Upload
lesley-hawkins
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
Advanced Services - Advanced Services - Beyond the BasicsBeyond the BasicsAdvanced Services - Advanced Services - Beyond the BasicsBeyond the Basics
Case Studies IICase Studies II
Lawrence WilkesLawrence Wilkes
Tesco.com ChallengesTesco.com ChallengesLargest on-line grocery retailer in the worldLargest on-line grocery retailer in the world
UK, Republic of Ireland, South Korea and Groceryworks, a UK, Republic of Ireland, South Korea and Groceryworks, a joint venture with Safeway Inc. in the USAjoint venture with Safeway Inc. in the USA
$1b+ turnover in UK (2003)$1b+ turnover in UK (2003)
120,000+ deliveries every week in the UK (2003)120,000+ deliveries every week in the UK (2003)
Part of one of the largest bricks and mortar Part of one of the largest bricks and mortar retailers in the worldretailers in the world
Expand on-line grocery to non-food markets with Expand on-line grocery to non-food markets with the objectives:the objectives:
Diversify product range, with many virtual storesDiversify product range, with many virtual stores
Maintain customer managementMaintain customer management
Expansion must not disrupt current systemsExpansion must not disrupt current systems
Time to market is crucialTime to market is crucial
Support multiple devices for end customerSupport multiple devices for end customer
Improve delivery processImprove delivery process
Tesco.comTesco.com
3rd Party Fulfilment
3rd Party Information
Own StoresDeliveries
Diverse Shopping
Clients
Web ServicesWeb Services PromotionsPromotions Product fileProduct file Home pageHome page Product searchProduct search FavouritesFavourites Log-in serviceLog-in service Basket serviceBasket service CheckoutCheckout
Tesco.com ArchitectureTesco.com Architecture
ADO.NET
CommonCheckout
SQL Server
CommonBasket
CommonCustomer
Store #Broker
CommonStore
InterfacesASP.NET Store #Store #
#1 #2 #n
Presentation Business Logic Data
ExternalWeb
Services
Approx 2000 Tesco Stores 3rd Party Suppliers
Tesco Back End Systems
BizTalk Server
Some BenefitsSome BenefitsBusinessBusinessImproved Customer SatisfactionImproved Customer SatisfactionReduced errorsReduced errorsStaff and Process EfficiencyStaff and Process Efficiency
““10,000 personal shoppers and 3,000 drivers… If 10,000 personal shoppers and 3,000 drivers… If you can cut just 15 minutes out of their weekly you can cut just 15 minutes out of their weekly schedule the scale effect is enormous”schedule the scale effect is enormous”
In-store stock control process improved 40% by In-store stock control process improved 40% by equipping 10,000 stock controllers with PocketPC using equipping 10,000 stock controllers with PocketPC using Web Services to communicate stock information to Web Services to communicate stock information to back end mainframesback end mainframesITITHigh developer productivityHigh developer productivity
Truck Routing and delivery system built by one Truck Routing and delivery system built by one developer in 6 weeksdeveloper in 6 weeks1st new virtual store added in 8 weeks1st new virtual store added in 8 weeks
Easy transfer of skills from desktop to mobile device Easy transfer of skills from desktop to mobile device developmentdevelopment
Other
Excel
WS
E
Win2K
PolitikenPortal
Danske BankDanske Bank
Danske Bank Web Danske Bank Web ServicesServices
Stock quotesStock quotes Bond quotesBond quotes Currency tradingCurrency trading
InstitutionalPartners
Web Service
Politiken Readers
ERP
Mainframe
XML
Cache
15min RefreshRouting Based on User
Real Time
Danske Bank - FactsDanske Bank - Facts
SecureSecureSupports latest Web services security standardsSupports latest Web services security standards
Cost Efficient Cost Efficient Using routing feature in .NET the cost savings Using routing feature in .NET the cost savings for mainframe use for stock quotes alone is for mainframe use for stock quotes alone is $1M per year$1M per year
Rock Solid PlatformRock Solid PlatformBillions of dollars to be traded annuallyBillions of dollars to be traded annually
New Revenue StreamsNew Revenue Streams(.NET) and Web services enables possible new (.NET) and Web services enables possible new customer segmentscustomer segments
ERGO - FactsERGO - FactsERGO Insurance Group – 2ERGO Insurance Group – 2ndnd largest in Germany largest in Germany
29m customers across Europe29m customers across Europe
ERGO needed toERGO needed to
lower IT costslower IT costs
developing new channels of distribution to developing new channels of distribution to reach customers in innovative ways.reach customers in innovative ways.
