SOAP

1
SOAP

• The Simple Object Access Protocol

2
Objectives

• Provide an Introduction to SOAP
• Rationale and history
• Protocol description
• Syntax structure
• Illustrate Infrastructure around SOAP
• Security and Authentication
• Service description and discovery

3
Overview

• Section 1 Fundamentals
• Section 2 Protocol Layers
• Section 3 Message Elements
• Section 4 Infrastructure
• Summary

4
Section 1 Fundamentals

• SOAP Definition
• Evolution of an Open Standard
• SOAP as RPC Protocol
• SOAP as Messaging Protocol
• XML and HTTP

5
SOAP Definition

• Simple Object Access Protocol 1.1
• Envelope for XML Letters
• Specification definition
• "Lightweight mechanism for exchanging structured
  and typed information between peers ... using
  XML."
• Designed both for messaging and RPC
• Specifies three parts
• SOAP envelope for message framework
• SOAP encoding for standardized marshaling
• SOAP RPC as remote procedure call convention

6
Evolution of an Open Standard

• SOAP 0.x by UserLand and DevelopMentor
• Predecessor UserLands XML-RPC
• SOAP 1.0 co-authored by Microsoft
• SOAP 1.1 co-authored by IBM, Lotus
• Endorsed by Sun, IONA, Apache, etc.
• Submitted as a proposal to W3C
• Foundation for XML Protocol (XP) working group
• http//www.w3.org/TR/SOAP

7
How it looks

• A Simplified Request

HTTP/1.1 POST /soap/mycomponentContent-Type
text/xmlSOAPAction MyComponentMethod ltSOAPEnve
lopegt ltSOAPBodygt ltmMyMethodArgumentsRootgt lt
MyArgumentgt1lt/MyArgumentgt lt/mMyMethodArgumentsR
ootgt lt/SOAPBodygt lt/SOAPEnvelopegt
8
SOAP as RPC Protocol

• Marshals procedure calls via XML
• Transport can be HTTP, SMTP, etc.
• Roughly equivalent to DCOM IIOP
• No expensive middleware required
• Anyone can implement easily
• Simplicity as a design goal
• Designed for existing Internet infrastructure
• Default wire-protocol for .NET Remoting

9
SOAP as Messaging Protocol

• Descriptive container for any XML data exchange
• Transport can be SMTP, X.400, Queues etc.
• EDI-like Equivalent to EDIFACT/X12 headers
• Mail-like Similar to Exchange Forms idea
• Basis for BizTalk Framework
• Interoperable and platform agnostic

10
Why XML ?

• XML is a layered, (mostly) simple, text-based and
  standardized data exchange architecture.

SOAP
XML Schema (Classes)
XML Information Set (Structure)
XML Namespaces (Elements and Attributes)
XML (Documents and Entities)
11
XML for Messaging and RPC

• Simplicity
• XML documents are plain text
• Portability
• No platform dependencies
• No issues as with binary protocols
  (byte-ordering)
• XML parsers exist for virtually every platform
• Universally accepted
• XML is the 1 data exchange language

12
Why HTTP for RPC?

• 1 application protocol used on the Internet
• Available on all platforms
• Simple to implement
• Good infrastructure extensibility
• Not Connection oriented
• Designed for bad network conditions
• Designed to scale
• HTTP services are easily deployed
• No firewall configuration problems

13
HTTP Characteristics

• Connectionless request/response mechanism
• GET is the access protocol for resources
• POST is the application protocol for interaction
• Calls are directed to a URI
• Headers specify options
• Response codes indicate success/failure/status

HTTP/1.1 POST /signup.aspxContent-Type
text/www-form-urlencodedfnameClemenslnameVast
ers
HTTP/1.1 200 OKContent-Type text/htmllthtmlgtltbo
dygtHa!lt/bodygtlt/htmlgt
14
Section 2 Protocol Layers

• SOAP Envelope
• SOAP Encoding
• SOAP RPC

15
The Protocol Layers

• SOAP layers it's own model on top of XML

SOAP RPC
SOAP Messaging
SOAP Encoding
SOAP Envelope
Authentication
Encryption
BTF2.0
Attachments
XML Framework
16
SOAP Envelope

• Purpose Uniform container for XML messages
• SOAPEnvelope is defined by XML Schema
• URI http//schemas.xmlsoap.org/soap/envelope/
• Contains
• SOAPHeader for handling instructions
• SOAPBody for XML Payload
• Specifies order, cardinality for structural
  elements
• Defines SOAPFault for communication errors.

