Core mechanisms for Web Services extensions

315 views
272 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
315
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Core mechanisms for Web Services extensions

  1. 1. 2007 Next Generation Web Services Practices Core mechanisms for Web Services extensions Miguel Pardal miguel.pardal@dei.ist.utl.ptLisbon, Seoul, October 30th, 2007Portugal
  2. 2. Outline• Service-oriented Enterprise Applications• Web Service Extensions – Core mechanisms• Conclusions2007-10-30 Core mechanisms for Web Services extensions 2
  3. 3. Outline• Service-oriented Enterprise Applications• Web Service Extensions – Core mechanisms• Conclusions2007-10-30 Core mechanisms for Web Services extensions 3
  4. 4. “The whole world is made ofchange” ~ Luís Vaz de Camões 16th Century Portuguese Poet Cobol Fortran C DCE Java CORBA Dot Net DCOM Web Services2007-10-30 Core mechanisms for Web Services extensions 4
  5. 5. Service-oriented approach toEnterprise Applications• Customers’ needs change – Enterprises must adapt – And so do their applications• Services – Focus on flexibility, reuse and interoperability – Web Services (WS) technology – Service-Oriented Architecture (SOA)2007-10-30 Core mechanisms for Web Services extensions 5
  6. 6. Web Services in action #1 Publish Client Service #2 Discover Data XML Schema WS #3 Generate stubs Functions WSDL #4 Configure Policy WS-Policy WS libraries #5 Invoke #6 Execute2007-10-30 Core mechanisms for Web Services extensions 6
  7. 7. Web Services libraries #4 Configure Policy WS-Policy WS libraries• WS-Policy specifies additional requirements – Like security, distributed transactions, reliable messaging, etc. – But libraries are necessary to actually implement the requirements2007-10-30 Core mechanisms for Web Services extensions 7
  8. 8. Requirements• Functional – What the service does • Input, output, faults• Non-functional – What properties hold when the service executes – Depend on circumstances and must be balanced • E.g. Security – Low value messages can use a weaker but faster cipher algorithm; high value messages use stronger security – Intranet requests use local security credentials; Internet requests use cross-domain credentials2007-10-30 Core mechanisms for Web Services extensions 8
  9. 9. Outline• Service-oriented Enterprise Applications• Web Service Extensions – Core mechanisms• Conclusions2007-10-30 Core mechanisms for Web Services extensions 9
  10. 10. WS standards for every requirement “Are we there yet?” Short answer: No, but we’re moving forward Long answer: Visit WS-Map ☺ (or another overview site…) http://web.ist.utl.pt/miguel.pardal/ws-map2007-10-30 Core mechanisms for Web Services extensions 10
  11. 11. Why go beyond the standards?• “One size does not fit all”• Vendor WS implementations – From Microsoft, IBM, Sun, Oracle, … – Good library implementations of complex WS standards – Solve 90% of the problem but are difficult to customize to specific needs• WS Extensions – Simpler library development – Appeal to a much broader developer community – Handle the remaining 10%...2007-10-30 Core mechanisms for Web Services extensions 11
  12. 12. Analogy: Mozilla Firefox extensions• Firefox implements 90% of requirements – Extensions add value to users, meeting specific needs and improving the browsing experience2007-10-30 Core mechanisms for Web Services extensions 12
  13. 13. Example extension: Security report• Some applications prefer not to know about security, they just want it – But others need to know, for instance, to store audit information in a database• Security report extension – A report is produced during WS-Security processing • All actions and all parameters described • In a simple, easy-to-use object model – Leverage WS-Security standard implementation – Enables context sharing through meaningful abstractions, delegating security decisions in a simple and effective way2007-10-30 Core mechanisms for Web Services extensions 13
  14. 14. Problem statement• What are the core mechanisms required for developing Web Services extensions ? – Like “security report”2007-10-30 Core mechanisms for Web Services extensions 14
  15. 15. Proposed core mechanisms • Policy • Configuration • Contexts management • Message flow interception • Operation implementation interception Packages and dependencies2007-10-30 Core mechanisms for Web Services extensions 15
  16. 16. Policy• Requirements declaration – e.g. Declare that a WS can be invoked with transport security or with message security• Policy negotiation between client and server2007-10-30 Core mechanisms for Web Services extensions 16
  17. 17. Configuration• Parameters – Which extensions to engage? – What are the parameter values? • e.g. Which digital certificate to use?2007-10-30 Core mechanisms for Web Services extensions 17
  18. 18. Contexts management• Scoped state variables – Application – Session – Operation – Thread• Enable data sharing between extensions and service implementation2007-10-30 Core mechanisms for Web Services extensions 18
  19. 19. Message flow interception• Message handling at service endpoint – Incoming or outgoing – Read/write header and body of SOAP messages • e.g. Do digital signature of body and place it in header2007-10-30 Core mechanisms for Web Services extensions 19
  20. 20. Operation implementation interception• Execute additional code before or after the service implementation – e.g. Implement authorization and access logging• Object factories can return different implementations according to the desired behavior2007-10-30 Core mechanisms for Web Services extensions 20
  21. 21. Proof-of-concept• All mechanisms implemented on Java Web Services – Apache Commons Policy 1.0 • Policy – JAX-WS Handlers • Message interception – Custom coding • Configuration, Contexts and Operation Execution• Field-tested on a prototype and several course projects: – Security and distributed transactions extensions – Multiple development teams – Significant improvements in ease of development and learning2007-10-30 Core mechanisms for Web Services extensions 21
  22. 22. Outline• Service-oriented Enterprise Applications• Web Service Extensions – Core mechanisms• Conclusions2007-10-30 Core mechanisms for Web Services extensions 22
  23. 23. Conclusions• Web Services development – Functional requirements are satisfied with components – Non-functional requirements are satisfied with aspects that can differ according to invocation circumstances• Web Services extensions – Simplify custom library development – Broaden developer community• Future work: – Enterprise application framework • Local and remote services • Integrated extensions engine – Platform-independent extensions: Java and Dot Net2007-10-30 Core mechanisms for Web Services extensions 23
  24. 24. Looking ahead… With extensions, more developers can try new ideas. This encourages competition and best-of-breed selections, that can further advance the state-of-the-art of Web Services technology Obrigado Thank you Questions & Answers miguel.pardal@dei.ist.utl.pt2007-10-30 Core mechanisms for Web Services extensions 24

×