Post on 13-Jan-2016
Web Services at OASIS… Today
Jim Hughes, HP3 October 2002Web Services Edge 2002 West
© 2001-2002 OASIS Open Inc.
Outline
Terminology/Background…– Schema– Security– Reliability– EDI– Complexity…
EDI and Web Service Evolution… Types of Web Services… OASIS Activities… Questions…
© 2001-2002 OASIS Open Inc.
A short aside… HP and Software Consortia OASIS Board, Officer WS-I Board, Officer Liberty Alliance Board, Officer W3C Advisory Board RosettaNet Board, CTO Open Group Board DMTF Board, Officer TMF Board JCP Executive Committee OMG Board ECMA Board, Steering Committee etc.
© 2001-2002 OASIS Open Inc.
Terminology/Background…– Schema– Security– Reliability– EDI– Complexity…
EDI and Web Service Evolution… Types of Web Services… OASIS Activities… Questions…
Outline
© 2001-2002 OASIS Open Inc.
Today’s Business Requirements
Businesses need to innovate at an ever increasing pace
Business success requires broad interoperability– Within an enterprise– Between business partners– Across a heterogeneous set of platforms, applications, and
programming languages
Internet technologies are assumed, interoperability is required– E-Business platforms enable more rapidly developed business
interoperability
© 2001-2002 OASIS Open Inc.
Terminology
Web Services-Interoperability (www.ws-i.org) defines “Web Services” as applications built with:
– SOAP– WSDL– UDDI– XML / Schema 2001– Web Protocols
OASIS sees “web services like” approaches to building e-business platforms – Improving over a time continuum– Increasing in robustness, adoption, volume
© 2001-2002 OASIS Open Inc.
What are Web Services? Until now Web-based e-Business was:
– Browsing of linked documents– Manually initiated transactions & purchases– Downloading files– All initiated manually via a Web browser
Web Services is a new model for using the Web to:– Automatically initiate processes via the Web using programs – Method for describing, publishing, promoting, registering, & initiating processes
dynamically in a distributed environment– New ways of using the web, including intelligent agents, marketplaces & auctions – And… Not necessarily using a Web browser!
Actually, the Web is not required? – How about "Net Services?"
All done using XML standards
The content-oriented
Web is now complimentedby the service-oriented Web
The content-oriented
Web is now complimentedby the service-oriented Web
© 2001-2002 OASIS Open Inc.
What Makes Web Services Possible?
Reliable & Transparent Interconnectivity– Web Protocols
Structured Information– XML Schemas & validation
Application Interface Standards– UDDI, WSDL, SOAP
Consistent Definitions– Profiles, Test Suites & Scenarios
Business Process Interface Standards– ebXML, BTP, BPEL4WS, etc.
Security / Infrastructure Standards– SAML, XACML, etc.
The fundamental characteristics of Web
Services are interoperability & consistency across
platforms, applications & programming languages.
The fundamental characteristics of Web
Services are interoperability & consistency across
platforms, applications & programming languages.
© 2001-2002 OASIS Open Inc.
XML Schema Approaches ComparedRequirement DTDs W3C Schema RELAX NG Schematron
Defines Structures Defines Structure Types Defines Attributes Defines Attribute Types Defines General Entities Defines Element Content Data Types Allows Derived Element Content Data Types Defines Attribute Value Data Types Allows Derived Attribute Value Data Types Conditional Realtionships & Tests Concise & Easy to Read Object Oriented Approach Widespread Adoption Tools Available
Requirement DTDs W3C Schema RELAX NG Schematron
Defines Structures Defines Structure Types Defines Attributes Defines Attribute Types Defines General Entities Defines Element Content Data Types Allows Derived Element Content Data Types Defines Attribute Value Data Types Allows Derived Attribute Value Data Types Conditional Realtionships & Tests Concise & Easy to Read Object Oriented Approach Widespread Adoption Tools Available
Partially Meets Requirement Fully Meets Requirement
© 2001-2002 OASIS Open Inc.
XML Validation Spectrum
Degree of validation may depend on process requirements or other criteria
– Timing– Business Requirements / Policy– Feasibility– Roles
Different Tools and Schema Types can be applied for varying degrees of validation
MoreValidInvalid
Syntax Checking Wellformed
Loose DTD(Optionalized) Strict DTD Schema
Schematron
© 2001-2002 OASIS Open Inc.
