The State of REST vs. SOA - INNOQ · in the context of WSS: SOAP Message Security including for the purpose of securing SOAP messages and SOAP message exchanges. WS-Federation 1.0

Copyright (c) 2007 innoQ

The State ofREST vs. SOA

BeJUG Enterprise SOA ’07Stefan Tilkov, innoQ


Who am I?


Stefan [email protected]://www.innoq.com/blog/st/

http://www.innoQ.com

http://www.InfoQ.com

mailto:[email protected]

mailto:[email protected]

http://www.innoq.com/blog/st/







REST vs. ... ?


REST vs. WS-*?

REST vs. SOA?

REST vs. SOAP?


What is the “correct” debate?


First, let’s define some things


What is SOA?


SOA: An Approach to Business/IT Alignment

A different approach to an enterprise’s IT architecture ...

... driven by business, not technology

... focusing on shared and re-used functionality

... aligning business and IT

... relying on strong governance


SOA: An Approach to Business/IT Alignment

... can be implemented using any architecture, technology, or set of products


SOA: A Technical Architecture

Services with clearly defined interfaces

... autonomous and with explicit boundaries

... relying on shared schema, not shared code

... programming language-independent

... separating interface and implementation

... containing multiple specific operations


SOA = Technical Architecture

… somewhat technology-independent – can be built with e.g. CORBA, DCE RPC, DCOM, RMI, or Web services.


SOA = Web Services

Business data as XML messages

... sent in a SOAP body

... enriched with metadata in SOA headers

... described with WSDL and XML Schema

... configured through WS-Policy

... registered in a UDDI registry


SOA = Web Services

... implemented using technologies and products from the WS-* universe


Web Services Standards Overview

innoQ Deutschland GmbH innoQ Schweiz GmbHHalskestraße 17 Gewerbestrasse 11D-40880 Ratingen CH-6330 ChamPhone +49 21 02 77 162-100 Phone +41 41 743 [email protected] · www.innoq.com

This

post

er is

not

to b

e re

prod

uced

or t

rans

mitt

ed in

any

form

or f

or a

ny p

urpo

se w

ithou

t the

exp

ress

per

miss

ion

of in

noQ

Deut

schl

and

GmbH

.·Co

pyrig

ht ©

inno

Q De

utsc

hlan

d Gm

bH. A

ll Ri

ghts

Res

erve

d. T

he p

oste

r may

also

con

tain

refe

renc

es to

oth

er c

ompa

ny, o

rgan

isatio

n, b

rand

and

pro

duct

nam

es. T

hese

com

pany

, org

anisa

tion,

bra

nd a

nd p

rodu

ct n

ames

are

use

d he

rein

for i

dent

ifica

tion

purp

oses

onl

y an

d m

ay b

e th

e tr

adem

arks

of t

heir

resp

ectiv

e ow

ners

.

InteroperabilityIssues

Metadata Specifications Reliability Specifications

Security Specifications TransactionSpecifications

Messaging Specifications SOAP

Management Specifications PresentationSpecifications

Messaging Specifications

WS-Notification

SOAP Message Transmission Optimization Mechanism

SOAP 1.2

SOAP 1.1

WS-Addressing – Core

WS-Addressing – WSDL Binding

WS-Addressing – SOAP Binding

WS-Topics

WS-BrokeredNotification

WS-Eventing

WS-Enumeration

WS-BaseNotification

Met

adat

a

Secu

rity

Reso

urce

Metadata SpecificationsWS-Policy

WS-Discovery

WS-PolicyAttachment

WS-MetadataExchange

Universal Description, Discovery and Integration

Web Service Description Language 1.1

Web Service Description Language 2.0 Core

Web Service Description Language 2.0 SOAP Binding

Mes

sagi

ngSecu

rity

WS-Security

WS-Security: SOAP Message Security

WS-Security: Kerberos Binding

WS-Security: SAML Token Profile

WS-Security: X.509 Certificate Token Profile

WS-Security: Username Token Profile

WS-SecurityPolicy

WS-Trust

WS-Federation

WS-SecureConversation

Security Specifications

Met

adat

a

Mes

sagi

ng

Relia

bilit

y

Dependencies

Basic Profile1.1

WS-IFinal Specification

! Basic Profile – The Basic Profile 1.1 providesimplementation guidelines for how related set of non-proprietary Web Service specifications should be usedtogether for best interoperability.

Basic Profile1.2

WS-IWorking Group Draft

! Basic Profile – The Basic Profile 1.2 builds on Basic Profile1.1 by incorporating Basic Profile 1.1 errata, requirementsfrom Simple SOAP Binding Profile 1.0, and adding supportfor WS-Addressing and MTOM.

Basic Profile2.0


! Basic Profile – The Basic Profile 2.0 is an update of WS-IBP that includes a profile of SOAP 1.2.

Basic Security Profile1.0

WS-IBoard Approval Draft

! Basic Security Profile defines the WS-I Basic SecurityProfile 1.0, based on a set of non-proprietary Web servicesspecifications, along with clarifications and amendmentsto those specifications which promote interoperability.

REL Token Profile1.0


! REL Token Profile is based on a non-proprietary Web services specification, along with clarifications andamendments to that specification which promoteinteroperability.

