THE US NATIONAL VIRTUAL OBSERVATORY

1
THE US NATIONAL VIRTUAL OBSERVATORY
Building Web Services
Matthew J. Graham CACR/Caltech
2
Overview

• WSDL
• Attachments
• Security
• State
• Asynchrony
• Message orientation

3
Design styles

• Contract-last development
• Implement service
• java org.apache.axis.wsdl.Java2WSDL ltinterfacegt
• ? contract coupled to service implemenations
  interface
• Contract-first development
• Write XSD and WSDL
• java org.apache.axis.wsdl.WSDL2Java -s ltwsdlgt
• Fill in business logic

4
What is WSDL?

• Web Services Description Language
• An XML grammar for describing a web service as a
  collection of endpoints capable of exchanging
  messages in a particular fashion
• W3C specification (http//www.w3.org/TR/wsdl)
• Use WSDL 1.1
• http//www.xmethods.net

5
Anatomy of a WSDL file
ltdefinitionsgt lt/definitionsgt
ltimportgt - include other WSDLs lttypesgt -
define datatypes used in ltmessagegt ltschemagtlt/sch
emagt lt/typesgt
ltmessagegt - model data exchanged ltpartgtlt/par
tgt lt/messagegt
ltporttypegt - describe interfaces supported
for ltoperationgt an endpoint ltinputgtlt/inpu
tgt - define input and output parameters ltoutput
gtlt/outputgt ltfaultgtlt/faultgt lt/operationgt lt/p
orttypegt
ltbindinggt - formatting and representation of
SOAP ltoperationgt message on the
wire ltinputgtlt/inputgt ltoutputgtlt/outputgt lt/o
perationgt lt/bindinggt
ltservicegt - identifies actual endpoint for
WS ltportgtlt/portgt lt/servicegt
6
WSDL example
ltdefinitions xmlnshttphttp//schemas.xmlsoap.or
g/wsdl/http/ xmlnssoap"http//schemas.xmls
oap.org/wsdl/soap/" xmlnsshttp//www.w3.org/2001
/XMLSchema xmlnss0http//skyservice.pha.jhu
.edu xmlnssoapenchttp//schemas.xmlsoap.org/soap
/encoding/ targetNamespace"http//skyservic
e.pha.jhu.edu" xmlns"http//schemas.xmlsoap.org/w
sdl/"gt lttypesgtltsschema
elementFormDefault"qualified" targetNamespace"ht
tp//skyservice.pha.jhu.edu"gt
ltselement name"ComovingLineOfSight"gt
ltselement minOccurs"1"
maxOccurs"1" name"z" type"sfloat" /gt
ltselement minOccurs"1"
maxOccurs"1" name"hubble" type"sfloat" /gt
ltselement minOccurs"1"
maxOccurs"1" name"omega" type"sfloat" /gt
ltselement minOccurs"1"
maxOccurs"1" name"lambda" type"sfloat" /gt
lt/selementgt
ltselement name"ComovingLineOfSightResponsegt
ltselement minOccurs"1"
maxOccurs"1" name"ComovingLineOfSightResult"
type"sfloat" /gt lt/selementgt
lt/sschemagtlt/typesgt ltmessage
name"ComovingLineOfSightSoapIn"gt
ltpart name"parameters" element"s0ComovingLi
neOfSight" /gt lt/messagegt
ltmessage name"ComovingLineOfSightSoapOut"gt
ltpart name"parameters"
element"s0ComovingLineOfSightResponse" /gt
lt/messagegt ltportType
name"DistanceSoap"gt
ltoperation name"ComovingLineOfSight"gt
ltdocumentationgtReturn the
comoving line of sight distance...lt/documentationgt
ltinput message"s0ComovingLineOfSigh
tSoapIn" /gt ltoutput
message"s0ComovingLineOfSightSoapOut" /gt
lt/operationgt lt/portTypegt
ltservice name"Distance"gt ltport
name"DistanceSoap" binding"s0DistanceSoap"gt ltso
apaddress location"http//voservices.net/Cosmolo
gy/ws_v1_0/Distance.asmx" /gt lt/portgt
lt/servicegt lt/definitionsgt
7
What about the binding?

