Upload
bernice-king
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
Web Services Web Services InteroperabilityInteroperabilityin Healthcarein Healthcare
Mark OswaldMark OswaldProgram Manager, eBusiness Program Manager, eBusiness [email protected]@microsoft.com
AgendaAgenda
Design Principles for InteroperabilityDesign Principles for Interoperability
WS-I OrganizationWS-I Organization
Web Services ArchitectureWeb Services Architecture
Design Principles forDesign Principles forWeb Services ProtocolsWeb Services Protocols
Modular and composableModular and composableFactored to stand alone or work togetherFactored to stand alone or work together
General-purposeGeneral-purposeAgnostic to place it is running or Agnostic to place it is running or originatedoriginated
Standards-basedStandards-basedMulti-vendor interoperation criticalMulti-vendor interoperation critical
FederatedFederatedNo central point of administration, No central point of administration, control, failurecontrol, failure
33Microsoft ConfidentialMicrosoft Confidential
ModularModular
Use only what you needUse only what you needEverything works together Everything works together Not reinventing the wheel for every Not reinventing the wheel for every protocol areaprotocol areaDefined by composable SOAP headers Defined by composable SOAP headers and SOAP messageand SOAP messageThese ‘infrastructure’ protocols These ‘infrastructure’ protocols augment domain-specific protocols augment domain-specific protocols (e.g., healthcare)(e.g., healthcare)
Composable HeadersComposable Headers
AddressingAddressing
SecuritySecurity
ReliabilityReliability
<S:Envelope … > <S:Header> <wsa:ReplyTo xmlns:wsa=“> <wsa:Address>http://business456.com/User12</wsa:Address> </wsa:ReplyTo> <wsa:To>http://fabrikam123.com/Traffic</wsa:To> <wsa:Action>http://fabrikam123.com/Traffic/Status</wsa:Action> <wssec:Security> <wssec:BinarySecurityToken ValueType="wssec:X509v3" EncodingType=“wssec:Base64Binary"> dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wssec:BinarySecurityToken> </wssec:Security> <wsrm:Sequence> <wsu:Identifier>http://fabrikam123.com/seq1234</wsu:Identifier> <wsrm:MessageNumber>10</wsrm:MessageNumber> </wsrm:Sequence> </S:Header> <S:Body> <app:TrafficStatus xmlns:app="http://highwaymon.org/payloads"> <road>520W</road><speed>3MPH</speed> </app:TrafficStatus> </S:Body></S:Envelope>
Standards-BasedStandards-Based
Commitment toCommitment toPublishing specificationsPublishing specifications
Working with partners to refine Working with partners to refine specificationsspecifications
Working with partners, customers, and Working with partners, customers, and standards bodies for broad adoptionstandards bodies for broad adoption
Different standards bodies for Different standards bodies for different specs, based on the specdifferent specs, based on the spec
FederatedFederated
Fully distributed Fully distributed
Crosses organization and trust Crosses organization and trust domainsdomains
Does not require centralized servers Does not require centralized servers or administrationor administration
May sometimes require ‘edge’ May sometimes require ‘edge’ software to do protocol translation, software to do protocol translation, security work, routing, etc.security work, routing, etc.
www.ws-i.orgwww.ws-i.org
An open industry effortAn open industry effortIndustry initiative focused on promoting Web Industry initiative focused on promoting Web services interoperabilityservices interoperability
Organization formed by industry leaders Organization formed by industry leaders
Open membership and participationOpen membership and participation
Based on partnershipsBased on partnershipsSymbiotic relationship with other standards Symbiotic relationship with other standards organizations through integration of their organizations through integration of their outputsoutputs
Goal: Enable interoperability across platforms, Goal: Enable interoperability across platforms, applications, and programming languagesapplications, and programming languages
Success will accelerate adoption and deployment Success will accelerate adoption and deployment of of Web servicesWeb services
WS-I produces…WS-I produces…WS Protocol specificationsWS Protocol specifications
Core building blocks of WS architectureCore building blocks of WS architectureCreated when interoperability is a requirementCreated when interoperability is a requirementTypically have co-authors (market leaders)Typically have co-authors (market leaders)
What’s in a Protocol specWhat’s in a Protocol specOnly aspects visible to an observer on the wireOnly aspects visible to an observer on the wireMessage formatsMessage formatsInvariants and obligationsInvariants and obligationsProse describing model and semanticsProse describing model and semantics
What’s not in a Protocol specWhat’s not in a Protocol specDetails that relate to implementationDetails that relate to implementation
API considerationsAPI considerationsAn abstract implementationAn abstract implementationEvery possible optimizationEvery possible optimization
WS-I also produces…WS-I also produces…
WS ProfilesWS ProfilesA set of rules for using these specs A set of rules for using these specs interoperablyinteroperably
We treat these like specsWe treat these like specs
Workshops flesh these outWorkshops flesh these out
Profiles are what makes this stuff Profiles are what makes this stuff real!real!
