Web service introduction 2

Introduction to Web Service - 2

Sagara Gunathunga ( Apache web Service and axis committer)

WS specification overview

WS-Addressing

WS –security

WS -Reliable messaging

WS - interoperability

WS Composition and Orchestration

CONTENTS

WS specification overviewThere are some standard bodies to define specification related to Web Services generally known as WS-* specifications .

• SOAP• WSDL • WS- Addressing• WS-security • WS- Policy• WS- Reliable Messaging• WS -evening

WS- NotificationWS-MetadataExchangeWS-Resource FrameworkWS-TransactionWS-AtomicTransactionWS-BPEL

WS- Addressing

SOAP does not provide a standard way to specify

1. where a message is going ? 2. how to return a response ?3. where to report an error ?

transport protocol such as HTTP , JMS can be used to define those properties .

e.g. HTTP Headers

The type of the message being

conveyed is SOAP

Host URI

SOAP Action

When a SOAP request is sent over HTTP, the URI of the HTTP request serves as the message's destination. The message response is packaged in the HTTP response and received by the client over the HTTP connection.

When a SOAP request message is sent asynchronously through JMS, a destination for responses might be specified in the JMS message headers, incorporated into the message body, or left up to the service implementation.

Conclusion

Above solutions are depend on the transport protocol but WS- Addressing provide a transport natural solution.

WS – Addressing define <To> and <Action> to define destination and action.

WS – Addressing and WSDL

WS – Addressing

Supports to wide range of transport protocols.

Supports for Asynchronous communication

Supports Dynamic endpoint addressing.

WS-Addressing was originally authored by Microsoft, IBM, BEA, Sun, and SAP and submitted to W3C for standardization. The W3C WS-Addressing Working Group has refined and augmented the specification in the process of standardization.

http://xml.coverpages.org/ws-Addressing.html

http://www.w3.org/TR/ws-addr-core/

Asynchronous communication

current message has id “uuid:someid” and it is related with another message that has id “uuid:someotherid” and the

type of the relationship is “Reply”

The address of the sender of the message, the addresses for return reply or fault messages are given

Dynamic endpoint addressing

Endpoint is any addressable resource to which SOAP message can be sent (Web Service client or application, a SOAP router or any SOAP aware entity

The most logical way to include endpoints is to use WSDL “Service” element, however WSDL does not allow extensibility of this element, therefore EndpointReference is defined.<From>, <ReplyTo>, <FaultTo> tags convey an “EndpointReference”

WS – Security

WS – Security

Security is a very important aspect of a any enterprise application , WS- Security and related specification define how you can implements security features such as identification ,authentication , authorization , message integrity and confidentiality for your web services.

Identification

Authentication

Authorization

Confidentiality

Message integrity

06.03.2005

14

Soap Foundation XMLEncryption

XMLDigital

Signature

Security Extensions

WS-Security XKMS SAML XACML SPML

WS-Policy WS-Trust WS-Privacy

WS-Secure

Conversation

WS-Federation

WS-Authorization

WS – Security stack

WS – Security stack

WS – Security stack

•flexible and feature-rich extension to SOAP to apply security to Web servicesWS – Security

•allows web services to use XML to advertise their policies (on security, Quality of Service, etc.) and for web service consumers to specify their policy requirements.WS – Policy

•provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchangeWS – Trust

•establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment.

WS – SecureConversion

•defines mechanisms for allowing disparate security realms to broker information on identities, identity attributes and authentication.WS- Federation

WS- Authorization

Message Security vs. Transport Security

Message level Security - Advantages

Message level Security - Disadvantages

Different parts of a message can be secured in different ways.

Asymmetric: different security mechanisms can be applied to request and response

Self-protecting messages (Transport independent)

Immature standards only partially supported by existing tools

Securing XML is complicated

Message Security vs. Transport Security

Transport level Security - Advantages

Transport level Security - Disadvantages

Widely available, mature technologies (SSL, TLS, HTTPS) Understood by most system

administrators

Point 2 Point: The complete message is in clear after each hop

Symmetric: Request and response messages must use same security Properties

Transport specific

WS - Reliable messaging

defines a messaging protocol to identify, track, and manage the reliable delivery of messages between exactly two parties, a source and a destination.

