Forum de Arquitectos de Software XML WEB SERVICES TODAY David Chappell presentation

About This Presentation

Title:

Forum de Arquitectos de Software XML WEB SERVICES TODAY David Chappell

Description:

An XML-based way to invoke remote services. Web Services Description Language (WSDL) ... SOAP defines an XML-based format for parameters ... –

Number of Views:86

Avg rating:3.0/5.0

Slides: 93

Provided by: DavidCh57

Category:

more less

Transcript and Presenter's Notes

Title: Forum de Arquitectos de Software XML WEB SERVICES TODAY David Chappell

1
Forum de Arquitectos de Software XML WEB
SERVICES TODAYDavid Chappell
Patrocinado por
2
Web Services Today

David Chappell
Chappell Associates
www.davidchappell.com

3
Agenda

The Basics Core Technologies
Filling in the Gaps The WS Specifications
Applying Web Services

4
The BasicsCore Technologies
5
Defining Web Services

A web service is software functionality that can
be accessed using web technology
In reality
SOAP is the sine qua non of web services
Usually, but not always, over HTTP
If youre not using SOAP, youre not doing web
services
Today, anyway

6
Defining Web Services
7
The Web Services Technology Triumvirate

SOAP
An XML-based way to invoke remote services
Web Services Description Language (WSDL)
A mechanism for describing web services
Universal Description, Discovery, and Integration
(UDDI)
A registry for information about web services and
more

8
Illustrating Web Services Technologies
UDDI Registry
Internet or intranet
UDDI Registry
Application
Application
Application
WSDL Interface
9
Whats Important About Web Services

The technical innovations in web services arent
huge
The important innovations are political
All vendors agree!
This has never happened before
Not with CORBA IIOP
Not with Microsoft DCOM
Not with Java RMI

10
Protocol Timelines
1990
1995
2000
2005
TCP OSI TP4 XNS SPX DEC NSP
Transport Layer Protocol
TCP
Application to Application Protocol
SOAP IIOP DCOM Java RMI
SOAP
11
The Dominance of Microsoft and IBM in Web
Services Technology

They created
SOAP
WSDL
UDDI
More
They ship major implementations of web services
Once the basic technology is stable, they give it
to a standards body for maintenance

12
Accessing Web Services SOAP

SOAP allows invoking operations
SOAP defines an XML-based format for parameters
SOAP requests/responses can ride on HTTP or other
protocols
Interactions can be synchronous or asynchronous
SOAP is independent of any object model,
programming language, or operating system
SOAP is now owned by W3C

13
Illustrating A SOAP Message
Envelope
Header
Body
Method
Parameters
14
The Structure of a SOAP message

ltsEnvelope
xmlnss "http//schemas.xmlsoap.org/soap/envelo
pe/"gt
ltsHeadergt
. . .
lt/sHeadergt
ltsBodygt
. . .
lt/sBodygt
lt/sEnvelopegt

15
An Example SOAP Request

POST /AccountAccess HTTP/1.1
Host www.qwickbank.com
Content-Type text/xml charsetutf-8
Content-Length 305
SOAPAction
ltsenvelope
xmlnsshttp//schemas.xmlsoap.org/soap/envelope/
gt
ltsbodygt
ltmGetBalance
xmlnsmhttp//www.qwickbank.com/bankgt
ltmAccountgt729-1269-4785lt/mAccountgt
lt/mGetBalancegt
lt/sbodygt
lt/senvelopegt

16
An Example SOAP Response

HTTP/1.1 200 OK
Content-Type text/xml charsetutf-8
Content-Length 304
ltsenvelope
xmlnsshttp//schemas.xmlsoap.org/soap/envelope
/gt
ltsbodygt
ltmGetBalanceResponse
xmlnsmhttp//www.qwickbank.com/bankgt
ltmBalancegt3,822.55lt/mBalancegt
lt/mGetBalanceResponsegt
lt/sbodygt
lt/senvelopegt

