The document discusses WSDL 2.0 and web service security. It describes how WSDL 2.0 improved upon previous versions by reducing interoperability issues and supporting additional message exchange patterns. It then outlines several common message exchange patterns defined in WSDL 2.0, such as in-only, in-out, and out-in. The document also discusses WS-Security and how it provides authentication, confidentiality, and integrity for web service messages through standards like SOAP headers and security tokens.
Introduce about cloud service adoption for Thailand and globally. What is the factor to transform modernize cloud technology and how to work with it? Then, we talking about the definition of Serverless service on public cloud provider and example success solution design on cloud-native application that include Serverless service in a mainly design.
This document discusses Brocade's campus networking solutions, including its ICX product portfolio. It highlights the Brocade ICX 7250 switch, which offers high 10G scalability and future-proof functionality. It also covers the Brocade ICX 7450 switch, which provides premium capabilities, flexibility, and high scalability. Additionally, it presents the Brocade ICX 7750 switch, which enables a high-performance distributed chassis system.
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2
Key topics covered:
- Introduction to microservices and decentralized architectures
- WSO2 MI overview and features
Designing microservice-friendly integrations
- Implementation with WSO2 MI
Scalability and performance considerations
- Monitoring and management
How to Evaluate, Rollout and Operationalize Your SD-WAN ProjectsThousandEyes
The document discusses how to evaluate, rollout, and operationalize SD-WAN projects. It begins with an agenda that covers why a network transformation is needed, a comprehensive approach to implementation, and how Cisco can help. It then discusses that most customers demand fast and reliable digital experiences, and that when digital experiences go wrong it can significantly impact businesses. A network transformation is needed to support today's hybrid work environments and digital demands. The document outlines Cisco's approach to helping with visibility, intelligence, and workflows to optimize digital experiences for customers, workers and infrastructure.
Brocade Software Networking (SDN NFV Day ITB 2016)SDNRG ITB
This document discusses Brocade's software networking portfolio, including their journey acquiring Vyatta and SteelApp, and developing an SDN controller and vRouter. It provides information on Brocade's SDN controller, including that it is based on OpenDaylight and designed to be open, modular, and support collaborative innovation. Example applications for the controller are also discussed, including topology discovery and flow management. Details are given on Brocade's high-performance vRouter, including its DPDK-based data plane, programmable control plane, and validation achieving 80Gbps performance. Potential vRouter use cases are also mentioned, such as providing managed connectivity between an enterprise site and public cloud.
The document discusses the use of event-driven architecture (EDA) across several industries. It provides examples of how EDA is used in digital manufacturing, financial services, gaming/gambling, retail, and government. Some common technical problems addressed by EDA include large connection counts, processing data streams, ensuring zero message loss, and meeting latency requirements. The document also provides a brief quiz asking what EDA is.
apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...apidays
apidays LIVE JAKARTA - Connecting the Digital Stack
Take control of your microservices with App Mesh
Akhmad Makki, Enterprise Solution Strategist at Software AG
This document discusses Service Oriented Architecture (SOA) and web services. It defines SOA as an architectural style that promotes loose coupling between services. The key aspects of SOA include services being coarse-grained, loosely coupled, platform independent, and having standard interfaces. Web services are discussed as a common method for implementing SOA using XML, SOAP, WSDL and UDDI standards. The roles of these standards and developing both web service providers and consumers are explained.
Introduce about cloud service adoption for Thailand and globally. What is the factor to transform modernize cloud technology and how to work with it? Then, we talking about the definition of Serverless service on public cloud provider and example success solution design on cloud-native application that include Serverless service in a mainly design.
This document discusses Brocade's campus networking solutions, including its ICX product portfolio. It highlights the Brocade ICX 7250 switch, which offers high 10G scalability and future-proof functionality. It also covers the Brocade ICX 7450 switch, which provides premium capabilities, flexibility, and high scalability. Additionally, it presents the Brocade ICX 7750 switch, which enables a high-performance distributed chassis system.
