Webservices

David Brabant, Siemens MEDDavid Brabant, Siemens MED

AgendaAgenda
 Part1: SOA for “dummies”Part1: SOA for “dummies”
(a soft introduction to service oriented architectures)(a soft introduction to service oriented architectures)
 Things aren’t getting simpler...Things aren’t getting simpler...
 The thirst for true system integrationThe thirst for true system integration
 The Quest for theThe Quest for the Holy GrailHoly Grail
 Service Oriented Architectures to the rescueService Oriented Architectures to the rescue
 Conclusions & questionsConclusions & questions
 Part 2: SOA for “smarties”Part 2: SOA for “smarties”
(not for the faint of heart)(not for the faint of heart)
 Depends on your feedback todayDepends on your feedback today

Things aren’t getting simpler... (1/7)Things aren’t getting simpler... (1/7)
Yesterday’s development toolsYesterday’s development tools (circa 1983)(circa 1983)
““Visual Studio”Visual Studio”
Sophisticated features:Sophisticated features:
cut, copy and paste,cut, copy and paste,
delete/undelete,delete/undelete,
undo/redo stackundo/redo stack
Can be learned in less than 1 hour!Can be learned in less than 1 hour!

Today’s development tools...Today’s development tools...
(circa
2005)
Every oval on thisEvery oval on this
figure requires severalfigure requires several
days to severaldays to several
months of trainingmonths of training
before being fullybefore being fully
mastered...mastered...

Things aren’t getting simpler (3/7)Things aren’t getting simpler (3/7)
Typical enterprise environmentTypical enterprise environment (circa 1983)(circa 1983)
Enterprise’sEnterprise’s
criticalcritical
applicationsapplications
Typical configuration for a VAX 11/750
• 32 bits, 6 MHz processor
• 12 MB of memory
• 2 x 400 MB disks
Sony Ericsson K750i (2005)
• 32 bits, 200 MHz processor
• 32 MB ROM
• 64 MB RAM
• 4GB memory stick available
• Java virtual machine

Typical today’s enterprise environmentTypical today’s enterprise environment
Mobile phones /PDAs Various form factors
Branch
networksWireless
access
ERP
systems
ERP
systems
Public
web portals
Public
web portals
Intranet
portals
Intranet
portals
(Smart)
client
applications
(Smart)
client
applications
CRM
systems
CRM
systems
Custom
Systems
Custom
SystemsCustom
Systems
Custom
Systems
Custom
systems
Custom
systems
Enterprise’s critical applications

Development complexityDevelopment complexity
Mobile phones /PDAs Various form factors
Branch
networksWireless
access
ERP
systems
ERP
systems
Public
web portals
Public
web portals
Intranet
portals
Intranet
portals
(Smart)
client
applications
(Smart)
client
applications
CRM
systems
CRM
systems
Custom
Systems
Custom
SystemsCustom
Systems
Custom
Systems
Custom
systems
Custom
systems
Enterprise’s critical applicationsEnterprise’s critical applications
1970s: mainframes and centralized computing1970s: mainframes and centralized computing
(the “dumb terminals” era)(the “dumb terminals” era)
1980s: decentralization and client/server1980s: decentralization and client/server
(the “fat clients” era)(the “fat clients” era)
1990s: client/server and the Web1990s: client/server and the Web
(the beginning of “light clients” era(the beginning of “light clients” era
2000s: heterogeneous,2000s: heterogeneous,
distributed, deeply Integrateddistributed, deeply Integrated
systems (the “smart client” era)systems (the “smart client” era)

Living in total chaosLiving in total chaos
 For all big enterprises, one constant:For all big enterprises, one constant: heterogeneityheterogeneity
 Hundreds, if not thousands, of applications, which are custom built, acquired fromHundreds, if not thousands, of applications, which are custom built, acquired from
third party, part of a legacy system, or a combination thereof, operating inthird party, part of a legacy system, or a combination thereof, operating in
multiple tiers of different operating system platforms, running on geographicallymultiple tiers of different operating system platforms, running on geographically
dispersed sites...dispersed sites...
 How do businesses allow themselves to get into such aHow do businesses allow themselves to get into such a
mess?mess?
 Business constraints, technical constraints, geographical constraints, history,Business constraints, technical constraints, geographical constraints, history,
politics, merger/acquisitions...politics, merger/acquisitions...
 Creating a single, huge application to run a complete business is next toCreating a single, huge application to run a complete business is next to
impossibleimpossible (hey,(hey, do you hear me, Soarian?do you hear me, Soarian?))
 Spreading business across multiple applications provides the flexibility to selectSpreading business across multiple applications provides the flexibility to select
the “best” accounting package, the “best” CRM, the “best” order processingthe “best” accounting package, the “best” CRM, the “best” order processing
system... for its needssystem... for its needs
 Overlap in functionality between different applicationsOverlap in functionality between different applications
 And this willAnd this will never, evernever, ever change...change...

