XML Web Services Standards

Apr 22, 2023 HL7 Working Group Meeting – October 2002

XML Web Services Standards

Roberto [email protected] Technical StrategistMicrosoft Corporation

Mark [email protected] ConsultantMicrosoft Corporation

2Apr 22, 2023 HL7 Working Group Meeting – October 2002

Objectives of This Presentation

Educate on WS-Standards WS-Standards design philosophy WS-Standards overview Drill down on WS-Security

Educate on the industry efforts around WS-Standards

Interoperability What is coming

Discuss next steps


Web Services ArchitectureExtending the Foundation

SOAP (Logical Messaging Model)SOAP (Logical Messaging Model)SOAP (Logical Messaging Model)SOAP (Logical Messaging Model)

XML, Encoding, and TransportsXML, Encoding, and TransportsXML, Encoding, and TransportsXML, Encoding, and Transports

FoundationFoundationFoundationFoundationWSDL and UDDI (Web Services Description and Directory)WSDL and UDDI (Web Services Description and Directory)WSDL and UDDI (Web Services Description and Directory)WSDL and UDDI (Web Services Description and Directory)

DescriptionDescriptionDescriptionDescription AttachmentsAttachmentsAttachmentsAttachments RoutingRoutingRoutingRouting SecuritySecuritySecuritySecurity

PrivacyPrivacyPrivacyPrivacyExtended Extended FoundationFoundation

Secure, Secure, Reliable,Reliable,

TransactedTransacted

Extended Extended FoundationFoundation

Secure, Secure, Reliable,Reliable,

TransactedTransacted

FederationFederationFederationFederation Reliable Reliable MessagingMessagingReliable Reliable

MessagingMessaging TransactionsTransactionsTransactionsTransactions


WS-* Standards Design Principles

Modular and composable Factored to stand alone or work together

General-purpose Agnostic to place it is running or originated

Federated No central point of administration, control, failure

Standards-based Multi-vendor interoperation critical

44


Modular

Provides a framework for SOAP/WSDL extensibility

These protocols augment domain-specific protocols (e.g., healthcare)

Designed to supercede and integrate with many of the industry specs today

Defined by composable SOAP headers and SOAP message

The specifications combined for end-to-end capabilities


Modular: Example

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header>



</S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body></S:Envelope>

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <m:path xmlns:m="http://schemas.xmlsoap.org/rp"> <m:action>http://tickers-r-us.org/getQuote</m:action> <m:to>soap://tickers-r-us.org/stocks</m:to> <m:from>mailto:[email protected]</m:from> <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id> </m:path>

</S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body></S:Envelope>

SOAPSOAPMessageMessage

Security and

License

Routing

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header>

<wssec:credentials xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security"> <wslic:binaryLicense xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses" wslic:valueType="wslic:x509v3" xsi:type="xsd:base64Binary"> dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wslic:binaryLicense> </wssec:credentials> </S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body></S:Envelope>

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <m:path xmlns:m="http://schemas.xmlsoap.org/rp"> <m:action>http://tickers-r-us.org/getQuote</m:action> <m:to>soap://tickers-r-us.org/stocks</m:to> <m:from>mailto:[email protected]</m:from> <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id> </m:path> <wssec:credentials xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security"> <wslic:binaryLicense xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses" wslic:valueType="wslic:x509v3" xsi:type="xsd:base64Binary"> dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wslic:binaryLicense> </wssec:credentials> </S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body></S:Envelope>


General-Purpose

Universal communications

Across organizations Across machines Across process

Flexible communications Extensible headers Extensible body Transport protocol neutral

Platform neutral Devices Desktops Clusters Datacenters

Application category neutral

Enterprise Application Integration

Business-to-Business Business-to-Consumer Peer-to-Peer

Applies to HL7 2.x, 2.XML, v3.0, CDA, CCOW, X12N (HIPAA)


Federated

Fully distributed Crosses organization and trust domains

Can be inspected by firewalls

Does not require centralized servers or administration

Will sometimes require “edge” software to do protocol translation, security work, routing, etc.


Standards-Based

Industry commitment to Publishing specifications Working with partners to refine specifications Working with partners, customers, and

standards bodies for broad adoption

Different standards bodies for different specs, based on the spec


Interop PriorityWS-i.org

An open industry effort Industry initiative focused on promoting Web services

interoperability Organization formed by industry leaders Open membership and participation

Based on partnerships Symbiotic relationship with other standards organizations

through integration of their outputs Goal: Enable interoperability across platforms,

applications, and programming languages Success will accelerate adoption and deployment of

Web services



So, What Has Been Delivered

To Date?


