Embed Size (px)
Citation preview
The ‘Zen’ of Web ServicesThe ‘Zen’ of Web Services
David GristwoodDavid [email protected] [email protected]
blogs.msdn.com/David_Gristwoodblogs.msdn.com/David_Gristwood
AgendaAgenda
1.1. Core PrinciplesCore Principles
2.2. MessagingMessaging
3.3. MetadataMetadata
4.4. InteroperabilityInteroperability
5.5. WS-* StandardsWS-* Standards
1 - Introduction1 - Introduction
Web has been a phenomenal success at Web has been a phenomenal success at enabling simple computer/human enabling simple computer/human interactions interactions Key factor in the success of HTTP and HTML Key factor in the success of HTTP and HTML
is its relative simplicity is its relative simplicity
Web services take many ideas and Web services take many ideas and principles of Web and apply them to principles of Web and apply them to computer/computer interactionscomputer/computer interactions
Web services protocol stackWeb services protocol stack
HTTP/HTML "read-mostly" HTTP/HTML "read-mostly" Content often static/highly cacheable Content often static/highly cacheable
Web services architecture designed for highly Web services architecture designed for highly dynamic program-to-program interactions dynamic program-to-program interactions Many kinds of distributed systems may be Many kinds of distributed systems may be
implemented implemented Synchronous & asynchronous messaging systems, Synchronous & asynchronous messaging systems,
distributed computational clusters, mobile-networked distributed computational clusters, mobile-networked systems, grid systems, peer-to-peer environments…systems, grid systems, peer-to-peer environments…
Web services protocol stack to be much more Web services protocol stack to be much more general purpose general purpose
Core Principles Core Principles
Vision: new generation of applications Vision: new generation of applications based on autonomous web servicesbased on autonomous web services
Core principles of web services Core principles of web services architecture:architecture:
a.a. Message orientationMessage orientationb.b. Protocol composability Protocol composability c.c. Autonomous services Autonomous services d.d. Managed transparency Managed transparency e.e. Protocol-based integration Protocol-based integration
a) Message orientationa) Message orientationWeb services communicate using messages Web services communicate using messages
Place significant emphasis on how individual Place significant emphasis on how individual messages formed/processedmessages formed/processed Unlike DCOM/(O)RPC where this is largely Unlike DCOM/(O)RPC where this is largely
invisibleinvisible
Messages are atomic unit of communication Messages are atomic unit of communication Can choose to surface as RPC style developer Can choose to surface as RPC style developer
modelmodel
(Message orientation)(Message orientation)
Assumes SOAP lowest layer in protocol stackAssumes SOAP lowest layer in protocol stack
Isolates message transfer from transport Isolates message transfer from transport details details Ideally, protocol-specific bindings do not leak into Ideally, protocol-specific bindings do not leak into
application semanticsapplication semantics
De-couple historical HTTP offeringsDe-couple historical HTTP offerings HTTP strict request/reply doesn’t lend itself well to HTTP strict request/reply doesn’t lend itself well to
exchange patterns that are easy in TCP such as exchange patterns that are easy in TCP such as full duplex, etcfull duplex, etc
(Message orientation)(Message orientation)
Need to span multiple network nodes Need to span multiple network nodes E.g. access checks, content-based routing, or E.g. access checks, content-based routing, or
application-specific validation application-specific validation
Message may need to traverse multiple Message may need to traverse multiple message transports message transports SMPT, HTTP, TCP, MSMQ, etcSMPT, HTTP, TCP, MSMQ, etc
Security needed beyond single point to Security needed beyond single point to point protocols / singe trust domainpoint protocols / singe trust domain WS-Security vs SSLWS-Security vs SSL
b) Protocol Composabilityb) Protocol Composability
Protocols compose when they can be Protocols compose when they can be used either independently or used either independently or combinationcombinationMany domain-specific protocols are Many domain-specific protocols are effectively “silos”effectively “silos” Protocol designers find themselves Protocol designers find themselves
coining new mechanisms for dealing coining new mechanisms for dealing with security, reliability, etcwith security, reliability, etc
