CERN

IDS
 Why?
WebServices

CERN
IDS
 Why Web Services?

“The Web can grow significantly in power and scope

if it is extended to support communication between
applications, from one program to another.”

- From the W3C XML Protocol Working Group Charter

CERN
IDS
 Presentation Roadmap

Past
Present
Future

CERN
IDS
 The Hype
New paradigm?
Reason to move platforms?
Replacement for EDI?

CERN
IDS
 Gartner’s ‘Hype’ Curve 2002
Key: Time to “plateau”
Visibility
Less than two years
Biometrics Grid Computing
Two to five years
Five to 10 years
Natural-language
search Web Services Beyond 10 years

Identity services
Virtual
Personal digital
Wireless private
Nanocomputing assistant phones Text-to- LANs/802.11 networks
speech
E-tags
Speech recognition in
Peer-to-peer call centers
Voice over IP
Personal computing
fuel cells Bluetooth
WAP/ Public key infrastructure
Wireless
Web Location
Speech recognition on desktops
sensing
Peak of
Technology inflated Trough of Slope of Plateau of
trigger expectations disillusionment enlightenment productivity
Maturity

CERN Source: Gartner Group June 2002

IDS
 Gartner’s Hype curve 2016

CERN
IDS
 W3C (working group) definition
• "A Web service is a software application
identified by a URI, whose interfaces
and bindings are capable of being
defined, described and discovered as
XML artefacts. A Web service supports
direct interactions with other software
agents using XML based messages
exchanged via internet-based protocols."

CERN
IDS
 What are Web Services?
Identifiedby a URI
Interfaces defined using XML
Can be discovered by other systems
Interact using XML based messages
conveyed by Internet protocols

Source: Web Services Glossary

CERN
IDS
 What are Web Services?

Application 1 Application 2

XML

CERN
IDS
 Transport
HTTP POST is most common
But other protocols such as
– FTP
– SMTP
– HTTP GET
And other exotic ones:
– Jabber
– BEEP

CERN
IDS
 Packaging – Soap
Used to mean
– Simple
– Object
– Access
– Protocol
From SOAP 1.2 > SOAP is no longer an
acronym
Two Types of SOAP

CERN
IDS
 Packaging – Soap

SOAP RPC:
– encode and bind data structures into xml.
– encode an RPC call

CERN
IDS
 Serialization

<PurchaseOrder>
<item type=“xsd:string”>
class PurchaseOrder { Serializer socks
String item = “socks”; </item>
int amount = 1; <amount type=“xsd:int”>
} 1
</amount>
</PurchaseOrder>

CERN
IDS
 Packaging - SOAP
 SOAP ‘document style’
– packages xml in an envelope

CERN
IDS
 Packaging – Soap
HTTP Post

SOAP Envelope

SOAP Head

SOAP Body

CERN
IDS
 Packaging – Soap

<s:Envelope xmlns:s=“URN”>
<s:header>
<s:transaction xmlns:m=“soap-
transaction”>
<m:transactionID>
1234
</m:transactionID >
</s:transaction>
</s:header>

CERN
IDS
 Packaging – Soap

<s:Body>
<n:purchaseOrder xmlns:n=“URN”>
<n:item>socks</n:item>
<n:amount>1</n:amount>
</n:purchaseOrder>
</s:Body>
</s:Envelope>

CERN
IDS
 Description – WSDL
Web Services Description Language
“Web Services Description Language
(WSDL) provides a model and an
XML format for describing Web
services.” w3c.org

CERN
IDS
 Description – WSDL

Types

Messages

Operations

Encoding

Endpoint
CERN
IDS
 Types

<types>
<schema targetNamespace=" IMessageService.xsd"
xmlns="…/XMLSchema"
xmlns:SOAPENC="…/soap/encoding/"/>
</types>

CERN
IDS
 Messages

<message name=“purchase">
<part name=“item" type="xsd:string"/>
<part name=“quantity" type="xsd:integer"/>
</message>