17
Some Issues With SOAP

The spec is loose
It allows custom headers and more
Mapping from programming language types to XML
types is problematic
Vendors do it differently
Interoperability is imperfect
Groups like the Web Services Interoperability
Organization (WS-I) will help improve this

18
Describing Web Services WSDL

Created by Microsoft and IBM
Now owned by the W3C
Provides an XML-based way to describe web
services interfaces
Analogous to the Interface Definition Languages
(IDLs) used in COM and CORBA

19
A Simplified WSDL Definition (1)

ltdefinitions nameMyDefinitionsgt
lttypesgt
lt! can define types used later --gt
lt/typesgt
ltmessage namemessage1"gt
lt! message definition --gt
lt/messagegt
...
ltmessage namemessageN"gt
lt! message definition --gt
lt/messagegt

20
A Simplified WSDL Definition (2)

ltportType nameMyPortType"gt
ltoperation nameOperation1"gt
ltinput messageMessage1"/gt
ltoutput messageMessage2"/gt
lt/operationgt
ltoperation nameOperation2"gt
ltinput messageMessage3"/gt
ltoutput messageMessage4"/gt
lt/operationgt
lt/portTypegt

21
A Simplified WSDL Definition (3)

ltbinding nameMySoapBinding"
typeMyPortType"gt
ltsoapbinding/gt
ltoperation nameOperation1"gt
lt!-- input and output bindings --gt
lt/operationgt
ltoperation nameOperation2"gt
lt!-- input and output bindings --gt
lt/operationgt
lt/bindinggt

22
A Simplified WSDL Definition (4)

ltservice nameMyService"gt
ltport nameMyPort"
bindingMySoapBinding"gt
ltsoapaddress
location
"http//www.qwickbank.com/myservice"/gt
lt/portgt
lt/servicegt
lt/definitionsgt

23
Some Issues With WSDL

Its complicated
Reading even a simple WSDL spec is hard
But tools (e.g., Visual Studio.NET) hide this
complexity
Its full of options
Different vendors use it differently
Its very broad
It can be used to define things that stretch the
notion of web services

24
Discovering Web Services UDDI

UDDI provides a specialized directory service for
discovering web services and other information
It contains XML definitions of businesses and
services they offer
UDDI is now owned by OASIS
An organization can create a business
registration
Which can contain information about various
available web services

25
Illustrating A UDDI Business Registration
Business Entity
Name QwickBank
Description Internet Bank
Contacts wm_at_qwickbank.com
Business Service
Name Account access
Binding Template URL 1, tModel x
Binding Template URL 2, tModel y
26
Some Issues With UDDI

Its complicated
There are simpler, more limited solutions to the
problem
Its not being used much yet
Some businesses are registered, but not many WSDL
definitions
Without WSDL, developers cant build
interoperable web services clients
Does it solve the right problem?
Do we really need another directory service?

27
Application Platforms Today
Browser Apps
Web Services Apps
Other Apps
Local Apps
Operating System
28
Illustrating The .NET Framework
Browser Apps
Web Services Apps
Other Apps
Local Apps
Windows
29
Illustrating The Java Environment
Browser Apps
Other Apps
Local Apps
Web Services Apps
Windows, Solaris, Linux, others
30
Application Platforms Some History
1996
1998
2002

Windows DNA
MTS (now COM)
ASP
ADO

Microsoft

.NET Framework
CLR
C, VB.NET
Enterprise services,
ASP.NET, ADO.NET
Web services support

Java

Java
Java VM
Java language
J2SE

J2EE
EJB
JSP
JDBC

31
Web Services Support .NET

System.Web.Services namespace
Implements ASP.NETs .asmx pages
System.Runtime.Remoting namespace
Provides SOAP support for remote access
Visual Studio.NET
Provides various functions, e.g., generating
proxies from WSDL files