E.g. DCE, CORBA, etcE.g. DCE, CORBA, etc
(Protocol Composability)(Protocol Composability)
Protocol suite designed as family of Protocol suite designed as family of composable protocols composable protocols Each defines a fine-grained unit of Each defines a fine-grained unit of
functionality, efunctionality, e.g. signing and sealing.g. signing and sealingSOAP's architecture anticipates SOAP's architecture anticipates composition via header mechanismcomposition via header mechanism No cost to applications that do not use No cost to applications that do not use
specific protocolspecific protocol New protocols can be introduced at any time New protocols can be introduced at any time
to complement existing ones to complement existing ones
c) Autonomous Servicesc) Autonomous Services
Web services are autonomous agents Web services are autonomous agents development, deployment, operation, management, development, deployment, operation, management,
and security all vary independently to service's and security all vary independently to service's consumerconsumer
““Forced independence" has ramifications that Forced independence" has ramifications that permeate the architecturepermeate the architecture
ExtensibilityExtensibility New versions of SOAP not neededNew versions of SOAP not needed
Security - trust and federationSecurity - trust and federationControl over resources managedControl over resources managed Recycle when not needed, e.g. lease lifetimes, Recycle when not needed, e.g. lease lifetimes,
subscriptions, etc subscriptions, etc
(Autonomous Services)(Autonomous Services)
Versioning Versioning SOAP provides a protocol evolution model SOAP provides a protocol evolution model
based on headers based on headers Headers are expected to be added or Headers are expected to be added or
removed over the lifetime of a given protocol removed over the lifetime of a given protocol New headers carry upgrade policy New headers carry upgrade policy Headers that cannot be safely ignored are Headers that cannot be safely ignored are
annotated with a annotated with a mustUnderstand mustUnderstand attribute attribute
d) Managed Transparencyd) Managed Transparency
All implementation details are private to a All implementation details are private to a service service Message-oriented façade provides insulation Message-oriented façade provides insulation Opacity is critical to service autonomyOpacity is critical to service autonomy
Requires publicly visible aspects Requires publicly visible aspects transparent to the outside worldtransparent to the outside world Machine-readable contractsMachine-readable contracts Essential for creating rich ecosystem for tools Essential for creating rich ecosystem for tools
& execution environments & execution environments
e) Protocol-Based Integratione) Protocol-Based Integration
Assume no shared OS, no shared virtual Assume no shared OS, no shared virtual machine, no shared programming machine, no shared programming language or abstractionlanguage or abstraction
Reflects increasing emphasis on SOAReflects increasing emphasis on SOA Evolution of Evolution of component software, distributed component software, distributed
objects, and message-oriented middleware objects, and message-oriented middleware
2 - 2 - MessagingMessaging
Web services rely on:Web services rely on: XML for basic underlying data modelXML for basic underlying data model SOAP for message processing / data SOAP for message processing / data
modelmodel WS-Addressing for addressing servicesWS-Addressing for addressing services
Independent of transport Independent of transport
Core Web Service StackCore Web Service Stack
ApplicationApplication
ApplicationApplication
DiscoveryDiscovery
DescriptionDescription
PackagingPackaging
DataData
ProtocolProtocol
UDDIUDDI
WSDLWSDL
SOAPSOAP
XMLXML
InternetInternet
XML and the Infoset XML and the Infoset
Common understanding of exactly what Common understanding of exactly what constitutes a message requiredconstitutes a message requiredXML document defined by XML Information XML document defined by XML Information Set (‘Infoset’) Set (‘Infoset’) Abstract data modelAbstract data model Information items maps to elements, attributes, Information items maps to elements, attributes,
etc,etc, Foundation of all XML specificationsFoundation of all XML specifications
XML Schema, XML Query, XSLTXML Schema, XML Query, XSLT
SOAPSOAP
SOAP designed to reduce the engineering cost SOAP designed to reduce the engineering cost lowest-cost technology has the best chance of gaining lowest-cost technology has the best chance of gaining