SAML Token Profile1.0


! SAML Token Profile is based on a non-proprietary Web services specification, along with clarifications andamendments to that specification which promoteinteroperability.

Conformance ClaimAttachment Mechanism (CCAM)

1.0WS-I

Final Specification

! Conformance Claim Attachment Mechanism (CCAM)catalogues mechanisms that can be used to attach WS-IProfile Conformance Claims to Web services artefacts(e.g., WSDL descriptions, UDDI registries).

Reliable AsynchronousMessaging Profile (RAMP)

1.0WS-I

Working Draft

! Reliable Asynchronous Messaging Profile (RAMP) is aprofile, in the fashion of the WS-I profiles, that enables,among other things, basic B2B integration scenarios usingWeb services technologies.

" XML – Extensible MarkupLanguage is a pared-downversion of SGML, designedespecially for Webdocuments. It allows one tocreate own customized tags,enabling the definition,transmission, validation, andinterpretation of databetween applications andbetween organizations.

" XML – Extensible Markup Language is a pared-downversion of SGML, designedespecially for Webdocuments. It allows one tocreate own customized tags,enabling the definition,transmission, validation, andinterpretation of databetween applications andbetween organizations.

" Namespaces in XMLprovides a simple methodfor qualifying element andattribute names used in XMLdocuments by associatingthem with namespacesidentified by IRI references.

" XML Information Set is an abstract data set toprovide a consistent set ofdefinitions for use in otherspecifications that need torefer to the information in a well-formed XMLdocument.

" XML Schema – XMLSchema Definition Languageis an XML language fordescribing and constrainingthe content of XMLdocuments.

" XML binary OptimizedPackaging (XOP) is an XMLlanguage for describing andconstraining the content ofXML documents.

WS-Security1.1

OASISOASIS-Standard


1.1OASIS

Public Review Draft

! WS-Security is a communications protocol providing ameans for applying security to Web Services.


1.1OASIS

Public Review Draft

! WS-Security: SOAP Message Security describesenhancements to SOAP messaging to provide messageintegrity and confidentiality. Specifically, this specificationprovides support for multiple security token formats, trustdomains, signature formats and encryption technologies.The token formats and semantics for using these aredefined in the associated profile documents.

WS-Security:Kerberos Binding

1.0Microsoft, IBM, OASIS

Working Draft

WS-Security: X.509Certificate Token Profile

1.1OASIS

Public Review Draft

! WS-Security: X.509 Certificate Token Profile describesthe use of the X.509 authentication framework with theWS-Security: SOAP Message Security specification.

! WS-Security: Username Token Profile describes how a Web Service consumer can supply a Username Token as ameans of identifying the requestor by username, andoptionally using a password (or shared secret, etc.) toauthenticate that identity to the Web Service producer.

WS-SecurityPolicy1.1

IBM, Microsoft, RSA Security, VeriSign

Public Draft

! WS-SecurityPolicy defines how to describe policies related to various features defined in the WS-Security specification.

WS-TrustBEA Systems, Computer Associates, IBM, Layer 7

Technologies, Microsoft, Netegrity, Oblix,OpenNetwork, Ping Identity Corporation,

Reactivity, RSA Security, VeriSign and WestbridgeTechnology · Initial Draft


1.1OASIS

Public Review Draft

! WS-Security: SAML Token Profile defines the use ofSecurity Assertion Markup Language (SAML) v1.1 assertionsin the context of WSS: SOAP Message Security includingfor the purpose of securing SOAP messages and SOAPmessage exchanges.

WS-Federation1.0

IBM, Microsoft, BEA Systems, RSA Security, and VeriSign

Initial Draft

! WS-Federation describes how to manage and broker thetrust relationships in a heterogeneous federatedenvironment including support for federated identities.

WS-SecureConversationBEA Systems, Computer Associates, IBM,

Layer 7 Technologies, Microsoft, Netegrity,Oblix, OpenNetwork,

Ping Identity Corporation, Reactivity, RSA Security, VeriSign and Westbridge

Technology ·Public Draft

! WS-SecureConversation specifies how to manage andauthenticate message exchanges between parties includingsecurity context exchange and establishing and deriving session keys.

WS-PolicyAssertions1.1

BEA Systems, IBM, Microsoft, SAP

Public Draft

WS-Policy1.5

W3CWorking Draft

WS-PolicyAttachment1.2

W3CW3C Member Submission

WS-DiscoveryMicrosoft, BEA Systems, Canon,

Intel and webMethodsDraft

WS-MetadataExchange1.1

BEA Systems, Computer Associates, IBM, Microsoft, SAP, Sun Microsystems and

webMethodsPublic Draft

! WS-Policy describes the capabilities and constraints of the policies on intermediaries and endpoints (e.g. businessrules, required security tokens, supported encryptionalgorithms, privacy rules).

! WS-PolicyAssertions provides an initial set of assertionsto address some common needs of Web Servicesapplications.

! WS-PolicyAttachment defines two general-purposemechanisms for associating policies with the subjects towhich they apply; the policies may be defined as part of existing metadata about the subject or the policies may be defined independently and associated through an external binding to the subject.