It also defines a SOAP binding that is required for interoperability. Additional bindings may be defined.

WS - Reliable messaging

WS – interoperability (WS- I)

An open industry effort chartered to promote Web Services interoperability across platforms, applications and programming languages.

A standards integrator to help Web services advance in a structured, coherent manner

Approximately 130 member organizations - 70% vendors, 30% end-user organizations , Strong non-U.S. membership, including very influential Japan SIG

WS-I Goals

•Achieve Web services interoperabilityIntegrate specificationsPromote consistent implementationsProvide a visible representation of conformance

•Accelerate Web services deploymentOffer implementation guidance and best practicesDeliver tools and sample applicationsProvide a implementer’s forum where developers can collaborate

•Encourage Web services adoptionBuild industry consensus to reduce early adopter risksProvide a forum for end users to communicate requirementsRaise awareness of customer business requirements

WS- I Deliverables

ProfilesDefined set of specifications or standards at specific version levelsGuidelines and conventions for using these specifications together in ways that ensure interoperability

Sample applicationsUse cases and usage scenarios based on customer requirementsSample code and applications built in multiple environmentsDemonstrate profile-based interoperability

Test tools and supporting materialsTools that test profile implementations for conformance with the profilesSupporting documentation and white papers

Basic ProfileBasic Profile 1.0 and 1.1

— More than 200 interoperability issues resolved in the Basic Profile 1.0; conventions around messaging, description and discovery

Simple SOAP Binding Profile 1.0— Derived from Basic Profile requirements related to serialization of an envelope and its representation in the message

Sample Applications and Testing Tools for the Basic Profile

• Attachments Profile 1.0Complements the Basic Profile 1.1 to add support for conveying

interoperable, SOAP with Attachments (SwA) with SOAP messages

WS- I Deliverables

WS- I Basic profile 1

What is a profile? A set of specifications at specific version levels Guidelines and conventions for using the specifications together

WS- I BP 1.0

SOAP 1.1WSDL 1.1UDDI 2.0XML 1.0 (Second Edition)XML Schema Part 1: StructuresXML Schema Part 2: DatatypesThe Secure Sockets Layer Protocol Version 3.0RFC2246: The Transport Layer Security Protocol Version 1.0

RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile

RFC2616: HyperText Transfer Protocol 1.1

RFC2818: HTTP over TLS

RFC2965: HTTP State Management Mechanism

WS Composition

• I n most of the real world scenarios it is required to interact with several services in a predefine or dynamic order.

• Businesses requires to quickly adapt to customer needs and market conditions EAI and B2B interactions (through web services)

• Needs to be flexible internally and externally• Without a common set of standard, each organization is left to

build their own set of proprietary business protocols

• Leaving little flexibility for true web services collaboration

Web Service Composition

Provides an open, standards-based approach for connecting web services together to create higher-level business processes.

Standards are designed to reduce the complexity required to compose web services, hence reducing time and costs, and increase overall efficiency in businesses

Multiple approaches based on perspective:

Static – Dynamic WS composition

Industry solution – Semantic Web solution

Static – Dynamic WS Compositions

Web Service Composition

Static Composition

By Hand/hardc

ode

BPEL4WS

Dynamic Composition

Model driven Service

compositionXSRL

BPEL - Overview

Use Web Services Standard as a base

Every BPEL is exposed as a web service using WSDL. And the WSDL describes the public entry and exit points of the process

Interacts through WSDL interfaces with external web services

WSDL data types are used to describe information flow within the BPEL process

BPEL – example process

BPEL - code sample<sequence>

<receive partner=”buyer” … operation=”sendOrder” container=”request”/>

<invoke partner=”supplier” … operation=”request” container=”order”/>

<reply partner=”buyer” … operation=”response” container=”proposal”/>

</sequence>

sendOrder

request

response

request

proposal

order

BPEL – sample

Thank You

Aeturnum Lanka (Pvt) Ltd197, Stanley Thilakaratna Mw, Nugegoda 10250, Sri Lanka

Phone: +94 11 5518177 | Email: [email protected]: www.aeturnum.com | www.athiva.com