32
Web Services Support Java

Today
Vendors have added proprietary support for web
services
JAX-RPC
Defines how to use SOAP from Java
Coming
JAX-RPC support required in J2EE 1.4

33
The World Tomorrow?
34
Conclusions

Web services are the biggest thing happening in
distributed computing today
The core technologies are
SOAP
WSDL
UDDI (maybe)
Both .NET and Java address web services
The Java specs have lagged behind

35
Filling in the GapsThe WS Specifications
36
The Future of Web Services

SOAP is essential
Its the foundation of web services
But SOAP isnt enough
Microsoft and IBM (and sometimes others) are
creating more SOAP-based standards
Microsoft refers to these as the Global XML Web
Services Architecture (GXA)

37
Beyond SOAP (1)

Direct Internet Message Encapsulation (DIME)
Allows grouping arbitrary message types into a
single message for transmission
WS-Attachments
Defines how to associate attachments with SOAP
messages
And how to map those compound structures to DIME

38
Beyond SOAP (2)

WS-Routing
Describes how SOAP messages can be routed through
multiple hops before reaching their destination
WS-Referral
Defines how a SOAP intermediary can be configured
WS-Transaction and WS-Coordination
Describe how transactions can be accomplished
using web services
WS-Security
Defines a foundation for providing
authentication, integrity, and confidentiality
for SOAP messages

39
Direct Internet Message Encapsulation (DIME)

Allows encapsulating arbitrary information into a
single message, including
SOAP messages
GIF and JPEG images
Encrypted data
More
Like MIME but
Designed for program-to-program communication,
not email
Has binary headers
Simpler and faster than MIMEs text-based headers

40
DIME Message Format
Type_T
MB
ME
CF
Options Length
Version
Res.
Type Length
ID Length
Data Length
Options
ID
Type
Data
41
WS-Attachments

Defines a way to send attachments with SOAP
messages inside a DIME message
A better solution than SOAP with Attachments,
which uses MIME
Can be used to send binary information directly
Without relying on base64 encoding

42
DIME With WS-Attachments
Res.
Type_T2
CF0
ME0
MB1
Version1
Data Lengthn
Type Length41
ID Length0
Options Length0
http//schemas.xmlsoap.org/soap/envelope/
ltsenvelope xmlnss gtltsbodygt
lt/sbodygtlt/senvelopegt
Res.
Type_T1
CF1
ME0
MB0
Version1
Data Length1048576
Type Length10
ID Length41
Options Length0
image/jpeg
uuidA4C5350D-83DD-8AE1-E094-E2191C2482F1
First 1M bytes of JPEG image
Res.
Type_T0
CF0
ME1
MB0
Version1
Type Length0
ID Length0
Options Length0
Data Length987
Last 987 bytes of JPEG image
43
Routing in Web Services (1)
Intermediary 1
Sender
Intermediary 2
Receiver

SOAP allows a message to go through one or more
intermediaries before reaching its destination
Useful for
Load balancing
Virtualizing what a client sees
More

44
Routing in Web Services (2)

WS-Routing allows specifying the path a SOAP
message should take
Defines a ltPathgt element for the SOAP header
WS-Referral allows dynamically configuring SOAP
intermediaries
By modifying SOAP routing entries in those systems

45
WS-Routing in SOAP (2)

ltsEnvelope
xmlnss"http//schemas.xmlsoap.org/soap/envelop
e/"
xmlnswsrp"http//schemas.xmlsoap.org/rp"gt
ltsHeadergt
ltwsrpPathgt
. . .
lt/wsrpPathgt
lt/sHeadergt
ltsBodygt
. . .
lt/sBodygt
lt/sEnvelopegt

46
An Example Path Element

ltwsrpPath
xmlnswsrp"http//schemas.xmlsoap.org/rp"gt
ltwsrpactiongt
http//www.quickbank.com/screening
lt/wsrpactiongt
ltwsrptogt
http//www.qwickbank.com/getbalance.asmx
lt/wsrptogt
ltwsrpfwdgt
ltwsrpviagt
http//www.securityscreen.com/verify
lt/wsrpviagt
lt/wsrpfwdgt
lt/wsrppathgt