Critical applicationsCritical applications
What’s a critical application?What’s a critical application?
 Any application that is critical to the proper running of a businessAny application that is critical to the proper running of a business
 Meaning that, if this application fails for any length of time, you mayMeaning that, if this application fails for any length of time, you may
very well go out of businessvery well go out of business
How many business critical applications inHow many business critical applications in
a typical enterprise?a typical enterprise?
 General Electrics (300,000 employees): more thanGeneral Electrics (300,000 employees): more than 6,0006,000
 Télé Secrétariat (18 employees):Télé Secrétariat (18 employees): 33 in 1995;in 1995; 1515 in 2005in 2005
 SAP (32,000 employees):SAP (32,000 employees): 11 

The thirst for true system integration (1/3)The thirst for true system integration (1/3)
Information silosInformation silos
 Most businesses rely on an ever increasing number of criticalMost businesses rely on an ever increasing number of critical
applications, complex and costly to developapplications, complex and costly to develop
 Today, many of these applications are information silos (Today, many of these applications are information silos (“this data“this data
is mine!”is mine!”))
 Silos make sense for software vendors, not for users...Silos make sense for software vendors, not for users...
 Information is hard to find and correlateInformation is hard to find and correlate
• No single application can cover all enterprise requirementsNo single application can cover all enterprise requirements
• No single application can manage all enterprise dataNo single application can manage all enterprise data
• Anyway, requirements and data change faster than you can developAnyway, requirements and data change faster than you can develop
applicationsapplications
• No user can possibly know (and care!) where which data isNo user can possibly know (and care!) where which data is
 Result: information gathering is costlyResult: information gathering is costly
 Answering a question likeAnswering a question like
““What is the status of my business today?What is the status of my business today?””
on aon a global scaleglobal scale is next to impossibleis next to impossible

Today’s challengesToday’s challenges
 Design applications so that they easily integrate withDesign applications so that they easily integrate with
othersothers
... but also be prepared to integrate applications that were never... but also be prepared to integrate applications that were never
meant to be integrated!meant to be integrated!
 Design applications so that they perform to specificationsDesign applications so that they perform to specifications
... but also scale to the unexpected!... but also scale to the unexpected!
 Monitor and manage many applicationsMonitor and manage many applications
 Provide consistent usability across applicationsProvide consistent usability across applications
 Be ready to make changes as soon as possibleBe ready to make changes as soon as possible
 Build and roll out new functionality quicklyBuild and roll out new functionality quickly

In other words: adapt or perishIn other words: adapt or perish
 Be anBe an intimate service providerintimate service provider to your businessto your business
 …… or get fired and outsourcedor get fired and outsourced
 Automate and integrate to save timeAutomate and integrate to save time
 …… which you can spend on better servicewhich you can spend on better service
 …… which you can spend on more functionalitywhich you can spend on more functionality
 Become a driver of optimizing work organizationBecome a driver of optimizing work organization
 …… instead of maintaining disks and patchesinstead of maintaining disks and patches
 ... instead of being driven... instead of being driven
 Act, don't react!Act, don't react!

Integrating applications or ...Integrating applications or ...
... the Quest for the... the Quest for the Holy GrailHoly Grail (nih?)(nih?)

The quest for the holy grail (1/8)The quest for the holy grail (1/8)
In the beginning there was...In the beginning there was...
... Eden!... Eden! Simple enough, uh?Simple enough, uh?
Remember “good old times”?Remember “good old times”?
 DDEDDE
 OLE 2OLE 2
 DLL hellDLL hell
 conflicting typelibsconflicting typelibs
 COM registrationCOM registration
 deployment nightmaresdeployment nightmares
 ......
And these are justAnd these are just
technicalitiestechnicalities......
What aboutWhat about
““semanticalities”semanticalities”??