universal acceptance universal acceptance
A SOAP message is an XML document A SOAP message is an XML document information item that contains three elements: information item that contains three elements: <Envelope><Envelope> <Header><Header> <Body><Body>
Separate application specific payload from Separate application specific payload from protocol informationprotocol information
SOAPSOAPPOST /StockQuote HTTP/1.1POST /StockQuote HTTP/1.1Host: www.stockquoteserver.comHost: www.stockquoteserver.comContent-Type: text/xml; charset="utf-8"Content-Type: text/xml; charset="utf-8"Content-Length: nnnnContent-Length: nnnnSOAPAction: "Some-URI"SOAPAction: "Some-URI"
<SOAP-ENV:Envelope<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> <SOAP-ENV:Header><SOAP-ENV:Header> <t:Transaction<t:Transaction xmlns:t="some-URI"xmlns:t="some-URI" SOAP-ENV:mustUnderstand="1">SOAP-ENV:mustUnderstand="1"> 55 </t:Transaction></t:Transaction> </SOAP-ENV:Header></SOAP-ENV:Header> <SOAP-ENV:Body><SOAP-ENV:Body> <m:GetLastTradePrice xmlns:m="Some-URI"><m:GetLastTradePrice xmlns:m="Some-URI"> <symbol>DEF</symbol><symbol>DEF</symbol> </m:GetLastTradePrice></m:GetLastTradePrice> </SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope></SOAP-ENV:Envelope>
XML and Binary DataXML and Binary DataInfoset encoding allows traditional text and Infoset encoding allows traditional text and opaque binary dataopaque binary data W3C XML-binary Optimized Packaging (XOP) W3C XML-binary Optimized Packaging (XOP)
format uses multi-part MIME toformat uses multi-part MIME to allow raw binary allow raw binary data in XML 1.0 document data in XML 1.0 document
SOAP Message Transmission Optimization SOAP Message Transmission Optimization Method (MTOM) specifies how to bind this Method (MTOM) specifies how to bind this format to SOAPformat to SOAP
XOP and MTOM are the preferred approach for XOP and MTOM are the preferred approach for mixing raw binary with text-based XML mixing raw binary with text-based XML
MTOM became W3C Proposed Recommendation MTOM became W3C Proposed Recommendation Nov 2004Nov 2004
XOPXOP<soap:Envelope<soap:Envelope xmlns:soap='http://www.w3.org/2003/05/soap-xmlns:soap='http://www.w3.org/2003/05/soap-
envelope' …envelope' …<soap:Body><soap:Body> <m:data xmlns:m='http://example.org/stuff'><m:data xmlns:m='http://example.org/stuff'> <m:photo <m:photo
xmlmime:contentType='image/png'>/aWKKapGGy=xmlmime:contentType='image/png'>/aWKKapGGy= </m:photo></m:photo> </m:data></m:data>
MIME-Version: 1.0MIME-Version: 1.0Content-Type: Multipart/Related;boundary=MIME_boundary; …Content-Type: Multipart/Related;boundary=MIME_boundary; …--MIME_boundary--MIME_boundaryContent-Type: application/xop+xml; charset=UTF-8; type="application/soap+xml; action=\"ProcessData\"“ …Content-Type: application/xop+xml; charset=UTF-8; type="application/soap+xml; action=\"ProcessData\"“ …<soap:Envelope <soap:Body><soap:Envelope <soap:Body> <m:data xmlns:m='http://example.org/stuff'><m:data xmlns:m='http://example.org/stuff'> <m:photo <m:photo xmlmime:contentType='image/png'><xop:Include xmlmime:contentType='image/png'><xop:Include xmlns:xop='http://www.w3.org/2004/08/xop/include' xmlns:xop='http://www.w3.org/2004/08/xop/include' href='cid:http://example.org/me.png'/>href='cid:http://example.org/me.png'/> </m:photo></m:photo>……--MIME_boundary--MIME_boundaryContent-Type: image/png Content-Transfer-Encoding: binaryContent-Type: image/png Content-Transfer-Encoding: binary// binary octets // binary octets
Message Exchange PatternsMessage Exchange Patterns
SOAP supports various SOAP supports various message message exchange patterns as required by appsexchange patterns as required by appsSynchronous request/responseSynchronous request/response Most popular, RPC styleMost popular, RPC style
Asynchronous request/responseAsynchronous request/response Explicit message correlation becomes Explicit message correlation becomes
mandatory mandatory
One-to-many broadcast One-to-many broadcast Publish/subscribe Publish/subscribe
Publisher-SubscriberAsynchronous Messaging
SubscriberXML
Publisher
XML
Subscriber registers with PublisherConnection is endedPublisher sends a message to the SubscriberEvent occurs
WS-AddressingWS-AddressingNeeded for messaging carried across multiple Needed for messaging carried across multiple transportstransportsWS-Addressing defines three sets of SOAP WS-Addressing defines three sets of SOAP header blocks for this purposeheader blocks for this purpose Action header block: processing of a message Action header block: processing of a message MessageID/RelatesTo: identify/correlate messages MessageID/RelatesTo: identify/correlate messages To/ReplyTo/FaultTo: identify agents to process the To/ReplyTo/FaultTo: identify agents to process the
