View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Web ServicesNew Hype or Real Use?
Presented by
Joseph J. Sarna Jr., MCSD
JJS Systems, LLC
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
What are Web Services?
• The next generation of applications designed for machine consumption
• Applications that can be called remotely via HTTP requests
• Language agnostic• Can be called from any platform or client type• Uses SOAP and XML as the transfer medium• Allows passing of data through firewalls
Examples of Web Services
• Stock price retrieval• Monetary Conversion• Credit Card Validations• Dictionary Service• Language Conversion
• Purchase history retrieval• Current inventory Retrieval• Employee benefits updates
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
How Do We Create or Use Web Services?
• What do we need as developers to:– Create a web service?– Consume a web service?
• Especially if we need to communicate with different platforms and programming languages
• Standards!
World Wide Web Consortium Standards
• W3C Standards - http://www.w3.org/
• W3C Web Services Group-http://www.w3.org/2002/ws/
• W3C SOAP Group - http://www.w3.org/2000/xp/Group/
• W3C XML Group - http://www.w3.org/XML/
Requirements for Web Services Development
• A standard way to represent data • A common, extensible, message format • A common, extensible, service description language • A way to discover services located on a particular Web
site • A way to discover service providers
Standard Representation of Data
• XML 1.0 defines the universally supported transfer syntax
• XML Schema defines XML's type system.
• Plain text transferred in a relational format
Common Message Format
• SOAP – Simple Object Access Protocol• A protocol specification that defines a uniform way of
passing XML-encoded data. (Wrapper around the XML Data)
• Defines a way to perform remote procedure calls (RPCs) using HTTP as the underlying communication protocol.
• Submitted in 2000 to the W3C as a Note by IBM, Microsoft, UserLand, and DevelopMentor
Common Service Description Language
• WSDL – Web Services Description Language
• Provides a way for service providers to describe the basic format of web service requests over different protocols or encodings.
• WSDL is a template for how web services should be described and bound to clients
• Fed-Ex Tracking WSDL
Method to Discover Services and Providers
• UDDI – Universal Description, Discovery and Integration
• Provides a mechanism for clients to dynamically find other web services.
• A UDDI registry is established to allow:– Businesses to publish a service and its usage interfaces– Clients to obtain services and bind programmatically to them.
Consuming Web Services
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
Platform Comparisons - Service Description
• J2EE – Supports WSDL – Supports web services registries
• .NET – Supports the WSDL 1.1 specification, however, an XML
namespace is used within a WSDL document to uniquely identify the Web Service's endpoints.
– Supports Web services registries
Platform Comparisons - Service Implementation
• J2EE – Existing Java classes and applications can be wrapped using
the Java API for XML-based RPC (JAX-RPC) and exposed as Web Services.
– With J2EE, business services written as Enterprise JavaBeans are wrapped and exposed as Web Services.
• .NET – .NET applications are compiled to an intermediate binary code
called the Microsoft Intermediate Language (MSIL). – This code is then compiled to native code using a Just In Time
compiler (JIT) at run time and run in a virtual machine called the Common Language Runtime (CLR).
Service Publishing, Discovery and Binding
• J2EE – Java API for XML Registries (JAXR) is a single general purpose API
for interoperating with multiple registry types. There are three types of JAXR providers:
– The JAXR Pluggable Provider, which implements features of the JAXR specification that are independent of any specific registry type.
– The JAXR Bridge Provider, which serves as a bridge to a class of registries such as ebXML or UDDI.
• .NET – Discovery of Web Services with DISCO in the form of a discovery
(DISCO) file, an XML document that contains links to other resources that describe the Web Service.
– Supports UDDI– Provides a .NET UDDI server
Service Invocation and Execution
• J2EE – J2EE uses the Java API for XML-based RPC (JAX-RPC) to
send SOAP method calls to remote parties and receive the results.
– A Web Service client uses a JAX-RPC service by invoking remote methods on a service port described by a WSDL document.
• .NET – Implementing a Web Service listener by:
o Using the built in .NET SOAP message classes o Constructing a Web Service listener manually, using MSXML,
ASP, or ISAPI, etc. o Using the Microsoft Soap Toolkit to build a Web Service listener
that connects to a business application, implemented using COM.
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
Web Services Security
• Three types of potential threats that need to be considered and addressed:
– The SOAP message could be modified or read by hackers. – A hacker could send messages to a service that, while well-
formed, lack appropriate security claims to carry on the processing.
– Service theft
• Addressed by the WS-Security Standards of W3C
Message Security
• The specification only indicates that security tokens may be bound to messages.
• A claim can be either endorsed or unendorsed by a trusted authority with a signed security token that is digitally signed or encrypted by the authority.
• An unendorsed claim, on the other hand, can be trusted if there is a trust relationship between the sender and the receiver.
• One special type of unendorsed claim is Proof-of-Possession. For example, a username/password combination.
Message Protection
• WS-Security provides a means to protect messages by encrypting and/or digitally signing a body, a header, an attachment, or any combination of these items.
• Message integrity is provided by using XML Signature in conjunction with security tokens to ensure that messages are transmitted without modifications.
• Message confidentiality leverages XML Encryption in conjunction with security tokens to keep portions of a SOAP message confidential.
Missing or Inappropriate Claims
• The standards specify that a message receiver should reject a message with an invalid signature, or missing or inappropriate claims, as if it is an unauthorized (or malformed) message.
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
Summary
• Hype? – Still a ways to go for mainstream use.– Security still needs work.
• Real Use?– Informational services available now, some free, some fee.– Internal web services (Intranets) possible now.– Security via SSL or VPN available now.
New Hampshire User Groups
• Manchester Java User Group – Second Wednesday of the month – SNHU campus – http://www.manjug.org
• NE C# User Group – Second Thursday of the month – SNHU campus – http://www.csharp.4square.us/
• NH .NET User Group – Third Thursday of the month – BU Training Center, Tyngsboro, MA - http://www.nhdnug.net/
• NH VB User Group – Fourth Wednesday of the month – SNHU campus – http://www.nhvbug.com