TechnicalitiesTechnicalities
 Even within theEven within the same applicationsame application, there are problems when “parts” or, there are problems when “parts” or
modules developed in different contexts are mixed...modules developed in different contexts are mixed...
 Calling conventions and stack clean up: Pascal, CCalling conventions and stack clean up: Pascal, C
 Name manglingName mangling
 Type representations: strings (VB, C, Pascal, MFC, OLESTR, bstr,Type representations: strings (VB, C, Pascal, MFC, OLESTR, bstr,
ATL, STL, WTL...), floats (IEEE 754 or not...), dates (ex.: VB and MFC),ATL, STL, WTL...), floats (IEEE 754 or not...), dates (ex.: VB and MFC),
structure padding...structure padding...
 Mixing Unicode and ANSIMixing Unicode and ANSI
 Binary compatibilitiesBinary compatibilities
 Memory handlingMemory handling
 Threading modelsThreading models
 Deployment, versioning and registrationDeployment, versioning and registration
 Across applications running on theAcross applications running on the same machinesame machine, many techniques, many techniques
available with pros and consavailable with pros and cons
 DDE (still supported by Office 2003!)DDE (still supported by Office 2003!)
 shared data segments, DLL injection, memory mapped files...shared data segments, DLL injection, memory mapped files...
 COM(+)COM(+)
 .NET Interop, P/Invoke.NET Interop, P/Invoke
 mail slots, named pipes, sockets, .NET remoting (CLR to CLR)mail slots, named pipes, sockets, .NET remoting (CLR to CLR)

”Semanticalities””Semanticalities”
More “philosophical” questions:More “philosophical” questions:
 How to expose application’s functionality in a consistent way?How to expose application’s functionality in a consistent way?
 How to conciliate discrepancies in object models?How to conciliate discrepancies in object models?
 How to deal with changes in application’s “boundaries”?How to deal with changes in application’s “boundaries”?
 How to negotiate a “fallback” position when the availableHow to negotiate a “fallback” position when the available
application isn’t the version we expect?application isn’t the version we expect?
 How to support transaction handling across applications?How to support transaction handling across applications?
 How to federate security across applications?How to federate security across applications?
 What should happen if one of the applications crashes or isWhat should happen if one of the applications crashes or is
temporarily unavailable?temporarily unavailable?
 ......

Things become a little bit more challengingThings become a little bit more challenging
ne order of magnitude increase in complexity!ne order of magnitude increase in complexity!
Network unreliabilityNetwork unreliability
Call latencyCall latency
Limited bandwidthLimited bandwidth
Network is insecureNetwork is insecure
Topology changesTopology changes
Where is the administrator?Where is the administrator?
Transport costTransport cost
Still more challenges...Still more challenges...
 Little endian/big endian, wordLittle endian/big endian, word
size...size...
 Marshalling strategiesMarshalling strategies
 Shared states managementShared states management
 Concurrent access, resourcesConcurrent access, resources
pooling, load balancing...pooling, load balancing...
 Routing and NAT traversalRouting and NAT traversal
 Protocol must be “firewall friendly”Protocol must be “firewall friendly”

First attempt to make the networkFirst attempt to make the network “transparent”“transparent”: DCE/RPC: DCE/RPC (circa 1991)(circa 1991)
int foo(int bar)
Application B.IDLApplication B.IDL
IDL compilerIDL compiler
ProxyProxy
int foo(int bar)int foo(int bar)
DCE runtimeDCE runtime
StubStub
int foo(int bar)int foo(int bar)
DCE runtimeDCE runtime

Distributed ComputingDistributed Computing
 DCE was the first attempt to provide a complete distributed computingDCE was the first attempt to provide a complete distributed computing
environmentenvironment
 Remote Procedure CallRemote Procedure Call
 Distributed securityDistributed security
 Distributed filesDistributed files
 Directory serviceDirectory service
 ......
 But, when introduced by OSF...But, when introduced by OSF...
 rejected by Sun (ONC)rejected by Sun (ONC)
 rejected by Novell (Netware RPC)rejected by Novell (Netware RPC)
 only partially supported by IBM (DSOM)only partially supported by IBM (DSOM)
 only partially implemented by Microsoft (MS/RPC)only partially implemented by Microsoft (MS/RPC)
 Biggest problem with DCE:Biggest problem with DCE: “impedance mismatch”“impedance mismatch”
 Nevertheless, RPC variants have been used as a baseNevertheless, RPC variants have been used as a base
for implementing “distributed objects” technologies andfor implementing “distributed objects” technologies and
so-called ORBs (object request brokers):so-called ORBs (object request brokers):
DCOMDCOM,, CORBACORBA,, DSOMDSOM,, Java RMIJava RMI