• ltbinding name"DistanceSoap" type"s0DistanceSoap
  "gt
• ltsoapbinding transport"http//schemas.xmlsoap.or
  g/soap/http" style"document" /gt
• ltoperation name"ComovingLineOfSightgt
• ltsoapoperation soapAction"http//skyservice.pha.
  jhu.edu/ComovingLineOfSight" style"document" /gt
• ltinputgt
• ltsoapbody use"literal" /gt
• lt/inputgt
• ltoutputgt
• ltsoapbody use"literal" /gt
• lt/outputgt
• lt/operationgt
• lt/bindinggt

8
Binding attributes

• Style (representation on the wire)
• rpc the endpoint treats child elements in the
  body as XML representation of method call (SOAP
  1.1, sec. 7)
• document the body can contain arbitrary XML
• Use (how data is serialized across the wire)
• encoded rules in a URL specified by
  encodingStyle attribute
• literal rules specified by XML schema

9
WSDL binding flavours (I)
RPC
Document
ltmessage nameRequestgt ltpart namex
typexsint/gt lt/messagegt ltmessage
nameempty/gt ltportType namefoogt ltoperation
namemethodgt ltinput messageRequest/gt ltoutput
messageempty/gt lt/operationgt lt/portTypegt
lttypesgt ltschemagt ltelement namexElement
typexsint/gt lt/schemagt lt/typesgt ltmessage
nameRequestgt ltpart namex elementxElement/
gt lt/messagegt ltmessage nameempty/gt ltportType
namefoogt ltoperation namemethodgt ltinput
messageRequest/gt ltoutput messageempty/gt lt/op
erationgt lt/portTypegt
Literal
ltmessage nameRequestgt ltpart namex
typexsint/gt lt/messagegt ltmessage
nameempty/gt ltportType namefoogt ltoperation
namemethodgt ltinput messageRequest/gt ltoutput
messageempty/gt lt/operationgt lt/portTypegt
Encoding
10
WSDL binding flavours (II)
RPC
Document
ltsoapenvelopegt ltsoapbodygt ltmethodgt ltxgt5lt/xgt lt/m
ethodgt lt/soapbodygt lt/soapenvelopegt
ltsoapenvelopegt ltsoapbodygt ltxElementgt5lt/xElement
gt lt/soapbodygt lt/soapenvelopegt
Literal
ltsoapenvelopegt ltsoapbodygt ltmethodgt ltx
xsitypexsintgt5lt/xgt lt/methodgt lt/soapbodygt lt/s
oapenvelopegt
Encoding
11
WSDL binding flavours (III)
Document/literal wrapped
lttypesgt ltschemagt ltelement namemethodgt ltcomplexT
ypegt ltsequencegt ltelement namex
typexsint/gt lt/sequencegt lt/complexTypegt lt/eleme
ntgt lt/schemagt lt/typesgt ltmessage
nameRequestgt ltpart nameparameters
elementmethod/gt lt/messagegt ltmessage
nameempty/gt ltportType namefoogt ltoperation
namemethodgt ltinput messageRequest/gt ltoutput
messageempty/gt lt/operationgt lt/portType
ltsoapenvelopegt ltsoapbodygt ltmethodgt ltxgt5lt/xgt lt/m
ethodgtgt lt/soapbodygt lt/soapenvelopegt
12
Which flavour to use?

• Doc style can pass entire transaction as an XML
  document (state)
• Doc style not constrained by RPC-oriented
  encoding
• Doc style can be validated at call time
• Processing overhead in encoding payloads with RPC
• Doc style can use low memory parsers such as SAX
  and StAX
• RPCs natural tendency to expose programming
  language object structures
• ? doc/literal
  wrapped (95)

13
Why not doc/literal wrapped? - I
rpc/literal
doc/literal
doc/literal wrapped
ltmessage nameRequestgt ltpart namex
typexsint/gt lt/messagegt
lttypesgt ltschemagt ltelement namexElement
typexsint/gt lt/schemagt lt/typesgt ltmessage
nameRequestgt ltpart namex elementxElement/
gt lt/messagegt
lttypesgt ltschemagt ltelement namemethodgt ltcomplexT
ypegt ltsequencegt ltelement namex
typexsint/gt lt/sequencegt lt/complexTypegt lt/eleme
ntgt lt/schemagt lt/typesgt ltmessage
nameRequestgt ltpart nameparameters
elementmethod/gt lt/messagegt
ltportType namefoogt ltoperation
namemethodgt ltinput messageRequest/gt lt/operat
iongt lt/portTypegt
ltsoapenvelopegt ltsoapbodygt ltmethodgt ltxgt5lt/xgt lt/m
ethodgt lt/soapbodygt lt/soapenvelopegt
ltsoapenvelopegt ltsoapbodygt ltmethodgt ltxgt5lt/xgt lt/m
ethodgtgt lt/soapbodygt lt/soapenvelopegt
ltsoapenvelopegt ltsoapbodygt ltxElementgt5lt/xElement
gt lt/soapbodygt lt/soapenvelopegt
14
Why not doc/literal wrapped? - II