! WS-Discovery defines a multicast discovery protocol fordynamic discovery of services on ad-hoc and managednetworks.

! WS-MetadataExchange enables a service to providemetadata to others through a Web services interface. Givenonly a reference to a Web service, a user can access a set of WSDL /SOAP operations to retrieve the metadata thatdescribes the service.

Universal Description,Discovery and Integration (UDDI)

3.0.2OASIS

OASIS-Standard

! Universal Description, Discovery and Integration (UDDI)defines a set of services supporting the description and discovery of businesses, organizations, and other Webservices providers, the Web services they make available,and the technical interfaces which may be used to accessthose services.

Management Of Web Services (WSDM-MOWS)

1.0OASIS

OASIS-Standard

WS-ManagementAMD, Dell, Intel, Microsoft and Sun

MicrosystemsPublished Specification

Management Using WebServices (WSDM-MUWS)

1.0OASIS

OASIS-StandardWeb Services for Remote

Portlets (WSRP)2.0

OASISCommittee Draft

! Web Service Distributed Management: Management OfWeb Services (WSDM-MOWS) addresses management ofthe components that form the network, the Web servicesendpoints, using Web services protocols.

! WS-Management describes a general SOAP-basedprotocol for managing systems such as PCs, servers,devices, Web services and other applications, and othermanageable entities.

Service Modeling LanguageIBM, BEA, BMC, Cisco, Dell, HP, Intel,

Microsoft, SunDraft Specification

! Servcie Modeling Language (SML) is used to modelcomplex IT services and systems, including their structure,constraints, policies, and best practices.

! Web Service Distributed Management: Management UsingWeb Services (WSDM-MUWS) defines how an IT resourceconnected to a network provides manageability interfacessuch that the IT resource can be managed locally and fromremote locations using Web services technologies.

" Web Services for Remote Portlets (WSRP) defines a set of interfaces and related semantics which standardizeinteractions with components providing user-facingmarkup, including the processing of user interactions withthat markup.

Web Service DescriptionLanguage 2.0 Core

2.0W3C

Candidate Recommendation

Web Service DescriptionLanguage 1.1

1.1W3CNote

Web Service DescriptionLanguage 2.0 SOAP Binding

2.0W3C · Working Draft

! WS-Business Activity provides the definition of the business activitycoordination type that is to be used with the extensible coordinationframework described in the WS-Coordination specification.

WS-Coordination1.1

OASISWorking Draft

! WS-Atomic Transaction defines protocols that enable existingtransaction processing systems to wrap their proprietary protocolsand interoperate across different hardware and software vendors.

! WS-Coordination describes an extensible framework for providingprotocols that coordinate the actions of distributed applications.

WS-Composite ApplicationFramework (WS-CAF)

1.0 · Arjuna Technologies, Fujitsu, IONA,Oracle and Sun Microsystems

Committee Specification! WS-Composite Application Framework (WS-CAF) is a

collection of three specifications aimed at solving problemsthat arise when multiple Web Services are used in combina-tion. It proposes standard, interoperable mechanisms formanaging shared context and ensuring business processesachieve predictable results and recovery from failure.

WS-Context (WS-CTX)1.0

Arjuna Technologies, Fujitsu, IONA, Oracleand Sun Microsystems

Committee Draft

! WS-Context (WS-CTX) is intended as a lightweight mechanismfor allowing multiple Web Services to share a common context.

WS-Coordination Framework (WS-CF)


Committee Draft! WS-Coordination Framework (WS-CF) allows the

management and coordination in a Web Services interactionof a number of activities related to an overall application.

WS-Transaction Management (WS-TXM)


Committee Draft! WS-Transaction Management (WS-TXM) defines a core infrastructure

service consisting of a Transaction Service for Web Services.

WS-Business Activity1.1

OASISWorking Draft

WS-Atomic Transaction1.1


ResourceSpecifications

SOAP Message Transmission Optimization

Mechanism (MTOM)1.0 · W3C

Recommendation

SOAP1.2

W3CRecommendation

SOAP1.1

W3CNote

XML 1.11.1

W3CRecommendation

XML 1.01.0

W3CRecommendation

Namespaces in XML1.1

W3CRecommendation

XML Information Set1.0

W3CRecommendation

XML Schema1.1

W3CWorking Draft

XML binary OptimizedPackaging (XOP)

1.0W3C

Recommendation

" Describing Media Contentof Binary Data in XML(DMCBDX) specifies how toindicate the content-typeassociated with binaryelement content in an XMLdocument and to specify, inXML Schema, the expectedcontent-type(s) associatedwith binary elementcontent.

Describing Media Contentof Binary Data in XML

(DMCBDX)W3CNote

XML Specifications

! WS-Trust describes a framework for trust models that enablesWeb Services to securely interoperate. It uses WS-Security basemechanisms and defines additional primitives and extensionsfor security token exchange to enable the issuance anddissemination of credentials within different trust domains.

! WS-Security: Kerberos Binding defines how to encodeKerberos tickets and attach them to SOAP messages. Aswell, it specifies how to add signatures and encryption to theSOAP message, in accordance with WS-Security, which uses and references the Kerberos tokens.