CERN
IDS
 Operations

<operation name="setMessage">
<input name="setMessageRequest“
message="tns:setMessageRequest"/>
<output name="setMessageResponse“
message="tns:setMessageResponse"/>
</operation>

CERN
IDS
 Encoding

<soap:operation soapAction="" style="rpc"/>

<input name="setMessage0Request">
<soap:body use="encoded"
namespace="MessageService"
encodingStyle="…/soap/encoding/"/>
</input>

CERN
IDS
 Endpoint

<service name="MessageService">
<port name="MessageServicePort"
binding="tns:MessageServiceBinding">
<soap:address location="http://localhost:8080/setMessage/"/>
</port>
</service>

CERN
IDS
 Discovery – UDDI
Universal Description, Discovery and
Integration
A UDDI Server acts as a registry for
Web Services and makes them
searchable.

CERN
IDS
 Discovery – UDDI
UDDI Registry
Inquiry

Publish

CERN
IDS
 Discovery – UDDI
UDDI Registry
Inquiry

Publish

CERN
IDS
 SOAP-based communication
Waiting
Waitingfor for Sending
Sending
requests
requests Data in XML format requests,
requests,
(known location, getting
(known location, getting
known port)
known port)
results
results

• SOAP:
– Data in a well-defined XML format
– Transport over various protocols
• HTTP, SMTP are the most used, perhaps
because they are firewall-friendly
– server side: either an RPC call or a
CERN message delivered
IDS
 Web services
• A collection of XML-based technologies
developed by the e-business community
to address issues of:
– service discovery
– interoperable data exchange and/or
application invocation
– service compositions (workflow, business
processes)
• Major developers include:
– Apache, IBM, HP, SUN & Microsoft (.NET)
• http://www.webservices.org/
CERN
IDS
 Web Services Architecture

CERN Let a program “click on a web page”

IDS
 Web Services Stack

CERN
IDS
 XML Messaging Using SOAP

CERN
IDS
 WSDL
• Web Services Definition Language
– http://www.w3.org/TR/wsdl/
• An XML-based language for describing
Web Services
– what the service does (description)
– how to use it (method signatures)
– where to find the service
• It does not depend on the underlying
protocol
• But: It is not much human-readable
CERN
IDS
 Hello.wsdl
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions
targetNamespace="http://localhost:8080/axis/services/Hello"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:impl="http://localhost:8080/axis/services/Hello-impl"
xmlns:intf="http://localhost:8080/axis/services/Hello"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <wsdl:message
name="setHelloMessageRequest"> <wsdl:part name="in0"
type="xsd:string"/> </wsdl:message> <wsdl:message
name="getHelloMessageResponse"> <wsdl:part name="return"
type="xsd:string"/> </wsdl:message> <wsdl:message
name="setHelloMessageResponse"> </wsdl:message> <wsdl:message
name="getHelloMessageRequest"> </wsdl:message> <wsdl:portType
name="HelloWorldService"> <wsdl:operation name="getHelloMessage">
<wsdl:input message="intf:getHelloMessageRequest"/> <wsdl:output
message="intf:getHelloMessageResponse"/> </wsdl:operation>
<wsdl:operation name="setHelloMessage" parameterOrder="in0">
<wsdl:input message="intf:setHelloMessageRequest"/> <wsdl:output
message="intf:setHelloMessageResponse"/> </wsdl:operation>
</wsdl:portType> <wsdl:binding name="HelloSoapBinding"
type="intf:HelloWorldService"> <wsdlsoap:binding style="rpc"
transport="http://schemas.xmlsoap.org/soap/http"/> <wsdl:operation
name="getHelloMessage"> <wsdlsoap:operation soapAction=""/>
<wsdl:input> <wsdlsoap:body
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
namespace="getHelloMessage" use="encoded"/> </wsdl:input>
<wsdl:output> <wsdlsoap:body
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
namespace="http://localhost:8080/axis/services/Hello" use="encoded"/>
</wsdl:output> </wsdl:operation> <wsdl:operation
name="setHelloMessage"> <wsdlsoap:operation soapAction=""/>
<wsdl:input> <wsdlsoap:body
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
namespace="setHelloMessage" use="encoded"/> </wsdl:input>
<wsdl:output> <wsdlsoap:body
CERNencodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
namespace="http://localhost:8080/axis/services/Hello" use="encoded"/>
IDS
 UDDI (and alternatives)
• Universal Description, Discovery and
Integration
– http://www.uddi.org
• UDDI creates a platform-independent,
open framework & registry for:
– Describing services
– Discovering businesses
– Integrating business services
• The UDDI may be less used than
predicted, especially on the Internet level
CERN
IDS
 A Web Service example in Java