Benefits Benefits
Single platform that meets a diverse set of Single platform that meets a diverse set of needs needs
Faster time-to-market Faster time-to-market
Lower development costs Lower development costs
Increased sales force productivity Increased sales force productivity
Connected business partnersConnected business partners
ISABizTalkServer
CommerceServer
W2K W2K W2KW2K
ERGO - Intodo Solution ERGO - Intodo Solution Architecture Architecture
WebTier
Web Service
BusinessLogic
SAPHTTP MSMQ DCOM
SQL 2000
1. Customer Places Insurance Products in Shopping Basket
2. Details sent to Intodo
3. Insurance Policye-mailed to Customer
CIC
ST
ran
sa
ctio
nG
ate
wa
y
ERGO HLPA.NET ArchitectureERGO HLPA.NET Architecture
(HLPA - High Level Protocol Adaptor)
IBM CICSMainframe
ApplicationsIIS
W2K
WebService
Ho
st
Integ
ratio
nS
erve
r
LU6.2
ABV usingWeb Forms
Name
Ticker
CCY
Exch
Win Forms
Call Centre
Name
Ticker
CCY
Exch
Siebel
Clear2Pay - VisaClear2Pay - VisaA new system was A new system was required by the banks to required by the banks to automate the processing automate the processing of VISA Purchasing Card of VISA Purchasing Card transactionstransactions
New VAT requirements New VAT requirements and Euro complianceand Euro compliancePrevious solution was a Previous solution was a CD-Rom that had to be CD-Rom that had to be installed on merchant installed on merchant PCPCHad to meet the needs Had to meet the needs of wide variety of of wide variety of merchantsmerchants
Tectrade Tectrade (acquired by (acquired by Clear2Pay)Clear2Pay) were chosen were chosen because they because they demonstrated an Web demonstrated an Web Services approach Services approach
Developer BenefitsDeveloper Benefits
Ease of integrationEase of integration
time-to-market of three time-to-market of three monthsmonths
Flexibility to accommodate Flexibility to accommodate customers needscustomers needs
Customer BenefitsCustomer Benefits
Supports Multiple Channels Supports Multiple Channels
Continuous Real Time Continuous Real Time AuthorisationAuthorisation
direct links to the credit card direct links to the credit card networks improves security, networks improves security, increases speed and lowers increases speed and lowers the transaction cost the transaction cost
one solution for small and one solution for small and large merchantslarge merchants
easy integration with existing easy integration with existing applications applications
ClearPark SystemClearPark System
Advanced Web ServicesAdvanced Web ServicesAdvanced Web ServicesAdvanced Web Services
Nigel WatlingNigel [email protected]@microsoft.comMicrosoft EMEAMicrosoft EMEA
AgendaAgenda
Web Services ArchitectureWeb Services Architecture
SecuritySecurity
ReliabilityReliability
TransactionsTransactions
Web Services EnhancementsWeb Services Enhancements
Architectural FrameworksArchitectural Frameworks
Web Services ArchitectureWeb Services ArchitectureObjectives
Build on basic Web servicesBuild on basic Web services
Add capabilities necessary for Add capabilities necessary for enterprise-level computingenterprise-level computing
Secure, reliable and transacted Web Secure, reliable and transacted Web servicesservices
Preserve benefits that have led to Preserve benefits that have led to success of basic Web servicessuccess of basic Web services
InteroperabilityInteroperability
Ability to be implementedAbility to be implemented
Add no more complexity than neededAdd no more complexity than needed
Web Services ArchitectureWeb Services ArchitectureSpecifications
Open standards processOpen standards processSpecification proposed by industry leadersSpecification proposed by industry leaders
Microsoft, IBM, BEA, et al.Microsoft, IBM, BEA, et al.
Initial implementations of proposed Initial implementations of proposed specificationsspecifications
Feedback and interoperability workshopsFeedback and interoperability workshops
Proposed specification submitted to Proposed specification submitted to standards bodiesstandards bodies
W3C, IETF, OASISW3C, IETF, OASIS
WS-I promotes interoperabilityWS-I promotes interoperabilityProfiles interoperable use of specificationsProfiles interoperable use of specifications
Web Services ArchitectureWeb Services ArchitectureRoadmapRoadmap
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
TransportsTransports
Connected ApplicationsConnected Applications
Web Services Architecture Web Services Architecture Design PrinciplesDesign Principles
ComposableComposable
ModularModular
FederatedFederated
ReliableReliable
Decentralized and autonomousDecentralized and autonomous
Transport independentTransport independent
Web Services ArchitectureWeb Services ArchitectureComposabilityComposability
The cornerstone of WSAThe cornerstone of WSAEach specification solves an immediate Each specification solves an immediate need and is valuable in its own rightneed and is valuable in its own right
Combine independent specifications to Combine independent specifications to provide more powerful capabilitiesprovide more powerful capabilities
Enables incremental consumption and Enables incremental consumption and progressive discovery of new concepts, progressive discovery of new concepts, tools, servicestools, services
Allows development of core functionality, Allows development of core functionality, then supports additional capabilities then supports additional capabilities
Only pay for technology actually usedOnly pay for technology actually used
Web Services ArchitectureWeb Services ArchitectureMessagingMessaging
SOAPSOAPLanguage of Web service messagesLanguage of Web service messagesSOAP 1.1 is current standardSOAP 1.1 is current standardSOAP 1.2 is emerging standardSOAP 1.2 is emerging standard