• Overloaded operations
• public void myMethod (int x, float y)
• public void myMethod (int x)
• Number of parameters
• public void someOtherMethod(int x, float y)
• Data graphs
• ltcomplexType nameNodegt
• ltsequencegt
• ltelement namename typestring/gt
• ltelement nameleft typeNode/gt
• ltelement nameright typeNode/gt
• lt/sequencegt
• lt/complexTypegt
• RPC/encoding ltAgt Literal ltAgt
• ltnamegtAlt/namegt ltnamegtAlt/namegt
• ltleft href9999/gt ltleftgt
• ltright href9999/gt ltnamegtBlt/namegt

A Left Right
B Left Right
15
Interoperability

• Suitable for and capable of being implemented in
  a neutral manner on multiple operating systems
  and in multiple programming languages
• Not all web services are interoperable!
• Web Services Interoperability Organisation
  (http//www.ws-i.org)
• WS-I Testing Tools

16
WS-

• WS-Semantics
• WS-Topic
• WS-Transaction
• WS-Transaction Management
• WS-Transfer
• WS-Trust
• ASAP
• ebXML
• MTOM
• SAML
• SOAP
• SwA
• UBL
• UDDI
• WSDL
• XACML
• XML Encryption
• XML Signature

• WS-I Basic Profile
• WS-I Basic Security Profile
• WS-Manageability
• WS-Management
• WS-MetadataExchange
• WS-Notification
• WS-Policy
• WS-PolicyAssertions
• WS-PolicyAttachment
• WS-PolicyFramework
• WS-Polling
• WS-Provisioning
• WS-Reliability
• WS-ReliableMessaging
• WS-RemotePortals
• WS-ResourceFramework
• WS-ResourceLifetime
• WS-ResourceProperties
• WS-Routing

• WS-Addressing
• WS-AtomicTransaction
• WS-Attachments
• WS-BaseNotification
• WS-BPEL
• WS-BrokeredNotification
• WS-BusinessActivity
• WS-CAF
• WS-Choreography
• WS-CDL
• WS-Context
• WS-Coordination
• WS-CoordinationFramework
• WS-Discovery
• WS-DistributedManagement
• WS-Enumeration
• WS-Eventing
• WS-ExperienceLanguage
• WS-Federation

17
Attachments opaque data

• By value
• XML representation
• or
• use xshexBinary or xsbase64Binary within the
  body
• data expansion by a factor of 1.33 - 4
• anything within SOAP body gets parsed
• processing costs of encoding/decoding
• By reference
• attach pure binary data as external unparsed
  entity outside SOAP message
• use reference URI within the body

18
Reference solutions

• SwA (SOAP with Attachments)
• Multipart MIME message SOAP (0), data (1-n)
• Use Content-Id as reference in body
• Lack of length header on message sections
• No recommendation just W3C Note
• DIME (Direct Internet Message Encapsulation)
• Uses faster and more efficient binary encoding
• No standard, disowned by Microsoft
• Both introduce a data structure outside realm of
  XML data model no rules to specify how
  attachment content related to SOAP envelope so
  incompatible with WS-

19
MTOM

• Message Transmission Optimization Mechanism
• Uses MIME - backwards compatible with SwA
• Uses XOPInclude as reference mechanism (XOP
  XML Binary Optimized Packaging)
• Conceptually binary data is base64-encoded in
  SOAP XML document ? compatible with WS-
• Implementations
• Axis2 (http//ws.apache.org/axis2)
• Xfire (http//xfire.codehaus.org)
• WSE 3.0 (http//msdn.microsoft.com/library/default
  .asp?url/library/en-us/dnwse/html/newwse3.asp)

20
Security

• Transport level (https)
• Message level
• End-to-end allows for unlimited intermediaries
• Data origin authentication
• Different types of security tokens/credentials
• unsigned (username/password)
• binary (X.509 certificate)
• XML (SAML token)
• Multiple credentials

21
WS-Security

• OASIS standard
• (http//www.oasis-open.org/committees/tc_home.php?
  wg_abbrevwss))
• Security token validation (authentication)
• validate authentication assertions made by
  principals
• Message integrity (signing)
• verify message origin
• validate encryption keys
• confirm security token claims
• Message confidentiality (encryption)
• Introduces extra XML into SOAP header

