The New Internet: Web Services

1
The New Internet Web Services

• William Gregory Johnson
• Georgia State University
• Department of Computer Science
• Advisor Dr. Sushil Prasad
• Wednesday, September 03, 2003
• GSU-ACM

2
Outline

• What brought us to these web services?
• How do web services work?
• Is there data security with web services?
• What is the next evolution of the Internet?

3
What is a web service?

• A Web service is an application that exists in a
  distributed environment, such as the Internet. A
  Web service accepts a request, performs its
  function based on the request, and returns a
  response. The request and the response can be
  part of the same operation, or they can occur
  separately, in which case the consumer does not
  need to wait for a response. Both the request and
  the response usually take the form of XML, a
  portable data-interchange format, and are
  delivered over a wire protocol, such as HTTP.
• Web service transactions are usually conducted
  between businesses. A business that is a provider
  of one service can also be a consumer of another
  service. A Web service consumer can also be a
  client device, such as a thin client connecting
  to the Web service provider over a lightweight
  protocol.

Source http//java.sun.com/webservices/faq.html
4
What is a web service?

• Web Services A Universal Language
• Web services let applications share data,
  andmore powerfullyinvoke capabilities from
  other applications without regard to how those
  applications were built, what operating system or
  platform they run on, and what devices are used
  to access them. Although Web services remain
  independent of each other, they can loosely link
  themselves into a collaborating group that
  performs a particular task.

Source http//www.microsoft.com/net/basics/webse
rvices.asp
5
Evolution Internet Technology
Web Services 2000
JavaScript Released 1998
DCOM Released 1996
C Released 2000
Java1 Released 1995
Mosaic Created 1993
WWW Created 1989
PHP/FI Released 1995
Internet Named 1984
TCP/IP Created 1972
CORBA Released by OMG 1992
CORBA Created 1989
6
Growth of Web Sites
Source Internet Software Consortium
(http//www.isc.org/)
7
Technology Behind Web Services

• HTTP (hypertext transport protocol)
• SOAP (simple object access protocol)
• XML (extensible markup language)
• WSDL (web services description language)
• UDDI (universal description, discovery and
  integration)

8
(No Transcript)
9
WSDL Structure
types
message
input
operation
portTypes
output
fault
input
operation
binding
output
fault
service
port
10
WSDL Service Name and Port Protocol

• ltdefinitions name "weatherservice"
  xmlns"http//schemas.xmlsoap.org/wsdl/"gt
• ltservice name"WeatherService" gt
• ...
• lt/servicegt
• lt/definitionsgt
• SOAP protocol
• ltport name"WeatherSoapPort" binding"wsdlnsWeath
  erSoapBinding" gt
• ltsoapaddress location"http//localhost8080
  /wsdl/defined/weatherSOAP.asp" /gt
• lt/portgt
• HTTP GET protocol
• ltport name"WeatherSoapPort" binding"wsdlnsWeath
  erSoapBinding" gt
• lthttpaddress location"http//localhost8080/
  wsdl/defined/weatherGET.asp"/gt
• lt/portgt

11
WSDL Operation and PortType
operation

• ltoperation name"GetTemperature"
  parameterOrder"zipcode celsius"gt
• ltinput message"wsdlnsWeather.GetTemperature
  " /gt
• ltoutput message"wsdlnsWeather.GetTemperatur
  eResponse" /gt
• lt/operationgt

portType
ltportType name"WeatherSoapPort"gt
ltoperation name"GetTemperature"
parameterOrder"zipcode celsius"gt ltinput
message"wsdlnsWeather.GetTemperature" /gt
ltoutput message"wsdlnsWeather.GetTemperatureRe
sponse" /gt lt/operationgt . . .
lt/portTypegt
12
WSDL Binding