WS-AddressingWS-AddressingMechanisms to address Web services and Mechanisms to address Web services and messagesmessagesEnables message exchange patterns beyond Enables message exchange patterns beyond HTTP request-responseHTTP request-responseDefines a resource modelDefines a resource model
Organization of resources behind a service is opaque Organization of resources behind a service is opaque to the clientto the clientKey abstraction is EndpointReferenceKey abstraction is EndpointReference
Supersedes WS-Routing and WS-ReferralSupersedes WS-Routing and WS-Referral
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureMessagingMessaging
WS-EventingWS-EventingEvent-oriented message exchange Event-oriented message exchange pattern; publisher-subscriber protocolpattern; publisher-subscriber protocol
MTOMMTOMSOAP Message Transmission SOAP Message Transmission Optimization Mechanism (MTOM)Optimization Mechanism (MTOM)
Optimize transmission or wire format of Optimize transmission or wire format of SOAP messageSOAP message
Selective re-encoding of portions of the Selective re-encoding of portions of the message message
Supersedes WS-Attachments and DIME Supersedes WS-Attachments and DIME for attaching binary datafor attaching binary data
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureMetadata OverviewMetadata Overview
Interface DescriptionInterface DescriptionWSDL and XSDWSDL and XSD
PolicyPolicyFramework for making assertions about a Framework for making assertions about a service’s requirements, capabilities and service’s requirements, capabilities and preferencespreferences
Specific policy assertionsSpecific policy assertions
DiscoveryDiscoveryQuerying a central directory for resources (UDDI)Querying a central directory for resources (UDDI)
Inspecting a resource for metadata Inspecting a resource for metadata
(WS-MetadataExchange)(WS-MetadataExchange)
Dynamic announcement and discovery of Dynamic announcement and discovery of resources (WS-Discovery)resources (WS-Discovery)
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureMetadata – PolicyMetadata – Policy
WS-PolicyWS-Policy
Policy assertion represents an individual requirement, Policy assertion represents an individual requirement, capability or preferencecapability or preference
Extensible to other characteristicsExtensible to other characteristics
A policy is a collection of policy assertionsA policy is a collection of policy assertions
A policy assertion is represented by an XML element (a A policy assertion is represented by an XML element (a policy expression)policy expression)
A policy expression has a well-known name and A policy expression has a well-known name and meaning (i.e., published in a specification)meaning (i.e., published in a specification)
Assertion usage: required, rejected, optional, Assertion usage: required, rejected, optional, observed, ignoredobserved, ignored
Preference can be expressed when there are multiple Preference can be expressed when there are multiple choices for a capability or requirementchoices for a capability or requirement
Policy expression bound to policy subject, the resource it Policy expression bound to policy subject, the resource it describes (e.g., WS endpoint, object, resourcedescribes (e.g., WS endpoint, object, resource
Web Services ArchitectureWeb Services ArchitectureMetadata – PolicyMetadata – Policy
WS-PolicyAttachmentWS-PolicyAttachmentDefines a mechanism for attaching Defines a mechanism for attaching policy expressions to XML elements, policy expressions to XML elements, WSDL definitions, UDDI entriesWSDL definitions, UDDI entries
WS-PolicyAssertions WS-PolicyAssertions Defines general message assertionsDefines general message assertions
WS-SecurityPolicyWS-SecurityPolicyDefines common security assertionsDefines common security assertions
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureMetadata – DiscoveryMetadata – Discovery
UDDIUDDIUniversal Description, Discovery, and Universal Description, Discovery, and Integration Integration
Version 3.0 published July 2002Version 3.0 published July 2002Registry mechanism for Web servicesRegistry mechanism for Web services
WS-DiscoveryWS-DiscoveryMulticast discovery protocol to dynamically Multicast discovery protocol to dynamically locate Web serviceslocate Web services
WS-MetadataExchangeWS-MetadataExchangeRequest policy, contract, and schema from an Request policy, contract, and schema from an endpointendpointDefines messages to retrieve specific types of Defines messages to retrieve specific types of metadata associated with an endpointmetadata associated with an endpointBootstrap communication with a Web serviceBootstrap communication with a Web service
Efficient, incremental retrieval of WS Efficient, incremental retrieval of WS metadatametadata
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureSecurity OverviewSecurity Overview
Security is critical for cross-organizational Web Security is critical for cross-organizational Web servicesservicesWe need:We need:
Authentication, message integrity, confidentiality, trust Authentication, message integrity, confidentiality, trust and privacyand privacyFederation of security between organizationsFederation of security between organizations
Web services securityWeb services securitySecuring the messageSecuring the messageSupports various cryptographic technologiesSupports various cryptographic technologies
Secure conversationSecure conversationSecuring an ongoing exchange of messagesSecuring an ongoing exchange of messages
TrustTrustExtending trust relationships across distributed servicesExtending trust relationships across distributed services
FederationFederationJoining services into a single security domainJoining services into a single security domain
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureSecuritySecurity
WS-SecurityWS-SecuritySecuring the messageSecuring the message
Signed, encrypted security tokensSigned, encrypted security tokens
Sign message or selected elementsSign message or selected elements
Seal message or selected elementsSeal message or selected elements
Security token profilesSecurity token profilesWS-Security UsernameToken ProfileWS-Security UsernameToken Profile
WS-Security X.509 Certificate Token ProfileWS-Security X.509 Certificate Token Profile
Security using KerberosSecurity using KerberosWeb Services Security Kerberos BindingWeb Services Security Kerberos Binding
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureSecuritySecurity
WS-SecureConversationWS-SecureConversation
WS-Security not optimal for long duration, multi-message WS-Security not optimal for long duration, multi-message conversationsconversations
Initiating a secure conversationInitiating a secure conversation
Start conversation with WS-SecurityStart conversation with WS-Security
Then use WS-SecureConversation to agree on Then use WS-SecureConversation to agree on conversation-specific keysconversation-specific keys
Similar concept to initiating a session in SSLSimilar concept to initiating a session in SSL
WS-TrustWS-Trust
All security depends on trust relationshipsAll security depends on trust relationships
WS-Trust delegates trust relationships across distributed WS-Trust delegates trust relationships across distributed servicesservices
Key concept: Security Token ServiceKey concept: Security Token Service
Type of Web service that issues, exchanges and validates Type of Web service that issues, exchanges and validates security tokenssecurity tokens
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureSecuritySecurity
WS-FederationWS-Federation
Allow a set of organizations to establish a Allow a set of organizations to establish a virtual security domainvirtual security domain
Agent logged into any member of the Agent logged into any member of the federation is effectively logged into all federation is effectively logged into all federated membersfederated members
Several models for providing federated securitySeveral models for providing federated security
Federated property spaceFederated property space
Each participant has secure, controlled Each participant has secure, controlled access to each member’s property access to each member’s property information about usersinformation about users
End-user identity protected by pseudonym End-user identity protected by pseudonym modelmodel
Protects user information and properties from Protects user information and properties from other federated membersother federated members
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureSecuritySecurity
Federation requestor profilesFederation requestor profilesWS-Federation Active Requestor ProfileWS-Federation Active Requestor Profile
How WS-Federation is used by active How WS-Federation is used by active requestorsrequestors
E.g. connected applicationsE.g. connected applications
WS-Federation Passive Requestor ProfileWS-Federation Passive Requestor ProfileHow WS-Federation is used by passive How WS-Federation is used by passive requestorsrequestors
E.g. browsersE.g. browsers
Limited to HTTPLimited to HTTP
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Security ChoicesSecurity ChoicesPoint-to-point vs End-to-endPoint-to-point vs End-to-end
SSL/TLS/IPSecSSL/TLS/IPSecPoint to pointPoint to point
More performantMore performant
WS-SecurityWS-SecurityEnd-to-endEnd-to-end
Message levelMessage level
XML signing and encryption costly: XML signing and encryption costly: canonicalizationcanonicalization
WSE 1.0 and 2.0WSE 1.0 and 2.0
RecommendationRecommendationWS-Security preferredWS-Security preferred
HTTPS/IPSec for higher perf scenariosHTTPS/IPSec for higher perf scenarios
Web Services ArchitectureWeb Services ArchitectureReliable MessagingReliable Messaging
Reliability:Reliability:Essential for mission critical applicationsEssential for mission critical applicationsMust ensure messages are delivered and Must ensure messages are delivered and processed in orderprocessed in order
WS-ReliableMessagingWS-ReliableMessagingErrors can interrupt message exchangeErrors can interrupt message exchange
Messages may be lost, delayed, duplicated or Messages may be lost, delayed, duplicated or reorderedreorderedServer failures cause loss of volatile stateServer failures cause loss of volatile stateConnectivity may be intermittentConnectivity may be intermittent
Identify, track and acknowledge successful Identify, track and acknowledge successful transfertransfer
Unique identifiers for messages; sequence numbersUnique identifiers for messages; sequence numbersAcknowledgement of range in sequenceAcknowledgement of range in sequenceRetransmit lost messagesRetransmit lost messages
Assure end-to-end reliability; transport Assure end-to-end reliability; transport independenceindependenceReliability enhances securityReliability enhances security
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Reliable MessagingReliable MessagingChoicesChoices
MSMQMSMQPart of WindowsPart of WindowsReliable, proven, high performance traditional queuing Reliable, proven, high performance traditional queuing infrastructure and APIinfrastructure and APIThe next version of MSMQ will interoperate with IndigoThe next version of MSMQ will interoperate with IndigoMSMQ 3.0 (XP, CE and 2003) can use HTTP and SOAPMSMQ 3.0 (XP, CE and 2003) can use HTTP and SOAPSystem.Messaging is the managed APISystem.Messaging is the managed API
BizTalk Server 2004 Messaging QueuingBizTalk Server 2004 Messaging QueuingHigh performance adapter for MSMQ (“MSMQ-T”)High performance adapter for MSMQ (“MSMQ-T”)Used to integrate an MSMQ application with Biztalk Used to integrate an MSMQ application with Biztalk Server 2004Server 2004