The promises of DCOM and CORBAThe promises of DCOM and CORBA
 Applications can be seen as a set of distributed objectsApplications can be seen as a set of distributed objects
or “components”or “components”
 Pluggable architectures provides malleability:Pluggable architectures provides malleability:
assemble and extend applications at your will by picking/replacingassemble and extend applications at your will by picking/replacing
appropriate componentsappropriate components
 Components can be used in unpredictable combinationsComponents can be used in unpredictable combinations
 Location transparencyLocation transparency
 COM+ and CORBA Services:COM+ and CORBA Services:
provide a global infrastructure for concurrency,provide a global infrastructure for concurrency,
security and transaction handlingsecurity and transaction handling
 Language neutralityLanguage neutrality

Were those promises kept?Were those promises kept?
 Network transparency is a lureNetwork transparency is a lure
 Synchronous modelsSynchronous models
 Heavy runtime dependenciesHeavy runtime dependencies
 Deployment nightmaresDeployment nightmares
 No cross platform interoperabilityNo cross platform interoperability
 Tight couplingTight coupling
 Deep bindingDeep binding
 No real contract exchange (typelibs aren't contracts)No real contract exchange (typelibs aren't contracts)
 Other “oddities” (routability, firewalls...)Other “oddities” (routability, firewalls...)
More importantlyMore importantly::
The focus has always been on solvingThe focus has always been on solving technical integrationtechnical integration
problems, but not on solvingproblems, but not on solving business integrationbusiness integration problemsproblems
Fundamentally flawed because of
Install two runtimes on each side?
If they are available for both platforms...
Also a "collateral damage" of huge runtimes
and the infrastructure they provide

Service Oriented ArchitecturesService Oriented Architectures
to the rescueto the rescue
"Rien ne se perd, rien ne se crée, tout se transforme"
Antoine Laurent de Lavoisier
"There is nothing special about web services. [...]
Web services will change the world."
Steve Benfield, SilverStream Software

Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
"Applications" vs "Systems""Applications" vs "Systems"
ApplicationApplication
 Functionality for a scoped set of requirementsFunctionality for a scoped set of requirements
 Customizable within scopeCustomizable within scope
 Runs on a defined platform, best suited for itRuns on a defined platform, best suited for it
SystemSystem
 Assembly of functions from multiple applicationsAssembly of functions from multiple applications
 Covers requirements beyond single app's scopeCovers requirements beyond single app's scope
 Runs on and across multiple platformsRuns on and across multiple platforms

The applications worldThe applications world
App C
Plan
Examinations
App C
Plan
Examinations
App B
Reserve a bed
App B
Reserve a bed
App A
Register Patient
App A
Register Patient
NursesNurses
Logon to PC
Logon to terminal
A patient is admitted
First application to register
the patient
Second application to
reserve a bed
Third application to
plan examinations
Two logons,
three applications,
with the obligation to encode
the same information multiple times...
whenever a patient is admitted

The system worldThe system world
App C
Plan
Examinations
App C
Plan
Examinations
App B
Reserve a bed
App B
Reserve a bed
App A
Register Patient
App A
Register Patient
NursesNurses
A patient is admitted
Patient
registration
service
Bed
reservation
service
Examinations
planning
service
Patient
admission
service
Facades
to
legacy applications
Aggregator/
Orchestrator
Logon
Smart
Cli
en
t
Web Form
Process (services domain)
built on top of
functionality (applications
domain)

What is a service?What is a service?
 If you ask it to five people in the field, you'll probably getIf you ask it to five people in the field, you'll probably get
at least six different answersat least six different answers
 Definition from the W3C (*):
A service is a software application or component
identified by a URI, whose interfaces and binding are
capable of being described by standard formats and
supports direct interactions with other software
applications or components via Internet-based
protocols
(*) after two weeks of intense negotiations and 400 e-mails exchanged between the 75
members of the working group

 Other definitions:Other definitions:
 “Services are loosely coupled software components delivered
over standard Internet technologies.” (Daryl Plummer, Gartner)
 "Services are loosely coupled, reusable software components
that semantically encapsulate discrete functionality and are
distributed and programmatically accessible over standard
Internet protocols.” (Brent Sleeper and Bill Robins, Stencil
Group)
 “A service is any piece of software that makes itself available
over the Internet and uses a standardized XML messaging
system.” (Ethan Cerami, author of Web Services Essentials)

 The "pornography" definitionThe "pornography" definition
"I can't define it, but I know it when I see it""I can't define it, but I know it when I see it"
 Business "invariants"Business "invariants"
 Exposes capabilities of one or more applicationsExposes capabilities of one or more applications
 Used to build systems that span applicationsUsed to build systems that span applications
 Technical "invariants"Technical "invariants"
 The four tenets of service orientationThe four tenets of service orientation (next slide)(next slide)
 Support for asynchronous communicationSupport for asynchronous communication

The four tenets of service orientationThe four tenets of service orientation
 PP olicy negotiated behaviorsolicy negotiated behaviors
 EE xplicitness of boundariesxplicitness of boundaries
 AA utonomyutonomy
 CC ontractsontracts
 EE xchange of schemasxchange of schemas
What the heck does that mean?What the heck does that mean?

