1. Stateful Web ServicesStateful Web Services
By:By:
Muhammad Jawaid ShamshadMuhammad Jawaid Shamshad
MS/PhD (CS)MS/PhD (CS)
052210052210
Advisor:Advisor:
Aslam Parvez MemonAslam Parvez Memon

2. AgendaAgenda
► IntroductionIntroduction
► Terms and ConceptsTerms and Concepts
 Web ServicesWeb Services
 WSDLWSDL
 Discovering Web Services (UDDI, ebXML)Discovering Web Services (UDDI, ebXML)
► Introduction to StateIntroduction to State
► Need for State ManagementNeed for State Management
► State Management TechniquesState Management Techniques
 In-MemoryIn-Memory
 DatabaseDatabase
► Generalized ModelGeneralized Model
► ConclusionConclusion
► Literature SourcesLiterature Sources
► Q & AQ & A

3. IntroductionIntroduction
►Web services are by nature statelessWeb services are by nature stateless
►Situations where state management isSituations where state management is
difficult to avoiddifficult to avoid
 Example: User SessionsExample: User Sessions
►How to manage state in web services?How to manage state in web services?

4. Terms and ConceptsTerms and Concepts
►Web ServiceWeb Service
►SOAPSOAP
►WSDLWSDL
►Discovering Web ServiceDiscovering Web Service
 UDDIUDDI
 ebXMLebXML

5. Web ServiceWeb Service
►DefinitionDefinition
 "Web services are software applications that"Web services are software applications that
can be discovered, described, and accessedcan be discovered, described, and accessed
based on XML and standard Web protocolsbased on XML and standard Web protocols
over intranets, extranets, and the Internet“over intranets, extranets, and the Internet“
►Main focus is interoperabilityMain focus is interoperability
►Uses SOAP protocol as syntax of messageUses SOAP protocol as syntax of message
and uses HTTP to transfer that messageand uses HTTP to transfer that message

6. SOAPSOAP
►DefinitionDefinition
 ““Lightweight protocol for exchange ofLightweight protocol for exchange of
information in a decentralized, distributedinformation in a decentralized, distributed
environment“environment“
►Created by Microsoft, DevelopMentor, IBM,Created by Microsoft, DevelopMentor, IBM,
Lotus, and Userland in 1999Lotus, and Userland in 1999
►XML-based protocolXML-based protocol
►Web services transfers XML messages inWeb services transfers XML messages in
SOAP format encapsulated in SOAPSOAP format encapsulated in SOAP
envelopenvelop

7. SOAPSOAP
►SOAP header contains the meta informationSOAP header contains the meta information
and the body contains the actual messageand the body contains the actual message
in XML syntaxin XML syntax

8. WSDLWSDL
► DefinitionDefinition
 ““An XML format for describing network services as a setAn XML format for describing network services as a set
of endpoints operating on messages containing eitherof endpoints operating on messages containing either
document-oriented or procedure-oriented information“document-oriented or procedure-oriented information“
► Developed by IBM and Microsoft in 2000Developed by IBM and Microsoft in 2000
► Contains information where the service is located,Contains information where the service is located,
what the service does, and how to invoke thewhat the service does, and how to invoke the
serviceservice
► Application can look at the WSDL and dynamicallyApplication can look at the WSDL and dynamically
construct SOAP messagesconstruct SOAP messages

9. Discovering Web ServicesDiscovering Web Services
►How to search desired web service andHow to search desired web service and
communicate with itcommunicate with it
 Universal Description, Discovery, andUniversal Description, Discovery, and
Integration (UDDI)Integration (UDDI)
 ebXML RegistriesebXML Registries

10. UDDIUDDI
► Introduced by Ariba, Microsoft, and IBM in 2000Introduced by Ariba, Microsoft, and IBM in 2000
► Not yet a standard but implemented by majorNot yet a standard but implemented by major
vendors like Microsoft and IBMvendors like Microsoft and IBM
► Information availableInformation available
 white pageswhite pages of company contact information,of company contact information,
 yellow pagesyellow pages that categorize businesses by standardthat categorize businesses by standard
categorization, andcategorization, and
 green pagesgreen pages that document the technical informationthat document the technical information
about web services, like WSDLabout web services, like WSDL

11. ebXMLebXML
► A standard created by OASIS in 2001A standard created by OASIS in 2001
► Provide a common way for businesses to quicklyProvide a common way for businesses to quickly
and dynamically perform business transactionsand dynamically perform business transactions
based on common business practicesbased on common business practices
► Information availableInformation available
 Business processes and components described in XMLBusiness processes and components described in XML
 Capabilities of a trading partnerCapabilities of a trading partner
 Trading partner agreements between companiesTrading partner agreements between companies

