Web services, the ws stack, and research prospects a survey

1. Web Services,
the WS Stack,
and Research Prospects:
A Survey
UC San Diego
CSE 294
October 17, 2008
Barry Demchak

2. About Web Services
 Standards sponsored through W3C
(interoperable technologies) and OASIS (e-
business standards)
 A software system designed to support
interoperable machine-to-machine interaction
over a network. [WSGLOS]
 Supports many interaction patterns, including
RPC

3. Web Service Protocols
[WSPS]
WS-I Basic
Protocol [WSBP]

4. Web Service Protocols
 For fun:
http://www.st.informatik.tu-darmstadt.de/pages/seminars/webservicetech

5. Structure of Presentation
 The Basic Profile (WS-I) 15 min
 The WS Protocol Stack 15 min
 Security-oriented WS Research 15 min

6. SOAP (not Simple Object Access Protocol)
 Message schemes for multiple use cases [SOAPUS]
 Fire and forget (single receiver, multiple receivers)
 Request/Response (specialized or RPC)
 Request with ACK
 Encrypted payload (header encryption optional)
 Third party intermediary
 Conversational message exchange
 Via multiple intermediaries
 Asynchronous messaging (single or multiple response)
 Embedding non-XML data, Incremental parsing, event notification, caching
(with expiration), routing, tracking, quality of service …

7. SOAP Sample (request)
<env:Envelope xmlns:env="http://www.w3.org/2001/09/soap-
envelope">
<env:Header>
<n:MsgHeader xmlns:n="http://example.org/requestresponse">
<n:MessageId>uuid:09233523-345b-4351-b623-
5dsf35sgs5d6</n:MessageId>
</n:MsgHeader>
</env:Header>
<env:Body> ........ </env:Body>
</env:Envelope>

8. SOAP Sample (response)
<env:Envelope xmlns:env="http://www.w3.org/2001/09/soap-
envelope">
<env:Header>
<n:MsgHeader xmlns:n="http://example.org/requestresponse">
<n:MessageId>uuid:09233523-567b-2891-b623-
9dke28yod7m9</n:MessageId>
<n:ResponseTo>uuid:09233523-345b-4351-b623-
5dsf35sgs5d6</n:ResponseTo>
</n:MsgHeader>
</env:Header>
<env:Body> ........ </env:Body>
</env:Envelope>

9. SOAP Benefits and Drawbacks
 Benefits
 Travel across HTTP through proxies/firewalls
 Standards-based, extensible, platform & language
independent, and multiple vendor support
 Multiple transport protocols: HTTP, JMS, Jabber,
SMTP/POP3, TCP, In-VM
 Drawbacks
 Verbose (and large)
 Polling-oriented (depending on transport)
 Travel across HTTP through proxies/firewalls
[STCP]

10. WSDL (Web Services Description Language)
 XML-based description of characteristics of a
web service [INFIT]
 Function signatures (in, out, in/out, return)
 Service binding (URL and protocol)
 Stored in repositories such as UDDI
 Used to create client-side proxies
 Enables dynamic binding for clients capable
of binding dynamically

11. WSDL Content

12. UDDI (Universal Description, Discovery, and Integration)
 Distributed repository searchable to find
services (during design time or runtime)
 White Pages
 Service provider’s name, business description,
contact information
 Yellow Pages
 Taxonomy-based description of services and
service providers
 Green Pages
 Web Service addresses, parameters, etc
[INFIT]

13. UDDI Data Model
Business Entity – business
information, including unique business
key
Business Service – collection of web
services, each having service keys
Binding Template – location and
binding of single service, including
binding key
tModel – reference to WSDL

14. Types of UDDIs
 Public (e.g., IBM and Microsoft)
 Private
 EAI registry (large organization, indexed by
department or division)
 Portal UDDI (portal owners publish, clients
search and use)
 Marketplace UDDI (members-only,
certification, billing, non-repudiation)

15. Related Concepts and Names
JAX-WS – Java API for XML Web Service provides
mappings between Java data structures and XML
and WSDL
Xfire – framework provides support for web service
standards, used in Mule v1.4.1
CXF – continuation of Xfire as Apache project, includes
java2ws for “java first” development
Aegis – default Xfire binding which maps POJOs to
XML
Axis – Apache SOAP engine supports web services,
WSDL, and Tomcat

16. Web Services Stack

17. Some Samples
 WS-Addressing [WSADDR]
 WS-Policy [WSPOL]
 WS-ReliableMessaging [WSREL]
 WS-Security [WSSEC]
 BPEL [BPEL]
 WS-Trust [WSTRU]
 WS-Provisioning [WSPRO]

18. WS-Addressing
 Normalized formats for
 Web service endpoint references
 <wsa:EndpointReference xmlns:wsa="..." xmlns:fabrikam="...">
<wsa:Address>http://www.fabrikam123.example/acct</wsa:Address>
<wsa:PortType>fabrikam:InventoryPortType</wsa:PortType>
</wsa:EndpointReference>
 Message information headers
 Independent of transport or application
[WSADDR]

19. WS-Policy
 Flexible and extensible grammer for expressing
 Capabilities
 Requirements
 Entity characteristics
 Schema allows reasoning about assertions
 Policy = {Policy Alternative}*
 Policy Alternative = {Policy Assertion}*
 Policy Assertion = on-wire requirements and
capabilities
 Authentication schemes
 Transport protocol selections
 Privacy policies
 QoS characteristics
[WSPOL]