AutonomyAutonomy
 Services areServices are software agentssoftware agents. They are. They are "alive""alive" and in control of theirand in control of their
own activation/deactivation. They are free to spin their own threads,own activation/deactivation. They are free to spin their own threads,
they may wake up periodically to do work on their own...they may wake up periodically to do work on their own...
 ServicesServices control and hide their own statescontrol and hide their own states
 ServicesServices OWN their dataOWN their data
 ServicesServices never share their states with othersnever share their states with others
 Don't depend on, or assume their is a common data storeDon't depend on, or assume their is a common data store
 Don't depend on shared "in-memory" statesDon't depend on shared "in-memory" states
 Don't share states among instancesDon't share states among instances
 No sideline communications between services and opaque side-No sideline communications between services and opaque side-
effects:effects: all communications are always explicitall communications are always explicit

Breaking the autonomy principleBreaking the autonomy principle
TTTT
DataDataDataData
TTTT
TTTT
DataDataDataData
Store data,
retrieve data token
("primary key")
Store data,
retrieve data token
("primary key")
Pass tokenPass token
Pass token,
retrieve data
Pass token,
retrieve data
Can't switch data
store without
Siamese twin
surgery
Can't switch data
store without
Siamese twin
surgery
S1 S2

Autonomous servicesAutonomous services
DataDataDataData
Pass data, not
references
Pass data, not
references
S1 S2
No assumption about shared data storeNo assumption about shared data store

ContractsContracts
 Earlier ORPC systems (DCOM, CORBA) attemptedEarlier ORPC systems (DCOM, CORBA) attempted
to hide all the wire-level details from the developerto hide all the wire-level details from the developer
 OK when systems use the same ORPC infrastructure,OK when systems use the same ORPC infrastructure,
but fails in a heterogeneous worldbut fails in a heterogeneous world
 Solution: explicitly define what goes on the wire using openSolution: explicitly define what goes on the wire using open
standards based on XMLstandards based on XML
 In order for two entities to communicate they have to agreeIn order for two entities to communicate they have to agree
on what, and how they do iton what, and how they do it
 [Webster] Definitions of the word[Webster] Definitions of the word contractcontract
 AA binding agreementbinding agreement between two or more persons or partiesbetween two or more persons or parties
 A document describing the terms of a contractA document describing the terms of a contract

Contracts and interfacesContracts and interfaces
 A contract defines the complete interaction between two servicesA contract defines the complete interaction between two services
 A contract is theA contract is the business protocolbusiness protocol
 You send me a requestYou send me a request
 I send you back an estimation for priceI send you back an estimation for price
 You confirm you accept that priceYou confirm you accept that price
 I send you the results as soon as they are availableI send you the results as soon as they are available
 Defines allDefines all messagesmessages and their formatand their format
 Defines all possibleDefines all possible message sequencesmessage sequences
 Defines protocols, authentication mechanisms…Defines protocols, authentication mechanisms…
THESE ARE THE ONLY THINGS EVER SHARED BETWEEN PARTIESTHESE ARE THE ONLY THINGS EVER SHARED BETWEEN PARTIES
 A service interface specifies a role in a contractA service interface specifies a role in a contract
 A contract establishes links between matching service interfacesA contract establishes links between matching service interfaces
 Think of a plug and a socketThink of a plug and a socket
Design time
aspects

Contracts illustratedContracts illustrated
ContractContract
ServiceService
ServiceService
ProcessProcess
DocumentDocument
AA
DocumentDocument
CC11
DocumentDocument
CC22
DocumentDocument
BB
EitherEither
CC11 or Cor C22
ProcessProcess
ContractContract
Service InterfaceService Interface

Contracts enable loose couplingContracts enable loose coupling
 Tightly Coupled (the "ORPCs" world)Tightly Coupled (the "ORPCs" world)
Common trust domain, synchronous execution,Common trust domain, synchronous execution,
shared transaction, shared life cycleshared transaction, shared life cycle
 Loosely Coupled (the "services" world)Loosely Coupled (the "services" world)
Different trust domains, asynchronous execution, separateDifferent trust domains, asynchronous execution, separate
transactions, administered by different organizationstransactions, administered by different organizations
Component Component
Execution context
Service
Execution contextTrust
Boundary
Communication
Channel
Service
(not running)