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2
Key topics covered:
- Introduction to microservices and decentralized architectures
- WSO2 MI overview and features
Designing microservice-friendly integrations
- Implementation with WSO2 MI
Scalability and performance considerations
- Monitoring and management
How to Evaluate, Rollout and Operationalize Your SD-WAN ProjectsThousandEyes
The document discusses how to evaluate, rollout, and operationalize SD-WAN projects. It begins with an agenda that covers why a network transformation is needed, a comprehensive approach to implementation, and how Cisco can help. It then discusses that most customers demand fast and reliable digital experiences, and that when digital experiences go wrong it can significantly impact businesses. A network transformation is needed to support today's hybrid work environments and digital demands. The document outlines Cisco's approach to helping with visibility, intelligence, and workflows to optimize digital experiences for customers, workers and infrastructure.
Brocade Software Networking (SDN NFV Day ITB 2016)SDNRG ITB
This document discusses Brocade's software networking portfolio, including their journey acquiring Vyatta and SteelApp, and developing an SDN controller and vRouter. It provides information on Brocade's SDN controller, including that it is based on OpenDaylight and designed to be open, modular, and support collaborative innovation. Example applications for the controller are also discussed, including topology discovery and flow management. Details are given on Brocade's high-performance vRouter, including its DPDK-based data plane, programmable control plane, and validation achieving 80Gbps performance. Potential vRouter use cases are also mentioned, such as providing managed connectivity between an enterprise site and public cloud.
The document discusses the use of event-driven architecture (EDA) across several industries. It provides examples of how EDA is used in digital manufacturing, financial services, gaming/gambling, retail, and government. Some common technical problems addressed by EDA include large connection counts, processing data streams, ensuring zero message loss, and meeting latency requirements. The document also provides a brief quiz asking what EDA is.
apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...apidays
apidays LIVE JAKARTA - Connecting the Digital Stack
Take control of your microservices with App Mesh
Akhmad Makki, Enterprise Solution Strategist at Software AG
This document discusses Service Oriented Architecture (SOA) and web services. It defines SOA as an architectural style that promotes loose coupling between services. The key aspects of SOA include services being coarse-grained, loosely coupled, platform independent, and having standard interfaces. Web services are discussed as a common method for implementing SOA using XML, SOAP, WSDL and UDDI standards. The roles of these standards and developing both web service providers and consumers are explained.
Bring Service Mesh To Cloud Native-appsThang Chung
The presentation shows out what is Service Mesh, how is it work, and important concepts what is cloud-native apps. The event organized at Hanoi Oct 2018.
The document discusses the need to migrate OPC applications from a DCOM-based architecture to a more secure .NET-based or service-oriented architecture (SOA). Currently, SAIL's internal network connecting its production units is indirectly connected to the public internet. This exposes programmable logic controllers (PLCs) to attacks like Stuxnet since OPC servers use DCOM technology which cannot route through firewalls. The proposed project will implement web services to allow secure communication between an OPC data server and corporate clients through firewalls using the SOA approach of loosely coupled services.
How to Evaluate, Rollout, and Operationalize Your SD-WAN ProjectsThousandEyes
The document discusses the need for network transformations to support digital experiences. It notes that most customers demand fast, reliable digital interactions but that enabling digital services across hybrid work locations, cloud services, and networks can be challenging. When issues arise, there are impacts to applications, users, and infrastructure. The document then recommends a comprehensive approach to SD-WAN implementation that focuses on planning, rollout, and operations to deliver quality digital experiences and optimize networks. It describes how Cisco can help through internet visibility and intelligence to empower digital experiences for customers, workforces and enterprises.
SOFEA (Service Oriented Front End Architecture) is a web application architecture where all UI functionality is provided by JavaScript or Flash interacting with web services through AJAX. It provides a single page for UI logic that works with web services to access and update data, rather than interacting directly with the web server. SOFEA decouples application download, presentation flow, and data interchange processes to improve scalability, organize programming, and provide better user experience through lower latency interaction with web services.