ExamplesExamplesWS-I Basic Profile 1.0 (standard)WS-I Basic Profile 1.0 (standard)
WS-Federation Active Client Profile WS-Federation Active Client Profile (published)(published)
WS Devices Profile (in active WS Devices Profile (in active development)development)
WS Architecture EvolutionWS Architecture EvolutionSecure, Reliable, TransactedSecure, Reliable, Transacted
SOAPUDDI
WSDL
April 2002WS-Security and Security
Roadmap
August 2002WS-TransactionWS-Coordination
WS-I
2000
December 2002WS-PolicyWS-Trust
WS-SecureConversation
July 2003WS-Federation
March 2003WS-ReliableMessaging
WS-AddressingRM Roadmap
September 2003WS-
AtomicTransactionWS-Coordination
SRT WS Whitepaper
Connected ApplicationsConnected Applications
MessagingMessaging
XMLXML
TransportsTransports
SecureSecure ReliableReliable TransactedTransacted
Meta
data
Meta
data
ManagementManagement BusinesBusiness s
ProcessProcess……
Web Services ArchitectureWeb Services Architecture
DevicesDevices MobileMobile
P2PP2P EAIEAI B2BB2B GridGrid
SOAP Messaging ModelSOAP Messaging Model
SOAP provides an outer wrapper for SOAP provides an outer wrapper for messagesmessages
Divides message into two partsDivides message into two partsHeaders and BodyHeaders and Body
Body typically carries 'intent' of the Body typically carries 'intent' of the messagemessage
Headers carry protocol and/or app Headers carry protocol and/or app level context informationlevel context information
Headers can be ‘mandatory’ and Headers can be ‘mandatory’ and ‘targeted’‘targeted’
<s:Envelope xmlns:s='http://schemas.xmlsoap.org/soap/envelope/' > <s:Header> <!-- Protocol related stuff goes here --> <!-- App level context goo goes here too --> </s:Header> <s:Body> <!-- Intent of message goes here --> </s:Body></s:Envelope>
SOAP 1.1
WS-AddressingWS-Addressing
WS-Addressing provides WS-Addressing provides mechanisms for addressing mechanisms for addressing resourcesresources
Shipping those addresses in messagesShipping those addresses in messages
Addressing messages to those Addressing messages to those resourcesresources
Addressing mechanisms are Addressing mechanisms are transport-neutraltransport-neutral
Internal resource organization is Internal resource organization is opaqueopaque
StatusStatus
SpecSpec StatusStatusSOAP 1.1SOAP 1.1 DeployedDeployedSOAP 1.2SOAP 1.2 StandardStandardWS-AddressingWS-Addressing PublishedPublished
Metadata Driven Metadata Driven ArchitectureArchitecture
Compatible?