SQL Server 2005 Service BrokerSQL Server 2005 Service BrokerEnables database developers to build (internal) queuing Enables database developers to build (internal) queuing semantics into Microsoft SQL Server 2005 applicationssemantics into Microsoft SQL Server 2005 applicationsE.g. E.g. A database app Stores & Forwards records to A database app Stores & Forwards records to another Yukon Server for processinganother Yukon Server for processing
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureTransactionsTransactions
TransactionsTransactionsNeed to protect investment in existing transaction Need to protect investment in existing transaction infrastructureinfrastructureExtend to various kinds of distributed activitiesExtend to various kinds of distributed activities
WS-Coordination WS-Coordination Defines base protocols to establish coordinated activities Defines base protocols to establish coordinated activities among servicesamong servicesOnce established, an activity may be governed by an Once established, an activity may be governed by an agreed on coordination protocolagreed on coordination protocol
E.g. protocol to agree on outcome of the activityE.g. protocol to agree on outcome of the activity
WS-AtomicTransactionWS-AtomicTransactionCoordination protocols for distributed atomic transactionsCoordination protocols for distributed atomic transactionsLocal 2PC transactions can participate in larger, Local 2PC transactions can participate in larger, distributed transactiondistributed transaction
WS-BusinessActivityWS-BusinessActivityCoordination protocols for long-running, compensation-Coordination protocols for long-running, compensation-based transactionsbased transactions
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
SecuritySecurity ReliableMessagingReliable
Messaging TransactionsTransactions
Messaging Messaging Meta
data
Meta
data
XMLXML
Security ReliableMessaging
Transactions
Messaging
XML
Meta
data
Web Services ArchitectureWeb Services ArchitectureTransactionsTransactions
Web ServicesActivities
WS-CoordinationCoordinated Activities
WS-BusinessActivityCoordinated outcome
short-lived activities within a
domain of trust
handling system-generated exceptions
activities transcend one domain of trust
tentative operations, intermediate results visible to third-parties
handling application-generated exceptions
WS-AtomicTransactionAll-or-nothing coordination
TransactionsTransactionsChoicesChoices
ACID TransactionsACID TransactionsSystem.EnterpriseServicesSystem.EnterpriseServicesDeclarative attributesDeclarative attributesSqlTransactionSqlTransaction
Business ActivitiesBusiness ActivitiesBizTalk Server 2004BizTalk Server 2004
But what about the WS-Tx protocols?But what about the WS-Tx protocols?We need a transaction manager (i.e. MSDTC) that We need a transaction manager (i.e. MSDTC) that can:can:
Understand WS-AtomicTransaction and WS-Understand WS-AtomicTransaction and WS-BusinessActivityBusinessActivityBridge the gap to Resource Managers like SQL ServerBridge the gap to Resource Managers like SQL Server
Note: System.Transactions will ship as part of Note: System.Transactions will ship as part of Visual Studio 2005Visual Studio 2005
Evolve and Extend
Secure, Reliable, Transacted
Fundamentals
Web Services ArchitectureWeb Services ArchitectureTimelineTimeline
20032000 2001 2002 2004 2005
WS-ReliableMessagingWS-ReliableMessaging
Relia
bility
Relia
bility
WS-I formedWS-I formed
Inte
rop
era
bility
Inte
rop
era
bility
WS-I BP 1.0WS-I BP 1.0
Security RoadmapSecurity Roadmap
Wh
itep
ap
ers
Wh
itep
ap
ers
Reliable Messaging RoadmapReliable Messaging RoadmapSRT Web Services WhitepaperSRT Web Services Whitepaper
WS-SecurityWS-Security
WS-TrustWS-Trust
Secu
rityS
ecu
rity
WS-Security AddendumWS-Security Profile for Tokens
WS-Security AddendumWS-Security Profile for Tokens
WS-FederationWS-Federation Active Requestor Profile
WS-FederationWS-Federation Active Requestor Profile
WS-Security SOAP Message SecurityWS-Security Username Token ProfileWS-Security X.509 Certificate Token Profile
WS-Security SOAP Message SecurityWS-Security Username Token ProfileWS-Security X.509 Certificate Token Profile
WS-Security Kerberos BindingWS-Security Kerberos Binding
WS-CoordinationWS-Transaction
WS-CoordinationWS-Transaction
Tra
nsa
ction
sTra
nsa
ction
s
WS-AtomicTransactionWS-AtomicTransaction
WS-BusinessActivityWS-BusinessActivity
SOAP 1.1SOAP 1.1
Messa
gin
gM
essa
gin
g
SOAP Messages with Attachments
SOAP Messages with Attachments
WS-ReferralWS-Routing
WS-ReferralWS-Routing
DIMEDIME WS-AttachmentsWS-Attachments
WS-AddressingWS-AddressingSOAP 1.2SOAP 1.2
MTOMMTOMWS-EventingWS-Eventing
WS-Policy 1.1WS-PolicyAttachments 1.1WS-PolicyAssertions 1.1
WS-Policy 1.1WS-PolicyAttachments 1.1WS-PolicyAssertions 1.1
WS-PolicyWS-PolicyAttachmentsWS-PolicyAssertionsWS-SecurityPolicy
WS-PolicyWS-PolicyAttachmentsWS-PolicyAssertionsWS-SecurityPolicy
Meta
data
Meta
data
UDDI 1.0UDDI 1.0
WSDLWSDLUDDI 2.0UDDI 2.0
WS-InspectionWS-InspectionUDDI 3.0UDDI 3.0
WS-DiscoveryWS-MetadataExchange
WS-DiscoveryWS-MetadataExchange
As of 2/2004
Web Services ArchitectureWeb Services ArchitectureProcessProcess
Specification Specification PublishedPublished
Customer and Customer and Industry Industry
FeedbackFeedbackGatheredGathered
Publish Publish Addendum(s),Addendum(s),
Deliver Dev Deliver Dev ProductProduct
StandardizationStandardization WS-IWS-IInteroperability Interoperability
ProfileProfile
Web Services ArchitectureWeb Services Architecture
Example:Example: WS-Security WS-Security
Specification Specification PublishedPublished
Customer and Customer and Industry Industry
FeedbackFeedbackGatheredGathered
Publish Publish Addendum,Addendum,Deliver Dev Deliver Dev
ProductProduct
OASIS OASIS StandardizationStandardization