WS-Addressing – Core1.0

W3CRecommendation

WS-EventingW3C

Public Draft

" WS-Addressing – Coreprovides transport-neutralmechanisms to addressWeb services and messages.This specification definesXML elements to identifyWeb service endpoints andto secure end-to-endendpoint identification inmessages.

WS-Addressing – WSDLBinding

1.0W3C


" WS-Addressing – WSDLBinding defines how theabstract properties definedin Web Services Addressing– Core are described usingWSDL.


1.0W3C

Recommendation

" WS-Addressing – SOAPBinding provides transport-neutral mechanisms toaddress Web services andmessages.

" WS-BaseNotificationstandardizes the terminology,concepts, operations, WSDLand XML needed to expressthe basic roles involved inWeb services publish andsubscribe for notificationmessage exchange.

WS-EnumerationSystinet, Microsoft, Sonic Software, BEA

Systems and Computer Associates

Public Draft

" WS-Enumeration describes a general SOAP-basedprotocol for enumerating a sequence of XMLelements that is suitablefor traversing logs, messagequeues, or other linearinformation models.

WS-Notification1.3

OASISOASIS-Standard

" WS-Notification is afamily of related whitepapers and specificationsthat define a standard Web services approach tonotification using a topic-based publish/subscribepattern.

WS-BaseNotification1.3

OASISOASIS-Standard

" WS-Eventing defines abaseline set of operationsthat allow Web services toprovide asynchronousnotifications to interestedparties.

WS-Topics1.3

OASISOASIS-Standard

" WS-Topics defines threetopic expression dialectsthat can be used as sub-scription expressions insubscribe request messagesand other parts of the WS-Notification system.

WS-BrokeredNotification1.3

OASISOASIS-Standard

" WS-BrokeredNotificationdefines the interface forthe NotificationBroker. A NotificationBroker is anintermediary, which, amongother things, allowspublication of messagesfrom entities that are notthemselves service providers.

" SOAP MessageTransmissionOptimizationMechanismdescribes anabstract feature foroptimizing thetransmission and/orwire format of aSOAP message.

" SOAP is a lightweight,XML-based protocol forexchange of informationin a decentralized,distributed environment.

WS-PolicyAssertions

Vers

ion

3.0

· Feb

ruar

y 20

07

Reliability SpecificationsWS-ReliableMessaging

WS-Reliability

WS-Reliable Messaging Policy Assertion

Tran

sact

ion

Resource SpecificationsWeb Service Resource Framework

WS-BaseFaults

WS-ResourceLifetime

WS-Transfer

Resource Representation SOAP Header Block (RRSHB)

WS-ServiceGroup

Mes

sagi

ng

Secu

rity

Tran

sact

ion

WS-ResourceProperties

Met

adat

a

Secu

rity

Basic

Prof

ile

Presentation SpecificationsWeb Services for Remote Portlets

Mes

s.

Secu

r.

Relia

b.

Mes

sagi

ng

Secu

rity

Management Specifications

Reso

urce

Met

a

WS-Management

Management Of Web Services

Management Using Web Services

Service Modeling Language

Business Process Specifications

WS-Choreography Model Overview

Web Service Choreography Description Language

Web Service Choreography Interface

Business Process Management Language

Business Process Execution Language for Web Serv. 2.0

XML Process Definition Language

Business Process Execution Language for Web Services

Mes

sagi

ng

Tran

sact

ion

Secu

rity

Relia

bilit

y

Transaction Specifications

Mes

sagi

ng

Secu

rity

Relia

bilit

y

Met

adat

a

WS-Composite Application Framework

WS-Transaction Management

WS-Context

WS-Coordination Framework

WS-Business Activity

WS-Atomic Transaction

WS-Coordination

Standards BodiesThe Organization for the Advancement of Structured Information Standards (OASIS) is a not-for-profit, international consortium

that drives the development, convergence, and adoption of e-business standards. Theconsortium produces more Web services standards than any other organization along with stan-dards for security, e-business, and standardization efforts in the public sector and for applica-tion-specific markets. Founded in 1993, OASIS has more than 4,000 participants representingover 600 organizations and individual members in 100 countries.

The World Wide Web Consortium (W3C) was created in October 1994 to lead the World Wide Web to its full potential by developing common protocols that promoteits evolution and ensure its interoperability. W3C has over 350 Member organiza-

tions from all over the world and has earned international recognition for its contributions to thegrowth of the Web. W3C is designing the infrastructure, and defining the architecture and the coretechnologies for Web services. In September 2000, W3C started the XML Protocol Activity to addressthe need for an XML-based protocol for application-to-application messaging. In January 2002, theWeb Services Activity was launched, subsuming the XML Protocol Activity and extending its scope.

The Web Services Interoperability Organization (WS-I) is an open industry organization chartered to promote Web services interoperability across platforms,

operating systems and programming languages. The organization’s diverse community of Webservices leaders helps customers to develop interoperable Web services by providing guidance,recommended practices and supporting resources. Specifically, WS-I creates, promotes andsupports generic protocols for the interoperable exchange of messages between Web services.

The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.