The document provides an overview of web services, including their key features, architecture, and core technologies. It discusses how web services use standards like XML, SOAP, WSDL, and UDDI to allow software components to communicate over the internet in a manner that is self-contained, self-describing, and platform-independent. WSDL files describe web service operations and messages using an XML format, while SOAP is the messaging protocol used to make remote procedure calls between clients and services.
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacksiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
The document proposes an algorithm to secure SOAP-based web services from WSDL scanning attacks. The algorithm uses existing security standards like PKI, digital signatures, and XML encryption/decryption. It encrypts critical portions of the WSDL using symmetric encryption before publishing it to the UDDI registry. The encrypted WSDL contains a digital signature and hash to validate integrity. Clients must decrypt the WSDL using the service provider's public key before binding to prevent attacks from interpreting the WSDL contents. The algorithm was implemented and tested using Java with real banking data, with minimal performance overhead.
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Amazon Web Services
Come learn how OrangeX in Spain is transforming enterprise networks with AWS Cloud and Nokia's Nuage SD-WAN. Nuage's SD-WAN is delivered with management, control, and user plane in the AWS cloud. It is powered by Amazon EC2 i3.metal and AWS hybrid IT services via true multi-tenant, built-in multi-segment orchestrators, and multi-tier management spanning from operators to partners to direct enterprise portals. This enables the solution to be extended directly to service provider private backbones and cloud data centers and services, as well as between enterprise sites. The solution further enables SD-WAN over last mile broadband and leased wholesale circuits to access existing private backbones to leverage their reliable mid-mile connectivity and existing connectivity to enterprise sites. With SD-WAN becoming an essential function in vCPE deployments, Nuage’s SD-WAN has been established as the platform for simplifying the delivery and deployment of virtual network functions, such as security and agility, on-premises, and in the cloud. Learn factors to consider in using SD-WAN solution with AWS, agile implementation of the solution, and leveraging a cloud-ready operating model. We share sufficient references for you to take away to continue learning.
The document outlines the network for a transportation and delivery app company. It includes a network diagram showing the network topology with public IPs, firewalls, load balancers, VPN routers, and private subnets. It also lists the network devices, servers, internal services, cloud services, critical server services, and internet connectivity provided by telecom partners. The conclusion states that the network diagram helps manage and plan improvements to the infrastructure.
IBM WebSphere DataPower B2B Appliance XB62Lightwell
Increase the speed and reliability of extending your business beyond organizational walls with IBM WebSphere DataPower B2B Appliance XB62.
Highlights:
● Centralize and consolidate business- to-business (B2B) trading-partner connectivity with a purpose-built, DMZ-ready B2B Gateway
● Access new customers and new routes to market with standards-based trading- partner management
● Rapidly adjust product and service offerings to meet changing requirements with support for Web 2.0 technologies
● Unlock siloed information with drop-in B2B integration for heterogeneous environment
Build Message-Based Web Services for SOAJeffrey Hasan
My presentation covers the principles of message-based Web services and how to build them using .NET. (Note, this presentation preceded the release of WCF, and covers ASMX technology. But the core principles are still applicable).
Horizontal Scaling for Millions of Customers! elangovans
This document provides an overview of Elangovan Shanmugam's experience and expertise in software architecture. Some key points:
- Elangovan has over 25 years of experience in software development and has designed resilient systems that can handle millions of customers and transactions per second.
- He discusses his work on Tax products that can import documents in under 2 seconds for 45 million filers, and his role as Chief Architect for Mint which serves 35 million customers processing billions of transactions daily.
- The document outlines Elangovan's approach to software architecture including strategies for microservices, scalability, high availability, and application architecture for multiple platforms and millions of users.
Service Mesh: Two Big Words But Do You Need It?DevOps.com
Today, one of the big concepts buzzing in the app development world is service mesh. A service mesh is a configurable infrastructure layer for microservices application that makes communication flexible, reliable and fast. Let’s take a step back, though, and answer this question: Do you need a service mesh?