20. WS-ReliableMessaging
 Protocol for reliable message delivery
 Between distributed applications
 Regardless of component, system, or network failures
 Transport independent
 Available guarantees
 AtMostOnce
 AtLeastOnce
 ExactlyOnce
 InOrder
[WS-REL]

21. WS-Security
 Enhancement to SOAP
 Message Integrity
 Message Confidentiality
 Encode binary security tokens
 XML-based token framework
 Opaque encrypted keys

22. Web Services Security Standards
[SSOA]

23. Policy-Based Authorization
 A Policy-Based Authorization Framework for Web
Services: Integrating XGTRBAC and WS-Policy.
Bhatti, Sanz, Bertino, Ghafoor.
 Current authentication does not provide fine grained
access control for users
 Integrates WS-Policy (through profile extension) with
X-GTRBAC policy specification language
 Allows separate policies to apply to different
components of a web service description
 Computes effective policy for a web service, given
multiple policies
 Delivered as a component in health care context

24. Web Service Compositions
 Policy-Driven Middleware for Manageable and
Adaptive Web Services Compositions. Erradi,
Mahashwari, Tosic.
 Addresses Web Service composition and dynamic
adaptation to runtime changes
 Describes WS-Policy4MASC profile of WS-Policy,
which defines new policy assertions
 Supports synchronous and asynchronous monitoring
and coordination at SOAP and process orchestration
layer
 Separation of policy from code
 Use of technical and business metrics in policy
formation

25. Best Practices (toward patterns)
 Best Practices in Web Service, Data Binding
and Validation for use in Data-Centric
Scientific Applications. Akram, Meredith,
Allan.
 Examines JAX-RPC and Document-style
messaging
 “Loose” vs “Tight” data binding
 WSDL Development

26. DOA in Web Services
 Dynamic Delegation of Authority in Web
Services. Chawick.
 Allow users and services to delegate resource
access to other users and services
 Accounts for organization’s delegation policy,
and defines essential characteristics of policy
 Describes practical DOA Web Service

27. B2B and Non-repudiation
 High-value B2B interactions, non-repudiation
and Web services. Cook, Robinson,
Shrivastava.
 Assumes B2B implemented as XML message
exchanges between loosely coupled services
(e.g., RosettaNet)
 Protect against false denial of communication
 Identifies non-repudiation protocols
 Presents web service based on WS-
NRExchange
 Critiques WS-Signature in NR context

28. Take Away Messages
 Web Services creates a backbone for execution of
loosely coupled systems
 A community of developers and researchers have
embraced it as a delivery vehicle for both applications
and research results
 Other vehicles are possible (e.g., ESBs), and can
leverage Web Services-based work
 Propositions
 We can discuss our work in terms of Web Service
standards
 We can investigate the real differences between loose
coupling in WS and in ESBs and other environments
 We can apply Web Service components to other
loosely coupled environments

29. References
 [WSGLOS] Web Services Glossary. W3C. Feb 2004. http://www.w3.org/TR/ws-gloss/
 [WSPS] The Web Services Protocol Stack. CBDI Consulting. Feb 2005.
http://roadmap.cbdiforum.com/reports/protocols/
 [WSBP] Basic Profile Version 1.1. Web Services Interoperability Organization (WS-I). Apr 2006.
http://www.ws-i.org/Profiles/BasicProfile-1.1.html
 [SOAPUS] SOAP Version 1.2 Usage Scenarios. W3C. Jul 2003.
http://www.w3.org/TR/2003/NOTE-xmlp-scenarios-20030730/
 [STCP] WS Wiki StackComparison. Apache Web Services Wiki. March 2008.
http://wiki.apache.org/ws/StackComparison
 [WSOAP] SOAP. Wikipedia. Oct 2008. http://en.wikipedia.org/wiki/SOAP
 [INFIT] IT Web Services: A Roadmap for the Enterprise. A. Nghiem. Prentice Hall. Oct 2002.
http://www.informit.com/articles/article.aspx?p=31076
 [WSADDR] Web Services Addressing (WS-Addressing). W3C. Aug 2004.
http://www.w3.org/Submission/ws-addressing/
 [WSPOL] Web Services Policy 1.2 – Framework (WS-Policy). W3C. Apr 2006.
http://www.w3.org/Submission/WS-Policy/
 [WSREL] Web Services Reliable Messaging (WS-Reliable Messaging). OASIS. Sep 2005.
http://www.oasis-open.org/committees/download.php/15177/wsrm-1.1-spec-cd-01.pdf
 [WSSEC] Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). OASIS. Feb 2006.
http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
 [BPEL] Web Services Business Process Execution Language. OASIS. Apr 2007. http://docs.oasis-
open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html
 [WSTRU] WS-Trust 1.3. OASIS. Mar 2007. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-
os.html
 [WSPRO] WS-Provisioning.

30. Additional Reading
 [UDDIF3] UDDI Version 3 Features List. OASIS.
2002. http://uddi.org/pubs/uddi_v3_features.htm
 [OAUDDI] UDDI Version 2.0.4 API Specification.
OASIS. July 2002.
http://uddi.org/pubs/ProgrammersAPI-V2.04-
Published-20020719.pdf
 [XFire] Codehaus XFire. http://xfire.codehaus.org/
 [AXIS] Web Services – Axis. Apache. Apr 2006.
http://ws.apache.org/axis/index.html
 [RETWS] A Retrospective on the Development of
Web Service Specifications. S. Pallickara, G. Fox, M.
Aktas, H. Gadgil, B. Yildiz.