Web Services and NIEM

1
Web Services and NIEM

• Andrew Owen
• Justice Information Systems Specialist
• SEARCH

2
Objective

• Discuss the complementary relationship between
  web services and NIEM

3
Web Services

• A 'Web service' is defined by the W3C as "a
  software system designed to support interoperable
  machine-to-machine interaction over a network".

Web Service System-to-system
Web Application Person-to-system
HTTPSOAP XML
HTTPHTML
4
More about web services

• Web services are application components
• Web services communicate using open protocols
• Web services are self-contained and
  self-describing
• Web services are formally described, and the
  descriptions are made available to potential
  consumers
• Web services can be used by other applications
• XML is the basis for Web services

5
Web Services and Service-Oriented Architecture
(SOA)
6
SOA

• SOA is an architectural approach for information
  sharing
• Focuses on identifying business capabilities and
  making those available by providing services
• Strives for agility (loose coupling)
• Cost savings through reuse
• Web services does not equal SOA, but web services
  can be an effective means of implementing
  services in an SOA

7
Why web services?

• Your system can make its functionality available
  via web services
• Open, non-proprietary, cross-platform way to
  interconnect systems

8
Protocols and Standards

• As with any form of communication, web services
  provides protocols and standards to facilitate
  strong communication among communication entities
• Requirements for strong communication include
  things like
• Delivery to and from proper entities
• Reliable delivery
• Confidentiality
• Integrity

9
SOAP

• Simple Object Access Protocol (SOAP)
• Defines the runtime message that contains the
  service request and response.
• XML-based
• Independent of any particular transport and
  implementation technology.

10
Example SOAP message
SOAP Header
SOAP Body
SOAP Envelope
11
WSDL

• Web Services Description Language (WSDL)
• Describes a Web Service and its SOAP Message(s).
• XML-based
• Provides a programmatic way to describe what a
  service does.

12
WSDL Structure
Types
Contains data type definitions required for
exchanged messages
Consists of one or more parts where each part
is defined in Types
Message
Apply context to the Messages (one way,
request/response, solicit response, etc.)
Operation
Set of one or more Operations and messages
involved in those operations.
Port Type
Defines message format and protocol details for
operations and messages defined by a particular
PortType
Binding
Port
Defines an individual endpoint by specifying an
address for each Binding
Service
A group of related Ports
13
WSDL Example
14
NIEM Refresher

• NIEM is a national, multi-community data model
• Made possible by input and review from State,
  Local, Federal, and Tribal agencies
• The NIEM physical model is XML schema
• NIEM provides a foundation for developing
  information exchange specifications (IEPDs)

15
Where does NIEM come into play?

• IEPD used to define the structure of the Web
  Service message
• NIEM-conformant schemas are referenced directly
  from the WSDL
• XML instances that conform to a NIEM IEPD are
  carried in the SOAP body

16
Consideration

• There will be tradeoffs if a single WSDL contains
  more than one IEPD

17
Strengthening of Web Services
18
WS-Policy

• A standard that provides a general purpose model
  and corresponding syntax to describe the policies
  of a Web Service
• Defines a base set of constructs that can be used
  and extended by other Web services specifications
  to describe a broad range of service requirements
  and Capabilities

19
WS-Addressing

• A standard that allows web services to
  communicate addressing details
• Defines concepts like
• MessageID
• To
• From
• ReplyTo
• Action
• RelatesTo

20
WS-Reliable Messaging

• A standard that supports reliable delivery of
  SOAP messages across unreliable infrastructure
  (the internet)
• Ensures delivery in times of software, system, or
  network failures
• Supports end-to-end reliability rather than
  point-to-point reliability

21
Understanding the RM model
22
Reliable Message Exchange
23
WS-Security

• A standard that describes how to incorporate
  security tactics with web services
• Provides end-to-end integrity and confidentiality
  for SOAP messages
• Has flexibility to support a variety of security
  models (PKI, Kerberos, SSL)
• Two core functions
• Message Confidentiality (Encryption)
• Message Integrity (Signature)

24
Message Encryption
Recipients Public Key
Recipients Private Key
Ua78uiHdf56hyu_at_iewOIY54d
I Love Web Services
I Love Web Services
Decrypt
Encrypt
25
Digital Signature
Senders Private Key
Senders Public Key
Ua78uiHdf56hyu_at_iewOIY54d
Transfer 100.00
Transfer 100.00
Verify
Sign
26
In Summary

• Web services allow you to expose system
  functionality and share that functionality across
  the enterprise
• Web services is not SOA, but SOA can be achieved
  through using web services
• Many standards exist to help make web services
  implementation much stronger