I have been working on this project for months and I am getting desperate.
I have done research and relied on papers that talked about the user-provider-uddi architecture, so my purpose was the following:
through a mobile app, the user would write a keyword of needed web services, the query and the user's and device profile would both be sent to a middleware. Now the middleware is supposed to get a list of services of the same category as the keyword and compare the web services information to the user and device profile.
For example: it will check the required cpu, memory, screen size, language, location where it works and type of display (graphic/text) and compare it to the device specifications and user's preferences to select the best services.
Now my problem is:
I can't find any public repository (all those mentioned in other posts do not exist anymore)
assuming that I can use an interface (such as JAXR) to get services by category, how can I get the context-related information about services (cpu/memory requirements, language, location, display etc...). would that be possible through JAXR ? Is there a document that describes this about Web services (just like wsdl describe functions?)
what is the common was used to search for web services from a mobile nowadays ?
I know the question is somehow general, but I really worked a lot on this and I'm stuck. If there are people who specialize in the domain, please let me know your opinion. I would like some practical answers that can be implemented.
There are still a few public repositories out there (e.g., Service Repository). It is true that most of the web services you will find are not available anymore, but you can create your own service repository and deploy it either locally or somewhere in the cloud. It is basically just a hash map (service id mapped to a service uri?) and you can use any database to store the data.
Context information usually comes in different types. You have user context, service context, system context, environment context. Usually this information is embedded in the service response messages to the service consumer. Anything that can store data can be used to store this context. It's basically just data. Also, it can be collected when the request comes, but it will introduce a certain delay when serving the request. A proactive approach should be considered here.
This is very general. Depends on the type of service you're interested in. I believe the common approach to query a cloud based registry is the standard.
Related
I have an android and iPhone app, and the apps are getting data
from my website based on some conditions they select on the app.
I created a secured url that is not open to the public (can't be find on our website) and using a hash code that I thought was secure enough. Something like the following
http://test.com/data/get_data.php?key=akl;sd8234
The extra conditions they select in the app will be append as query parameters to the same url.
Base on the condition, the php file will then out data in json format.
However, I discovered recently someone else create the exact same app and actually getting data from my server, and from the secret url that I created. The reason I know is because I change something on that secret get_data.php page and it reflected on their app.
I don't know who they get a hold to my url, is there a way to create a more secure way to pass the data from my web server to the app so others can't steal my data?
You should create an API with Basic Auth or OAuth. You can't rely on your URL because it can be caught in logs.
Check this course out
In addition to shayegh's answer, you need to understand that every endpoint that you access within your application is public by nature. Everyone can access your server's endpoint just as well as your mobile application (created by you) can. However, you can make your server's endpoint protected by adding authorization requirements on your endpoint.
Authorization
There are many authorization protocols out there, OAuth, OAuth2.0, Basic Auth (credentials like email and password), etc. All of these are just ways to grant anyone access to resources in your endpoint. Think of it as a lock on your home door, only someone with a key can go into your house and make a mess.
Please keep in mind that this is a very simplified version of what authorization protocols actually look like, how it actually secures the distribution of access keys/tokens, etc.
Additional questions and answers
I tried to generate log files from my android phone, and I can't seem to find the .php file from the log files. Is that possible for someone to decode the android app or the iphone app so that they can view my source code?
Answer: I would always assume that everything that is happening on client's side (mobile app, WebApp's front end, etc) is beyond my control. That means anyone can access, read, tweak my client applications. With that said, I would assume that it is indeed possible for someone to unravel your android / iPhone app (get the source code) to get your client side keys.
How would this (OAuth/basic) help? Surely the person creating the other app would just add the OAuth/basic auth as well, wouldn't they?
In order for that other person to access the protected endpoint they would need to have access to your access tokens of the original app. On top of that, they would need to do it fast because usually access tokens only lasts for a short period of time.
Will using Basic Auth or OAuth key works if they are able to see my code?
Yes and no, depending on your implementation, attackers might be able to unravel your app and somehow fetch user's credentials or tokens from bad practices.
I am creating an android app that can be used by common users and also admin.
Suppose, if admin adds a new place name, that name should be added to database and when common user uses the app, he should be able to see the place name that is added.
I used MySqlLite database. But the problem is that if the app is uninstalled all data is lost. So I want some persistent data storage in which all the places that are added by admin are saved permanently.
Regards,
Sindhu
With the data being needed across multiple devices, your only option is to create/use a backend API.
Parse would have been a good choice but since that is getting shut down soon then it wouldn't be wise to use that.
Take a look at these alternatives here
You could also write one yourself, but unless you have some experience in that sort of thing then it will take some time to learn.
I am currently using api.ai , to create agent to perform specific tasks, but one question i don't have answer to is , can i make it learn something while chatting , mean that i speak my name is 'John Cena' and she should store it and then whenever i ask her again bot should answer me that. i know there is a way to do it by logging into api.ai web and manually add entries , but it will not help, is there any work around programmatically or automatically ? the file i've been using to practice is given in github . and here is working DEMO
You basically need for your bot to "learn" facts. There are many different ways to achieve this, but recently the most common way is to arrange knowledge into Semantic "Triples" and store the knowledge into a Graph repository (like Neo4j, Titan, Spark Graph, etc). In your example, "my name is John Cena" would translate into a Triple like ("anubava","Name","John Cena"). That way, the next time you are logged in as anubhava and ask "What is my name?", it would translate into a Graph search that will return "John Cena". A word of caution, achieving this is not trivial and would require some significant amount of fine tuning. For more info, you can check here and here.
