Web Service Standards - A Survey

1. Presentation Overview

• Web services

• Web service standards

  • Service description

  • Service discovery

  • Communication

  • Transaction

  • Security

2. Web Services

2.1. What are Web Services?

• Microsoft:

  "...building blocks for constructing distributed Web applications..."

• IBM:

  "...self-describing, self-contained, modular applications..."

• Rogue Wave:

  "... applications that interoperate in a loosely-coupled system using Internet protocols..."

Business functionality exposed through an Internet connection

2.2. Examples of Web Services

• Banking

  • Deposit, withdrawal, transfer

• Brokerage

  • Buy, sell

• Online stores

  • Catalog lookup, shopping carts, order inquiry

• Services

  • Sales tax, shipping, package tracking

• Internal IT services

  • Benefits, HR, expense reports

Any service over the Internet

2.3. Benefits of Web Services

• Operating system independent

• Programming language independent

• Object model independent

• Hardware independent

• Enables

  • Loosely coupled systems

  • Plug and play applications

Figure 1: Connects Many Devices, Many Technologies

Figure 2: Simple Web Service Architecture

2.4. Web Service Components

• Basic service

  • Service description

  • Communication protocols

  • Transport protocols

• Service repository and discovery

• Enterprise strength

  • Transaction

  • Security

3. Web Service Standards

• Standards discussed

  • Service description

  • Communication protocols

  • Service discovery

  • Transaction

  • Security

• Standards not discussed

  • XML core (XML1.0, XML Schema)

  • Internet protocols (HTTP, SMTP)

Service Description

• NASSL

  • IBM, May 2000

• SDL

  • Microsoft, July 2000

• SDL + NASSL = WSDL

  • Ariba, IBM, and Microsoft, September 2000

WSDL

• An XML format for describing services

• Services are defined by:

• First, defining the abstract

  • Message format ® Data being communicated

  • Operations ® Action supported by the service

• Then, binding to concrete

  • Data formats ® SOAP

  • Network protocols ® HTTP

• Network protocol and message format independent

  • Defines binding for SOAP, HTTP (get, post) and MIME

• XML schema based

  • Extensible to include other type definition languages

• Service definition: major elements

  • types - Data type definitions to describe messages

  • message - Abstract definition of data

  • portType - Set of abstract operations

• Operation refers to input/output/fault messages

  • Four primitive operations:

    • One-way

    • Request-response

    • Solicit-response

    • Notification

• binding - Specifies concrete protocol and data format for operations/messages in portType

• port - Address for binding, communication endpoint

• service - Set of related ports

Defines grammar for each of these elements

WSDL-Example Definition

<?xml version='1.0' 
<schema targetNamespace='http://example.com/stockquote/schemas' 
  xmlns:'http://www.w3.org/1999/XMLSchema'> 
<element name='GetLastTradePrice' 
<complexType> <all> 
<element name='tickerSymbol' type='string'/> 
</all> 
</compleType> 
</element> 
// Similarly define a complexType for 'GetLastTradePriceResult' 
</schema>
		

Abstract message definition

<?xml version='1.0' 
<definitions name='stockQuote' 
  targetNamespace='http://example.com/stockquote/definitions' 
xmlns:tns='http://example.com/stockquote/definitions' 
xmlns:xsd1='http://example.com/stockquote/schemas' 
  xmlns:soap='http://schemas.xmlsoap.org/wsdl/soap/' 
  xmlns:'http://schemas.xmlsoap.org/wsdl/'> 
<import namespace='http://example.com/stockquote/schemas' 
location='http://example.com/stockquote/stockquote.xsd'/> 
<message name='GetLastTradePriceRequest' 
<part name='body' element='xsd1:GetLastTradePrice' /> 
  </message> 
// similarly define a message for 'GetLastTradePriceResponse' 
<portType name='StockQuotePortType'> 
<operation name='GetLastTradePrice'> 
<input message='tns:GetLastTradePriceRequest'/> 
<output message='tns: GetLastTradePriceResponse' /> 
</operation> </portType> </definitions> 
http://example.com/stockquote/stockquote.wsdl source: 
WSDL 1.1 specification
		