Join this webinar to learn:
What a service mesh is; when and why you need it — or when and why you may not
App modernization journey and traffic management approaches for microservices-based apps
How to make an informed decision based on cost and complexity before adopting service mesh
Learn about NGINX Service Mesh in a live demo, and how it provides the best service mesh option for container-based L7 traffic management
API Gateway or Service mesh - Complementary or excluding conceptsSven Bernhardt
API Gateway are already around for a while. With the rise of Microservices architectures and highly distributed architectures, new concepts like Service meshes arise. Since Service mesh and API Gateway implementations seem to have similar functionalities, we have to deal with questions wether to use the one or the other. But is it really an “or”? Maybe is it just another fallacy?
In this session, I’ll explain basic concepts, common functionalities and differences for both concepts, to answer the question, if it’s complementary or excluding concepts? To make this session more practical, it’ll be supported by coding examples where certain aspects of the talk are shown based on Cloud-native example app that run upon OCI.
Amdocs has developed an SD-WAN package that is pre-integrated with Versa SD-WAN and Fortinet security services. The package provides a ready-to-deploy orchestration solution that allows service providers to accelerate their managed SD-WAN offerings bundled with value-added services. It utilizes multi-domain network functions virtualization orchestration to automate service fulfillment across customer networks, data centers, and the cloud. This helps service providers optimize operations, improve the customer experience through self-service capabilities, and accelerate time to market for new services.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
More Related Content
Similar to Wsdl 2.0 message exchange and WS Security
Bring Service Mesh To Cloud Native-appsThang Chung
The presentation shows out what is Service Mesh, how is it work, and important concepts what is cloud-native apps. The event organized at Hanoi Oct 2018.
The document discusses the need to migrate OPC applications from a DCOM-based architecture to a more secure .NET-based or service-oriented architecture (SOA). Currently, SAIL's internal network connecting its production units is indirectly connected to the public internet. This exposes programmable logic controllers (PLCs) to attacks like Stuxnet since OPC servers use DCOM technology which cannot route through firewalls. The proposed project will implement web services to allow secure communication between an OPC data server and corporate clients through firewalls using the SOA approach of loosely coupled services.
How to Evaluate, Rollout, and Operationalize Your SD-WAN ProjectsThousandEyes
The document discusses the need for network transformations to support digital experiences. It notes that most customers demand fast, reliable digital interactions but that enabling digital services across hybrid work locations, cloud services, and networks can be challenging. When issues arise, there are impacts to applications, users, and infrastructure. The document then recommends a comprehensive approach to SD-WAN implementation that focuses on planning, rollout, and operations to deliver quality digital experiences and optimize networks. It describes how Cisco can help through internet visibility and intelligence to empower digital experiences for customers, workforces and enterprises.
SOFEA (Service Oriented Front End Architecture) is a web application architecture where all UI functionality is provided by JavaScript or Flash interacting with web services through AJAX. It provides a single page for UI logic that works with web services to access and update data, rather than interacting directly with the web server. SOFEA decouples application download, presentation flow, and data interchange processes to improve scalability, organize programming, and provide better user experience through lower latency interaction with web services.
The document provides an overview of web services, including their key features, architecture, and core technologies. It discusses how web services use standards like XML, SOAP, WSDL, and UDDI to allow software components to communicate over the internet in a manner that is self-contained, self-describing, and platform-independent. WSDL files describe web service operations and messages using an XML format, while SOAP is the messaging protocol used to make remote procedure calls between clients and services.
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacksiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
The document proposes an algorithm to secure SOAP-based web services from WSDL scanning attacks. The algorithm uses existing security standards like PKI, digital signatures, and XML encryption/decryption. It encrypts critical portions of the WSDL using symmetric encryption before publishing it to the UDDI registry. The encrypted WSDL contains a digital signature and hash to validate integrity. Clients must decrypt the WSDL using the service provider's public key before binding to prevent attacks from interpreting the WSDL contents. The algorithm was implemented and tested using Java with real banking data, with minimal performance overhead.