April April 20022002
April - August April - August
20022002
August August 20022002
September September 20022002
WS-IWS-IInteroperability Interoperability
ProfileProfile
April April 20032003
ThreeThreePartnersPartners
Over 30 Over 30 PartnersPartners
Over 100 Over 100 PartnersPartners
Feedback WorkshopsFeedback Workshops
March 2003
WS-Policy and
WS-Trust
2002
February 2004
WS-EventingJuly 2003WS-
ReliableMessaging
February 2003
WS-Policy and WS-Trust November
2003WS-Federation
March 2004WS-
Transaction
Q2 2004WS-
SecureConversationWS-Trust
WS-FederationWS-Discovery
Open to everyone (feedback agreement)Open to everyone (feedback agreement)
Specification revised based on feedbackSpecification revised based on feedback
Yield well-engineered technologyYield well-engineered technology
Provide fastest time to marketProvide fastest time to market
Interoperability Events & Interoperability Events & WorkshopsWorkshops
August 2002XML Web Services
One
September 2003 Bill Gates (Microsoft)
Steve Mills (IBM)
October 2003WS-
ReliableMessaging
Nov 2003WS-Trust
WS-SecureConversation
September 2003 OASISWS-Security
December 2002
CDBi - EMEA
July 2003Catalyst(Burton
conference)
SOAPBuilders
2002
March 2004WS-Federation Passive Profile
H2 2004WS-
SecureConversationWS-Trust
WS-ReliableMessaging
WS-PolicyWS-
AtomicTransactionWS-BusinessActivity
WS-Discovery
Specification revised based on interoperability Specification revised based on interoperability feedbackfeedback
Helps refine the important scenariosHelps refine the important scenarios
Grounds the development effortsGrounds the development efforts
Web Services Enhancements Web Services Enhancements WSEWSE
Supported Add-on to VS.NET and the .NET Supported Add-on to VS.NET and the .NET Framework providing the latest advanced Web Framework providing the latest advanced Web service capabilities service capabilities
Greatly simplifies development of secure Web services Greatly simplifies development of secure Web services across multiple intermediaries and trust domainsacross multiple intermediaries and trust domainsAdditional features include support for multiple hosting Additional features include support for multiple hosting environments, alternative transports, and message environments, alternative transports, and message routingroutingRevs more quickly than VS.NET to provide early Revs more quickly than VS.NET to provide early implementations of the latest WS-* specifications implementations of the latest WS-* specifications published by Microsoft and industry partnerspublished by Microsoft and industry partners2 years mainstream + 1 year extended support2 years mainstream + 1 year extended support
Deployed and in production in numerous Deployed and in production in numerous enterprise accounts todayenterprise accounts todayDownload from Download from http://msdn.microsoft.com/webserviceshttp://msdn.microsoft.com/webservices
Web Services Enhancements Web Services Enhancements
WSE is for early adoptersWSE is for early adoptersUse where functionality is needed Use where functionality is needed todaytoday
WSE provides needed functionalityWSE provides needed functionality
Implements proposed standardsImplements proposed standards
Avoids creating and implementing Avoids creating and implementing proprietary solutionsproprietary solutions
When the architecture changes, the When the architecture changes, the product changesproduct changes
Rooted in open standards Rooted in open standards
Underlying specifications are maturingUnderlying specifications are maturing
Effort to keep changes smallEffort to keep changes small
Web Services Enhancements Web Services Enhancements
RoadmapRoadmap
WS
-IS
up
port
ASP.NET
Basic Web services
WSE 1.0
Adds certain proposed specifica-tions
WSE 2.0
Adds more proposed specifica-tions
Whidbey
…
BP 1.0 capable
BP 1.0 capable
BP 1.0 capable
BP 1.0 compliant
Indigo
…
BP 1.0 compliant
…
WSE 1.0WSE 1.0Features OverviewFeatures Overview
WS-SecurityWS-Security
X509 certificates, digital signatures, X509 certificates, digital signatures, XML encryption, and custom binary XML encryption, and custom binary security tokenssecurity tokens
Content based routingContent based routing
Attachments with DIMEAttachments with DIME
Custom filtering modelCustom filtering model
WSE 2.0 WSE 2.0 New FeaturesNew Features
Multiple transportsMultiple transportsHTTP, TCP, in-processHTTP, TCP, in-process
Hosting environment independenceHosting environment independenceMessagingMessaging
WS-AddressingWS-Addressing
MetadataMetadataPolicyPolicy
SecuritySecurityImproved authentication and authorization Improved authentication and authorization OASIS WS-Security supportOASIS WS-Security supportTrust, secure conversation, security policiesTrust, secure conversation, security policiesKerberos, XML security token supportKerberos, XML security token support
WSE 2.0WSE 2.0Comparing WSE 1.0 and 2.0Comparing WSE 1.0 and 2.0
WSE 1.0 and 2.0 WSE 1.0 and 2.0 SecuritySecurity
AuthenticationAuthenticationSupport for common typesSupport for common types
IntegrityIntegrityNonrepudiation: verify the senderNonrepudiation: verify the sender
Verify message contentsVerify message contents
ConfidentialityConfidentialityPrivacyPrivacy
Symmetric and asymmetric Symmetric and asymmetric cryptographycryptography
XML
WSE 2.0WSE 2.0SecuritySecurity
Trust Issuing Framework (WS-Trust)Trust Issuing Framework (WS-Trust)
Secure Conversation (WS-Secure Conversation (WS-SecureConversation) SecureConversation)
Roles based authorization Roles based authorization
Security Policy (WS-SecurityPolicy)Security Policy (WS-SecurityPolicy)
WSE 2.0WSE 2.0TrustTrust
Relationships and identity: signed Relationships and identity: signed security tokenssecurity tokens
How do I prove who I am?How do I prove who I am?