17
SOAP Encoding

• Purpose
• Uniform type and encoding system for data in SOAP
  Envelopes
• Encoding is defined by XML schema
• http//schemas.xmlsoap.org/soap/encoding/
• Optional recommendation
• Ensures interoperability of data
• Defines rich type system
• Simple Types, Enums
• Compound Values, Structures and References
• Arrays (incl. Sparse Arrays, Partial Arrays)

18
SOAP RPC

• SOAP RPC is a set of rules for remote procedure
  calls
• Key Points
• Interface/Service identified by URI
• Method invocation is modeled as structure
• Parameter order for in/out in response must be
  the same as in request.
• Behavior on error (return SOAPFault)

19
Section 3 Message Elements

• SOAPEnvelope element
• SOAPHeader element
• SOAPBody element
• SOAPFault element
• SOAPAction HTTP header
• SOAPencodingStyle

20
SOAPEnvelope
HTTP/1.1 POST /soap/myserviceContent-Type
text/xmlSOAPAction MyInterfaceMyComponentMethod
ltSOAPEnvelopegt ltSOAPHeadergt
ltmmyHeader xmlnsmmyURI SOAPmustUnderstand0
gt HeaderInfo lt/mmyHeadergt
lt/SOAPHeadergt ltSOAPBodygt
ltmMyMethodArgumentsRoot xmlnsmmyURI gt
ltMyArgumentgt1lt/MyArgumentgt lt/mMyMethodArgumen
tsRootgt lt/SOAPBodygt lt/SOAPEnvelopegt
21
SOAPEnvelope

• Basics
• Top-level (root) element of every SOAP message
• Must be present
• Must reference to the SOAP Envelope namespace
• xmlnsSOAPhttp//schemas.xmlsoap.org/schemas/en
  velope/
• May have additional, custom attributes
• If present, they also must be namespace qualified
• May contain at most one Header child element
• Must contain exactly one Body child element

22
SOAPHeader
HTTP/1.1 POST /soap/myserviceContent-Type
text/xmlSOAPAction MyInterfaceMyComponentMethod
ltSOAPEnvelopegt ltSOAPHeadergt
ltmmyHeader xmlnsmmyURI SOAPmustUnderstand0
gt HeaderInfo lt/mmyHeadergt
lt/SOAPHeadergt ltSOAPBodygt
ltmMyMethodArgumentsRoot xmlnsmmyURI gt
ltMyArgumentgt1lt/MyArgumentgt lt/mMyMethodArgumen
tsRootgt lt/SOAPBodygt lt/SOAPEnvelopegt
23
SOAPHeader

• Basics
• Optional element
• If present, must be immediate child of Envelope
• May contain multiple child elements (headers)
• Specify processing hints for the message
• All child elements must be namespace-qualified
• Special attributes for child elements
• SOAPmustUnderstand01
• Specifies whether the header must be understood.
  If the server cannot understand the header, it
  must fail
• SOAPactorsomeURI
• Specifies who must or should process the header

24
Headers Actors and Intermediaries
Client
SOAP Router
Dept.Server
ltmdestination xmlnsmmyNamespace-URI
SOAPmustUnderstand1 SOAPactornext/gt
ltmdeptgt 2881 ltmdeptgtlt/mdestinationgt
Dept.Server
Envelope
Header
Dept.Server
acts on header and routes to appropriate dept.
server
25
SOAPBody
HTTP/1.1 POST /soap/myserviceContent-Type
text/xmlSOAPAction MyInterfaceMyComponentMethod
ltSOAPEnvelopegt ltSOAPHeadergt
ltmmyHeader xmlnsmmyURI SOAPmustUnderstand0
gt HeaderInfo lt/mmyHeadergt
lt/SOAPHeadergt ltSOAPBodygt
ltmMyMethodArgumentsRoot xmlnsmmyURI gt
ltMyArgumentgt1lt/MyArgumentgt lt/mMyMethodArgumen
tsRootgt lt/SOAPBodygt lt/SOAPEnvelopegt
26
SOAPBody

• Basics
• Must be present
• Must be an immediate child of the Envelope
• May contain an unlimited number of child elements
• Children are called body entries
• Body entries may be namespace- qualified
• Not subject to any encoding rules by default

27
SOAPFault
HTTP/1.1 POST /soap/myserviceContent-Type
text/xmlSOAPAction MyInterfaceMyComponentMethod
ltSOAPEnvelopegt ltSOAPBodygt ltSOAPFaultgt
ltfaultcodegtServer.InvalidArglt/faultcodegt
ltfaultstringgtType is wrong lt/faultstringgt
ltdetail/gt lt/SOAPFaultgt
lt/SOAPBodygt lt/SOAPEnvelopegt
28
SOAPFault

• Basics
• SOAP Fault carries status and error information.
• Must be a body entry and may appear only once.
• Child Elements
• faultcode
• machine-readable reason-code
• faultstring
• human-readable reason explanation.
• faultactor
• indicates actor
• detail
• arbitrary data as detail info.