Attachments Profile1.0


! Attachments Profile – The Attachment Profile 1.0complements the Basic Profile 1.1 to add support for interoperable SOAP Messages with attachments-basedWeb Services.

Simple SOAP Binding Profile

1.0WS-I

Final Specification

! Simple SOAP Binding Profile – The Simple SOAP BindingProfile consists of those Basic Profile 1.0 requirementsrelated to the serialization of the envelope and itsrepresentation in the message.

Business Process ExecutionLanguage for Web Services 1.1

(BPEL4WS) · 1.1 · BEA Systems, IBM,Microsoft, SAP,

Siebel Systems · OASIS-Standard

! WS-Choreography Model Overview defines the formatand structure of the (SOAP) messages that are exchanged,and the sequence and conditions in which the messagesare exchanged.

! Business Process Execution Language for Web Services1.1(BPEL4WS) provides a language for the formalspecification of business processes and business interactionprotocols using Web Services.

! Web Service Choreography Interface (WSCI) describeshow Web Service operations can be choreographed in thecontext of a message exchange in which the Web Serviceparticipates.

WS-Choreography ModelOverview

1.0 · W3CWorking Draft

Web Service ChoreographyInterface

(WSCI) · 1.0 · W3CSun Microsystems, SAP, BEA Systems

and Intalio · Note



(BPEL4WS) · 2.0OASIS, BEA Systems, IBM, Microsoft, SAP,

Siebel Systems · Committee Draft

! Business Process Execution Language for Web Services2.0 (BPEL4WS) provides a language for the formalspecification of business processes and business interactionprotocols using Web Services.

! Business Process Management Language (BPML)provides a meta-language for expressing businessprocesses and supporting entities.

Business Process ManagementLanguage (BPML)

1.1BPMI.org

Final Draft

! Web Service Choreography Description Language(CDL4WS) is to specify a declarative, XML based languagethat defines from a global viewpoint the common andcomplementary observable behaviour, where messageexchanges occur, and when the jointly agreed orderingrules are satisfied.

Web Service ChoreographyDescription Language

(CDL4WS) · 1.0 · W3CCandidate Recommendation

! XML Process Definition Language (XPDL) provides anXML file format that can be used to interchange processmodels between tools.

XML Process DefinitionLanguage (XPDL)

2.0Final

WS-ReliableMessaging1.1


! WS-ReliableMessaging describes a protocol that allowsWeb services to communicate reliable in the presence ofsoftware component, system, or network failures. It definesa SOAP binding that is required for interoperability.

WS-Reliability1.1

OASISOASIS-Standard

! WS-Reliability is a SOAP-based protocol for exchangingSOAP messages with guaranteed delivery, no duplicates,and guaranteed message ordering. WS-Reliability isdefined as SOAP header extensions and is independent ofthe underlying protocol. This specification contains abinding to HTTP.

WS-Reliable Messaging Policy Assertion (WS-RM Policy)

1.1OASIS

Committee Draft

! Web Services ReliableMessaging Policy Assertion(WS-RM Policy) describes a domain-specific policy assertionfor WS-ReliableMessaging that that can be specified withina policy alternative as defined in WS-Policy Framework.

! Web Service Description Language 2.0 Core is an XML-based language for describing Web services and how toaccess them. It specifies the location of the service and theoperations (or methods) the service exposes.

! Web Service Description Language 1.1 is an XML-basedlanguage for describing Web services and how to accessthem. It specifies the location of the service and theoperations (or methods) the service exposes.

! Web Service Description Language SOAP Bindingdescribes the concrete details for using WSDL 2.0 inconjunction with SOAP 1.1 protocol.

WS-BaseFaults (WSRF)1.2

OASISWorking Draft

Web Services Resource Framework (WSRF)

1.2OASIS

OASIS-Standard

WS-ServiceGroup (WSRF)1.2

OASISWorking Draft

! WS-BaseFaults (WSRF) defines a base set of informationthat may appear in fault messages. WS-BaseFaults defines anXML schema type for base faults, along with rules for howthis base fault type is used and extended by Web Services.

! Web Services Resource Framework (WSRF) defines a family ofspecifications for accessing stateful resources using Web Services.

! WS-ServiceGroup (WSRF) defines a means by which WebServices and WS-Resources can be aggregated or groupedtogether for a domain specific purpose.

WS-ResourceProperties1.2

OASISWorking Draft

! WS-ResourceProperties specifies the means by which thedefinition of the properties of a WS-Resource may be declaredas part of the Web Service interface. The declaration of theWS-Resource properties represents a projection of or a viewon the WS-Resource state.

! WS-ResourceLifetime is to standardize the terminology,concepts, message exchanges, WSDL and XML needed tomonitor the lifetime of, and destroy WS-Resources.Additionally, it defines resource properties that may be usedto inspect and monitor the lifetime of a WS-Resource.

! WS-Transfer describes a general SOAP-based protocol foraccessing XML representations of Web service-based resources.

WS-ResourceLifetime1.2

OASISWorking Draft

WS-TransferW3C

W3C Member Submission

Resource RepresentationSOAP Header Block (RRSHB)

W3CRecommendation

! Resource Representation SOAP Header Block (RRSHB)complements MTOM by defining mechanisms fordescribing and conveying non-XML resource representationsin a SOAP 1.2 message.

http://www.innoq.com/resources/ws-standards-poster/

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm



Why is SOA so hard to define?