Who can vouch for me?Who can vouch for me?
How do you know you can trust them?How do you know you can trust them?
WS-Trust defines a protocol for WS-Trust defines a protocol for issuing and obtaining security tokensissuing and obtaining security tokens
WSE 2.0WSE 2.0TrustTrustSeveral models for Several models for
issuing tokensissuing tokensClient obtains token Client obtains token from a well known from a well known sourcesource
Service obtains token Service obtains token for clientfor client
Etc…Etc…
Client
Token Issuer
Service
Client Service
TokenIssuer 2
TokenIssuer 1
Client
TokenIssuer
Service
WSE 2.0WSE 2.0Secure ConversationSecure Conversation
WS-SecureConversation details how to WS-SecureConversation details how to issue a SecurityContextToken (SCT)issue a SecurityContextToken (SCT)
In WSE, this lightweight token takes the In WSE, this lightweight token takes the place of a more processing intensive tokenplace of a more processing intensive token
Services can issue their own SCTs:Services can issue their own SCTs: <autoIssueSCT enabled=true /><autoIssueSCT enabled=true />
Client
ServiceAnd
TokenIssuer
Request for SCT
SCT Issued to client
Series of messages
signed with issued SCT
WSE 2.0WSE 2.0Policy Driven ArchitecturePolicy Driven Architecture
Beyond WSDL, what else is needed to Beyond WSDL, what else is needed to describe a Web service?describe a Web service?
Security requirementsSecurity requirements
Reliable messaging assurancesReliable messaging assurances
Protocol versioningProtocol versioning
Etc…Etc…
These other attributes of a service can be These other attributes of a service can be described with WS-Policydescribed with WS-Policy
XML-based languageXML-based language
Complex: <Or>, <ExactlyOne>, etc…Complex: <Or>, <ExactlyOne>, etc…
WSE provides a Policy Framework with WSE provides a Policy Framework with send-side and receive-side policy supportsend-side and receive-side policy support
WSE 2.0WSE 2.0Policy MappingPolicy Mapping
Policy file contains policies and Policy file contains policies and mappingsmappings
A policy is mapped to a particular A policy is mapped to a particular message at runtimemessage at runtime
Mapping section scopes based on:Mapping section scopes based on:Endpoint URLEndpoint URL
ActionAction
Request vs. Response vs. FaultRequest vs. Response vs. Fault
WSE 2.0WSE 2.0Role-based Authorization with Role-based Authorization with PolicyPolicy
IPrincipal is the .NET interface for IPrincipal is the .NET interface for role-based authorizationrole-based authorizationbool IsInRole(String str)bool IsInRole(String str)
SecurityToken.PrincipalSecurityToken.PrincipalImplementation of IPrincipalImplementation of IPrincipal
Automatically set for UsernameToken Automatically set for UsernameToken and KerberosSecurityTokenand KerberosSecurityToken
Call method explicitly or use PolicyCall method explicitly or use Policy<wse:Role value=“role” /><wse:Role value=“role” />
WSE 2.0WSE 2.0Multiple Hosting EnvironmentsMultiple Hosting Environments
Applications can be hosted in Applications can be hosted in multiple environments: multiple environments: ASP.NET, .exe, NT Service, WinForms, ASP.NET, .exe, NT Service, WinForms, etc.etc.