PoliciesPolicies
 Metadata defining the "runtime" part of contractsMetadata defining the "runtime" part of contracts
 Regulate every aspects of service interactions andRegulate every aspects of service interactions and
behaviorsbehaviors
 What are the credentials needed to access specific serviceWhat are the credentials needed to access specific service
access points?access points?
 Should messages be encrypted internally and/or externally?Should messages be encrypted internally and/or externally?
 What messages should be signed?What messages should be signed?
 What about delivery guarantee and reliability?What about delivery guarantee and reliability?
 How to handle transactions?How to handle transactions?
 How to gracefully deal with situations where the service on theHow to gracefully deal with situations where the service on the
other side is not the expected version?other side is not the expected version?
 How to dynamically route messages depending on someHow to dynamically route messages depending on some
conditions?conditions?
Policies are assertions about services
Capabilities: "I can"
Preferences: "I prefer"
Requirements: "You must"

Contracts and policies illustratedContracts and policies illustrated
My organizationMy organization Your organizationYour organization
PolicyPolicy PolicyPolicy
My ServiceMy Service
ServiceService ServiceService
Your ServiceYour Service
Runtime contractRuntime contract
Runtime ContractRuntime Contract
1. We’ll use SOAP over HTTPS1. We’ll use SOAP over HTTPS
2. We'll sign confirmation messages2. We'll sign confirmation messages
Design time ContractDesign time Contract
1. I’ll send a request1. I’ll send a request
2. You’ll send price proposal2. You’ll send price proposal
3. I'll send confirmation3. I'll send confirmation
4. You'll send results4. You'll send results
"My organization" policy"My organization" policy
1. Internally we’ll use binary SOAP over MSMQ1. Internally we’ll use binary SOAP over MSMQ
2. Externally we’ll only allow SOAP over HTTPS2. Externally we’ll only allow SOAP over HTTPS
3. Confirmation messages must be signed3. Confirmation messages must be signed

Writing contractsWriting contracts
 Contracts (both for design time and run time) are writtenContracts (both for design time and run time) are written
following XML based standards defined by the W3Cfollowing XML based standards defined by the W3C
 WSDLWSDL/XML Schema used to define the messages/XML Schema used to define the messages
exchangedexchanged
 XML SchemaXML Schema used to defineused to define data typesdata types ("message("message
parameters")parameters")
 WS-*WS-* (or the so called "WS-Soup")(or the so called "WS-Soup")
WS-Policy, WS-Trust, WS-Federation, WS-Security,WS-Policy, WS-Trust, WS-Federation, WS-Security,
WS-Addressing and many, many others...WS-Addressing and many, many others...

XML Schemas for defining data typesXML Schemas for defining data types
<xsd:simpleType name=“Probability”>
<xsd:restriction base="xsd:double">
<xsd:minInclusive value="0"/>
<xsd:maxInclusive value="100"/>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name=“Probability”>
<xsd:restriction base="xsd:double">
<xsd:minInclusive value="0"/>
<xsd:maxInclusive value="100"/>
</xsd:restriction>
</xsd:simpleType>
<xsd:complexType name="PurchaseOrder">
<xsd:sequence>
<xsd:element name="CompanyName" type="xsd:string"/>
<xsd:element name="Items">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Item" maxOccurs="unbounded">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Quantity" type="xsd:int"/>
<xsd:element name="UnitPrice" type="xsd:double"/>
<xsd:element name="ExtendedPrice" type="xsd:double"/>
</xsd:sequence>
<xsd:attribute name="sku" type="xsd:string"/>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:string"/>
</xsd:complexType>
<xsd:complexType name="PurchaseOrder">
<xsd:sequence>
<xsd:element name="CompanyName" type="xsd:string"/>
<xsd:element name="Items">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Item" maxOccurs="unbounded">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Quantity" type="xsd:int"/>
<xsd:element name="UnitPrice" type="xsd:double"/>
<xsd:element name="ExtendedPrice" type="xsd:double"/>
</xsd:sequence>
<xsd:attribute name="sku" type="xsd:string"/>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:string"/>
</xsd:complexType>

Explicitness of boundariesExplicitness of boundaries
 Services are always built according to aServices are always built according to a layeredlayered
architecturearchitecture
 The outermost layer (i.e., theThe outermost layer (i.e., the edgeedge) provides one or) provides one or
more access points (or "interfaces" or "APIs") to themore access points (or "interfaces" or "APIs") to the
functionality offered by the servicefunctionality offered by the service
 The code in that layer does only one thing:The code in that layer does only one thing: routeroute thethe
calls to the entities/resources capable of fulfilling thecalls to the entities/resources capable of fulfilling the
corresponding requestcorresponding request
 The edge layer code never/ever contains any logicThe edge layer code never/ever contains any logic
beside routing callsbeside routing calls

