View
2.098
Download
0
Category
Tags:
Preview:
Citation preview
Introduction to Web Service - 2
Sagara Gunathunga ( Apache web Service and axis committer)
WS specification overview
WS-Addressing
WS –security
WS -Reliable messaging
WS - interoperability
WS Composition and Orchestration
CONTENTS
WS specification overviewThere are some standard bodies to define specification related to Web Services generally known as WS-* specifications .
• SOAP• WSDL • WS- Addressing• WS-security • WS- Policy• WS- Reliable Messaging• WS -evening
WS- NotificationWS-MetadataExchangeWS-Resource FrameworkWS-TransactionWS-AtomicTransactionWS-BPEL
WS- Addressing
SOAP does not provide a standard way to specify
1. where a message is going ? 2. how to return a response ?3. where to report an error ?
transport protocol such as HTTP , JMS can be used to define those properties .
e.g. HTTP Headers
The type of the message being
conveyed is SOAP
Host URI
SOAP Action
When a SOAP request is sent over HTTP, the URI of the HTTP request serves as the message's destination. The message response is packaged in the HTTP response and received by the client over the HTTP connection.
When a SOAP request message is sent asynchronously through JMS, a destination for responses might be specified in the JMS message headers, incorporated into the message body, or left up to the service implementation.
Conclusion
Above solutions are depend on the transport protocol but WS- Addressing provide a transport natural solution.
WS – Addressing define <To> and <Action> to define destination and action.
WS – Addressing and WSDL
WS – Addressing
Supports to wide range of transport protocols.
Supports for Asynchronous communication
Supports Dynamic endpoint addressing.
WS-Addressing was originally authored by Microsoft, IBM, BEA, Sun, and SAP and submitted to W3C for standardization. The W3C WS-Addressing Working Group has refined and augmented the specification in the process of standardization.
http://xml.coverpages.org/ws-Addressing.html
http://www.w3.org/TR/ws-addr-core/
Asynchronous communication
current message has id “uuid:someid” and it is related with another message that has id “uuid:someotherid” and the
type of the relationship is “Reply”
The address of the sender of the message, the addresses for return reply or fault messages are given
Dynamic endpoint addressing
Endpoint is any addressable resource to which SOAP message can be sent (Web Service client or application, a SOAP router or any SOAP aware entity
The most logical way to include endpoints is to use WSDL “Service” element, however WSDL does not allow extensibility of this element, therefore EndpointReference is defined.<From>, <ReplyTo>, <FaultTo> tags convey an “EndpointReference”
WS – Security
WS – Security
Security is a very important aspect of a any enterprise application , WS- Security and related specification define how you can implements security features such as identification ,authentication , authorization , message integrity and confidentiality for your web services.
Identification
Authentication
Authorization
Confidentiality
Message integrity
06.03.2005
14
Soap Foundation XMLEncryption
XMLDigital
Signature
Security Extensions
WS-Security XKMS SAML XACML SPML
WS-Policy WS-Trust WS-Privacy
WS-Secure
Conversation
WS-Federation
WS-Authorization
WS – Security stack
WS – Security stack
WS – Security stack
•flexible and feature-rich extension to SOAP to apply security to Web servicesWS – Security
•allows web services to use XML to advertise their policies (on security, Quality of Service, etc.) and for web service consumers to specify their policy requirements.WS – Policy
•provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchangeWS – Trust
•establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment.
WS – SecureConversion
•defines mechanisms for allowing disparate security realms to broker information on identities, identity attributes and authentication.WS- Federation
WS- Authorization
Message Security vs. Transport Security
Message level Security - Advantages
Message level Security - Disadvantages
Different parts of a message can be secured in different ways.
Asymmetric: different security mechanisms can be applied to request and response
Self-protecting messages (Transport independent)
Immature standards only partially supported by existing tools
Securing XML is complicated
Message Security vs. Transport Security
Transport level Security - Advantages
Transport level Security - Disadvantages
Widely available, mature technologies (SSL, TLS, HTTPS) Understood by most system
administrators
Point 2 Point: The complete message is in clear after each hop
Symmetric: Request and response messages must use same security Properties
Transport specific
WS - Reliable messaging
defines a messaging protocol to identify, track, and manage the reliable delivery of messages between exactly two parties, a source and a destination.