message and its replies message and its replies
Endpoints key aspect of WS-AddressingEndpoints key aspect of WS-Addressing Finer-grained addressing than just a URI Finer-grained addressing than just a URI Comprise base address & optional sets of reference Comprise base address & optional sets of reference
properties & reference parameters properties & reference parameters
WS-AddressingWS-Addressing <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"> <S:Header><S:Header> <wsa:MessageID><wsa:MessageID> uuid:6B29FC40-CA47-1067-B31D-00DD010662DAuuid:6B29FC40-CA47-1067-B31D-00DD010662DA </wsa:MessageID></wsa:MessageID> <wsa:ReplyTo><wsa:ReplyTo> <wsa:Address>http://business456.example/client1</wsa:Address><wsa:Address>http://business456.example/client1</wsa:Address> </wsa:ReplyTo></wsa:ReplyTo> <wsa:To>http://fabrikam123.example/Purchasing</wsa:To><wsa:To>http://fabrikam123.example/Purchasing</wsa:To> <wsa:Action>http://fabrikam123.example/SubmitPO</wsa:Action><wsa:Action>http://fabrikam123.example/SubmitPO</wsa:Action> </S:Header></S:Header> <S:Body><S:Body> ...... </S:Body></S:Body> </S:Envelope></S:Envelope>
3 - Metadata3 - Metadata
Metadata enables interoperability Metadata enables interoperability Describes message interchange formats the Describes message interchange formats the
service can support service can support Describes valid message exchange patterns Describes valid message exchange patterns
of a serviceof a service Describes capabilities and requirements of a Describes capabilities and requirements of a
service service Concept of “Service Policy”Concept of “Service Policy”
WSDLWSDL
Web Service Description Language (WSDL) first Web Service Description Language (WSDL) first widely adopted mechanism widely adopted mechanism Describes basic characteristics of web service Describes basic characteristics of web service
Basic message patterns Basic message patterns
Abstract contract for a service Abstract contract for a service
Ports and bindings to concrete transports and physical Ports and bindings to concrete transports and physical deployment informationdeployment information
WSDL file can specify base elements required WSDL file can specify base elements required for a program to interact with a web service for a program to interact with a web service Several tools available to read WSDL file and Several tools available to read WSDL file and
generate the code required generate the code required
WSDLWSDL<<messagemessage name='quoteRequest'> name='quoteRequest'> <<partpart name='body' element='quote-schema- name='body' element='quote-schema-
ns:stockName'/>ns:stockName'/></message></message><<messagemessage name='quoteResponsename='quoteResponse'>'> <<partpart name='body' element='quote-schema- name='body' element='quote-schema-
ns:stockPrice'/>ns:stockPrice'/></message></message>
<<portTypeportType name='quotePortType'> name='quotePortType'> <<operationoperation name='getQuote'> name='getQuote'> <input message='quote-wsdl-<input message='quote-wsdl-
ns:quoteRequest'/>ns:quoteRequest'/> <output message='quote-wsdl-<output message='quote-wsdl-
ns:quoteResponse'/>ns:quoteResponse'/> </operation></operation></portType></portType>
<<bindingbinding name='quoteBinding' type='quote-wsdl- name='quoteBinding' type='quote-wsdl-ns:quotePortType'>ns:quotePortType'>
<<operationoperation name='getQuote'> name='getQuote'> <soap:operation <soap:operation
soapAction="http://example.com/stockQuotsoapAction="http://example.com/stockQuoteAction"/>eAction"/>
<input><input> <soap:body part='body' use='literal'/><soap:body part='body' use='literal'/> </input></input> <output><output> <soap:body part='body' use='literal'/><soap:body part='body' use='literal'/> </output></output> </operation></operation></binding></binding>
<<serviceservice name='stockService'> name='stockService'> <<portport name='stockPort' binding='quote-wsdl- name='stockPort' binding='quote-wsdl-
ns:quoteBinding'>ns:quoteBinding'> <soap:address <soap:address
location='http://example.com/quotes/'/>location='http://example.com/quotes/'/> </port></port></service></service>
Beyond WSDLBeyond WSDL
WSDL not WSDL not sufficient to describe all aspects sufficient to describe all aspects of a web service. E.g. of a web service. E.g. Operational characteristics: The service is Operational characteristics: The service is
available only between 9 a.m. and 5 p.m. available only between 9 a.m. and 5 p.m. Security characteristics: Kerberos tickets are Security characteristics: Kerberos tickets are