Service edgesMy Computer Your Computer
Service access
points
(URIs)
Admit ("Brabant", http://PatientAdmitted)
Service
workers
Admit access point
PatientAdmitted
access point

Crossing boundaries must always be explicitly visible in the codeCrossing boundaries must always be explicitly visible in the code
Remoting and RPC trick the programmer into thinking that
there is
no substantial difference between calling a local or a remote
object.
This is a damn lie, which always leads to disaster.
MyType obj = new MyType();
obj.SomeOp();
MyType obj = new MyType();
obj.SomeOp();
MyType obj = MyType.CreateProxy();
obj.SomeOp();
MyType obj = MyType.CreateProxy();
obj.SomeOp();
Console.Write(obj.SomeOp(1,2,3));Console.Write(obj.SomeOp(1,2,3));
MyMessage msg = new MyMessage(1,2,3);
MyReply reply = obj.SomeOp(msg);
Console.Write(reply.Result);
MyMessage msg = new MyMessage(1,2,3);
MyReply reply = obj.SomeOp(msg);
Console.Write(reply.Result);
obj.CallMeBack(new MyByRefObj());obj.CallMeBack(new MyByRefObj());
obj.CallMeBack(
new EndpointReference("http:…")
);
obj.CallMeBack(
new EndpointReference("http:…")
);

A (very) short introduction to WSDLA (very) short introduction to WSDL
 WWebeb SServiceervice DDescriptionescription LLanguageanguage
 XML grammar for specifying the design time contract of a service
 Allows to fully describe a service in term ofAllows to fully describe a service in term of
 OperationsOperations what functionality the service provideswhat functionality the service provides
 InterfacesInterfaces how the functionality is exposedhow the functionality is exposed
 MessagesMessages what travels on the wirewhat travels on the wire
 BindingsBindings what protocol to use (SOAP usually)what protocol to use (SOAP usually)
 EndpointsEndpoints what URIs must be used to access the servicewhat URIs must be used to access the service
 A single WSDL document can describe several versions ofA single WSDL document can describe several versions of
the same interfacethe same interface
 A single WSDL document can describe several related servicesA single WSDL document can describe several related services

WSDL skeletonWSDL skeleton

<definitions name="MathService" targetNamespace="http://example.org/math/"<definitions name="MathService" targetNamespace="http://example.org/math/"
xmlns="http://schemas.xmlsoap.org/wsdl/" >xmlns="http://schemas.xmlsoap.org/wsdl/" >

<types> ... </types><types> ... </types>
<message> ... </message><message> ... </message>
<portType> ... </portType><portType> ... </portType>

<binding> ... </binding><binding> ... </binding>
<service> ... </service><service> ... </service>
</definitions></definitions>
 Extremely verbose and not very human readable
 ButBut precise and completeprecise and complete enough to allow unambiguousenough to allow unambiguous
code generation from the contract description ...code generation from the contract description ...
 ... or to... or to generate WSDL from code and meta datagenerate WSDL from code and meta data
 To "contract first" or not to "contract first", is a hotTo "contract first" or not to "contract first", is a hot
debate in the services worlddebate in the services world

A (very) short introduction to SOAPA (very) short introduction to SOAP
 SSimpleimple OObjectbject AAccessccess PProtocolrotocol
 XML grammarXML grammar for specifyingfor specifying how to exchange structured, typed datahow to exchange structured, typed data
between servicesbetween services
 In other words: it provides a serialization format for exchanging XMLIn other words: it provides a serialization format for exchanging XML
documents over a networkdocuments over a network
 SOAP is often seen as a protocol for doing RPC over HTTP, but thisSOAP is often seen as a protocol for doing RPC over HTTP, but this
is much more than thatis much more than that
 It may be used for RPC like calls in client-server applications, but it isIt may be used for RPC like calls in client-server applications, but it is
also suitable foralso suitable for multicastmulticast (one-to-many), and(one-to-many), and publish-subscribepublish-subscribe
models (i.e., it support asynchronous calls)models (i.e., it support asynchronous calls)
 SOAP is not a transport protocolSOAP is not a transport protocol. You must attach your message to. You must attach your message to
a transport mechanism like HTTP, SMTP, homing pigeons... (seea transport mechanism like HTTP, SMTP, homing pigeons... (see
RFC2459: IP over Avian Carriers with Quality of Service)RFC2459: IP over Avian Carriers with Quality of Service)

