Restful Web Services and Code-On-Demand...

See here: https://en.wikipedia.org/wiki/Code_on_demand  Note that any binary executable code delivered by HTTP will be blocked by most anti-virus software.

Thanks. As far as being part of the REST protocol, does this suggest that a web service can return a complete user experience, and still be restful?

Is this normally HTML/CSS/Javascript? Or could this be code that is intended to run on the client machine, such as PC or Mac, from inside the browser?

complete user experience

I have no idea what that means.  Anti-virus should block any binary code from running thru the browser.

This would be code that is not for mass consumption. It would be under private agreement, so I am not considering anti-virus blocking it.

A user would not know the difference, the user clicked a button and the fields popped up to edit his account. The user does not know the source of the code that he's interacting with. That's what I meant by a complete end-user experience.

When it is Code-On-Demand...what kind of code, is my question? Are we talking about finished web pages that can be injected from the server? If so, then it's HTML.CSS and Javascript. If it's Flash or SilverLight, it's something different. (I used SilverlIght as an example only, so it hopefully will not distract from the question)

I am not considering anti-virus blocking it.

My anti-virus scans Everything that is received (including javascript).  It knows nothing about your private agreement.

Please read the article I linked above for a useful definition of Code-On-Demand.  It says it is executed in or from the browser.  JavaScript is built into the browsers but Flash and SilverLight are separate programs that must be installed.

If this is part of your 'secret' project, you should know that I can capture everything you send to a browser and examine it.  It will not be secret for long.

I am looking for a way for a partner to support my service with the least amount of coding on their end and the maximal level of compliance, which most benefits our customers.

I assumed their website could support REST and particularly Code-On-Demand, whereby I could generate the correctly versioned code and I could deliver it to their website, for display to the user. Maybe this is not the intention of Code-On-Demand, but it seemed like the perfect use of it.

Every project I do always seems secret, because I am usually under one NDA or the other. Sorry if I am vague.

Maybe I should just provide the source code for them to use on their site and have some embedded version number so I can reject the web service call if an old version of the code is used.

Thanks.

The info from the form goes into the web service call.

It would receive and submit information relating to the specific version of the web service. It would be typical user fields like text, numeric and some would be drop-downs that come back from the web service pre-populated, and be submitted with the user's selection.

I think the answer to my worries is easier than using Code-On-Demand, though. I think I could require an update by a specific date and make the old web service stop working on that date. They'd need the new web service which needs to fail with the old code.

If the info comes back to you and your service, then you have to use an iframe that is loaded from your web service site.  That the only way to get the correct 'action' page.  If you just included it in their page, the 'action' page would point to their site.

I see. Is this something that is blocked by anti-virus programs?

Not usually, that would be just a 'normal' web page.

Is the creation of this iframe insert by the web service using RESTful and using the Code-On-Demand constraint, or is that different?

The iframe has to be created in the original web page on the client's server.  It is possible to use javascript in that web page to create and load the iframe but I've never done that.  That's what ad tracking code does.

thanks