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Amazon Web Services
Come learn how OrangeX in Spain is transforming enterprise networks with AWS Cloud and Nokia's Nuage SD-WAN. Nuage's SD-WAN is delivered with management, control, and user plane in the AWS cloud. It is powered by Amazon EC2 i3.metal and AWS hybrid IT services via true multi-tenant, built-in multi-segment orchestrators, and multi-tier management spanning from operators to partners to direct enterprise portals. This enables the solution to be extended directly to service provider private backbones and cloud data centers and services, as well as between enterprise sites. The solution further enables SD-WAN over last mile broadband and leased wholesale circuits to access existing private backbones to leverage their reliable mid-mile connectivity and existing connectivity to enterprise sites. With SD-WAN becoming an essential function in vCPE deployments, Nuage’s SD-WAN has been established as the platform for simplifying the delivery and deployment of virtual network functions, such as security and agility, on-premises, and in the cloud. Learn factors to consider in using SD-WAN solution with AWS, agile implementation of the solution, and leveraging a cloud-ready operating model. We share sufficient references for you to take away to continue learning.
The document outlines the network for a transportation and delivery app company. It includes a network diagram showing the network topology with public IPs, firewalls, load balancers, VPN routers, and private subnets. It also lists the network devices, servers, internal services, cloud services, critical server services, and internet connectivity provided by telecom partners. The conclusion states that the network diagram helps manage and plan improvements to the infrastructure.
IBM WebSphere DataPower B2B Appliance XB62Lightwell
Increase the speed and reliability of extending your business beyond organizational walls with IBM WebSphere DataPower B2B Appliance XB62.
Highlights:
● Centralize and consolidate business- to-business (B2B) trading-partner connectivity with a purpose-built, DMZ-ready B2B Gateway
● Access new customers and new routes to market with standards-based trading- partner management
● Rapidly adjust product and service offerings to meet changing requirements with support for Web 2.0 technologies
● Unlock siloed information with drop-in B2B integration for heterogeneous environment
Build Message-Based Web Services for SOAJeffrey Hasan
My presentation covers the principles of message-based Web services and how to build them using .NET. (Note, this presentation preceded the release of WCF, and covers ASMX technology. But the core principles are still applicable).
Horizontal Scaling for Millions of Customers! elangovans
This document provides an overview of Elangovan Shanmugam's experience and expertise in software architecture. Some key points:
- Elangovan has over 25 years of experience in software development and has designed resilient systems that can handle millions of customers and transactions per second.
- He discusses his work on Tax products that can import documents in under 2 seconds for 45 million filers, and his role as Chief Architect for Mint which serves 35 million customers processing billions of transactions daily.
- The document outlines Elangovan's approach to software architecture including strategies for microservices, scalability, high availability, and application architecture for multiple platforms and millions of users.
Service Mesh: Two Big Words But Do You Need It?DevOps.com
Today, one of the big concepts buzzing in the app development world is service mesh. A service mesh is a configurable infrastructure layer for microservices application that makes communication flexible, reliable and fast. Let’s take a step back, though, and answer this question: Do you need a service mesh?
Join this webinar to learn:
What a service mesh is; when and why you need it — or when and why you may not
App modernization journey and traffic management approaches for microservices-based apps
How to make an informed decision based on cost and complexity before adopting service mesh
Learn about NGINX Service Mesh in a live demo, and how it provides the best service mesh option for container-based L7 traffic management
API Gateway or Service mesh - Complementary or excluding conceptsSven Bernhardt
API Gateway are already around for a while. With the rise of Microservices architectures and highly distributed architectures, new concepts like Service meshes arise. Since Service mesh and API Gateway implementations seem to have similar functionalities, we have to deal with questions wether to use the one or the other. But is it really an “or”? Maybe is it just another fallacy?
In this session, I’ll explain basic concepts, common functionalities and differences for both concepts, to answer the question, if it’s complementary or excluding concepts? To make this session more practical, it’ll be supported by coding examples where certain aspects of the talk are shown based on Cloud-native example app that run upon OCI.
