1

Simple Object Access Protocol (SOAP)

by Kazi Huque

2

Presentation Outline

Definition Motivation Characteristics SOAP message format SOAP in code SOAP Security SOAP in action

3

What is SOAP?

SOAP is a lightweight protocol intended for exchanging structured information in a decentralized, distributed environment. SOAP uses XML technologies to define an extensible messaging framework, which provides a message construct that can be exchanged over a variety of underlying protocols. The framework has been designed to be independent of any particular programming model and other implementation-specific semantics.

4

SOAP is the Foundation

SOAP

WS-Security

WS-Policy WS-Trust WS-Privacy

WS-Secure Conversation WS-FederationWS-Authorization

5

Simply Put...

SOAP is a way for a program running in one operating system to communicate with a program running in either the same or a different operating system, using HTTP (or any other transport protocol) and XML.

6

SOAP Messaging Framework

XML-based messaging framework that is 1) extensible 2) interoperable 3) independent

Next we discuss these three characteristics in more detail

7

Extensible

Simplicity remains one of SOAP's primary design goals

SOAP defines a communication framework that allows for features such as security, routing, and reliability to be added later as layered extensions

8

Interoperable

SOAP can be used over any transport protocol such as TCP, HTTP, SMTP

SOAP provides an explicit binding today for HTTP

9

Interoperable Cont…

10

Independent

SOAP allows for any programming model and is not tied to RPC

SOAP defines a model for processing individual, one-way messages

SOAP also allows for any number of message exchange patterns (MEPs)

11

One-Way Message

12

Request/Response

13

SOAP Message Format

SOAP message consists of three parts: SOAP Envelope

SOAP Header (optional)

SOAP Body

From the http://schemas.xmlsoap.org/soap/envelope/ namespace

14

SOAP Envelope

The SOAP Envelope construct defines an overall framework for expressing what is in a message and who should deal with it.

15

SOAP Envelope Cont…

The Envelope is the top element of the XML document representing the message. The Envelope element is always the root

element of a SOAP message. The Envelope element contains an optional

Header element followed by a mandatory Body element.

16

SOAP Envelope Code

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <!-- optional -->

<!-- header blocks go here... -->

</soap:Header>

<soap:Body>

<!-- payload or Fault element goes here... --> </soap:Body>

</soap:Envelope>

17

SOAP Header

The Header element is a generic container for control information

It may contain any number of elements from any namespace

Header blocks should contain information that influences payload processing

Header is optional

18

SOAP Header Code

<soap:Header>

<!-- security credentials -->

<s:credentials xmlns:s="urn:examples-org:security"> <username>dave</username>

<password>evad</password>

</s:credentials>

</soap:Header>

19

SOAP Body

The Body element represents the message payload

20

SOAP Body Code

<soap:Body>

<x:TransferFunds xmlns:x="urn:examples-org:banking"> <from>22-342439</from>

<to>98-283843</to>

<amount>100.00</amount>

</x:TransferFunds>

</soap:Body>

21

SOAP in Code

SOAP Message Embedded in HTTP Request:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"  SOAPENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body>       <m:GetLastTradePrice xmlns:m="Some-URI">           <symbol>DIS</symbol>       </m:GetLastTradePrice>   </SOAP-ENV:Body>

</SOAP-ENV:Envelope>

22

SOAP in Code Cont…

SOAP Message Embedded in HTTP Response:

<SOAP-ENV:Envelope  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"  SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>   <SOAP-ENV:Body>       <m:GetLastTradePriceResponse xmlns:m="Some-URI">           <Price>34.5</Price>       </m:GetLastTradePriceResponse>   </SOAP-ENV:Body>

</SOAP-ENV:Envelope>

23

SOAP Security

The SOAP specification does not define encryption for XML Web Services.

This is left up to the implementer of the SOAP protocol.

24

Issues About Security

Encryption places a dependency on the transport protocol

Does the transport protocol support secure communication?

What is the cost of encrypting all the data versus part of the data?

25

SOAP Code with Encryption

<%@ WebService Language="C#" Class="CreditCardService" %>

using System.Web.Services;

public class CreditCardService {

[WebMethod]

[EncryptionExtension(Encrypt=EncryptMode.Response)]

public string GetCreditCardNumber() {

return "MC: 4111-1111-1111-1111";

}

}

26

Request Encrypted

<?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body>

<GetCreditCardNumber xmlns="http://tempuri.org/" /> </soap:Body>

</soap:Envelope>

27

Response Encrypted

<soap:Body>

<GetCreditCardNumber xmlns="http://tempuri.org/">

<GetCreditCardNumberResult>83 151 243 32 53 95 86 13 190 134 188 241 198 209 72 114 122 38 180 34 194 138 16 97 221 195 239 86 26 152 94 27

</GetCreditCardNumberResult>

</GetCreditCardNumber> </soap:Body>

28

SOAP in Action

Demo

29

References

Understanding SOAP Overall explanation of what SOAP is, and what it can do.

http://msdn.microsoft.com/webservices/understanding/webservicebasics/default.aspx?pull=/library/en-us//dnsoap/html/understandsoap.asp

W3C Note Explains how SOAP exchanges messages. Code level details.

http://www.w3.org/TR/2000/NOTE-SOAP-20000508/