required for access to the servicerequired for access to the service
First generation Web services must First generation Web services must exchange metadata out of band using exchange metadata out of band using proprietary protocolsproprietary protocols This issue addressed by This issue addressed by WS-Policy WS-Policy
4 - Interoperability4 - Interoperability
The main promise of Web services The main promise of Web services
Problems occur through ambiguity, choice, Problems occur through ambiguity, choice, misinterpretation, tool support, etcmisinterpretation, tool support, etc
Needs to be a managed processNeeds to be a managed process Testing, conformance, etc Testing, conformance, etc
Main body is Main body is Web Services Interoperability OrganizationWeb Services Interoperability Organization (WS-I) (WS-I)
WS-I : The Industry is AlignedWS-I : The Industry is Aligned
Formed February 2002Formed February 2002Basic Profile 1.1 August, 2004Basic Profile 1.1 August, 2004 Basic Profile 1.0 August 2003Basic Profile 1.0 August 2003
Draft Basic Security Profile August 2004 Draft Basic Security Profile August 2004 Testing tools availableTesting tools available
Interoperability ProfilesInteroperability Profiles
Profile is a set of guidelines beyond the core Profile is a set of guidelines beyond the core protocols protocols Necessary because of specification's general-purpose Necessary because of specification's general-purpose
design design Resolve ambiguities to ensure all implementations Resolve ambiguities to ensure all implementations
process SOAP messages in same way process SOAP messages in same way
The WS-I Basic ProfileThe WS-I Basic Profile Basic Profile 1.0 first profile published by Web Basic Profile 1.0 first profile published by Web
Services-Interoperability Organization (WS-I) Services-Interoperability Organization (WS-I) Interoperable use of SOAP 1.1 & WSDL 1.0 Interoperable use of SOAP 1.1 & WSDL 1.0
WS-* Specifications TimelineWS-* Specifications Timeline
Oct2001
December2002
Routing
SecurityAddendum
Security Transaction
PolicyAssertions
Coordination
Policy
PolicyAttachment
Referral
Trust
Secure Conversation
Security Policy
August2002
WS-Inspection
Security Profile For Tokens
Attachments
Nov2001
April2002
June2002
March2003
SecurityRoadmap
ReliableMessaging
Addressing
Reliable MessageRoadmap
June2003
PolicyAssertions v1.1
Policy v1.1
Policy Attachment v1.1
Infoset Addendum toSOAP Messages w/
Attachments (MTOM)
April2003
July2003
Federation
Federation of Identities
in a WS World
PassiveProfile
ActiveProfile
Atomic Transactions
Coordination
Sept2003
Business Activity
Jan2004
Eventing
Discovery
Reliable Messaging
Feb2004
Mar 2004
Addressing
MetaData Exchange
Security 2004
http://msdn.microsoft.com/webservices/understanding/specshttp://msdn.microsoft.com/webservices/understanding/specs
WS-* Specification ProcessWS-* Specification Process
Specification Published
Feedback and Interop
Workshops
Revise spec Standards Org WS-I
• Comprehensive end-to-end approach• Process reconciles conflicting goals
• Quality of engineering• Time to market• Breadth of industry support
Web Services ArchitectureWeb Services Architecture
Foundation
Applications & ApplicationInfrastructure
Transports
Connected Connected ApplicationsApplications ManagementManagement BusinessBusiness
ProcessProcess……
SecuritySecurity ReliabilityReliability TransactionsTransactions
MessagingMessaging
XMLXML
Met
adat
aM
etad
ata
HTTPHTTP TCPTCP SMTPSMTP ……
WS-DiscoveryWS-Discovery
Web service discovery is key enabler for Web service discovery is key enabler for automating connections to servicesautomating connections to services
i.e. without human intervention i.e. without human intervention
Mirrors two most common approaches to Mirrors two most common approaches to finding information in a computer system:finding information in a computer system:
1.1. Looking in a well-known location - Universal Looking in a well-known location - Universal Description, Discovery, and Integration Description, Discovery, and Integration protocol (UDDI) protocol (UDDI)
2.2. Web services explicitly announce their Web services explicitly announce their arrival and departurearrival and departure
WS-ReliableMessagingWS-ReliableMessaging
Many conditions may interrupt exchange of Many conditions may interrupt exchange of messagesmessages Especially HTTP Especially HTTP Multiple transport-layer connections Multiple transport-layer connections