Support for multiple transportsSupport for multiple transportsin-process communication (for testing)in-process communication (for testing)
Raw TCPRaw TCP
HTTPHTTP
Long running operationsLong running operations
WSE 2.0WSE 2.0SOAP Messaging APISOAP Messaging API
WSE offers four classes for messagingWSE offers four classes for messaging
SoapSenderSoapSender and and SoapReceiverSoapReceiverOne way messagesOne way messages
Low-levelLow-level
SoapClientSoapClient and and SoapServiceSoapServiceOne-way and two-wayOne-way and two-way
Uses SoapSender/SoapReceiverUses SoapSender/SoapReceiver
Offers XML Serialization support Offers XML Serialization support
Operation dispatchingOperation dispatching
WSE 2.0 WSE 2.0 AttachmentsAttachments
Data that is hard to serializeData that is hard to serializeBinary dataBinary data
Encoded dataEncoded data
Large XML documentsLarge XML documents
DIMEDIMEPayload appended after SOAP envelopePayload appended after SOAP envelope
SOAP envelope availabilitySOAP envelope availability
WS-Attachments and DIME will be WS-Attachments and DIME will be superseded by MTOMsuperseded by MTOM
Addresses concerns such as securing Addresses concerns such as securing attachmentsattachments
Additional WSE FeaturesAdditional WSE Features
New SamplesNew Samples
Security Settings WizardSecurity Settings Wizard
Standalone Config EditorStandalone Config Editor
X509 Certificate Wizard for managing X509 Certificate Wizard for managing your certificatesyour certificates
How do I build a SOA How do I build a SOA with .NET?with .NET?ShadowfaxShadowfaxShadowfax is a reference solution for Shadowfax is a reference solution for
building service oriented architecture with building service oriented architecture with the .NET Framework. It includes 3 main the .NET Framework. It includes 3 main pieces: pieces:
Enterprise Development Reference Architecture Enterprise Development Reference Architecture
Global Bank – Service Orientation Reference Global Bank – Service Orientation Reference ApplicationApplication
Architecture guide defining the key elements of Architecture guide defining the key elements of SOASOA
Releases:Releases:.NET 1.1 release: Summer 2004.NET 1.1 release: Summer 2004
Full implementation: Visual Studio 2005 Full implementation: Visual Studio 2005
More details:More details:http://www.gotdotnet.com/team/rojacobs/http://www.gotdotnet.com/team/rojacobs/
The ApproachThe Approach
Reference Architecture
Reference Implementation
• Integration of application blocks and services
• Use of .NET framework to expose service interfaces
• Multiple channels • …
• Small set of use case implementing believable user scenario
• Illustration of the use of key features of the architecture
Documentation
Recurring Architecture Recurring Architecture
Biz Component
Channels
Intercepting Filtersand Dispatching
Biz Operation Invocation
Shadowfax ArchitectureShadowfax Architecture
Proxy AdapPipelineSpecification
Proxy Adap
Proxy Adap
Proxy Adap
WebServ
MSMQ
Remoting
…
PipelineSpecification
Biz ActionComponent
ServiceInterfacePipeline
ServiceImplementation
Pipeline
ChannelsService Interface
ServiceInvocation Service Implementation
DCOMIn-procASMXMSMQ
ServiceAgent
Target ResultTarget Result
Guidance on how to consistently Guidance on how to consistently handle requests incoming over handle requests incoming over multiple channelsmultiple channels
Guidance on how to separate Guidance on how to separate business logic implementation from business logic implementation from addressing other requirements addressing other requirements
Guidance on how to handle different Guidance on how to handle different kinds of request payloads (from a kinds of request payloads (from a blob to strongly typed structures) blob to strongly typed structures)
Demonstration of end-to-end Demonstration of end-to-end integration of building blocks integration of building blocks
FABRIQFABRIQFABRIQFABRIQ
Q.NET + ES + WSE + SOA + HPC + Q.NET + ES + WSE + SOA + HPC + AgentAgent
FABRIQFABRIQ
Who?Who?Arvindra Sehmi, MS EMEA, DPE – Project LeadArvindra Sehmi, MS EMEA, DPE – Project Lead
[email protected]@microsoft.com
Clemens Vasters, newtelligence AG – Architect LeadClemens Vasters, newtelligence AG – Architect LeadEugenio Pace, MS Argentina, MCS – Development LeadEugenio Pace, MS Argentina, MCS – Development Lead
What?What?High performance, industrial strength architecture High performance, industrial strength architecture for .NET service oriented applications built on a fabric of for .NET service oriented applications built on a fabric of message-oriented, interconnected, distributed queuing message-oriented, interconnected, distributed queuing networksnetworksWSE best practices applicationWSE best practices applicationAgile Machine frameworkAgile Machine framework
Why?Why?Enable easier adoption of asynchronous computing Enable easier adoption of asynchronous computing models by a wider architect and developer communitymodels by a wider architect and developer communityBridge the cognitive gap on the road to Longhorn IndigoBridge the cognitive gap on the road to Longhorn Indigo
FABRIQFABRIQ
When?When?Summer 2004Summer 2004
How?How?High quality framework, documented design and High quality framework, documented design and architecturearchitectureBenchmarked using real-world scenarioBenchmarked using real-world scenarioMS EMEA Industrial Strength .NET SOA workshopsMS EMEA Industrial Strength .NET SOA workshopsnewtelligence AG Tornado Camp workshopsnewtelligence AG Tornado Camp workshops
ReferenceReferenceSlides: Slides: http://www.thearchitectexchange.comhttp://www.thearchitectexchange.comDemo: Demo: http://www.dotnetmaailma.com/dotnetmaailma/seminaarhttp://www.dotnetmaailma.com/dotnetmaailma/seminaarit/online/EMEA+Architects+Tour.htmit/online/EMEA+Architects+Tour.htm Code: Code: http://staff.newtelligence.net/clemensvhttp://staff.newtelligence.net/clemensv Presentation: Presentation: http://www.dotnetmaailma.com/dotnetmaailma/seminaarhttp://www.dotnetmaailma.com/dotnetmaailma/seminaarit/online/EmeaArchitectForum2004.htmit/online/EmeaArchitectForum2004.htm
DisclaimerDisclaimerFABRIQ IS FABRIQ IS NOTNOT A MICROSOFT PRODUCT A MICROSOFT PRODUCT
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.