29
SOAPAction
HTTP/1.1 POST /soap/myserviceContent-Type
text/xmlSOAPAction MyInterfaceMyComponentMethod
ltSOAPEnvelopegt ltSOAPHeadergt ltmmyHeader
xmlnsmmyURI SOAPmustUnderstand0gt
HeaderInfo lt/mmyHeadergt lt/SOAPHeadergt
ltSOAPBodygt ltmMyMethodArgumentsRoot
xmlnsmmyURI gt ltMyArgumentgt1lt/MyArgument
gt lt/mMyMethodArgumentsRootgt
lt/SOAPBodygt lt/SOAPEnvelopegt
30
SOAPAction

• Basics
• SOAPAction header applies only to HTTP binding
• Must be present for HTTP SOAP calls
• Must be accompanied by Content-Type text/xml
• SOAPAction attribute is a URI and may be empty
• V1.1 specification issue
• Role of HTTP URI vs. SOAPAction header vaguely
  defined
• Recommended interpretation
• Use HTTP URI to specify the service
• Use SOAPAction to specify interface and method

31
SOAPencodingStyle

• Basics
• encodingStyle is a global attribute
• Encoding identified by URI
• May be applied to any element at any level
• Enforces common rules for serialization of data
• Scope and Inheritance
• If present on an element, it applies to all
  children
• Any child may override encoding with own choice
• SOAP defines an optional, standard encoding style
• Section 5 of the specification
• http//schemas.xmlsoap.org/schemas/encoding

32
Encoding Simple Types
Simple types are specified using the encoding
namespace
ltSOAPEnvelope xmlnsSOAPhttp//schemas.xmls
oap.org/schemas/envelope/ xmlnsSOAP-ENChtt
p//schemas.xmlsoap.org/schemas/
encoding/ SOAPencodingStylehttp//schemas
.xmlsoap.org/
schemas/encoding/gt...lttitle
xsitypeSOAP-ENCstringgt My Life and
Worklt/titlegt ltprice xsitypeSOAP-ENCfloatgt
49.95lt/pricegt...lt/SOAPEnvelopegt
33
Encoding and Referencing Structures
lteBookgt   lttitlegtMy Life and Worklt/titlegt   ltau
thorgt       ltnamegtHenry Fordlt/namegt       ltaddre
ssgt          ltemailgtmailtohenryford_at_hotmail.comlt
/emailgt          ltwebgthttp//www.henryford.comlt/w
ebgt       lt/addressgt   lt/authorgtlt/eBookgt
single-reference and nested structures are
embedded
34
Encoding and Referencing Structures
lteBooksgt lteBookgt lttitlegtMy Life and
Worklt/titlegt    ltauthor href"Person-1"/gt lt/
eBookgt lteBookgt lttitlegtThe Success of Tin
Lizzylt/titlegt    ltauthor href"Person-1"/gt lt
/eBookgtlt/eBooksgtltePerson id"Person-1"gt ltnam
egtHenry Fordlt/namegt ltaddressgt
ltemailgtmailtohenryford_at_hotmail.comlt/emailgt
ltwebgthttp//www.henryford.comlt/webgt lt/addressgtlt/
ePersongt
multi-reference structures use id href
attributes
35
Section 4 Infrastructure

• Authentication
• Message Encryption and Signature
• Service description WSDL
• Service discovery DISCO and UDDI

36
Authentication

• SOAP enables high-capacity web-services
• Raw information, no ads. Different business model
• Authentication required to control access
• Authentication is intentionally skipped in SOAP
  1.1
• Can utilize HTTP authentication framework
• Can use S/MIME signatures
• SOAP shall work cross-everything
• Must use standardized authentication schemes
• Authentication must be reasonably secure
• Resistant against various attack types
• Use Digest Authentication with .NET

37
Privacy

• SOAP may carry sensitive information
• Use HTTPS instead of HTTP
• Use S/MIME encoding instead of MIME
• SOAP Extensions for Privacy underway from IBM

38
WSDL

• Think "TypeLib for SOAP"
• WSDL Web Service Description Language
• Uniform representation for services
• Transport Protocol neutral
• Access Protocol neutral (not only SOAP)
• Describes
• Schema for Data Types
• Call Signatures (Message)
• Interfaces (Port Types)
• Endpoint Mappings (Bindings)
• Endpoints (Services)

39
DISCO

• Think "IDispatch for SOAP"
• Dynamic Discovery of Services
• Very, very easy discovery model for HTTP
• Basics
• Call endpoint with GET
• Check whether this is a DISCO file or a redirect
• DISCO file contains link to WSDL
• If redirect goto 1

40
UDDI

• Think "Yahoo!" for WebServices
• Universal Description and Discovery Interface
• WebService-Programmable "Yellow Pages"
• Advertise Sites and Services
• May point to DISCO resources
• Initiative driven by Microsoft, IBM, Ariba

41
Summary

• Platform agnostic XML based protocol
• Can implement anywhere easily
• Very Extensible model for messaging and RPC
• Embedded into existing Internet technology set
• Built for the Internet, works best for the
  Internet
• Open discovery and description infrastructure
• Foundation for the WebServices model
• Foundation for .NET Internet Remoting

42
Questions?