All Web Services are !=But Some are more != than Others

Looking under the hood at two very different Web Service Frameworks.

Ron KleinmanChief Vertical Evangelist

Sun Microsystems

What exactly IS a Web Service?

Component

XML Commands

XML Responses

HTML: Presentation

<b> Mr. John Jones 1234 </b>

XML : Interpretation

<employee> <name title = “Mr.”> <first> John </first> <last> Jones </last> </name> <ID> 1234 </ID></employee>

A 1-Slide XML Primer

XML Message Exchanges:Minimize Assumptions about Partner

Hardware run on Operating System run under API / Language written in (OO?) Middleware Architecture deployed Physical Connection

SenderJava

On SolarisDOMParser

SAXParser

C++On Windows

Receiver

Heterogeneous Interoperability

XML Messages

Two Modes of XML Use

Use XML to marshal arguments of a Remote Procedure Call

Use XML to define a Business Document

A BXML

Two Types of PartnersTwo Types of Infrastructure

[INT] Common Client/Service ownership Same Security / Naming management Islands of interoperability

[EXT] B2B Client Service Connection Common “Reference” Infrastructure needed

Client ServiceXML Message

Infrastructure

A B2B Document Is NOT a Remote Procedure Call

Asynchronous vs. Synchronous Receipt / Acceptance / Business Response

Legally Binding options Secure (Encrypted) Non-repudiation of Document (Dig Sig) Non-repudiation of Response (Dig Sig) Tamper Proof (encrypted message digest)

A B

Purchase Order

XML Interoperability:Competing Paradigms

Remote Method Call EAI Behind Firewall Sync response WUST stack Web Service

Document Exchange B2B Across Internet Async response(s) ebXML stack Business Web Service

EAI: Web Services vs. Corba

Technology Web Service Corba

Args Transport SOAP (XML) IIOP (Objects)

API Definition WSDL IDL

Service Locator UDDI (URL) Naming (Objref)

Relative Speed Slow (parse) Fast

Modify Interface XSLT (Script) Adopter (code)

Deploying WUST-based Web Services for B2B use Week 0

Post UDDI entry as “shoe supplier” Include WSDL describing how to buy

Week 1 300 hits!! 295 looking, 3 buy, 2 ???

Week 2 First “denial of service” attack Internet B2B is different!

Business Web Services

Interoperability is always harder …

… when it’s not you on both ends of the wire.

XML Infrastructure Questions

Use Cases The Plumbing

ClientWeb

Service

XML Messages

Infrastructure

1. Once-only or Session

Once only: All setup info in each message Batch multiple requests Partial failures

Session: State maintained between messages Prefixed or dynamically determined

• Document Version, List of supported Actions• List of optional fields which are mandatory

Security set up initially ( cookie) Ordered Delivery Disconnected Operation

2. Message Encoding Multiple Payloads

Non XML Data? Each payload represents separate data

component Multi-hop Delivery

Payload vs. Message encryption? Route Tracing

3. Document Exchange or RPC Responses:

Asynchronous or Synchronous? Multiple outstanding Requests? Multiple responses (choreography)?

Legality Issues? Non-refutability (Digital Signature) Non-modifiable (Digest)

4. Quality of Service Best Effort

Application-level Request/Response/Timeout Once-only Delivery Guaranteed Delivery

Ordered, error free, sequential Disconnected Operation

ClientWeb

ServiceNetwork

XML Document Infrastructure

The alternative to XML RPC’s WUST

Document Interoperability:More than the XML Data

Application PartnerXML Document

Document Infrastructure

CORBA Objects have IIOP

EDI Documents have a VAN

XML Documents have … ebMS

What is XML Document Infrastructure? No Document can be received unless

its envelope is transported. No Document can be read unless its

envelope is opened. No Document can be understood

unless its “context” is known.