Y’s InX’s Out
send(
)Y’s InX’s Out
To: Y'
To: Yreceive(
)Y’s In
'To: Y
GetPolicy
Policy used by X when sending a message out (often implicit)
Yes
CacheY’s In
X YPolicy used by Y when receiving a message in
Policy Policy
WS-Policy: A framework for making WS-Policy: A framework for making statements about resourcesstatements about resources
Used to express receiver requirements Used to express receiver requirements for incoming messages (e.g., for incoming messages (e.g., transports, security)transports, security)
At runtime, can be used to match At runtime, can be used to match requirements to capabilitiesrequirements to capabilities
WS-PolicyAssertions: Predefined WS-PolicyAssertions: Predefined basicsbasics
WS-PolicyAttachment: Attaching WS-PolicyAttachment: Attaching policy expression to a subjectpolicy expression to a subject
Web Services Description Web Services Description Language (WSDL)Language (WSDL)
Describes the messages that a service Describes the messages that a service sends and receivessends and receives
Provides abstractions for grouping Provides abstractions for grouping messages and message exchanges messages and message exchanges (operations)(operations)
‘‘Programming Interface’ for Web ServicesProgramming Interface’ for Web Services
Provides concrete information for Provides concrete information for deployment and serializationdeployment and serialization
Transport informationTransport information
Port bindingPort binding
StatusStatus
SpecSpec StatusStatusWSDL 1.1WSDL 1.1 DeployedDeployedWSDL 1.2WSDL 1.2 @ standards org@ standards orgWS-PolicyWS-Policy In WorkshopIn WorkshopWS-WS-PolicyAssertionsPolicyAssertions
In WorkshopIn Workshop
WS-WS-PolicyAttachmentPolicyAttachment
In WorkshopIn Workshop
WS-WS-MetadataExchangeMetadataExchange
Near 1Near 1stst publicationpublication
WS-SecurityWS-Security
Defines a framework for building Defines a framework for building security protocolssecurity protocols
IntegrityIntegrity
ConfidentialityConfidentiality
Propagation of security tokensPropagation of security tokens
Framework designed for end-to-end Framework designed for end-to-end security of SOAP messagessecurity of SOAP messages
From initial sender, through 0-n From initial sender, through 0-n intermediaries to ultimate receiverintermediaries to ultimate receiver
WS-SecurityWS-Security
Leverages existing XML security Leverages existing XML security specsspecs
XMLDSIG for integrityXMLDSIG for integrity
XMLENC for confidentialityXMLENC for confidentiality
Provides constructs for transmitting Provides constructs for transmitting security tokenssecurity tokens
Supports text and binary tokensSupports text and binary tokens
WS-TrustWS-Trust
Defines how to broker trust Defines how to broker trust relationshipsrelationships
Some trust relationship has to exist a Some trust relationship has to exist a prioripriori
Defines how to exchange security Defines how to exchange security tokenstokens
Defined as an interface specification Defined as an interface specification for a Security Token Servicefor a Security Token Service
A RequestSecurityToken message is A RequestSecurityToken message is sent to the trust servicesent to the trust service
It responds with a It responds with a RequestSecurityTokenResponseRequestSecurityTokenResponse
WS-SecureConversationWS-SecureConversation
WS-Security provides for only single WS-Security provides for only single message securitymessage security
Nodes will often want to exchange Nodes will often want to exchange more than one messagemore than one message
Specifying new symmetric keys for Specifying new symmetric keys for each message is tedious and verboseeach message is tedious and verbose
WS-SecureConversation defines WS-SecureConversation defines mechanisms to address thismechanisms to address this
WS-SecureConversationWS-SecureConversation
Participants establish a shared Participants establish a shared contextcontext
Context contains keys and other Context contains keys and other informationinformation
Has an identifier – used in subsequent Has an identifier – used in subsequent messagesmessages
Optionally has creation/expiry Optionally has creation/expiry timestampstimestamps
Context can be established in a Context can be established in a variety variety of waysof ways
Using WS-TrustUsing WS-Trust
Having one party create the contextHaving one party create the context
Through negotiationThrough negotiation
WS-SecurityPolicyWS-SecurityPolicy
A set of policy assertions related to A set of policy assertions related to concepts defined by other WS-Sec* concepts defined by other WS-Sec* specsspecs
Allows participants to specifyAllows participants to specifyToken typesToken types