Binding definition

<?xml version='1.0' 
<definitions name='StockQuote'> 
targetNamespace='http://example.com/stockquote/service' 
xmlns:tns='http://example.com/stockquote/service' 
xmlns:soap='http://schemas.xmlsoap.org/wsdl/soap/' 
xmlns:'http://schemas.xmlsoap.org/wsdl/'> 
<import namespace='http://example.com/stockquote/definitions' 
location='http://example.com/stockquote/stockquote.wsdl'/> 
<binding name='StockQuoteSoapBinding' type='tns:StockQuotePortType' 
<soap:binding style='document' /> <operation name='GetLastTradePrice'> 
<soap:operation soapAction='http://my.org/GetLastTradePrice' /> 
</operation> </message> <service name='StockQuoteService'> 
<documentation>My First Stock Service </documentation> 
<port name='StockQuotePort' binding='tns:StcokQuoteBinding'/> 
<soap:address location='http://my.org/stockquote' /> </port> 
</service> </definitions> http://example.com/stockquote/stockquote.wsdl 
source: WSDL 1.1 specification
		

Communication Protocols

• Many XML communication protocols

  • XML-RPC

  • SOAP

  • XP

  • ebXML transport

  • WDDX

  • Jabber

• For more details please refer to:

  • http://www.w3.org/2000/03/29-XML-protocol-matrix

SOAP-Simple Object Access Protocol

• XML messaging grammar for encoding messages

• Version 1.1 from Microsoft, IBM, Userland, DevelopMentor, and others

• SOAP can be used for RPC or general messaging

• SOAP documents can be exchanged over many transport protocols

  • SMTP, FTP,TCP/IP,Message Queues, HTTP

• Language and platform independent

SOAP 1.1

• Soap defines:

  • A framework for describing the contents of a message and how to process it

  • An extensible envelope (required)

  • A set of encoding rules for serialization (optional)

  • A convention for representing remote procedure calls and responses (optional)

  • HTTP binding (optional)

SOAP Basic Structure

An Envelope is the root element of a SOAP document

<Envelope> 
  <Header> ... </Header> 
  <Body> ... </Body> 
</Envelope>
		

The Header is optional

• Used for "out of band" information

• Examples: transaction information, security

A Body is required

• Body is the essence of the message directed to the endpoint

• The body contains one or more elements

• SOAP defines one body entry, the fault entry

Use of Namespaces

• SOAP defines two namespaces: one for the envelope, and the other for standard data encoding.

• The envelope namespace identifier is: http://schemas.xmlsoap.org/soap/envelope/

• The encoding namespace identifier is: http://schemas.xmlsoap.org/soap/encoding/

• Users can use namespaces to distinguish their own elements

Figure 3: Example Request

Figure 4: SOAP History

W3C XML Protocol

The W3C XML Protocol Activity

• SOAP 1.1 was submitted as a note to the W3C by Microsoft and others

• In Sep 2000, W3C started XML protocol activity

• XML protocol working group

  • David Fallside, IBM, Chair

  • 45 companies, 79 individuals

  • Public mailing list: xml-dist-app@w3.org

• Draft requirements are published and the design phase has been started

XP Working Group Charter

• Deliverables

  • Protocol envelope

  • Serialization of abstract data models

  • RPC conventions

  • Binding to HTTP

• Schedule

  • April 2001

    • Candidate recommendation for XML protocol proposal

  • September 2001

    • Recommendation for XML protocol

  • April 2002

  • Work completed

ebXML

• Modular end-to-end solution for enabling secure, global, electronic interoperability using open standards:

  • XML

  • HTTP

  • TCP/IP

  • MIME

• Joint initiative of UN/CEFACT and OASIS

• 75 companies, 2000 participants, 30 countries

A Set Of Specifications

• Core specifications

  • The messaging service

  • Registry and repository

  • Collaborative partner agreement

• Main concepts

  • Infrastructure for data communication

  • Framework for commercial interoperability

  • Mechanism to discover, agree and conduct business

• Each specification is stand alone and can be implemented individually

Figure 5: Technical Architecture

Figure 6: Usage Example

Status

• Published specifications

  • Requirements

  • Messaging service

  • Technical architecture

• Schedule

  • May 2001

• Transport, routing and packaging group has representatives in W3C-XP to enable consensus/collaboration

Service Repository and Discovery

• Why register services?