47
Web Services and Transactions

When are transactions useful with web services?
What exactly is a transaction, anyway?
Two specs
WS-Coordination
Defines an abstract framework for coordinating
activities
WS-Transaction
Builds on WS-Coordination
Defines two specific coordination types

48
What WS-Transaction Defines

Atomic transaction (AT)
Uses two-phase commit
Doesnt last long
Typically happens within an organization
Business activity (BA)
Uses fault handling, e.g., compensation
Can last indefinitely
Can span organizational boundaries

49
An Aside BPEL4WS

Business Process Execution Language for Web
Services (BPEL4WS)
A language for specifying
Business processes
Business interaction protocols
Based on WSDL
Unlike the WS specs, its not about
interoperability

50
Web Services Security Today

Its the most important outstanding problem in
web services
Without it, SOAP is a very limited protocol
WS-Security is the main story
Every vendor will likely support it

51
Defining the Problem

Effective distributed security mechanisms already
exist
SSL (sometimes)
Kerberos
Public key-based solutions
Whats needed is a way to use these with SOAP
This is what WS-Security defines

52
The WS-Security Family

WS-Security
Defines a foundation for SOAP-based distributed
security
WS-SecurityPolicy
Specifies how to define security assertions
WS-Trust
Defines how to acquire security tokens.
WS-SecureConversation
Defines how to create a context for a
conversation
Web Services Security Profile for XML-based
Tokens
Defines how to use SAML and XrML with WS-Security

53
Describing WS-Security

Provides end-to-end message-level security for
SOAP messages
Allows multiple SOAP intermediaries along the
route
Supports Kerberos, public key-based technologies,
and other approaches
Defines a ltSecuritygt element for the SOAP header
WS-Security mostly focuses on whats in this
element

54
WS-Security in SOAP

ltsEnvelope
xmlnss
"http//schemas.xmlsoap.org/soap/envelope/
xmlnswsse
"http//schemas.xmlsoap.org/ws/2002/12/secext"gt
ltsHeadergt
ltwsseSecuritygt
. . .
lt/wsseSecuritygt
lt/sHeadergt
ltsBodygt
. . .
lt/sBodygt
lt/sEnvelopegt

55
WS-Security Services

Authentication
Defines ways to represent and convey security
tokens
Examples
Username/password
Kerberos ticket
X.509 certificate
Integrity
Uses W3Cs XML Signature standard
Confidentiality
Uses W3Cs XML Encryption standard

56
Simple Authentication UsernameToken

ltwsseSecurity xmlnswsse
"http//schemas.xmlsoap.org/ws/2002/12/secext"gt
ltwsseUsernameTokengt
ltwsseUsernamegtDianalt/wsseUsernamegt
ltwssePasswordgtmY5ecRetlt/wssePasswordgt
lt/wsseUsernameTokengt
lt/wsseSecuritygt

57
Authentication Review Kerberos
Key Distribution Center
58
Authentication With Kerberos BinarySecurityToken

ltwsseSecurity xmlnswsse
"http//schemas.xmlsoap.org/ws/2002/12/secext"gt
ltwsseBinarySecurityToken
ValueType"wsseKerberosv5ST"
EncodingType"wsseBase64Binary"gt
QMwcAG ...
lt/wsseBinarySecurityTokengt
lt/wsseSecuritygt

59
Authentication Review Public Key
Certification Authority
60
Authentication Review X.509 Certificates
Version
Serial Number
Signature Algorithm
Issuer
Valid From
Valid To
Subject
Public Key
Other Fields
Issuers Digital Signature
61
Authentication With X.509 BinarySecurityToken

ltwsseSecurity xmlnswsse
"http//schemas.xmlsoap.org/ws/2002/12/secext"gt
ltwsseBinarySecurityToken
ValueType"wsseX509v3"
EncodingType"wsseBase64Binary"gt
KkFPle ...
lt/wsseBinarySecurityTokengt
lt/wsseSecuritygt