HTTP Server

Servlet engine (e.g. Apache Tomcat)

Any
Any
Any class
class
class
Any
Any
processing
Any class
class
class
processing
Any
processing
Any
processing class
class
the
the processing
incoming
processing
incoming
processing SOAP-aware
the
the
the incoming
processing
incoming
incoming SOAP-aware Sending
Sending
requests
the
requests
the incoming
requestsincoming Servlet
the
requestsincoming
requests Servlet requests,
requests,
(“business
(“business
(“business logic”
requestslogic”
requestslogic” (e.g. Apache Axis) getting
(“business
(“business requestslogic”
logic” (e.g. Apache Axis) getting
(“business
(“business logic”
(“business logic” logic” results
results

CERN
IDS
 Design Recommendations
Create a local class
Create a method with the same name

CERN
IDS
 Web Services
Future

CERN
IDS
 Security
WS do not define how to do security,
they rely on other mechanisms
layered on top.
Very common to use SSL
– Good for simple cases
• Weak when multi-tier
• Forces encryption of all data – sometimes
not needed

CERN
IDS
 Security

Bookstore
Client
Application

CERN
IDS
 Security Bank

Client Bookstore
Application

Warehouse

CERN
IDS
 WS Security Standardisation
 W3C - http://www.w3c.org
– XML Encryption
– XML Digital Signatures

 WS-I - http://www.ws-i.org
– WS Security Profile

 OASIS - http://www.oasis-open.org
– WS-Security
– SAML - Security Assertion Markup Language
– XACML - Extensible Access Control Markup
Language
CERN
– XKMS - XML Key Management Specification
IDS
 Security – Fire Walls

Bookstore
Client
Application

Fire Wall

CERN
IDS
 Security
Firewall
‘transparency’
Double-edged sword
– Simplifies deployment

– Opens up potential holes in enterprise

security
• Similar to CGI, etc.

CERN
IDS
 WS-I
Web Services Interoperability
Organization
http://www.ws-i.org

R1017 A RECEIVER MUST NOT mandate the

use of the xsi:type attribute in
messages except as required in order
to indicate a derived type
WS-I Basic Profile Version 1.0
CERN
IDS
 Other Statndards
Security
– Single Sign-on, credentials
Transactions
Quality of service
– Timeliness guarantees
Asynchronous operations
– Co-ordination, workflow

CERN
IDS
 Real Examples
Amazon Web Services API
Google Web API
HP & IBM online stores

CERN
IDS
 Next Steps
Overtime Interface
Other documents (Materials Request,
TID, Transport Request)
E-Business – with ebXML

CERN
IDS
 Gartner’s ‘Hype’ Curve
Key: Time to “plateau”
Visibility
Less than two years
Two to five years
Five to 10 years
Beyond 10 years

Web Services

Peak of
Technology inflated Trough of Slope of Plateau of
trigger expectations disillusionment enlightenment productivity
Maturity

CERN Source: Gartner Group June 2002

IDS
 Thank you

CERN
IDS