Upload
ambrose-briggs
View
222
Download
0
Tags:
Embed Size (px)
Citation preview
Agenda
Introduction to SOAP How SOAP works
Architecture Examples & demo
Security Aspects Strengths & Weaknesses Web Services.
Formal Definition
SOAP is lightweight, simple XML-based protocol designed to exchange information in a decentralized and distributed environment.
Current Scenario
Web-based services are popular.
Communication between components on different computers.
Difference in technologies and platforms.
Difficulty in achieving interoperability.
Solutions
Distributed Component Architecture (DCOM)
CORBA (Common Object Request Broker Architecture)
Remote Scripting
Java RMI
Why SOAP ? Shortcoming of these technologies– they do not natively
interoperate with each other.
In real world scenarios client and server have different platforms, standards.
Internet supports a wide range of services.
Steep learning curve and the complexities involved .
The solution is SOAP.
Firewall Problems
COM's port management similar to sockets port management.
Most network administrators don't like opening their servers to a range of port addresses.
Usually the Http port is open .
HTTP Protocol
HTTP protocol uses port 80 to communicate over the Internet.
SOAP uses HTTP as its transport mechanism.
Purpose Of SOAP
Improve cross-platform interoperability using the Web and XML.
Enables different programs, written in different languages and running on different platforms, to communicate with each other.
Plus Point
SOAP uses HTTP for transport binding.
Most organizations are familiar with HTTP and already have it incorporated into their network infrastructure.
No complex changes to the network or firewalls needed.
Main Concepts SOAP consists of four parts :
SOAP envelope - what is in a message, who should deal with it, and whether it is optional or mandatory.
SOAP encoding rules - Serialization mechanism used to exchange instances of application-defined datatypes.
Main Concepts (continued)
SOAP RPC representation – A convention that can be used to represent remote procedure calls and responses.
SOAP binding - A convention for exchanging SOAP envelopes between peers using an underlying protocol for transport.
SOAP Node
SOAP node Implemented at client(sender) and server(receiver).
Processes messages according to the formal set of conventions.
Enforces the rules that govern the exchange of SOAP messages.
Accesses the services provided by the underlying protocols through SOAP bindings.
SOAP Message Format
Soap message is an XML document that consists of mandatory SOAP envelope optional SOAP Header mandatory SOAP Body.
SOAP Message Header SOAP Header is a generic mechanism for adding features to
a SOAP message in a decentralized manner.
No prior agreement between the communicating parties is required.
Header may be edited by intermediaries to change the information to be sent to the receiver.
Two types of headers are available in HTTP Request Header – for request messages Response Header – for response messages.
Security Within SOAP
SOAP specification does not define any protocol-specific security features.
Utilizes standard HTTP security features. HTTP authentication mechanisms SSL for secure channel communications (using HTTPS).
Security Aspects
Potential security threat due to plain text nature of data.
Security features may be added to the SOAP header.
Transport protocols such as SSL, TLS, and IP SECurity (IPSec) can provide the integrity and confidentiality of the message during transmission.
Developing SOAP Application
SOAP toolkits available to create and parse the SOAP messages.
It helps translate function calls from some kind of language to a SOAP message.
For example Microsoft SOAP Toolkit 2.0 translates COM function calls to
SOAP Apache toolkit translates Java function calls to SOAP.
Pros
Cross Platform Interoperability.
Can support a range of applications – RPC, XML.
Small and easy to implement. Can reuse existing XML Parsers and HTTP libraries.
Main Advantage
Firewalls block most ports, except the standard HTTP port 80.
Most distributed object protocols like DCOM use dynamically assigned ports for remote method invocations.
SOAP uses HTTP as the transport mechanism. No problem invoking SOAP endpoints from either side of a firewall.
Cons Still Evolving.
SOAP data is sent as XML text for standardization.
Converting all data into text and parsing it back into data structures at the other end can use up quite a bit of
processing power.
No inbuilt security features.