T-110.456 Next Generation Cellular Networks/13.04.2005/YR Mobile Web Services T-110.456 Next Generation Cellular Networks 13.04.2005 Yrjö Raivio 28916V.

T-110.456 Next Generation Cellular Networks/13.04.2005/YR

Mobile Web Services

T-110.456 Next Generation Cellular Networks

13.04.2005

Yrjö Raivio

28916V


Contents

• Motivation

• Standardization bodies

• Web Services Interoperability Organization (WS-I)

• Web Services Discovery

• Liberty Alliance Project• Drivers• Architecture• PAOS

• Open Web Services Architecture

• Examples

• Conclusions


Mobile Circle of Trust – Single Sign On


Challenge with the Mobile Services

Mobile OperatorsHigh integration cost for new xSP

to join operator portal. Less revenue from services and traffic.

TerminalsLess services available.

Lower value to the subscriber.

Difficult to use services.

Lack of privacy.

xSP’sHigh integration costs for authentication, charging,

personalization.

Services not attractive to subscriber.

Presence, Location xSP 1

xSP 2

ApplicationDevelopment

Fragmentation,loss of mass-market appeal

Charging

Profile

Messaging

Authentication


Mobile OperatorsEasy integration. Easy for xSP to

join operator portal. More revenue from services & traffic.

TerminalsMore value for the

subscribers because more services and better user

experience.

Privacy protection.

xSP’sEasy integration. xSP more independent from operator.

Services more attractive through single sign-on,

personalization, privacy.

StandardWS (& IdM) Framework

Presence, Location

Charging

Profile

Messaging

Authentication

Solution: Web Services and Identity Management

xSP 1

xSP 2



Mobile Operators TerminalsEven more value for the

subscriber/terminal

xSP’sEven more attractive

services

Next step: WEB services entering the phone

xSP 1

xSP 2


WS Framework

WS Framework

Web services


Mobile Web Services Standardization bodies• W3C: XML, SOAP, WSDL

• IETF: HTTP

• OASIS: UDDI, WS-Security

• WS-I: Interoperability of the basic functions

• MS, IBM, Nokia

• Liberty Alliance Project: • ID-FF, Identity Federation Framework • ID-SIS, Identity Service Interface Specifications • ID-WSF, Identity Web Services Framework

• OMA/Mobile Web Services WG: Defines that the Mobile Web Services suit to the OMA Architecture

• Java Community/J2ME Web Services - support for Java based mobile application development


Web Services Interoperability Org. (WS-I)WS-I’s Work to Date

Composition/OrchestrationBusiness Process

Orchestration

PortalsManagement

XML, SOAP

XML Schema, WSDL, UDDI, SOAP with Attachments

HTTP, HTTPS, Others

Invocation

Description

Transports

Composable Service

ElementsTransactionalityWS-Security

Reliable Messaging

Endpoint Identification, Publish/SubscribeMessaging

AdditionalCapabilities


Web Services Discovery

• Methods to find Web Services:• By being told about it out of band

• Examples include obtaining the information from a service provider by e-mail, or by being dynamically informed about the service during an HTTP transaction (for example, by using the Liberty Reverse HTTP Binding for SOAP Specification)

• Through a visit to a well-known location • Knowledge of this location can be, for example, shared out of band,

discovered on a Web site, or shared as ‘metadata’• By using a centralized directory, such as a UDDI (Universal

Distribution, Discovery and Integration) directory• By using an identity-based discovery service

• ID-WSF Discovery• How the service provider will find MY services such as

Identity Provider, Payment, Messaging etc.


Liberty Alliance Project• Need to be connected anytime, anyplace - without compromising

security or control of personal information

• Liberty Alliance provides the technology, knowledge and certifications to build identity into the foundation of mobile and Web-based communications

• Not mobile specific but mobile aware

• 150+ diverse member organizations, from banks to operators and service providers

• Identity Management framework• To solve privacy issues• Link different identities (telco, internet) with each other• Authenticate and authorize transactions in non-trusted /unsecured environment• Facilitate easy of use-avoiding multiple registrations to services• Easy and standard interfacing to 3rd parties using main stream Internet

technologies (Web Services, XML/SOAP -> Liberty ID-FF/ID-WSF)


Liberty Alliance Project - Architecture

Liberty specifications build on existing standards(SAML, SOAP, WS-Security, XML, etc.)