Amdocs has developed an SD-WAN package that is pre-integrated with Versa SD-WAN and Fortinet security services. The package provides a ready-to-deploy orchestration solution that allows service providers to accelerate their managed SD-WAN offerings bundled with value-added services. It utilizes multi-domain network functions virtualization orchestration to automate service fulfillment across customer networks, data centers, and the cloud. This helps service providers optimize operations, improve the customer experience through self-service capabilities, and accelerate time to market for new services.
Similar to Wsdl 2.0 message exchange and WS Security (20)
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Wsdl 2.0 message exchange and WS Security
1. WSDL 2.0 MESSAGE
EXCHANGE AND WS-
SECURITY
HILAL TAHA (267365)
GAGANA KAVERIAPPA (267359)
JAYASURYA ARASUR SUBRAMANIAN (267412)
MOISES ROMERO ROMO (266567)
1
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
2. WSDL
▪ The Web Services Description
Language (WSDL) is an XML-
based interface description
language that is used for describing
the functionality offered by a web
service
2
Fig: WSDL Specificationhttps://www.w3.org/TR/wsdl.html
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
3. EXISTING STANDARDS
▪ WSDL 1.0 SEP 2000
▪ WSDL 1.1 MAR 2001
▪ WSDL 1.2 JUN 2003
▪ WSDL 2.0 JUN 2007
3SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
4. WSDL 2.0
▪ The W3C's Web Services
Description Working Group, part of
the Web Services Activity, has
defined a language for describing
web services and the possible ways
to interact with them.
▪ The WG published its WSDL 2.0
working drafts on 26 March 2004.
This is a significant milestone in
the progress of WSDL
4
Fig: Difference between WSDL 1.1 and 2.0
▪ https://www.w3.org/TR/wsdl20-adjuncts/
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
5. WHY WSDL 2.0…?
▪ Found to reduce interoperability
issues in WSDL.
▪ Permit fault message to declare
with in interface element.
▪ Support additional message patterns
(ex: out-multi in).
▪ Gives better fault handling notation.
▪ Support interface inheritance.
5SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
6. Template for Message Exchange
Patterns
▪ New message exchange patterns may be defined by any
organization able and willing to do so. It is recommended
that the patterns use the general template provided in Pattern
Name, after examination of existing predefined patterns.
https://www.w3.org/TR/wsdl20-adjuncts/
6SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
7. Pattern Name
▪ This pattern consists of [number] message[s, in order] as follows:
[enumeration, specifying, for each message] And [optional] message:
1. indicated by an Interface Message Reference component whose
{message label} is "[label]" and {direction} is "[direction]"
2. [received from|sent to] ['some' if first mention] node [node identifier]
7SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
11. IN-ONLY MESSAGE
EXCHANGE PATTERN
▪ A request message is sent to the web service
provider, and a response message is returned to
the web service requester. The response message
could be a normal SOAP message or a SOAP
fault.
11
CLIENT SERVICE
Fig: IN – ONLY (no fault)
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
12. ROBUST IN-ONLY MESSAGE
EXCHANGE PATTERN
▪ A request message is sent to the web service
provider, and a response message is only returned
to the web service requester if an error occurs. If
there is an error, a SOAP fault message is sent to
the requester.
12
CLIENT SERVICE
Fig: Robust IN-ONLY (Message Triggers Fault)
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
13. IN-OUT MESSAGE
EXCHANGE PATTERN
▪ A request message is sent to the web service
provider, and a response message is returned to
the web service requester. The response message
could be a normal SOAP message or a SOAP
fault.
13
CLIENT SERVICE
Fig: IN-OUT (Fault Replaces Message)
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
14. IN-OPTIONAL OUT MESSAGE
EXCHANGE PATTERN
▪ A request message is sent to the
web service provider, and a
response message is optionally
returned to the web service
requester. If there is a response, it
could be either a normal SOAP
message or a SOAP fault
14
CLIENT SERVICE
Fig: IN-Optional OUT (Message Triggers Fault)
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
15. OUT-ONLY MESSAGE
EXCHANGE PATTERN
▪ The service provider sends the
message. The message can be
normal SOAP message or an fault
message.