12. Introduction to StateIntroduction to State
►State allows services to be brought downState allows services to be brought down
without loss of contextwithout loss of context
►When they are brought up again, theWhen they are brought up again, the
durable state is still there and they candurable state is still there and they can
continue as if nothing had happenedcontinue as if nothing had happened

13. Need for state managementNeed for state management
► Web services provide stateless client-serverWeb services provide stateless client-server
interactionsinteractions
► Stateless means client requests are independentStateless means client requests are independent
and no memory of previous requests is requiredand no memory of previous requests is required
► State management is difficult to avoid in a numberState management is difficult to avoid in a number
of situationsof situations
► Establish a session between a consumer and aEstablish a session between a consumer and a
provider, for efficiency reasonsprovider, for efficiency reasons
► Sending a security certificate with each request isSending a security certificate with each request is
a serious burden for both consumer and providera serious burden for both consumer and provider

14. State Management TechniquesState Management Techniques
►Require session state information to beRequire session state information to be
explicitly passed, which can be a uniqueexplicitly passed, which can be a unique
identifier of the session like session Ididentifier of the session like session Id
►Session Id can be stored on the client-sideSession Id can be stored on the client-side
►Rest of the data, such as user information,Rest of the data, such as user information,
can be stored on the server-sidecan be stored on the server-side

15. In-MemoryIn-Memory
► Keeps a reference of session in its memoryKeeps a reference of session in its memory
► Works well in a single server environment but notWorks well in a single server environment but not
very useful in a farm or clustervery useful in a farm or cluster
► Session is tied to a single server and is not sharedSession is tied to a single server and is not shared
among servers in the farm, resulting in loss ofamong servers in the farm, resulting in loss of
session informationsession information
► Dedicate a single server to handle all requestsDedicate a single server to handle all requests
from a user for the lifetime of the sessionfrom a user for the lifetime of the session
► Compromise scalability as the distribution of loadCompromise scalability as the distribution of load
among multiple servers is not fairly balancedamong multiple servers is not fairly balanced

16. DatabaseDatabase
►Store session in database server accessibleStore session in database server accessible
to all other servers in the farmto all other servers in the farm
►Each user will be given a unique identifierEach user will be given a unique identifier
that will serve as a key to the user'sthat will serve as a key to the user's
information in the databaseinformation in the database
►Advantage: state information is durableAdvantage: state information is durable
►Disadvantage: puts a greater load on theDisadvantage: puts a greater load on the
server, requires more time-consumingserver, requires more time-consuming
database transactionsdatabase transactions

17. DatabaseDatabase
►Client stores only the unique identifier, otherClient stores only the unique identifier, other
sensitive data is stored in the database,sensitive data is stored in the database,
thus session information is securethus session information is secure
►Always better to put greater load on theAlways better to put greater load on the
server than to risk securityserver than to risk security

18. Generalized ModelGeneralized Model
►Requirements:Requirements:
 Token generator generates a unique token orToken generator generates a unique token or
identifier for each client, like GUID or UUIDidentifier for each client, like GUID or UUID
 Repository required in which session state canRepository required in which session state can
be storedbe stored
 Session initiating and terminating web serviceSession initiating and terminating web service
required like a login/logout web servicesrequired like a login/logout web services

19. Generalized ModelGeneralized Model
► Flow:Flow:
 Client calls the login web service to initiate the sessionClient calls the login web service to initiate the session
 Server authenticates the clientServer authenticates the client
 If authenticated generates a unique tokenIf authenticated generates a unique token
 Store session info against that token in repositoryStore session info against that token in repository
 Session information can be user id, contact information,Session information can be user id, contact information,
previous requests etc.previous requests etc.
 Return that token to the clientReturn that token to the client
 Client will then call further web services providing theClient will then call further web services providing the
tokentoken
 Finally client will call the logout web service to terminateFinally client will call the logout web service to terminate
the sessionthe session

20. Generalized ModelGeneralized Model

21. ConclusionConclusion
► It is recommended that web services be designedIt is recommended that web services be designed
according to the principles of a service-orientedaccording to the principles of a service-oriented
architecture.architecture.
► However, it is sometimes desirable to buildHowever, it is sometimes desirable to build
services capable of referencing each other, whichservices capable of referencing each other, which
may lead to a finer-grained, session-orientedmay lead to a finer-grained, session-oriented
services design.services design.
► When building a new service, it is worthWhen building a new service, it is worth
considering carefully the pros and cons of allconsidering carefully the pros and cons of all
design styles, which can result in a betterdesign styles, which can result in a better
integration solution for a targeted domainintegration solution for a targeted domain

22. Literature SourcesLiterature Sources
►BooksBooks
►Web SitesWeb Sites
►ACM digital libraryACM digital library
►IEEE digital libraryIEEE digital library
►IEEE ExploreIEEE Explore
►PublicationsPublications

23. Q & AQ & A