all web services are != but some are more != than others looking under the hood at two very...
Post on 20-Dec-2015
215 views
TRANSCRIPT
All Web Services are !=But Some are more != than Others
Looking under the hood at two very different Web Service Frameworks.
Ron KleinmanChief Vertical Evangelist
Sun Microsystems
HTML: Presentation
<b> Mr. John Jones 1234 </b>
XML : Interpretation
<employee> <name title = “Mr.”> <first> John </first> <last> Jones </last> </name> <ID> 1234 </ID></employee>
A 1-Slide XML Primer
XML Message Exchanges:Minimize Assumptions about Partner
Hardware run on Operating System run under API / Language written in (OO?) Middleware Architecture deployed Physical Connection
SenderJava
On SolarisDOMParser
SAXParser
C++On Windows
Receiver
Heterogeneous Interoperability
XML Messages
Two Modes of XML Use
Use XML to marshal arguments of a Remote Procedure Call
Use XML to define a Business Document
A BXML
Two Types of PartnersTwo Types of Infrastructure
[INT] Common Client/Service ownership Same Security / Naming management Islands of interoperability
[EXT] B2B Client Service Connection Common “Reference” Infrastructure needed
Client ServiceXML Message
Infrastructure
A B2B Document Is NOT a Remote Procedure Call
Asynchronous vs. Synchronous Receipt / Acceptance / Business Response
Legally Binding options Secure (Encrypted) Non-repudiation of Document (Dig Sig) Non-repudiation of Response (Dig Sig) Tamper Proof (encrypted message digest)
A B
Purchase Order
XML Interoperability:Competing Paradigms
Remote Method Call EAI Behind Firewall Sync response WUST stack Web Service
Document Exchange B2B Across Internet Async response(s) ebXML stack Business Web Service
EAI: Web Services vs. Corba
Technology Web Service Corba
Args Transport SOAP (XML) IIOP (Objects)
API Definition WSDL IDL
Service Locator UDDI (URL) Naming (Objref)
Relative Speed Slow (parse) Fast
Modify Interface XSLT (Script) Adopter (code)
Deploying WUST-based Web Services for B2B use Week 0
Post UDDI entry as “shoe supplier” Include WSDL describing how to buy
Week 1 300 hits!! 295 looking, 3 buy, 2 ???
Week 2 First “denial of service” attack Internet B2B is different!
Business Web Services
Interoperability is always harder …
… when it’s not you on both ends of the wire.
1. Once-only or Session
Once only: All setup info in each message Batch multiple requests Partial failures
Session: State maintained between messages Prefixed or dynamically determined
• Document Version, List of supported Actions• List of optional fields which are mandatory
Security set up initially ( cookie) Ordered Delivery Disconnected Operation
2. Message Encoding Multiple Payloads
Non XML Data? Each payload represents separate data
component Multi-hop Delivery
Payload vs. Message encryption? Route Tracing
3. Document Exchange or RPC Responses:
Asynchronous or Synchronous? Multiple outstanding Requests? Multiple responses (choreography)?
Legality Issues? Non-refutability (Digital Signature) Non-modifiable (Digest)
4. Quality of Service Best Effort
Application-level Request/Response/Timeout Once-only Delivery Guaranteed Delivery
Ordered, error free, sequential Disconnected Operation
ClientWeb
ServiceNetwork
Document Interoperability:More than the XML Data
Application PartnerXML Document
Document Infrastructure
CORBA Objects have IIOP
EDI Documents have a VAN
XML Documents have … ebMS
What is XML Document Infrastructure? No Document can be received unless
its envelope is transported. No Document can be read unless its
envelope is opened. No Document can be understood
unless its “context” is known.