• ltbinding name"WeatherSoapBinding"
  type"wsdlnsWeatherSoapPort" gt
• ltsoapbinding style"rpc"
  transport"http//schemas.xmlsoap.org/soap/http"
  /gt
• ltoperation name"GetTemperature" gt
• ltsoapoperation
• soapAction"http//SyD.org/action/
  Weather.GetTemperature" /gt
• ltinputgt
• ltsoapbody use"encoded"
  namespace"http//SyD.org/message/"
• encodingStyle"http//schemas.xmlso
  ap.org/soap/encoding/" /gt
• lt/inputgt
• ltoutputgt
• ltsoapbody use"encoded"
  namespace"http//SyD.org/message/"
• encodingStyle"http//schemas.xml
  soap.org/soap/encoding/" /gt
• lt/outputgt
• lt/operationgt
• lt/bindinggt

13
(No Transcript)
14
SOAP Message Structure

• 3 Components of SOAP message
• SOAP Envelope
• Top level element containing the SOAP message
• Mandatory
• SOAP Header
• A way to communicate information not related to
  any SOAP operation.
• Optional
• SOAP Body
• Contains the actual RPC
• Mandatory
• Defines a Fault element for error handling

15
What is Your Favorite SOAP?

• PocketSOAP
• 4s4c (COM implemtation of SOAP)
• Apache SOAP and Apache Axis
• SOAPLite (for Perl)
• Microsoft SOAP Toolkit v3.0 (IIS)
• SQLData
• Frontier
• Manila
• GLUE
• EasySOAP
• IONAs XMLBus
• WASP

16
Traditional Visionary
CORBA
XML
DCOM
Web Services
EDI
ebXML (sans WSDL)
Proprietary Open Standards
Interfaces W3C, Oasis

17
What is meant by a secure Web Service?

• A secure web service is one in which the
  information sender trusts that the recipient is
  really who she claims to be and vice versa.
• A secure web service also is one in which the
  information can be received and accessed only by
  the intended recipient.
• Thus, the definition implies two things
• Must be Authenticated
• Must have privacy and integrity protection
  (encryption and authorization)

18
WS Security Specification

• SOAP Foundation currently used.
• WS-Security - describes how to attach signature
  and encryption headers to SOAP messages. In
  addition, it describes how to attach security
  tokens, including binary security tokens such as
  X.509 certificates and Kerberos tickets, to
  messages.

19
WS Security Specification (continued)

• WS-Trust - will describe a framework for trust
  models that enables Web services to securely
  interoperate.
• WS-Privacy - will describe a model for how Web
  services and requesters state privacy
  preferences and organizational privacy practice
  statements.
• WS-SecureConversation - will describe how to
  manage and authenticate message exchanges
  between parties including security context
  exchange and establishing and deriving session
  keys.
• WS-Federation - will describe how to manage and
  broker the trust relationships in a
  heterogeneous federated environment including
  support for federated identities.
• WS-Authorization - will describe how to manage
  authorization data and authorization policies.

20
What is Next?
Agent Technology?
True 4GL on Wireless
IPV6
Programming Language
???
21
Resources Putting it All Together

• http//www.goland.org/Tech/wsdl.htm
• http//msdn.microsoft.com/library/default.asp?url
  /library/en-us/dnwebsrv/html/wsdlexplained.asp
• http//radio.weblogs.com/0101679/stories/2002/02/1
  5/aBusyDevelopersGuideToWsdl11.htmlCommentary
• http//soapagent.com/pages/Articles/WSDL/
• http//www.wsindex.org/
• http//www.webserviceoftheday.com/ws
• http//msdn.microsoft.com/webservices/default.aspx
  ?pull/library/en-us/dnwssecur/html/securitywhitep
  aper.asp
• http//www.cdt.luth.se/pvt/courses/smd114/2000/mis
  c/Schach/caoose4-ch07.pdf
• http//www.cert.org
• http//www.isc.org
• http//www.levenez.com/lang/
• http//www.microsoft.com/
• http//java.sun.com/

22
Thanks!