15
CLIENT SERVICE
Fig: OUT-ONLY (No Fault)
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
16. ROBUST OUT-ONLY MESSAGE
EXCHANGE PATTERN
▪ The Service provider sends the
message and in case of a fault at the
partner service it receives a fault
message.
16
CLIENT SERVICE
Fig: Robust OUT-ONLY (Message Triggers Fault)
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
17. OUT-IN MESSAGE
EXCHANGE PATTERN
▪ The Service provider sends the
message and receives a response
message. The message can be a
simple SOAP message
17
CLIENT SERVICE
Fig: OUT-IN (Fault Replaces Message)
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
18. OUT-OPTIONAL-IN
MESSAGE EXCHANGE
PATTERN
▪ The Service provider sends a
message and optionally receives a
response message. The message
can be a simple SOAP message.
18
CLIENT SERVICE
Fig: OUT-OPTIONAL-IN (Message Triggers Fault)
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
21. Axis history
21
Apache Axis is an implementation of the SOAP ("Simple Object Access Protocol")
submission to W3C.
Version history:
Axis 1.1
Axis 1.2
(October 5, 2005): Axis 1.3
(April 22, 2006): Axis 1.4
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
22. Axis2
22
▪ Apache Axis2™ is a Web Services / SOAP / WSDL engine
▪ Apache Axis2 not only supports SOAP 1.1 and SOAP 1.2, but it also has
integrated support for the widely popular REST style of Web service.
▪ Apache Axis2 is more efficient, more modular and more XML-oriented than
the older version. It is carefully designed to support the easy addition of
plug-in "modules" that extend their functionality for features such as security
and reliability.
▪ The Modules currently available or under development include:
● WS-Security - Supported by Apache Rampart
● WS-Addressing -Module included as part of Axis2 core
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
29. WS SECURITY ROADMAP
▪ WS-SECURITY
▪ SECURITY THREATS AND COUNTERMEASURES
▪ STANDARD HTTPS COMMUNICATION
▪ COMMUNICATION WITH MULTIPLE SERVERS
▪ MULTIPLE SERVER ENVIRONMENT
▪ WEB SERVICE SECURITY STANDARDS
▪ FLOW DIAGRAM OF SECURITY MODEL IN WS-SECURITY
▪ STEPS IN THE WORKFLOW
▪ WSDL SNIPPET
▪ WEB SERVICE SECURITY BEST PRACTICES
▪ SUMMARY
29SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
30. WS SECURITY
▪ A standard that addresses security
when data is exchanged as a part of
a Web service.
▪ A key feature in SOAP.
▪ Security is an important feature in
any web application.
▪ We should always develop web-
based applications with security in
mind.
30SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
31. SECURITY THREATS AND
COUNTERMEASURES
▪ A simple scenario of a web
application.
▪ See how it works in terms of
Security.
31SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
32. SECURITY THREATS AND
COUNTERMEASURE
▪ One of the security measures for the
HTTP is the HTTPS protocol.
▪ HTTPS makes use of the Secure
Sockets layer for secure
communication.
▪ Both the client and the server will
have a digital certificate to identify
themselves.
32SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
33. STANDARD HTTPS
COMUNICATION
▪ Steps:
▪ Client sends a request to the server
via the client certificate.
▪ The server then authenticates itself
to the client by sending its
certificate.
▪ All comunication thereafter
between the client and server is
encrypted.
But the above type of security will not
work in all situations. 33
34. COMMUNICATION WITH
MULTIPLE SERVERS
▪ Example shows a client talking to both a
database and a web server at a time.
▪ Not all information can pass through the
https protocol.
▪ SOAP comes in action to overcome such
obstacles by having the WS Security
specification in place.
▪ All security related data is defined in the
SOAP header element.