XML Message Layers:Interoperability All Levels
XML Document
Context
Envelope
Transport
<- Infrastructure ->
1. XML Document Industry Specific Data Structure “pass by value” Schema defined by Committee
1. Common Data Elements (Ex: Currency, Name, Date)
2. Document Specific Elements (Ex: Guest, Traveler, Patient, Student, Customer)
2. XML Context Layer Message Type Determines “Context”
Session Setup / Shutdown Request / Response (*) Create(*):Update(*):Delete / Response Publish / Subscribe Asynchronous Event Notification (*)
(*) Messages including Document data
Packaging: MIME Usage
XML not effective packaging candidate XML Documents only Requires special encoding
MIME a Winner: Ubiquitous HTTP, SMTP are MIME-aware FTP and other transports carry MIME Package ANY data format Package multiple data formats
ebMS and SOAP
Inner Envelope ExtensionsAnd Services
SOAP V1.1 Outer Envelope
MIME Packaging
Transport (HTTP:HTTPS)
SOAP with
Attachments
ebMS
What is ebMS?
Msg Header
Msg Security
Manifest*
Message Envelope (MIME) – Ex: Student Application
Payload(s)ebMS Controlled
Reviewer’sAssessment
Letter ofReference
Art PortfolioJPG
ApplicationForm
High SchoolTranscript
FinancialStatement
XML Envelope: Outer Layer
SOAP + Attachments Multi-hop Message Routing Request / ACK Matching Transport Layer Independence Data Encoding Multiple Payloads
XML Envelope: Inner Layer
ebMS Value Adds Multi-hop Message Tracing Request / Response Matching Payload Versioning Standardized Error Reporting Security (Authenticate, Non-refutability) Session Support Guaranteed once-only Reliable Message Delivery
• Automatic Message Timeouts and Resends• Disconnected Operation
OASIS and UN/CEFACT joint initiative Mission: "... enable a global electronic
marketplace where enterprises of any size and in any geographical location can meet and conduct business with each other through the exchange of XML based messages“
Document Exchange is NOT Method Calls (signed?)
Royalty FreeRoyalty Free ebMS Schedule:
June 2002 - complete version 2.0 Gathering Momentum: UDDI, …
ebXML Standards Stack: Infrastructure for B2B Solutions
B2BApplication
BPSS
ebMS RegRep CPP/CPACore
Components
B2BApplication
Register
Discover
ebMS Vendors:A very Partial List XML Global / Excelon / Bind / … Sybase (free version downloadable) Fujitsu Web Methods Sun Microsystems Microsoft (via XML Global BizTalk Connector)
Drummond Connectathons Oasis Conformance/Interoperability
ebMS Adoption
OTA (Cross-web Travel Reservations) CIDX (Chemical Industry Supply Chain) HL7 (Patient Records - security) RosettaNet (post RNIF 2.0) + BPSS STAR (Auto Supply Chain) Others (Asian Steel Consortium, …)
=> Use ebXML infrastructure to allow concentration on XML Document Layer
Web Services and ebXML
Layer EAI (Web Services)
B2B (Business Web Services)
Envelope Soap ebMS (over SWA)
Registry UDDI ebXML Reg/Rep
TPA WSDLXLANG
CPA/CPPBPSS
Partner “Distance” Determines Delivery InfrastructureLocation Author Infrastructure
Same system Same Developer Shared Memory
LAN Project Team Corba, WUST
IntraNet Corporate DP Corba, WUST
ExtraNet Business Partner ebXML
Internet Business Partner ebXML
Internet Unknown Partner ??? Email ???
ConclusionsB2B / EAI Interoperability agreement on:
Document Schemas / Procedure Arguments Document / Procedure Context
• Transaction Choreography Document Envelope : Procedure Marshaling
• Packaging / Routing / Transport• Security Options (Document exchange only)• Quality of Service Options (Document exchange only)
Schema “adopters” should be interoperable
References
ebXML.org/specs/ebMS.pdf www.w3.org/TR/SOAP www.w3.org/TR/SOAP-attachments oasis-open.org/committees/ebxml-msg/
index.shtml www.w3.org/2000/xp/Group/ www.opentravel.org