Whether integrity and/or confidentiality Whether integrity and/or confidentiality are requiredare required
Algorithms for the aboveAlgorithms for the above
Which message parts need Which message parts need signing/encryptingsigning/encrypting
StatusStatus
SpecSpec StatusStatusWS-SecurityWS-Security @ standards org@ standards orgWS-WS-SecureConversationSecureConversation
Workshop: Workshop: interopinterop
WS-TrustWS-Trust Workshop: Workshop: interopinterop
WS-SecurityPolicyWS-SecurityPolicy Workshop: Workshop: interopinterop
Distributed State Distributed State CoordinationCoordination
Reliable MessagingReliable MessagingTwo-party (source, destination), asynchronousTwo-party (source, destination), asynchronous
Exactly once, in-orderExactly once, in-order
Atomic TransactionAtomic TransactionMulti-party, all or nothing state change, synchronousMulti-party, all or nothing state change, synchronous
Two Phase CommitTwo Phase Commit
Phase 1: Prepare to CommitPhase 1: Prepare to Commit
Phase 2: Commit or AbortPhase 2: Commit or Abort
Business ActivityBusiness ActivityMulti-party, final consistent state, asynchronousMulti-party, final consistent state, asynchronous
Two Phases (almost)Two Phases (almost)
Phase 1: Cancel/CompletePhase 1: Cancel/Complete
Phase 2: Close/CompensatePhase 2: Close/Compensate
Anytime: Exit/FaultAnytime: Exit/Fault
WS-ReliableMessagingWS-ReliableMessaging
RM defines QoS over unidirectional RM defines QoS over unidirectional message sequencesmessage sequences
Exactly once, in-orderExactly once, in-order
Simplifies application programming – Simplifies application programming – no need to defend againstno need to defend against
Lost, duplicated or delayed messagesLost, duplicated or delayed messagesEndpoint failureEndpoint failure
Acknowledgements sent upon Acknowledgements sent upon receiptreceipt
TransactionsTransactions
WS-Security
WS-SecureConversation
WS-Trust
WS-SecurityPolicy
WS-AtomicTransaction
WS-Coordination
WS-BusinessActivity
WS-AtomicTransactionWS-AtomicTransaction
Classic 2 Phase Commit ACID protocolClassic 2 Phase Commit ACID protocolPreparePrepare
Commit/RollbackCommit/Rollback
All resources must be ‘up’ (synchronous)All resources must be ‘up’ (synchronous)
All-or-nothing (complete agreement)All-or-nothing (complete agreement)
Resources are locked – easy Resources are locked – easy programming modelprogramming model
Appropriate for scenarios with shared Appropriate for scenarios with shared assumptions about latency/trustassumptions about latency/trust
AT Abstract State DiagramAT Abstract State Diagram
Active Ended
Aborting
PreparingPrepare
Prepared CommittingPrepared Committed
ReadOnlyor
Aborted
Aborted
Commit
Rollback
Participant generatedCoordinator generated
Phase 1 Phase 2
WS-BusinessActivityWS-BusinessActivity
Looser isolation modelLooser isolation modelIntermediate states visibleIntermediate states visibleOperations cannot be undoneOperations cannot be undoneShared state “settles out” at end of Shared state “settles out” at end of interactioninteraction
Tries to move forward to a known Tries to move forward to a known good stategood state
May try “Plan B”May try “Plan B”May use compensationMay use compensation
No requirement to lock resourcesNo requirement to lock resourcesAppropriate for scenarios crossing Appropriate for scenarios crossing trust domainstrust domains
WS-CoordinationWS-Coordination
Base Protocol for AT and BABase Protocol for AT and BA
Creates and Registers for Creates and Registers for TransactionsTransactions
Generates Coordination ContextGenerates Coordination ContextPasses Data to Register for Passes Data to Register for TransactionsTransactions
Based on WS-AddressingBased on WS-Addressing
Extensible Coordination TypesExtensible Coordination TypesAT and BA are the two predefined onesAT and BA are the two predefined ones
SummarySummary
Consider leveraging ‘broad’ industry Consider leveraging ‘broad’ industry efforts (WS-I) for messaging efforts (WS-I) for messaging infrastructure needsinfrastructure needs
Commercial platform and tools are Commercial platform and tools are available and will continue to evolveavailable and will continue to evolve
WS-I specifications and profiles are WS-I specifications and profiles are work in progresswork in progress
Investigate Investigate www.ws-i.orgwww.ws-i.org, consider , consider membershipmembership
Support development of the HL7 WS-I Support development of the HL7 WS-I ProfileProfile
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or This presentation is for informational purposes only. Microsoft makes no warranties, express or
implied, in this summary.implied, in this summary.
Thank youThank you