62
Accessing Multiple Secure Web Services
Client
63
Integrity Review (1) Digital Signatures
ltSome XML elementsgt
64
Integrity Review (2) Creating a Digital
Signature
ltSome XML elementsgt
65
Integrity Review (3) Verifying a Digital
Signature
ltSome XML elementsgt
Digital Signature
66
Providing Integrity (1)

ltsEnvelope
xmlnss" " xmlnswsse " " xmlnswsu
"http//schemas.xmlsoap.org/ws/2002/07/utility"gt
ltsHeadergt
ltwsseSecuritygt
ltwsseBinarySecurityToken
ValueType"wsseX509v3"
EncodingType"wsseBase64Binary"
wsuId"X509Cert"gt
KkFPle ...
lt/wsseBinarySecurityTokengt

67

Providing Integrity (2)

ltdsSignature xmlnsds
"http//www.w3.org/2000/09/xmldsig"gt
ltdsSignedInfogt
ltdsCanonicalizationMethod Algorithm ""/gt
ltdsSignatureMethod
Algorithm"xmldsigrsa-sha1"/gt
ltdsReference URI"MessageBodygt
ltdsDigestMethod
Algorithm"xmldsigsha1"/gt
ltdsDigestValuegt
aOb4Luuk...
lt/dsDigestValuegt
lt/dsReferencegt
lt/dsSignedInfogt

68
Providing Integrity (3)

ltdsSignatureValuegt A9qqIrtE3xZ
lt/dsSignatureValuegt
ltdsKeyInfogt
ltwsseSecurityTokenReferencegt
ltwsseReference URI"X509Cert"/gt
lt/wsseSecurityTokenReferencegt
lt/dsKeyInfogt
lt/dsSignaturegt
lt/wsseSecuritygt
lt/sHeadergt
ltsBody wsuIdMessageBodygt
. . .
lt/sBodygt
lt/sEnvelopegt

69
Providing Confidentiality A Simple Example (1)

ltsEnvelope
xmlnss" " xmlnsds " "
xmlnsxenc"http//www.w3.org/2001/04/xmlenc"gt
ltsBodygt
ltxencEncryptedDatagt
ltEncryptionMethod
Algorithmxmlenctripledes-cbc/gt
ltdsKeyInfogt
ltdsKeyNamegt
CNKey13, CUS
lt/dsKeyNamegt
lt/dsKeyInfogt

70
Providing ConfidentialityA Simple Example (2)

ltxencCipherDatagt
ltxencCipherValuegt
r5KipsDV
lt/xencCipherValuegt
lt/xencCipherDatagt
lt/xencEncryptedDatagt
lt/sBodygt
lt/sEnvelopegt

71
.NET Support for GXA

Microsoft provides Web Services Enhancements for
Microsoft .NET
Supports
DIME
WS-Attachments
WS-Routing
WS-Security
Authentication and integrity

72
Applying Web Services
73
Potential Benefits of Web Services

Reducing costs
Better, faster, cheaper integration
Eventually, everything talks to everything
Increasing revenue
Connecting more easily with partners and
customers
Providing new services
On intranets and the Internet

74
Categorizing Web Services Applications
An Excel spreadsheet accessing an intranet-based
exchange rate service
EAI, e.g., a .NET Framework application
communicating with a packaged application
An Excel spreadsheet accessing an Internet-based
exchange rate service
B2B, e.g., connecting one firms purchasing
system to anothers billing system
75
A Client/Server Web Services Continuum
Intranet-based Excel-to-server
Exposing a search engines services on the
Internet
Easy
Exposing .NET My Services on the Internet
Hard
76
A Server/Server Web Services Continuum
EAI on intranets
B2B on the Internet
Easy
Dynamic discovery and use of Internet web
services
Hard
77
An Alternative Approach ebXML

A group of specifications focused on B2B
interactions
Created by OASIS and UN/CEFACT
A competitor to the SOAP school of web services?