It also defines a SOAP binding that is required for interoperability. Additional bindings may be defined.
WS - Reliable messaging
WS – interoperability (WS- I)
An open industry effort chartered to promote Web Services interoperability across platforms, applications and programming languages.
A standards integrator to help Web services advance in a structured, coherent manner
Approximately 130 member organizations - 70% vendors, 30% end-user organizations , Strong non-U.S. membership, including very influential Japan SIG
WS-I Goals
•Achieve Web services interoperabilityIntegrate specificationsPromote consistent implementationsProvide a visible representation of conformance
•Accelerate Web services deploymentOffer implementation guidance and best practicesDeliver tools and sample applicationsProvide a implementer’s forum where developers can collaborate
•Encourage Web services adoptionBuild industry consensus to reduce early adopter risksProvide a forum for end users to communicate requirementsRaise awareness of customer business requirements
WS- I Deliverables
ProfilesDefined set of specifications or standards at specific version levelsGuidelines and conventions for using these specifications together in ways that ensure interoperability
Sample applicationsUse cases and usage scenarios based on customer requirementsSample code and applications built in multiple environmentsDemonstrate profile-based interoperability
Test tools and supporting materialsTools that test profile implementations for conformance with the profilesSupporting documentation and white papers
Basic ProfileBasic Profile 1.0 and 1.1
— More than 200 interoperability issues resolved in the Basic Profile 1.0; conventions around messaging, description and discovery
Simple SOAP Binding Profile 1.0— Derived from Basic Profile requirements related to serialization of an envelope and its representation in the message
Sample Applications and Testing Tools for the Basic Profile
• Attachments Profile 1.0Complements the Basic Profile 1.1 to add support for conveying
interoperable, SOAP with Attachments (SwA) with SOAP messages
WS- I Deliverables
WS- I Basic profile 1
What is a profile? A set of specifications at specific version levels Guidelines and conventions for using the specifications together
WS- I BP 1.0
SOAP 1.1WSDL 1.1UDDI 2.0XML 1.0 (Second Edition)XML Schema Part 1: StructuresXML Schema Part 2: DatatypesThe Secure Sockets Layer Protocol Version 3.0RFC2246: The Transport Layer Security Protocol Version 1.0
RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile
RFC2616: HyperText Transfer Protocol 1.1
RFC2818: HTTP over TLS
RFC2965: HTTP State Management Mechanism
WS Composition
• I n most of the real world scenarios it is required to interact with several services in a predefine or dynamic order.
• Businesses requires to quickly adapt to customer needs and market conditions EAI and B2B interactions (through web services)
• Needs to be flexible internally and externally• Without a common set of standard, each organization is left to
build their own set of proprietary business protocols
• Leaving little flexibility for true web services collaboration
Web Service Composition
Provides an open, standards-based approach for connecting web services together to create higher-level business processes.
Standards are designed to reduce the complexity required to compose web services, hence reducing time and costs, and increase overall efficiency in businesses
Multiple approaches based on perspective:
Static – Dynamic WS composition
Industry solution – Semantic Web solution
Static – Dynamic WS Compositions
Web Service Composition
Static Composition
By Hand/hardc
ode
BPEL4WS
Dynamic Composition
Model driven Service
compositionXSRL
BPEL - Overview
Use Web Services Standard as a base
Every BPEL is exposed as a web service using WSDL. And the WSDL describes the public entry and exit points of the process
Interacts through WSDL interfaces with external web services
WSDL data types are used to describe information flow within the BPEL process
BPEL – example process
BPEL - code sample<sequence>
<receive partner=”buyer” … operation=”sendOrder” container=”request”/>
<invoke partner=”supplier” … operation=”request” container=”order”/>
<reply partner=”buyer” … operation=”response” container=”proposal”/>
</sequence>
sendOrder
request
response
request
proposal
order
BPEL – sample
Thank You
Aeturnum Lanka (Pvt) Ltd197, Stanley Thilakaratna Mw, Nugegoda 10250, Sri Lanka
Phone: +94 11 5518177 | Email: info@aeturnum.comWeb: www.aeturnum.com | www.athiva.com
Recommended