Messages may be lost, duplicated or reorderedMessages may be lost, duplicated or reorderedWS-ReliableMessaging enables reliable delivery WS-ReliableMessaging enables reliable delivery based on delivery assurance characteristics: based on delivery assurance characteristics: At-Least-Once DeliveryAt-Least-Once Delivery
Each message is delivered at least one time Each message is delivered at least one time At-Most-Once DeliveryAt-Most-Once Delivery
Duplicate messages will not be deliveredDuplicate messages will not be delivered In-Order DeliveryIn-Order Delivery
Messages are delivered in the same order they were sent Messages are delivered in the same order they were sent
WS-CoordinationWS-Coordination
N-way coordination protocols require a N-way coordination protocols require a designated coordinator designated coordinator ““shepherd” a unit of work through a number of shepherd” a unit of work through a number of
cooperating services cooperating services E.g. services not all connected at same timeE.g. services not all connected at same time
WS-Coordination specification defines WS-Coordination specification defines coordination framework to support scenarios coordination framework to support scenarios where explicit coordinators are required where explicit coordinators are required Coordination Context SOAP header block uniquely Coordination Context SOAP header block uniquely
identify piece of joint work to be undertakenidentify piece of joint work to be undertaken
WS-AtomicTransaction WS-AtomicTransaction
Specifies traditional ACID transactions for Specifies traditional ACID transactions for Web servicesWeb services Within context of atomic transaction Within context of atomic transaction
coordination typecoordination type Completion protocol, and two variants of a Completion protocol, and two variants of a
Two-Phase Commit protocolTwo-Phase Commit protocolPrepare, Commit and Abort Prepare, Commit and Abort
Volatile 2PC and Durable 2PC Volatile 2PC and Durable 2PC
WS-Eventing WS-Eventing
Event notification alternative to pollingEvent notification alternative to polling Publish/Subscribe model Publish/Subscribe model
Defines operations an event source provides Defines operations an event source provides that allow subscriptions to be created / managed that allow subscriptions to be created / managed
Flexible in way topics are defined, organized, & Flexible in way topics are defined, organized, & discovered discovered
Expiration time for subscription to manage leaseExpiration time for subscription to manage lease Renewal and unsubscribe operationsRenewal and unsubscribe operations Source can terminate subscription any timeSource can terminate subscription any time
WS-ManagementWS-Management
Discover/Navigate presence of management Discover/Navigate presence of management resources resources Settings can be set, containers enumerated, etcSettings can be set, containers enumerated, etc
Scale from small devices to data centres / Scale from small devices to data centres / distributed systemdistributed system
Access via endpoint of agent that provides Access via endpoint of agent that provides access to resourceaccess to resource Key used to define specific resourceKey used to define specific resource
Supports notificationSupports notification Batched, Pull and TrapBatched, Pull and Trap
WS-SecurityWS-Security
Security has to be built based on explicit agreed-Security has to be built based on explicit agreed-upon mechanisms / assumptionsupon mechanisms / assumptions Yet support wide variety of security policiesYet support wide variety of security policies
Must go beyond point-to-point protocolsMust go beyond point-to-point protocols Otherwise, how to trust intermediariesOtherwise, how to trust intermediaries End-to-end message security is richer alternative to End-to-end message security is richer alternative to
point-to-point transport-level securitypoint-to-point transport-level security Support loosely coupled, federated, multi transportSupport loosely coupled, federated, multi transport
No new security mechanisms were invented to No new security mechanisms were invented to satisfy the needs of SOAP-based messaging satisfy the needs of SOAP-based messaging Existing approaches to distributed systems security Existing approaches to distributed systems security
are sufficient are sufficient
ResourcesResources
An Introduction to the Web Services An Introduction to the Web Services Architecture and Its SpecificationsArchitecture and Its Specificationsmsdn.microsoft.com/library/default.asp?url=/library/en-msdn.microsoft.com/library/default.asp?url=/library/en-
us/dnwebsrv/html/introWSA.aspus/dnwebsrv/html/introWSA.asp
Questions?Questions?