22
WSS Implementations

• Java
• WSS4J (http//ws.apache.org/wss4j) used by
  Axis2/XFire
• C
• WSE 2.0 (http//msdn.microsoft.com/webservices/web
  services/building/wse/default.aspx)
• WSRF.Net (http//www.cs.virginia.edu/gsw2c/wsrf.n
  et.html)
• Perl
• WSRFLite (http//www.sve.man.ac.uk/Research/AtoZ
  /ILCT)
• Python
• pyGridWare (http//dsd.lbl.gov/gtg/projects/pyGrid
  Ware/)

23
State

• Stateless is good
• In case of failure, just restart without concern
  of previous interactions (reliability)
• New service instances can be created/destroyed in
  response to system load (scalability)
• How to handle state?
• Separate web service and state information
  (resource)
• Identify resource with a unique key
• Use message exchanges with the service to
  interact with the resource (manipulate state)

24
WS-Resource

• An entity composed of a web service and a
  stateful resource
• The address is called an endpoint reference
  (WS-Addressing)
• ACID
• Updates made in all-or-nothing fashion
  (atomicity)
• Consistent state even after failure (consistency)
• Updates isolated within a given work unit
  (isolation)
• Permanence of updates (durability)

25
WS-RF the nuts and bolts

• WSDL for a stateful service
• ltdefinitionsgt
• ltimportgt
• lttypesgt
• ltxsschemagt
• ltxselement nameStatefulResourcePropertiesgtlt
  /xselementgt
• ltxsschemagt
• lttypesgt
• ltporttype wsdlppextends
• wsrpResourcePropertiestnsStatefulResourcePrope
  rtiesgt
• Implementations
• Java GT4 (htttp//www.globus.org) Apache WSRF
  (http//ws.apache.org/wsrf)
• .NET WSRF.Net (http//www.cs.virginia.edu/gsw2c/
  wsrf.net.html)
• Python pyGridWare (http//dsd.lbl.gov/gtg/project
  s/pyGridWare/)
• Perl WSRFLite (http//www.sve.man.ac.uk/Researc
  h/AtoZ/ILCT)

26
Asynchrony

• Real world is asynchronous
• No current standards for asynchronous services
  but most promising is OASIS ASAP
• (http//www.oasis-open.org/committees/tc_home.php
  ?wg_abbrevasap)
• Toolkits exist which facilitate asynchronous
  activities
• WS-RF (see above)
• Axis2 (http//ws.apache.org/axis2)
• JMS (http//java.sun.com/products/jms) /
• Caffeine (http//caffeine.berlios.de/site/)
• WSIF (http//www.apache.org/wsif)

27
Messaging operations

• WSDL 1.1 defines four types of messaging
  operation that an endpoint can support
• One-way endpoint receives a message
• Request/response endpoint receives a message and
  sends a correlated message
• Solicit/response endpoint sends a message and
  receives a correlated message
• Notification endpoint sends a message
• One-way/two-way transport behaviour

28
Patterns for asynchrony (I)

• Fire and Forget
• Request/response (Transport timeout)

C
S
C
S
C
S
29
Patterns for asynchrony (II)

• Polling
• Callback

C
S
C
S
30
WS-Addressing

• No standard SOAP way to specify
• where a message is going
• how to return a response
• where to report an error
• WS-Addressing provides
• To
• ReplyTo
• FaultsTo
• Anonymous
• MessageId / RelatesTo
• Standard for including service-specific attributes

31
Whats wrong with WSDL (for SOAP)?

• Focuses on interface abstraction to describe
  services (RPC mindset)
• Limited modelling of interaction patterns (no
  more than 2 message exchanges)
• No choreographical information (x ? y ? z)
• Difficult to describe infrastructure protocols
  that use SOAP headers
• Technologies that use WSDL as a basis tend to be
  more verbose and complex than necessary

32
MEST (MESsage Transfer)

• Messaging
• No notion of client/server just peers
• Largely time independent messages delivered when
  peer is available
• Messages can be duplicated and delivered to
  multiple peers
• Messages and services are first class
  abstractions (no interfaces, data and operations)
• SSDL (http//www.ssdl.org)
• Indigo dual contracts are beyond WSDL

33
SSDL

• SOAP is the messaging vector over arbitrary
  transport (and transfer) protocols
• WS-Addressing used for embedding addressing
  information within SOAP envelopes and binding
  those addresses onto underlying transport
  protocols
• XML Infoset is the underlying component model
• Use Xinclude for contract modularization
• Promotes protocol framework extensibility

34
SSDL structure

• Schemas
• XML Schemas
• Messages
• SOAP documents
• Protocols (how messages relate to each other)
• MEP (WSDL 2.0)
• Communicating Sequential Processes
• Rules (uses preconditions on send and receive
  events)
• Sequential Constraints
• Endpoints
• WS-Addressing Endpoint Reference