Liberty Identity Federation Framework (ID-FF)

Security Assertion Markup Language (SAML) 2.0

Enables identity federation and management through features

such as •identity/account linkage

•simplified sign on•simple session management

Liberty Identity Services Inter-face Specifications (ID-SIS)

Enables interoperable identity services such as personal identity profile

service, contact book service, geo-location service, presence service etc.

Liberty Identity Web Services Framework (ID-WSF)

Provides the framework for building interoperable identity services, permis-sion based attribute sharing, identity

service description and discovery, and the associated security profiles.


PAOS – Reverse HTTP Binding for SOAP• Most devices equipped with HTTP client but not with HTTP

server, like mobiles

• However, mobile devices could offer valuable services to other parties, like calendar and profile service

• Such services could be especially valuable when such devices interact with an HTTP-based server (or service)

• When a user of a mobile terminal visits a web site, that web site could use some of the data from a personal profile service to personalize the offered content

• The primary difference from the normal HTTP binding for SOAP is that here a SOAP request is bound to a HTTP response and vice versa

• Hence the name Reversed HTTP binding for SOAP. The (informal) abbreviation for this binding specification is "PAOS"


Personal Portal Service


Open Web Services Architecture


Operator control and Web Services

• Today connections from the internet towards mobile devices or directly between them are blocked due to security risks and fear of losing control => Full utilization of WS not possible yet

• Operators do not have any specific control points in the game, but they do have interesting data (location, profile, presence) and huge register base

• Operators have not (yet) opened their services through WS IFs

• Operators and banks are both interested about the Identity Provider (IDP) business; no common views, scattered solutions by operators, banks and governments

• PAOS enables operator independent services but requires that terminal has the data!

• Symbian terminals will soon have Web Services support


Roles in the Service Business

Web Service Consumers

Web Service Providers

Device roles:

Web Service

Consumers

Web ServiceProviders

Web ServiceProvider

Authentication Discovery Profile Location ChargingMessaging Presence

Mobile operator roles:

Web Service

Consumer

Web sites and Applications roles:

Service protocols


Examples

• AOL developed Radio@AOL and Album@AOL services based on open WEB Services standards

• Client can utilize platform WEB Services API’s

• I.e. easier to develop• Less memory consumption

• Amazon has opened WS API to their product catalogue

• Piranha Java SW utilises this API and can check any product and price Amazon supports

• Amazon gets 17% commission of 3rd party product turnover; 22% of Amazon incomes


Demo: “WSP” on the mobile

GatewayWeb Server

BT Pan

Firewall

Internet

GPRS


Conclusions

• Mobile Web Services offer interesting opportunities for mobile service developers

• Standardization setup is pretty complex, over engineered => de facto standards?

• Banks and operators are competing with each other => scattered, nation wide identity solutions

• Mobile operators have been too slow and have not utilized their strengths: Customer base, Trust, Authentication, Billing, Profile, Location, Messaging, Presence…

• Open APIs needed – New business possibilities for all parties


References• SOAP and XML specifications: www.w3c.org

• SAML and UDDI specifications: www.oasis-open.org, www.uddi.org

• WS-I: www.ws-i.org

• Liberty Alliance, PAOS: www.projectliberty.org

• OMA MWS WG: www.openmobilealliance.org/tech/wg_committees/mws.html

• White Papers Available at: http://www.nokia.com/nokia/0,,56843,00.html• Identity Federation and Web services – technical use cases for mobile operators,

Nokia & Sun, 12/2004.• Nokia Web Services Framework for Devices – a Service-oriented Architecture,

Nokia, 03/2004.Available at: http://www.sun.com/webservices• Deploying Mobile Web Services using Liberty Alliance’s Identity Web Services

Framework (ID-WSF), Nokia & Sun, 06/2004.

• Developers: www.forum.nokia.com, www.developers.sun.com

T-110.456 Next Generation Cellular Networks/13.04.2005/YR Mobile Web Services T-110.456 Next Generation Cellular Networks 13.04.2005 Yrjö Raivio 28916V.

Documents

attractive services

yr mobile web services

services traffic

services available

mobile web services

generation cellular

yr mobile operators

wssecurity ws