“Service Oriented Architecture is a paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. It provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations.”

OASIS SOA Reference Modelhttp://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm




“An Economy is a paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. It provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations.”

Nick Gall, VP, Gartnerhttp://tech.groups.yahoo.com/group/service-orientated-architecture/message/9065




What is REST?


REST: An Architectural Style

Defining a set of key “constraints”

... that, if met, make an architecture “RESTful”

... with the Web as one example


REST: The Web Used Correctly

A system or application architecture

... that uses HTTP, URI and other Web standards “correctly”

... is “on” the Web, not tunneled through it


REST: XML without SOAP

Send plain XML (w/o a SOAP Envelope) via HTTP

... violating the Web as much as WS-*

... preferably use GET to invoke methods

... making it damn easy to use.


Let’s equate “REST” with “RESTful HTTP usage” ...


REST Explainedin 5 Easy Steps


1. Give Every “Thing” an ID

http://example.com/customers/1234

http://example.com/orders/2007/10/776654

http://example.com/products/4554

http://example.com/processes/sal-increase-234










2. Link Things To Each Other

<order self=’http://example.com/customers/1234’> <amount>23</amount> <product ref=’http://example.com/products/4554’ /> <customer ref=’http://example.com/customers/1234’ /></order>












3. Use Standard Methods

GET retrieve information, possibly cached

PUT Update or create with known ID

POST Create or append sub-resource

DELETE (Logically) remove


4. Allow for Multiple “Representations”

GET /customers/1234Host: example.comAccept: application/vnd.mycompany.customer+xml

GET /customers/1234Host: example.comAccept: text/x-vcard

<customer>...</customer>

begin:vcard...end:vcard


5. Communicate StatelesslyGET /customers/1234Host: example.comAccept: application/vnd.mycompany.customer+xml

time

<customer><order ref=’./orders/46’</customer>

GET /customers/1234/orders/46Host: example.comAccept: application/vnd.mycompany.order+xml

<order>...</order>

shutdownupdate softwarereplace hardwarestartup


What The Discussion Should be

Business

Architecture

Technology

SOA as an approach to business/IT alignment

Technical SOA REST

SOAP, WSDL, WS-* (RESTful) HTTP, URI, ...


(T)SOA+ getOrders()

+ submitOrder()

+ getOrderDetails()

+ getOrdersForCustomers()

+ updateOrder()

+ addOrderItem()

+ cancelOrder()

+ cancelAllOrders()

OrderManagementService

+ getCustomers()

+ addCustomer()

+ getCustomerDetails()

+ updateCustomer()

+ deleteCustomer()

+ deleteAllCustomers()

CustomerManagementService

GET - get order details

PUT - update order

POST - add item

DELETE - cancel order

/orders/{id}

GET - list all orders

PUT - unused

POST - add a new order

DELETE - cancel all orders

/orders

GET - get customer details

PUT - update customer

POST - unused

DELETE - delete customer

/customers/{id}

GET - list all customers

PUT - unused

POST - add new customer

DELETE - delete all customers

/customers

GET

PUT

POST

DELETE

«interface»

Resource

GET - get all orders for customer

PUT - unused

POST - add order

DELETE - cancel all customer orders

/customers/{id}/orders

REST


Why You Should Care


WS-* Roots

The Enterprise

RPC, COM, CORBA, RMI, EJB

Transaction Systems

Controlled Environment

Top-down Approach


REST Roots

The Internet

Text formats

Wire Standards

FTP, POP, SMTP

Bottom-up Approach


Internet vs. Enterprise


What’s the difference between the Internet

and a typical enterprise?


Internet vs. Enterprise

The other is a worldwide, publicly accessible series of interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP).

One is a gigantic, uncontrollable anarchy of heterogeneous systems with varying quality that evolve independently and constantly get connected in new and unexpected ways.


What Others Say


“No matter how hard I try, I still think the WS-* stack is bloated, opaque, and insanely complex. I think it is going to be hard to understand, hard to implement, hard to interoperate, and hard to secure.”

Tim Bray, XML Co-inventorhttp://www.tbray.org/ongoing/When/200x/2004/09/18/WS-Oppo

http://www.tbray.org/ongoing/When/200x/2004/09/18/WS-Oppo



“Show me the interoperable, full and free implementations of WS-* in Python, Perl, Ruby and PHP. You won’t see them, because there’s no intrinsic value in WS-* unless you’re trying to suck money out of your customers. Its complexity serves as a barrier to entry at the same time that it creates ‘value’ that can be sold.”

Mark Nottingham, ex BEA, now Yahoo!, former WS-Addressing WG Chair

http://www.mnot.net/blog/2006/05/10/vendors




Frankly, if I were an enterprise architect today, and I were genuinely concerned about development costs, agility, and extensibility, I’d be looking to solve everything I possibly could with dynamic languages and REST, and specifically the HTTP variety of REST. I’d avoid ESBs and the typical enterprise middleware frameworks unless I had a problem that really required them [...]. I’d also try to totally avoid SOAP and WS-*.

