web services, the ws stack, and research prospects a survey
TRANSCRIPT
Web Services, the WS Stack,
and Research Prospects: A Survey
UC San DiegoCSE 294
October 17, 2008Barry Demchak
About Web Services
Standards sponsored through W3C (interoperable technologies) and OASIS (e-business standards)
A software system designed to support interoperable machine-to-machine interaction over a network. [WSGLOS]
Supports many interaction patterns, including RPC
Web Service Protocols
[WSPS]WS-I Basic Protocol [WSBP]
Web Service Protocols For fun:
http://www.st.informatik.tu-darmstadt.de/pages/seminars/webservicetechnologies/ws_standards.pdf
Structure of Presentation
The Basic Profile (WS-I) 15 min
The WS Protocol Stack 15 min
Security-oriented WS Research 15 min
SOAP (not Simple Object Access Protocol)
Message schemes for multiple use cases [SOAPUS]
Fire and forget (single receiver, multiple receivers) Request/Response (specialized or RPC)
Request with ACK Encrypted payload (header encryption optional)
Third party intermediary Conversational message exchange Via multiple intermediaries Asynchronous messaging (single or multiple response) Embedding non-XML data, Incremental parsing, event notification, caching
(with expiration), routing, tracking, quality of service …
SOAP Sample (request)
<env:Envelope xmlns:env="http://www.w3.org/2001/09/soap-
envelope"> <env:Header> <n:MsgHeader xmlns:n="http://example.org/requestresponse">
<n:MessageId>uuid:09233523-345b-4351-b623-5dsf35sgs5d6</n:MessageId>
</n:MsgHeader> </env:Header> <env:Body> ........ </env:Body> </env:Envelope>
SOAP Sample (response)<env:Envelope xmlns:env="http://www.w3.org/2001/09/soap-envelope"> <env:Header> <n:MsgHeader xmlns:n="http://example.org/requestresponse">
<n:MessageId>uuid:09233523-567b-2891-b623-9dke28yod7m9</n:MessageId>
<n:ResponseTo>uuid:09233523-345b-4351-b623-5dsf35sgs5d6</n:ResponseTo>
</n:MsgHeader> </env:Header> <env:Body> ........ </env:Body></env:Envelope>
SOAP Benefits and Drawbacks Benefits
Travel across HTTP through proxies/firewalls Standards-based, extensible, platform & language
independent, and multiple vendor support Multiple transport protocols: HTTP, JMS, Jabber,
SMTP/POP3, TCP, In-VM Drawbacks
Verbose (and large) Polling-oriented (depending on transport) Travel across HTTP through proxies/firewalls
[STCP]
WSDL (Web Services Description Language)
XML-based description of characteristics of a web service [INFIT]
Function signatures (in, out, in/out, return) Service binding (URL and protocol)
Stored in repositories such as UDDI Used to create client-side proxies Enables dynamic binding for clients capable
of binding dynamically
WSDL Content
UDDI (Universal Description, Discovery, and Integration)
Distributed repository searchable to find services (during design time or runtime)
White Pages Service provider’s name, business description,
contact information Yellow Pages
Taxonomy-based description of services and service providers
Green Pages Web Service addresses, parameters, etc
[INFIT]
UDDI Data Model
Business Entity – business information, including unique business key
Business Service – collection of web services, each having service keys
Binding Template – location and binding of single service, including binding key
tModel – reference to WSDL
Types of UDDIs
Public (e.g., IBM and Microsoft) Private
EAI registry (large organization, indexed by department or division)
Portal UDDI (portal owners publish, clients search and use)
Marketplace UDDI (members-only, certification, billing, non-repudiation)
Related Concepts and Names
JAX-WS – Java API for XML Web Service provides mappings between Java data structures and XML and WSDL
Xfire – framework provides support for web service standards, used in Mule v1.4.1
CXF – continuation of Xfire as Apache project, includes java2ws for “java first” development
Aegis – default Xfire binding which maps POJOs to XML
Axis – Apache SOAP engine supports web services, WSDL, and Tomcat
Web Services Stack
Some Samples
WS-Addressing [WSADDR] WS-Policy [WSPOL] WS-ReliableMessaging [WSREL] WS-Security [WSSEC] BPEL [BPEL] WS-Trust [WSTRU] WS-Provisioning [WSPRO]
WS-Addressing
Normalized formats for Web service endpoint references
<wsa:EndpointReference xmlns:wsa="..." xmlns:fabrikam="..."> <wsa:Address>http://www.fabrikam123.example/acct</wsa:Address> <wsa:PortType>fabrikam:InventoryPortType</wsa:PortType>
</wsa:EndpointReference> Message information headers
Independent of transport or application[WSADDR]
WS-Policy Flexible and extensible grammer for expressing
Capabilities Requirements Entity characteristics
Schema allows reasoning about assertions Policy = {Policy Alternative}* Policy Alternative = {Policy Assertion}* Policy Assertion = on-wire requirements and
capabilities Authentication schemes Transport protocol selections Privacy policies QoS characteristics
[WSPOL]
WS-ReliableMessaging Protocol for reliable message delivery