WS-RoutingSubmitted to W3C

A SOAP-based, stateless protocol for exchanging one-way SOAP messages from an initial sender to the ultimate receiver, potentially via a set of intermediaries

Also provides an optional reverse message path enabling two-way message exchange patterns like:

Request/response Peer-to-peer conversations Return of message acknowledgements, faults


DIME And WS-AttachmentsSubmitted to IETF

Direct Internet Message Encapsulation (DIME)

A lightweight, binary message format that can be used to encapsulate one or more application-defined payloads of arbitrary type and size into a single message construct

Each payload is described by a type, a length, and an optional identifier

WS-Attachments is how to encapsulate SOAP in DIME


WS-SecuritySubmitted to OASIS

A specification for proposed SOAP extensions to be used when building secure Web services.

Supercedes the following specifications•SOAP-SEC•Microsoft’s WS-Security, WS-License•IBM’s security token and encryption

Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP…

End-to-end message-level security Defined schema

Designed to be composed with other Web service protocols


A Couple of Details…


New SOAP ElementsWS-Security New

<Security> Header• <Security SOAP:actor="...">• SOAP:actor is optional• One header per actor• All security information together

Including and referencing security tokens• <UsernameToken>• <BinarySecurityToken>• <SecurityTokenReference>

Existing XML Signature XML Encryption Token formats (e.g., X.509, Kerberos, XrML, SAML)


Simple Example

Requesting a stock quote Security token indicates username Signature uses key generated

from password


Simple Example (1 of 2)

(001) <?xml version="1.0" encoding="utf-8"?>(002) <S:Envelope xmlns:S=“.../soap-envelope“ xmlns:ds=“…/xmldsig#">(003) <S:Header>(004) <m:path xmlns:m="http://schemas.xmlsoap.org/rp/">(005) <m:action>http://fabrikam.org/getQuote</m:action>(006) <m:to>http://fabrikam.org/stocks</m:to>(007) <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>(008) </m:path>(009) <wsse:Security xmlns:wsse=“…/secext">(010) <wsse:UsernameToken Id="MyID">(011) <wsse:Username>Zoe</wsse:Username> (012) </wsse:UsernameToken>(013) <ds:Signature>(014) <ds:SignedInfo>(015) <ds:CanonicalizationMethod Algorithm=".../xml-exc-c14n#"/>(016) <ds:SignatureMethod Algorithm=".../xmldsig#hmac-sha1"/>


Simple Example (2 of 2)

(017) <ds:Reference URI="#MsgBody">(018) <ds:DigestMethod Algorithm="http://.../xmldsig#sha1"/>(019) <ds:DigestValue>LyLsF0Pi4wPU...</ds:DigestValue>(020) </ds:Reference>(021) </ds:SignedInfo>(022) <ds:SignatureValue>DJbchm5gK...</ds:SignatureValue>(023) <ds:KeyInfo>(024) <wsse:SecurityTokenReference>(025) <wsse:Reference URI="#MyID"/>(026) </wsse:SecurityTokenReference>(027) </ds:KeyInfo>(028) </ds:Signature>(029) </wsse:Security>(030) </S:Header>(031) <S:Body Id="MsgBody">(032) <tru:StockSymbol xmlns:tru=“…">QQQ</tru:StockSymbol>(033) </S:Body>


What’s Coming?


Security Roadmap Specs

Federated security Authentication and authorization Security protocol independent Brokered (aka Transitive) trust

SecuritySecurity

PrivacyPrivacyTrustTrustPolicyPolicy

AuthorizationAuthorizationFederationFederationSecureConversationSecureConversation

SOAP FoundationSOAP Foundation

TodayToday


Messaging

Includes WS-Routing in familyRouting virtualizes the network

Transport-independent addressing End-to-end versus hop-by-hop model

Reliable Messaging model multi-message conversations

Resilient in face of multi-hop routing Supports multiple QOS levels (e.g. in order, no duplicates, etc.)


Transactions And Coordination

Models distributed agreement in terms of transactions

Short-lived transactions use two-phase commit

Common in DBMS and OLTP worlds

Long-lived/x-trust-domain transactions use coordinated compensation

Common in workflow/EAI world


Business Processes

Business Process Execution Language (BPEL4WS)

Proposed by the Microsoft, IBM and BEABuilt on top of WS-TransactionsA language for formally describing

interoperable business processes and business interaction protocols

In short, it is a language for enabling the orchestration of web services to specify business processes

Supercedes XLANG (MS) and WSFL (IBM)


Work with horizontal standards Restrict the domain by limiting the scope and imposing

additional policies Provide feedback to the standards to improve healthcare

“friendliness”

Benefit from widely available technologies On many platforms Many implementations on the same platform Vendors investing big $$$

How do WE Take Advantage

MLLPebXML(EBMS)

WS-* FTP/S S/MIME HTTP/S

HL7 v2.x HL7 v2.XML CDA HL7 v3

…

…Payload

Transport


Next Steps…

POC @ HIMMS 2003More in-depth analysis and evaluation

Inside one of the current SIGs Web Services SIG (?)

Work with WS-I to leverage the work done for conformance and interoperability


Discussion

Documents

XML Web Services Standards