Finally, most complete solutions (that I know of), are Server Side solutions. If you want for the whole knowledge base to reside in your mobile device, you could probably use the resources there as inspiration, and build your own Linked Data repository using an embedded database.
Hope this helps. Good luck.
To store and recall the user's name, you'll need to set up a webhook with some basic data persistence capabilities. Any database or key-value store would work fine.
Here's the breakdown:
Implement webhook fulfillment for the intent that captures the user's name. The webhook should store the name along with a unique, identifying ID that you should supply from your front-end in either the sessionId or as a context parameter in your call to /query.
Implement webhook fulfillment for the intent that reads the user's name. The webhook should look up the name by ID and return a response that tells the user their name.
The high-level docs for writing a fulfillment webhook are here:
https://docs.api.ai/docs/webhook
The situation: I have many real life locations with specific information associated with them, and updated frequently. I am unsure of how to store this information for use in an android application.
My original thought was storing the data on some server/cloud source/database, reading from the server from each Activity in the app to make sure the info is up to date, and update the server with any changes that may or may not have been made.
For example: there are 200 people inside the library, one person leaves.
So we would read the number of people from the server, display this on the app, person leaves, subtract one, send the new number back to the server.
Would this be an incorrect approach? I'm fairly new to Android in general, and I really have no experience on how to approach this type of situation, what services to use, etc.
I would look into using Parse, its a pretty sweet way to power the backend, and their website is very detailed in explaining how to use it.
I already published an android app where you can see a list of specific objects and detailed informations about them. The list changes every day but some of the objects can appear again.
The application is communicating with a PHP server over HTTP and periodically pulls the list of objects.
I now plan to extend the app to make it possible to rate the objects and add a comment similar to how it is done in the android market. I'd like to avoid forcing the user to sign up for an account for being able to comment.
I see two problems:
The comment-system could be abused by spammers
A comment could be added from another system
So my questions are:
How to protect the system from spam?
How to authenticate the application with the server?
How do I limit the number of comments to one per user and object?
What about the androids device id? Is it unique enough to use it as identifier for the user?
Which other problems do you see?
2020 Commenting/Rating/Reviews Options
Since Socialize is out, here are a few options you can explore:
Build your own comment/rating implementation. Personally I love reddit and how it handles nested comments and ratings. Here's a library I found that implements it beautifully. Please note you'll need to tie this with a cloud-database. This is based on groupie. Article & implementation. Many ways to do this - https://stackoverflow.com/a/59472206/668240
Disqus - SDK's coming soon to iOS and Android.
BazaarVoice - commercial
Social Networks SDKs like Facebook, Twitter, etc. Personally I dislike this as we'll need to authenticate users with respective networks to use the APIs. It's like we are shipping off users of our apps to social networks. If you don't have a problem with that - then it might be for you
Legacy Option in 2014:
You can try out Socialize SDK which is open-source and a really good SDK for the rating and commenting you are looking for. It already has a well-functioning Commenting system built-in along with a 'like/love' facility and sharing to FB and Twitter. Each 'entity' (object in your case) can have metadata associated with it. So all you have to do is construct/use a rating widget, then send that rating with the entity attached to your object. To display your rating/comment is as simple as retrieving them from Socialize.
Each object (element from your app) should be associated with an entity which has a unique key in the form of a URL - sort of like a primary key to recognize your items. This entity can have meta-data - any data that you can insert on behalf of your object. Once you do that, you can retrieve that metadata any time you want.
I've been using Socialize for around a year now. They've matured over this period and are always aspiring to be the best at what they do.
Look at the Socialize Bar at the bottom. Its can be customized to your needs.
What's more - Socialize is free.
As for your questions:
There is comment moderation built into the Socialize Web Component
where you can filter out anything you feel is out of place.
Socialize allows you to authenticate through Facebook and Twitter.
Limiting to one comment per user can be achieved by using their User
and Comments API.
Socialize has both Anonymous authentication as well as Social A/c
authentication. I believe you can remove anonymous auth. So that
ensure that every user is authenticated before rating/commenting.
For authentication, you could use OpenID like StackOverflow does or Facebook authentication. Once you have them authentication, it shoud be easy to limit the number of comments to one per user per object. As far as spam, you could follow StackOverflow's model and allow users to vote comments up or down or flag as spam. Perhaps users with comments that have been voted up would have more power and be able to flag comments as spam.
You'll need some sort of rate limiting. I've used this one in this example before.
So you need a table with the user's ID and how many api calls they have left, and then when their last api call was. Then use the algorithm to update the values in the table every time a method is called.
Read through this, I think it should be possible to create an UUID for every case:
http://android-developers.blogspot.de/2011/03/identifying-app-installations.html
And then keep a hidden api key which is hard coded, or at least get's everytime calculated the same or in enigma style influenced by the time it is used. But you will be never be sure, that it won't be find out by crackers/hackers and maybe abused, you will always have this Problem.
Authenticate with the UUID of the user + api-key.