XML Message Layers:Interoperability All Levels

XML Document

Context

Envelope

Transport

<- Infrastructure ->

1. XML Document Industry Specific Data Structure “pass by value” Schema defined by Committee

1. Common Data Elements (Ex: Currency, Name, Date)

2. Document Specific Elements (Ex: Guest, Traveler, Patient, Student, Customer)

2. XML Context Layer Message Type Determines “Context”

Session Setup / Shutdown Request / Response (*) Create(*):Update(*):Delete / Response Publish / Subscribe Asynchronous Event Notification (*)

(*) Messages including Document data

3. XML Envelope Layer(s)

Layered set of choices of increasingFunctionality

Make not Buy

Packaging: MIME Usage

XML not effective packaging candidate XML Documents only Requires special encoding

MIME a Winner: Ubiquitous HTTP, SMTP are MIME-aware FTP and other transports carry MIME Package ANY data format Package multiple data formats

ebMS and SOAP

Inner Envelope ExtensionsAnd Services

SOAP V1.1 Outer Envelope

MIME Packaging

Transport (HTTP:HTTPS)

SOAP with

Attachments

ebMS

What is ebMS?

Msg Header

Msg Security

Manifest*

Message Envelope (MIME) – Ex: Student Application

Payload(s)ebMS Controlled

Reviewer’sAssessment

Letter ofReference

Art PortfolioJPG

ApplicationForm

High SchoolTranscript

FinancialStatement

Where is ebMS?

ClientApplication

MHSNode

MHSNode

WebService

ebMS

XML Envelope: Outer Layer

SOAP + Attachments Multi-hop Message Routing Request / ACK Matching Transport Layer Independence Data Encoding Multiple Payloads

XML Envelope: Inner Layer

ebMS Value Adds Multi-hop Message Tracing Request / Response Matching Payload Versioning Standardized Error Reporting Security (Authenticate, Non-refutability) Session Support Guaranteed once-only Reliable Message Delivery

• Automatic Message Timeouts and Resends• Disconnected Operation

ebXML provides a Web Service Infrastructure - for B2B Web Services

A brief (4 slide) Overview

OASIS and UN/CEFACT joint initiative Mission: "... enable a global electronic

marketplace where enterprises of any size and in any geographical location can meet and conduct business with each other through the exchange of XML based messages“

Document Exchange is NOT Method Calls (signed?)

Royalty FreeRoyalty Free ebMS Schedule:

June 2002 - complete version 2.0 Gathering Momentum: UDDI, …

ebXML Standards Stack: Infrastructure for B2B Solutions

B2BApplication

BPSS

ebMS RegRep CPP/CPACore

Components

B2BApplication

Register

Discover

ebMS Vendors:A very Partial List XML Global / Excelon / Bind / … Sybase (free version downloadable) Fujitsu Web Methods Sun Microsystems Microsoft (via XML Global BizTalk Connector)

Drummond Connectathons Oasis Conformance/Interoperability

ebMS Adoption

OTA (Cross-web Travel Reservations) CIDX (Chemical Industry Supply Chain) HL7 (Patient Records - security) RosettaNet (post RNIF 2.0) + BPSS STAR (Auto Supply Chain) Others (Asian Steel Consortium, …)

=> Use ebXML infrastructure to allow concentration on XML Document Layer

Web Services and ebXML

Layer EAI (Web Services)

B2B (Business Web Services)

Envelope Soap ebMS (over SWA)

Registry UDDI ebXML Reg/Rep

TPA WSDLXLANG

CPA/CPPBPSS

Partner “Distance” Determines Delivery InfrastructureLocation Author Infrastructure

Same system Same Developer Shared Memory

LAN Project Team Corba, WUST

IntraNet Corporate DP Corba, WUST

ExtraNet Business Partner ebXML

Internet Business Partner ebXML

Internet Unknown Partner ??? Email ???

ConclusionsB2B / EAI Interoperability agreement on:

Document Schemas / Procedure Arguments Document / Procedure Context

• Transaction Choreography Document Envelope : Procedure Marshaling

• Packaging / Routing / Transport• Security Options (Document exchange only)• Quality of Service Options (Document exchange only)

Schema “adopters” should be interoperable

References

ebXML.org/specs/ebMS.pdf www.w3.org/TR/SOAP www.w3.org/TR/SOAP-attachments oasis-open.org/committees/ebxml-msg/

index.shtml www.w3.org/2000/xp/Group/ www.opentravel.org

Questions?