A Note on Achieving Security
There is no such thing as “Security”! – There are risks, and there are counter measures– Security as an absolute is unachievable
A good Security Plan should should:– Assess security requirements– Assess security risks– Consider end-to-end security needs, not just between services– Identify available countermeasures– Implement appropriately considering investment
A $50 digital certificate makes sense for a $5M transaction but
not for a $5 transaction!
A $50 digital certificate makes sense for a $5M transaction but
not for a $5 transaction!
© 2001-2002 OASIS Open Inc.
Facets of Security
Facet Description
Identification Who are you?
AuthenticationHow do I know you are who you say you
are?
AuthorizationAre you allowed to perform this transaction?
IntegrityIs the data you sent the same as what I
received?
ConfidentialityAre we sure no one else read the data you sent?
AuditingRecord of transactions to assist inlooking for security problems
Non-repudiationCan you prove the sender sent it, and thereceiver received the identical transaction?
© 2001-2002 OASIS Open Inc.
A Note on Reliability
Reliable delivery of messages & information over a common independent protocol is essential for e-Business platforms– Different business requirements have different reliability
requirements– Document retrieval vs. €1,000,000,000 wire transfer– Resending message if not sure it was received vs.
ensuring message is delivered once and only once– HTTP / Web is not a robust protocol for reliable delivery
Enhancements are being developed to address reliability– HTTPR– SOAP 1.2 (Web Services related Standard)– ebXML MS (Messaging Services)
© 2001-2002 OASIS Open Inc.
Outline
Terminology/Background…– Schema– Security– Reliability– EDI– Complexity…
EDI and Web Service Evolution… Types of Web Services… OASIS Activities… Questions…
© 2001-2002 OASIS Open Inc.
First There Was EDI
Electronic Data Interchange (EDI)– Facilitates global electronic trade – ANSI X12 standards used in North America– UN EDIFACT (EDI for Administration, Commerce & Transport) used
in Europe and elsewhere outside North America– Purchase orders, invoices, wire transfers, receipts, etc.– Usually long-term, high volume trade between established partners– Expensive technology with high cost-of-entry– Inconsistent formats– Only practical for large organizations
Fortune 1000
95%Using EDIEDI Capable
2%
Small to Medium Enterprises (SMEs)
© 2001-2002 OASIS Open Inc.
Problems with EDI
Expensive, proprietary networks Lack of agreed upon data types Different forms of product information
with no common taxonomy Each manufacturer has their own order/return procedures &
system interfaces No mechanism enabling procurement through consistent
interface Changed the way things were done, but not the underlying
processes
© 2001-2002 OASIS Open Inc.
Then Came Basic Web e-Business
Some Aspects of Effective Basic Web e-business– Secure Socket Layer – Encrypted Data– Standard Web protocols– Custom or proprietary application platforms
© 2001-2002 OASIS Open Inc.
What Basic Web e-Biz Will & Won't Do
Won't WillWon't support common robustbusiness requirements
Will support many basic business transactions
Will not secure data "end-to-end" throughout the entire process
Will secure data transaction between firewalls
Will not address business process & requirements
Will enable custom applications for business process support
Will not enable procurement through consistent interface
Will provide channel for developing interfaces
Will not support consistent interconnectivity in heterogeneous
environments
Will provide channel for fairly secure messaging
© 2001-2002 OASIS Open Inc.
So, What is a Web Service?
Application to application requests and responses over the web stack– SSL– HTTP/SMTP/...– XML– SOAP– UDDI
Registry RPC and Business Messaging all loosely coupled...
© 2001-2002 OASIS Open Inc.
Complexity of Web Services
Simple– No side effects– Non-transactional– Context free– Session-less, no
roles– Minimal security– Call-response
model– Point-to-point– Not
developmentally scalable
Complex, e-Business– Impacts other steps– Transactional– Context sensitive
conversions, ordering of steps
– Session based, personalized
– Exactly once semantics– Sophisticated security– Messaging based– Scalable
© 2001-2002 OASIS Open Inc.
Outline
Terminology/Background…– Schema– Security– Reliability– EDI– Complexity…
EDI and Web Service Evolution… Types of Web Services… OASIS Activities… Questions…
© 2001-2002 OASIS Open Inc.
Two Types of Web Services
1. Remote Procedure Call Based – Supports simple Web Services
2. Conversational Based– Message-based, supporting loosely coupled
asynchronous models – A key requirement for Enterprise-class Web Services– Essential for complex Web Services
© 2001-2002 OASIS Open Inc.