78
Illustrating a B2B Interaction
Business X
Business Y
79
Whats Needed to Achieve This

Agreement on the interactions
What is the business process?
Agreement on the data
What are the document formats?
Agreement on the protocols
How is the information conveyed?

80
What ebXML Defines

Standard B2B interactions
Defined using BPSS
(Some) common data formats
Defined as XML documents
Existing EDI standards are being converted
Common protocols
SOAP with Attachments
Business Transaction Protocol (BTP)
More

81
Some Issues with ebXML

Its produced by a large, broad-based group
It competes with the SOAP technology family
BPSS vs. BPEL4WS
SOAP With Attachments vs. DIME
BTP vs. WS-Coordination/WS-Transaction
The ebXML Registry vs. UDDI
It has more specifications than implementations
Shipping code beats shipping specs every time
It lacks major vendor support
Its biggest proponent is Sun

82
Categorizing Software Platforms
Application Platform
Integration Platform
83
The Application Platform Market Today

The two core technology families are
Java/J2EE Application Servers
Supported by IBM, BEA, Sun, and others
The .NET Framework
Supported by Microsoft
Definitions and technologies are clear
The market is fairly mature

84
The Integration Platform Market Today

Many different technologies exist
Microsofts BizTalk Server
WebMethods
Lots more
Theres a good deal of variation in these
products
The problem they address is complicated and
diverse
The market is not mature
Web services are changing integration platforms

85
Integration Before Web Services
Integration Platform
86
Integration After Web Services
Integration Platform
87
The Future of Microsoft Integration Platforms
Jupiter

Combines the functions of
BizTalk Server
Microsoft Commerce Server
Microsoft Content Management Server
More
Will support
WS-Security
BPEL4WS
More

88
Web Services and Services-Oriented Architecture
(SOA)
89
Applying Web Services to SOA

Web services help with
A standard protocol across heterogeneous systems
Web services dont help with
Delays inherent in remote connections
Diverse security mechanisms
Different data formats

90
Conclusion

Distributed computing is being remade around web
services
Technologies first
SOAP
The WS specs
Applications next
EAI is the killer app for web services
Web services are a big deal
Theyre here to stay

91
About the Speaker

David Chappell is Principal of Chappell
Associates in San Francisco, California. Through
his keynotes, seminars, writing, and consulting,
David helps IT professionals around the world
understand, use, market, and make better
decisions about enterprise software technologies.
David has been the keynote speaker for
conferences in the U.S., Europe, Latin America,
and the Middle East, and hes also delivered
keynotes at many in-house events. His popular
seminars have been attended by tens of thousands
of developers and decision makers in more than
thirty countries, and his appearances have been
covered in print and online publications in the
U.S., England, Israel, China, India, and other
countries. David has also spoken at many
universities, including the National University
of Singapore, Swedens Uppsala University, and
Moscow State University.
Davids books on enterprise software
technologies have been translated into ten
languages and used in courses at MIT, ETH Zurich,
and other schools. He is Series Editor for
Addison-Wesleys Independent Technology Guides,
and his most recent book, Understanding .NET, was
published in this series in 2002. More than 100
of Davids articles have appeared in various
publications, and he currently writes a regular
column for Application Development Trends
magazine.
In his consulting practice, David works with a
diverse group of companies each year, with HP,
Microsoft, and Stanford University among his
recent clients. David holds a B.S. in Economics
and an M.S. in Computer Science, both from the
University of Wisconsin-Madison. He has also
participated in Executive Education at the
Wharton School of Business.

92
Forum de Arquitectos de Software XML WEB
SERVICES TODAYDavid Chappell
Patrocinado por

Write a Comment

User Comments (0)

About PowerShow.com