Between distributed applications Regardless of component, system, or network failures
Transport independent Available guarantees
AtMostOnce AtLeastOnce ExactlyOnce InOrder
[WS-REL]
WS-Security
Enhancement to SOAP Message Integrity Message Confidentiality Encode binary security tokens XML-based token framework Opaque encrypted keys
Web Services Security Standards
[SSOA]
Policy-Based Authorization A Policy-Based Authorization Framework for Web
Services: Integrating XGTRBAC and WS-Policy. Bhatti, Sanz, Bertino, Ghafoor. Current authentication does not provide fine grained
access control for users Integrates WS-Policy (through profile extension) with
X-GTRBAC policy specification language Allows separate policies to apply to different
components of a web service description Computes effective policy for a web service, given
multiple policies Delivered as a component in health care context
Web Service Compositions Policy-Driven Middleware for Manageable and
Adaptive Web Services Compositions. Erradi, Mahashwari, Tosic. Addresses Web Service composition and dynamic
adaptation to runtime changes Describes WS-Policy4MASC profile of WS-Policy,
which defines new policy assertions Supports synchronous and asynchronous monitoring
and coordination at SOAP and process orchestration layer
Separation of policy from code Use of technical and business metrics in policy
formation
Best Practices (toward patterns)
Best Practices in Web Service, Data Binding and Validation for use in Data-Centric Scientific Applications. Akram, Meredith, Allan. Examines JAX-RPC and Document-style
messaging “Loose” vs “Tight” data binding WSDL Development
DOA in Web Services
Dynamic Delegation of Authority in Web Services. Chawick. Allow users and services to delegate resource
access to other users and services Accounts for organization’s delegation policy,
and defines essential characteristics of policy Describes practical DOA Web Service
B2B and Non-repudiation High-value B2B interactions, non-repudiation
and Web services. Cook, Robinson, Shrivastava. Assumes B2B implemented as XML message
exchanges between loosely coupled services (e.g., RosettaNet)
Protect against false denial of communication Identifies non-repudiation protocols Presents web service based on WS-
NRExchange Critiques WS-Signature in NR context
Take Away Messages Web Services creates a backbone for execution of
loosely coupled systems A community of developers and researchers have
embraced it as a delivery vehicle for both applications and research results
Other vehicles are possible (e.g., ESBs), and can leverage Web Services-based work
Propositions We can discuss our work in terms of Web Service
standards We can investigate the real differences between loose
coupling in WS and in ESBs and other environments We can apply Web Service components to other
loosely coupled environments
References [WSGLOS] Web Services Glossary. W3C. Feb 2004. http://www.w3.org/TR/ws-gloss/ [WSPS] The Web Services Protocol Stack. CBDI Consulting. Feb 2005.
http://roadmap.cbdiforum.com/reports/protocols/ [WSBP] Basic Profile Version 1.1. Web Services Interoperability Organization (WS-I). Apr 2006.
http://www.ws-i.org/Profiles/BasicProfile-1.1.html [SOAPUS] SOAP Version 1.2 Usage Scenarios. W3C. Jul 2003.
http://www.w3.org/TR/2003/NOTE-xmlp-scenarios-20030730/ [STCP] WS Wiki StackComparison. Apache Web Services Wiki. March 2008.
http://wiki.apache.org/ws/StackComparison [WSOAP] SOAP. Wikipedia. Oct 2008. http://en.wikipedia.org/wiki/SOAP [INFIT] IT Web Services: A Roadmap for the Enterprise. A. Nghiem. Prentice Hall. Oct 2002.
http://www.informit.com/articles/article.aspx?p=31076 [WSADDR] Web Services Addressing (WS-Addressing). W3C. Aug 2004.
http://www.w3.org/Submission/ws-addressing/ [WSPOL] Web Services Policy 1.2 – Framework (WS-Policy). W3C. Apr 2006.
http://www.w3.org/Submission/WS-Policy/ [WSREL] Web Services Reliable Messaging (WS-Reliable Messaging). OASIS. Sep 2005.
http://www.oasis-open.org/committees/download.php/15177/wsrm-1.1-spec-cd-01.pdf [WSSEC] Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). OASIS. Feb 2006.
http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf [BPEL] Web Services Business Process Execution Language. OASIS. Apr 2007. http://docs.oasis-
open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html [WSTRU] WS-Trust 1.3. OASIS. Mar 2007. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-
os.html [WSPRO] WS-Provisioning.
Additional Reading [UDDIF3] UDDI Version 3 Features List. OASIS.
2002. http://uddi.org/pubs/uddi_v3_features.htm [OAUDDI] UDDI Version 2.0.4 API Specification.
OASIS. July 2002. http://uddi.org/pubs/ProgrammersAPI-V2.04-Published-20020719.pdf
[XFire] Codehaus XFire. http://xfire.codehaus.org/ [AXIS] Web Services – Axis. Apache. Apr 2006.
http://ws.apache.org/axis/index.html [RETWS] A Retrospective on the Development of
Web Service Specifications. S. Pallickara, G. Fox, M. Aktas, H. Gadgil, B. Yildiz.