▪ 1.If the the message is signed…
▪ 2.If any element is encrypted 34
35. MULTIPLE SERVER
ENVIRONMENT
▪ The previous techniques helps in the
following way.
▪ SOAP body encrypted.
▪ Message is passed to the database
server in an HTTP request.
▪ Appropriated response to the client.
35SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
36. WEB SERVICE SECURITY
STANDARDS
▪ The credentials in the SOAP header
is managed in two ways.
▪ UsernameToken.
▪ BinaryToken via the
BinarySecurityToken
36SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
37. WEB SERVICE SECURITY
STANDARDS
▪ It is a Message Level Security
▪ Addresses three main security issues :
▪ Authentication (Identity)
▪ Confidentiality (Encryption and Decryption)
▪ Integrity (XML Signature)
37SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
38. FLOW DIAGRAM OF SECURITY MODEL IN
WS SECURITY
38SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
39. STEPS IN THE WORKFLOW
1. A request can be sent from the WS
client to Security token Service.
2. The security token is passed to the
WS client.
3. WS client called the web service.
4. Web service understands the SOAP
message with the authentication
token.
39SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
41. WS-SECURITY
AUTHENTICATION
WS Security Standard offers three methods of authentication :
▪ UsernameToken Profile
▪ X 508 Certificates Token Profile
▪ SAML Token Profile
41SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
42. UsernameToken Profile
▪ UsernameToken represents a username and password pair in WS-Security
Standard.
▪ It is included in the SOAP header of the web service request.
▪ Since the SOAP message is sent as is, the Username and Password are in
plain text.
▪ In production environment, it should be used in association with
transportation layer encryption such as SSL.
▪ CXF supports the use of WS-Security Policy or Interceptors for adding the
UsernameToken security header.
42SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
43. JAX-WS CLIENT BASIC
AUTHENTICATION EXAMPLE
▪ In this Example :
▪ Creating a simple JAX-WS web service and client.
▪ Secure the web service with the UsernameToken profile - Using a Java
security callback - Configured with an Apache CXF Interceptor.
▪ Configure the same components on the Client side.
43SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
44. TOOLS USED IN THIS EXAMPLE
▪ Eclipse IDE for Enterprise Java Developers
▪ Maven
▪ Tomcat v8.5
44SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
45. Create the Web Service Provider
45SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
46. Create the Web Service Provider
46
Enter the Group ID and Artifact ID
47. Add Maven Plugins in pom.xml
47
▪ The Maven plugin compiler will
compile the source code
▪ The Maven war plugin will
package the application in a
deployable war file
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
48. Add Dependencies
48
▪ Spring dependencies are required
since we will be using a Spring
configuration file for configuring
the web service.
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
49. Create the Web Service
49
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
51. Create the Spring Configuration
file
▪ The <jaxws:server> element configures a JAX-WS service provider.
▪ The <jaxws:server> element’s address attribute specifies the web service
HTTP endpoint, for example, /hello.
▪ The <jaxws:serviceBean> element specifies the Java class implementing the
web service.
51
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
52. Configure the cxf-servlet in
web.xml
▪ The CXFServlet searches for the cxf-servlet.xml by default and exposes all
the endpoints configured in that file.
▪ Set load-on-startup to any positive number so that CXFServlet immediately
loads all the web services endpoints on server startup.
▪ The recommended url pattern for web services is /services/*. 52
SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
55. Securing the Web Service
▪ Adding UsernameToken profile authentication to our web service
▪ Adding authentication does not alter our existing web service business logic
code
▪ Add the following Maven dependency
55SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
60. Create the UserToken Password
Callback Handler
We are hard-coding the username and password but typically these values are read from an
external source
60SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
61. Update the Client Code
61SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020
63. WEB SERVICE SECURITY BEST
PRACTICES
▪ Auditing and Log management.
▪ Flow of calls to the web service.
▪ Sensitive information.
▪ Track Business Operations.
▪ Proper Authentication.
63SERVICE ORIENTED SOFTWARE ENGINEERING 2019-2020