• What can be discovered?

• Isn't web crawler good enough?

Repository and Discovery Protocols

• UDDI

• ebXML

• BizTalk.org

UDDI

• Universal Description, Discovery and Integration

• A specification for Web-based registries of web services

• Publicly accessible set of implementations to register web services

• From Ariba, IBM and Microsoft; others are invited to join the community

• No standards body involvement yet

Figure 7: Where Does UDDI Fit In?

UDDI Specification

• Consists of XML schema, a core information model based on SOAP messages

• Core information types

  • Business information >> Yellow pages

  • Service information >> Green pages

  • Binding information

  • Information about service specification

• API specification

  • Publishers API

  • Inquiry API

    • Programmatic browse and search

    • Deal with failures

UDDI Business Registry

• Registry implements UDDI specifications

• Node operators run instances of registry

  • Used to register and for query services

  • Operators replicate registration across all nodes

• Current node operators

  • Microsoft

  • IBM

  • Ariba

• Open source implementation

Figure 8: UDDI Relationship - Relates schema, specification and registry

Enterprise Functionality

• Transaction

• Security

Transaction

• Types of transactions

  • Foreground transactions

    • User initiated transactions

    • XAML

  • Background transactions

    • X/Open - XA

    • OTS

    • JTS/JTA

XAML

• Transaction Authority Markup Language

• Vendor neutral standard for coordination and processing of online transactions in web services

• Bowstreet, HP, IBM, Sun, and Oracle

• No specification defined yet

  • Expected Jan 15, 2001

XAML Details

• Expected to define a set of XML message formats and interaction models used by Web services to provide business level transactions

• Expected to work with standard technologies like WSDL, SOAP and XP

• Expected to work with existing transaction standards like XA, OTS and JTS/JTA

Figure 9: Relationships to Other Standards

Figure 10: Security - Do we need another security standard?

Security Standards

• S2ML

  • Enables secure e-commerce transactions through XML

  • Common language for sharing security services in business-to-business and business-to-consumer transactions

  • Founding members:

    • Bowstreet, Commerce One, Sun, Oracle, TIBCO, Webmethods, Verisign, Netegrity, ATG, PricewaterhouseCoopers

  • Specification 0.8 submitted to OASIS technical committee on XML-based security services

S2ML Details

• Defines two security services

  • Authentication

  • Authorization

• Each service has a request/response pair of XML documents

• Schema has been defined for these documents

• Defines bindings to message and transport protocols like Browser, HTTP, SOAP, ebXML, MIME

• Leverages existing technologies

  • SSL, Kerberos, Digital Signing, Smart Card

  • ACL, Capabilities, Java Model

• Supports auditing

  • Request/response contains necessary information

S2ML Key Elements

• NameAssertion

  • Result of successful authentication

  • Contains authentication type, name and authenticator

• Entitlement

  • Portable package of authorization data

• Authentication

  • AuthRequest: contains credentials

  • AuthResponse: contains NameAssertion, Entitlements

• Authorization

  • AzRequest: contains NameAssertion, Entitlements

  • AzResponse: contains Answer and Entitlements

Conclusion

• Take advantage of existing standards

• Building on open standards promotes

  inter-operability

Additional Resources

• W3C XML protocol activity: http://www.w3.org/2000/xp

• SOAP discussion list: http://discuss.develop.com/soap.html

• UDDI: http://www.uddi.org

• XAML: http://www.xaml.net/articles/xaml-org-faq-art9.asp

• S2ML: http://www.s2ml.org

• WSDL:http://msdn.microsoft.com/xml/general/wsdl.asp

• WDDX: http://www.wddx.org

• ebXML: http://www.ebxml.org

• RosettaNet: http://rosettanet.org

• TradingPartner

• Rogue Wave XML resources: http://www.roguewave.com/xml

Contacting Rogue Wave Software

• www.roguewave.de - +49 6103-59 34-0

• www.roguewave.nl - +31 (0)20 301 26 26

• www.roguewave.fr - +33 1 41 96 2626

• www.roguewave.it - +39 02 4125.081

• www.roguewave.co.uk - +44 (0)118 9358600

Design and Development by deepX Ltd.