utopia, how long would it
take to build the application of your
users dreams.
Better question,
how much time could you save?
32Saturday, March 15, 14
58. Baas Today
This utopia will be built,
one brick at a time
33Saturday, March 15, 14
Talk through current solutions available
60. In Conclusion
• Client-side developers
waste time and money on
infrastructure
• BaaS will fundamentally
change how client-side
applications are
developed
• The work is already
under-way
• It’s an extension of the
platform movement
35Saturday, March 15, 14
61. Join the BaaS
movement
An intersection of developer
productivity and the platformization
revolution
36Saturday, March 15, 14