1. RPC-based Web Services Components that provide a service to a user
– Human or computer based users– Can be located anywhere– Appears as a remote object to the client application– Tightly coupled and resemble traditional distributed object paradigms, such as
RMI or DCOM– Can be implemented in many programming languages– Interaction uses a service-specific interface– Access is done through Internet-based protocols– Synchronous
– Waits for a response– Does not address
business processes
ServiceProvider A
ServiceBroker
ServiceRequestor
ServiceProvider
ServiceProvider
ServiceProviders B …
Register
Request
Response
Found
Find
SOAP / XML
HTTP
XML
WSDL / UDDI
SOAP
© 2001-2002 OASIS Open Inc.
RPC-based Web Services Standards XML Small Object Access Protocol (SOAP)
– XML-base lightweight protocol for information exchange– W3C XML Protocol WG – SOAP v1.2 – Still in process
Web Services Description Language (WSDL)– XML Format for describing Web Services as end points acting on
messages containing either documents or procedural calls (Port Types)– WSDL v1.1 (IBM & MS) W3C Note Mar. 2001– W3C WS Description WG started Jan. 2002
Universal Description, Discovery & Integration (UDDI)– Facilitates Describing/Discovering Services & Business– Registration of Business Identity Information– UDDI.org v3.0 specification August 2002– OASIS Member Section August 2002
– First TC meeting 9/13 HTTP, DNS & MIME
© 2001-2002 OASIS Open Inc.
SOAP Messages
Define a vocabulary for electronic message "envelope"
Message itself is encoded in another specific vocabulary
Uses XML structure to create request-response messages
Still being developed to address more complex business requirements
Hides application technology from users / other services
© 2001-2002 OASIS Open Inc.
SOAP ExamplePOST /StockQuote HTTP/1.1Host: www.stockquoteserver.comContent-Type: text/xml; charset="utf-8"Content-Length: nnnnSOAPAction: "Some-URI"
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <m:GetLastTradePrice xmlns:m="Some-URI"> <symbol>DIS</symbol> </m:GetLastTradePrice> </SOAP-ENV:Body></SOAP-ENV:Envelope>
POST /StockQuote HTTP/1.1Host: www.stockquoteserver.comContent-Type: text/xml; charset="utf-8"Content-Length: nnnnSOAPAction: "Some-URI"
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <m:GetLastTradePrice xmlns:m="Some-URI"> <symbol>DIS</symbol> </m:GetLastTradePrice> </SOAP-ENV:Body></SOAP-ENV:Envelope>
SOAP Message embedded in an HTTP Request
HTTP/1.1 200 OKContent-Type: text/xml; charset="utf-8"Content-Length: nnnn
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> <SOAP-ENV:Body> <m:GetLastTradePriceResponse xmlns:m="Some-URI"> <Price>34.5</Price> </m:GetLastTradePriceResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>
HTTP/1.1 200 OKContent-Type: text/xml; charset="utf-8"Content-Length: nnnn
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> <SOAP-ENV:Body> <m:GetLastTradePriceResponse xmlns:m="Some-URI"> <Price>34.5</Price> </m:GetLastTradePriceResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>
SOAP Message embedded in an HTTP Response
<SOAP-ENV:Header> <t:Transaction xmlns:t="some-URI" SOAP-ENV:mustUnderstand="1"> 5 </t:Transaction></SOAP-ENV:Header>
<SOAP-ENV:Header> <t:Transaction xmlns:t="some-URI" SOAP-ENV:mustUnderstand="1"> 5 </t:Transaction></SOAP-ENV:Header>
SOAP Header
© 2001-2002 OASIS Open Inc.
UDDI Example
<find_business generic="1.0" xmlns="urn:uddi-org:api"> <name>Microsoft</name> </find_business>
<businessList generic="1.0" operator="Microsoft Corporation" truncated="false" xmlns="urn:uddi-org:api"> <businessInfos> <businessInfo businessKey="0076B468-EB27-42E5-AC09-9955CFF462A3"> <name>Microsoft Corporation</name> <description xml:lang="en">Empowering people through great software – any time, any place and on any device is Microsoft's vision. As the worldwide leader in software for personal and business computing, we strive to produce innovative products and services that meet our customer's</description> <serviceInfos> <serviceInfo businessKey="0076B468-EB27-42E5-AC09-9955CFF462A3" serviceKey="1FFE1F71-2AF3-45FB-B788-09AF7FF151A4"> <name>Web services for smart searching</name> </serviceInfo> <serviceInfo businessKey="0076B468-EB27-42E5-AC09-9955CFF462A3" serviceKey="8BF2F51F-8ED4-43FE-B665-38D8205D1333"> <name>Electronic Business Integration Services</name></serviceInfo>
This UDDI call wrapped in a SOAP message..