Steve Vinoski, formerly IONAhttp://steve.vinoski.net/blog/2007/10/04/the-esb-question/

http://steve.vinoski.net/blog/2007/10/04/the-esb-question/

http://steve.vinoski.net/blog/2007/10/04/the-esb-question/


“Want to be cool? Learn REST. Want a career? Learn WS.”

Steve Jones, Cap Geminihttp://service-architecture.blogspot.com/2006/11/want-to-be-cool-learn-rest-want-career.html




If you’re ready for REST I suggest you jump on board right away and get ahead of the curve […] You’ll have to train your developers in REST principles. [...] You definitely need to provide guidance to your people. What you want to do is work to the point where REST becomes the default for all your distributed applications.

Anne Thomas Manes, Burton Grouphttp://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci1256796,00.html

http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci1256796,00.html

http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci1256796,00.html


What Others Build


Everybody HTTP Servers, Clients, Proxies, Libraries, ...

DHH & The Rails Community Ruby on Rails

Google BaseGDataCalendarDocument ListsBloggerNotebookPicasa

Amazon Simple Storage Service (S3)Queue ServiceFlexible PaymentSearch

Sun JSR 311Jersey

IBM AbderaProject Zero

Microsoft AstoriaWCF


What You Should Do(in my very humble opinion)


Appreciate the Web

Be skeptical of WS-*

Learn to love the URILearn more about REST


If You Want to Know More


http://www.innoq.com/resources/REST

http://www.innoq.com

http://www.innoq.com


http://www.oreilly.com/catalog/9780596529260/




http://www.infoq.com





Thank you!

Stefan Tilkovhttp://www.innoq.com/blog/st/[email protected]

Web Services Standards Overview

Vers

ion

3.0*

· Fe

brua

ry 2

007

This

post

er is

not

to b

e re

prod

uced

or t

rans

mitt

ed in

any

form

or f

or a

ny p

urpo

se w

ithou

t the

exp

ress

per

miss

ion

of in

noQ

Deut

schl

and

GmbH

.Co

pyrig

ht ©

inno

Q De

utsc

hlan

d Gm

bH.

All R

ight

s Res

erve

d. T

he p

oste

r may

also

con

tain

refe

renc

es to

oth

er c

ompa

ny, o

rgan

isatio

n, b

rand

and

pro

duct

nam

es.

Thes

e co

mpa

ny, o

rgan

isatio

n, b

rand

and

pro

duct

nam

es a

re u

sed

here

in fo

r ide

ntifi

catio

npur

pose

s onl

y an

d m

ay b

e th

e tr

adem

arks

of t

heir

resp

ectiv

e ow

ners

.

InteroperabilityIssues

Basic Profile1.1


Basic Profile1.2


Basic Profile2.0


Basic Security Profile1.0

WS-IBoard Approval Draft

REL Token Profile1.0


SAML Token Profile1.0


Conformance Claim Attachment Mechanism

(CCAM)1.0


Reliable AsynchronousMessaging Profile (RAMP)

1.0WS-I

Working Draft

Attachments Profile1.0


Simple SOAPBinding Profile

1.0 · WS-IFinal Specification

Business Process ExecutionLanguage for Web Services 1.1(BPEL4WS) · 1.1 · BEA Systems, IBM,

Microsoft, SAP, Siebel SystemsOASIS-Standard

WS-Choreography ModelOverview1.0 · W3C

Working Draft

Web Service ChoreographyInterface (WSCI)

1.0 · W3CSun Microsystems, SAP, BEA Systems

and Intalio · Note



(BPEL4WS) · 2.0OASIS, BEA Systems, IBM, Microsoft,

SAP, Siebel Systems · Committee Draft

Business Process Management Language (BPML)

1.1BPMI.org

Final Draft

Web Service ChoreographyDescription Language (CDL4WS)

1.0W3C


XML Process Definition Language (XPDL)