Structure of SOAP messagesStructure of SOAP messages
 A SOAP message is an XML document containingA SOAP message is an XML document containing
several parts:several parts:
 Envelope:Envelope: defines the start and the end of the messagedefines the start and the end of the message
 Header:Header: contains optional attributes (meta data) for thecontains optional attributes (meta data) for the
message, used in processing the message, either at anmessage, used in processing the message, either at an
intermediary point or at the ultimate end pointintermediary point or at the ultimate end point
 Body:Body: contains the actual data being sent, serialized as an XMLcontains the actual data being sent, serialized as an XML
documentdocument
 Attachments:Attachments: one or more XML documents attached to the mainone or more XML documents attached to the main
messagemessage
 RPC interaction:RPC interaction: defines how to model RPC-style interactionsdefines how to model RPC-style interactions
with SOAPwith SOAP
 Encoding:Encoding: defines how to represent simple and complex datadefines how to represent simple and complex data
being transmitted in the messagebeing transmitted in the message

Contracts and policies in a SOAP messageContracts and policies in a SOAP message
<soap:Envelope>
<soap:Header>
…
</soap:Header>
<soap:Body>
…
</soap:Body>
</soap:Envelope>
<soap:Envelope>
<soap:Header>
…
</soap:Header>
<soap:Body>
…
</soap:Body>
</soap:Envelope>
Schema
WSDL
Policy
Service ContractService Contract
Message ContractMessage Contract
WS-Policy
WS-PolicyAssertions
WS-PolicyAttachment
W3C XML Schema
WSDL 1.1 / 1.2
SOAP message

A (very) short introduction to UDDIA (very) short introduction to UDDI
 UUniversalniversal DDistribution,istribution, DDiscovery, andiscovery, and IInteroperabilitynteroperability
 Defines XML data models and SOAP APIs for registeringDefines XML data models and SOAP APIs for registering
and discovering services to/from aand discovering services to/from a service brokerservice broker
 Service brokers are (public or private)Service brokers are (public or private) central repositoriescentral repositories
replicated in a way similar to DNSreplicated in a way similar to DNS
(see, for example, http://www.uddi.org)(see, for example, http://www.uddi.org)
 UDDI uses SOAP for registering and discoveringUDDI uses SOAP for registering and discovering
informationinformation
 Doesn't seem to be very much in use until now, exceptDoesn't seem to be very much in use until now, except
for "toy" servicesfor "toy" services

UDDI principleUDDI principle
Service ProviderService Consumer
Service broker
(central repository
of contracts)
Client Service
Bind
SOAP, XML
Register
UDDI publish XXX
Find
UDDI find XXX
Service
Contract
WSDL
Provides location
transparency

ConclusionsConclusions
 If you think about it, there isn't really much new in all whatIf you think about it, there isn't really much new in all what
we just saw. All aspects, principles, and techniques werewe just saw. All aspects, principles, and techniques were
already present, in one form or another, in DCOM andalready present, in one form or another, in DCOM and
CORBACORBA
 We have reinvented the wheel once moreWe have reinvented the wheel once more
 So, what do we gain fundamentally by using services?So, what do we gain fundamentally by using services?
 What makes them more flexible and powerful thanWhat makes them more flexible and powerful than
traditional ORPCs?traditional ORPCs?
What was deeply buried and hidden in theWhat was deeply buried and hidden in the
ORPCs runtimes is now explicitly expressedORPCs runtimes is now explicitly expressed
inin
XMLXMLand can easily be manipulated, transformed,and can easily be manipulated, transformed,
mapped, translated, whatever ... at every placemapped, translated, whatever ... at every place
the information traverses using standard XMLthe information traverses using standard XML
technologiestechnologies
Well, that's a five
seconds summary,
of course

ResourcesResources
 Lots of articles / presentations available from meLots of articles / presentations available from me
 Microsoft’s “Connected Systems” DVDMicrosoft’s “Connected Systems” DVD
 http://msdn.microsoft.com/webservices/http://msdn.microsoft.com/webservices/
 If you want to read only one book:If you want to read only one book:
"Web Services: a Technical Introduction""Web Services: a Technical Introduction"
Deitel Developer SeriesDeitel Developer Series
platform neutral;platform neutral;
contains both .NET and Java examples;contains both .NET and Java examples;
covers pretty much all the shebangcovers pretty much all the shebang

Webservices

Recommended

Recommended

More Related Content

Similar to Webservices

Similar to Webservices (20)

Webservices