…returns this information from a UDDI server
© 2001-2002 OASIS Open Inc.
WSDL Example<?xml version="1.0"?> <definitions name="StockQuote" targetNamespace="http://example.com/stockquote/definitions" xmlns:tns="http://example.com/stockquote/definitions" xmlns:xsd1="http://example.com/stockquote/schemas" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns="http://schemas.xmlsoap.org/wsdl/">
<import namespace="http://example.com/stockquote/schemas" location="http://example.com/stockquote/stockquote.xsd"/>
<message name="GetLastTradePriceInput"> <part name="body" element="xsd1:TradePriceRequest"/> </message> <message name="GetLastTradePriceOutput"> <part name="body" element="xsd1:TradePrice"/> </message> <portType name="StockQuotePortType"> <operation name="GetLastTradePrice"> <input message="tns:GetLastTradePriceInput"/> <output message="tns:GetLastTradePriceOutput"/> </operation> </portType> </definitions>
WSDL Definition for Stock Quote
© 2001-2002 OASIS Open Inc.
RPC Web Services Won’t & Will…Won't Will
Link business indiscriminately Ease partner to partner interaction
Cure all integration issues Make application integration easier
Transform business on their own Create new business opportunities
Eliminate need for decision makers
Give businesses more and better choices
Give software vendors long-term competitive advantage
Give enterprises competitive advantages over rivals through year-end 2004
Be stopped by lack of native security features – but will require secure thinking
Improve efficiency in trusted environments
© 2001-2002 OASIS Open Inc.
2. Conversational Web Services
Message-based Conversational Web Services– Loosely coupled, asynchronous & document-driven– Client invokes a message-based Web Service by sending it
an entire document, such as a purchase order, rather than a discrete set of parameters
– The Web Service accepts the entire document, processes it, & may or may not return a result message
– Promotes a looser coupling between client & server & provides additional benefits beyond RPC-based Web Services
– Suited for long-running transactions and coarse granularity
© 2001-2002 OASIS Open Inc.
What’s the difference between RPC and Conversational models?
Conversational can address more complex & robust business requirements– Non-repudiation– Guaranteed message processing by the receiving
application– Guaranteed message delivery– Transactional protocol(s)– etc.
© 2001-2002 OASIS Open Inc.
ebXML: Built on Existing Standards
HTTP TCP/IP MIME SMTP FTP UML SOAP XML
© 2001-2002 OASIS Open Inc.
What is ebXML? ebXML (electronic business XML)
– Open framework for global e-commerce– Replaces (but is compatible with) EDI
– Based on XML and other open standards– Specifications:
– Business Process– Registry Model and Services– Trading Partner Collaboration (CPPA)– Messaging Services
– Ratified May 2001 in Vienna after 18 months of development– Proof of Concept Demonstration conducted with more than
20 participating organizations– Eventually will become a formal Standard
© 2001-2002 OASIS Open Inc.
Example Scenario
© 2001-2002 OASIS Open Inc.
Standardizing Profiles & Agreements
Uses vendor-neutral standard CPP & CPA language– Collaboration Protocol Profile (CPP)
– Describes trading partner's IT capabilities– Communication protocols– Security requirements– Business processes it supports
– Registered in repository &discovered by potential trading partners– Collaboration Protocol Agreement (CPA)
– Rules of interaction between trading partners– Agreed IT capabilities– Business processes to be performed
– Automatic generation of code – Avoids misinterpretation– Assures party configured compatibly
– Both are XML documents– Tools being created to read & create them
© 2001-2002 OASIS Open Inc.
ebXML Messaging Service
Design Criteria– Leverage Existing Standards Where Possible
– SOAP vs. EBXMLMS?– Broad Support for Convergence of Both Standards– EBXML MS provides Extensions to SOAP for Security &
Reliability– Simple Implementation– Support Enterprises of All Sizes– Support a Wide Variety of Communication Protocols
– (e.g., HTTP, SMTP, FTP, etc.)– Support Payloads of Any Type
– (e.g., XML, EDI, Binaries, etc.)– Support Reliable Messaging– Must be Secure
© 2001-2002 OASIS Open Inc.
Middleware Needed to Make it Work
CPA Registration Message Routing (ebXML Message Service) Transaction Rules checking Business document generation & parsing Security Correlation of conversations Logging Recovery
© 2001-2002 OASIS Open Inc.