2.0Final

WS-Policy1.5

W3CWorking Draft

WS-PolicyAssertions1.1

BEA Systems, IBM, Microsoft, SAP

Public Draft

Metadata Specifications

WS-PolicyAttachment1.2

W3CW3C Member Submission

WS-DiscoveryMicrosoft, BEA Systems, Canon,

Intel and webMethodsDraft

WS-MetadataExchange1.1

BEA Systems, Computer Associates, IBM, Microsoft, SAP, Sun

Microsystems and webMethodsPublic Draft

Universal Description,Discovery and Integration

(UDDI)3.0.2

OASISOASIS-Standard

Web Service DescriptionLanguage 2.0 SOAP Binding

2.0W3C · Working Draft

Web Service Description Language 2.0 Core

2.0W3C


Web Service DescriptionLanguage 1.1

1.1W3CNote

WS-Security1.1

OASISOASIS-Standard

WS-SecurityPolicy1.1

IBM, Microsoft, RSA Security, VeriSign

Public Draft

Security Specifications


1.1OASIS

Public Review Draft


1.1OASIS

Public Review Draft

WS-Security:Kerberos Binding

1.0Microsoft, IBM, OASIS

Working Draft

WS-Federation1.0

IBM, Microsoft, BEA Systems, RSA Security, and VeriSign

Initial Draft


1.1OASIS

Public Review Draft

WS-TrustBEA Systems, Computer Associates,

IBM, Layer 7 Technologies, Microsoft,Netegrity, Oblix, OpenNetwork, Ping

Identity Corp., Reactivity, RSASecurity, VeriSign and Westbridge

Technology · Initial Draft

WS-SecureConversationBEA Systems, Computer Associates,

IBM, Layer 7 Technologies, Microsoft,Netegrity, Oblix, OpenNetwork, Ping

Identity Corp., Reactivity, RSASecurity, VeriSign and Westbridge

Technology · Public Draft

WS-Security: X.509Certificate Token Profile

1.1OASIS

Public Review Draft

WS-ReliableMessaging1.1


Reliability Specifications

WS-Reliable Messaging Policy Assertion (WS-RM Policy)

1.1OASIS

Committee Draft

WS-Reliability1.1

OASISOASIS-Standard

WS-Coordination1.1

OASISWorking Draft

WS-Business Activity1.1

OASISWorking Draft

WS-Atomic Transaction1.1


WS-Composite ApplicationFramework (WS-CAF)

1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsyst. · Committee Specification

WS-Context (WS-CTX)1.0 · Arjuna Technologies, Fujitsu,

IONA, Oracle and SunMicrosystems · Committee Draft

TransactionSpecifications

ResourceSpecifications

Management Using Web Services (WSDM-MUWS)

1.0OASIS

OASIS-Standard

Management Of Web Services (WSDM-MOWS)

1.0OASIS

OASIS-Standard

Management Specifications

WS-ManagementAMD, Dell, Intel, Microsoft and Sun

MicrosystemsPublished Specification

Service Modeling LanguageIBM, BEA, BMC, Cisco,

Dell, HP, Intel, Microsoft, SunDraft Specification

Web Services for Remote Portlets (WSRP)

2.0OASIS

Committee Draft

PresentationSpecifications

Web Services Resource Framework (WSRF)

1.2 · OASIS · OASIS-Standard

WS-BaseFaults (WSRF)1.2

OASISWorking Draft

WS-ServiceGroup (WSRF)1.2

OASISWorking Draft

WS-ResourceProperties1.2

OASISWorking Draft

WS-ResourceLifetime1.2

OASISWorking Draft

WS-TransferW3C

W3C Member Submission

Resource RepresentationSOAP Header Block (RRSHB)

W3C · Recommendation

WS-Coordination Framework (WS-CF)

1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsystems · Committee Draft

WS-Transaction Management (WS-TXM)

1.0 · ArjunaTechnologies, Fujitsu, IONA, Oracleand Sun Microsystems · Committee Draft

innoQ Deutschland GmbH innoQ Schweiz GmbHHalskestraße 17 Gewerbestrasse 11D-40880 Ratingen CH-6330 ChamPhone +49 2102 77162-100 Phone +41 41 743 [email protected] · www.innoq.com

SOAP Message Transmission Optimization

Mechanism (MTOM)1.0 · W3C

Recommendation

SOAP1.2

W3CRecommendation

SOAP1.1

W3CNote

WS-Addressing – Core1.0

W3CRecommendation

WS-EventingW3C

Public Draft

WS-Addressing – WSDLBinding

1.0W3C



1.0W3C

Recommendation

WS-EnumerationSystinet, Microsoft, Sonic Software,

BEA Systems and Computer Associates

Public Draft

WS-Notification1.3

OASISOASIS-Standard

WS-BaseNotification1.3

OASISOASIS-Standard

WS-Topics1.3

OASISOASIS-Standard

WS-BrokeredNotification1.3

OASISOASIS-Standard

XML 1.11.1

W3CRecommendation

XML 1.01.0

W3CRecommendation

Namespaces in XML1.1

W3CRecommendation

XML Information Set1.0

W3CRecommendation

XML Schema1.1

W3CWorking Draft

XML binary Optimized Packaging (XOP)

1.0W3C

Recommendation

Describing Media Content ofBinary Data in XML (DMCBDX)

W3CNote

XML Specifications

Messaging Specifications SOAP

*HINWEIS: Dies ist eineim Informationsgehalt reduzierte Version des WS-Standards-Posters voninnoQ. Sie finden die Vollversion zum Downloadim PDF-Format unter:www.innoq.com/resources/ws-standards-poster/.Dort können Sie auch dasausgedruckte Poster imDIN A0 Format bestellen.

Slides at http://www.innoq.com/blog/st/presentations/2007/2007-10-09-REST_vs_SOA-BeJUG.pdf





http://www.innoq.com/blog/st/presentations/2007/2007-10-09-REST_vs_SOA-BeJUG.pdf

http://www.innoq.com/blog/st/presentations/2007/2007-10-09-REST_vs_SOA-BeJUG.pdf


Photo Credit

http://www.flickr.com/photos/toddography/462611643/

http://www.flickr.com/photos/raveller/159146501/





Documents

The State of REST vs. SOA - INNOQ · in the context of WSS: SOAP Message Security including for the purpose of securing SOAP messages and SOAP message exchanges. WS-Federation 1.0