Reliable Messaging
Businesses Require Reliability that Exceeds Most Current Protocols
Network Faults require Error Recovery, Retry Logic, & Duplication Detection
EBXML MS Provides:– Ensuring Delivery of Only One Copy of Message– Positive Acknowledgement from Recipient– If no Acknowledgement is Received,
– EBXMLMS will either Retry Sending Message, or– Sending Application will be Notified of Failure
– Does Not Address Reliability of Transport Protocol– Enterprise to select Transport that Meets Broader
Requirements
© 2001-2002 OASIS Open Inc.
ebXML "and" Web Services
Not “ebXML vs. web services” ebXML is (complex) web services ebXML = “ebws”
© 2001-2002 OASIS Open Inc.
E-Business Platforms ComparedRequirement EDI HTTPS/SSL Web Svc ebXML Proprietary
Global Electronic e-Commerce Framework Global Interoperability Framework Extensible Data Type Formats Exensible Interconnectivity Reliable Messaging Security Services Flexible Payload Authentication / Authorization Services Company Collaboration Profiles Business Process Model Registered Trade Agrements Incremental Implementation Platform Indepedence (Heterogeneous) Seperation of Transport, Messaging, Data XML Data Structures Web Enabled Open Standards Open Registries Affordable / Accessableto SMEs Widespread Adoption Tools Available
© 2001-2002 OASIS Open Inc.
ebXML Adoption Headlines
Endorsement by Automotive Industry Action Group
RosettaNet Adopts ebXML in RNIF Covisint (GM, Ford, Daimler-Chrysler)
Supports ebXML for Automotive Industry OpenTravel Alliance Specs Recommend ebXML Open Applications Group Integrates ebXML
into 182 Business Transaction Standards Global Commerce Initiative (GCI) Adopts
ebXML in Data Exchange Standard for B2B Trade in Consumer Goods
© 2001-2002 OASIS Open Inc.
XML Standards' Readiness XML and the XML Family of standards are in production use in a variety of applications XML-based e-Business platforms are still in early adoption phases
– Maturity as indicated on a Gartner Maturity Curve
Peak of InflatedExpectations
Trough of Disillusionment
Plateau ofProductivity
Inception
XML
SOAPSAX
XSLT
DOM
HTMLXPath / XPointer
W3C Schema
Schematron
RELAX NGXSL:FOebXML
Web Services
© 2001-2002 OASIS Open Inc.
Outline
Terminology/Background…– Schema– Security– Reliability– EDI– Complexity…
EDI and Web Service Evolution… Types of Web Services… OASIS Activities… Questions…
© 2001-2002 OASIS Open Inc.
OASIS Software Standards Consortia –
– Development, convergence and adoption of e-business standards
– Lightweight, open process expressly designed to promote industry consensus
– Worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces
500 Corporate & individual members in 100 countries Founded in 1993 as SGML Open 37 Technical Committees…
© 2001-2002 OASIS Open Inc.
OASIS Relationships Will cooperate & liaise with other standards
organizations as much as possible Working & formal relationships with
– W3C, OMG, IDEAlliance, OAG, HL7, CommerceNet, etc.– ISO/IEC JTC SC34, ISO TC154 (Cat. A Liaison)– ITU-T A.4 and A.5 Recognition– ISO/IEC/ITU/UN-ECE Memorandum of Understanding
(MoU) for E-Business Sponsor of recent Interoperability Summit,
8/2002 in Boston
© 2001-2002 OASIS Open Inc.
OASIS TCs – Web Services
ebXML Messaging ebXML Registry ebXML CPPA ebXML Implementation and Conformance (IIC) Provisioning Services (PSTC) Web Services for Interactive Applications (WSIA) Web Services for Remote Portals (WSRP) Web Services Security (WSS)
© 2001-2002 OASIS Open Inc.
Other OASIS TCs Related to Web Services
UDDI Specification Management Protocol Access Control (XACML) Business Transactions (BTP) Common Biometric Format (XCBF) Rights Language (RL) Security Services (SAML) Universal Business Language (UBL)
© 2001-2002 OASIS Open Inc.
So, what’s new at OASIS?
Increasing focus on OASIS as a “good”place to standardize specifications– WS-Security new OASIS TC– UDDI new OASIS Member Section and TC– LegalXML
Associated increased attention on IPR and procedural issues…
New Technical Advisory Board, leading to increasing architectural discussions and forums..
© 2001-2002 OASIS Open Inc.
Outline
Terminology/Background…– Schema– Security– Reliability– EDI– Complexity…
EDI and Web Service Evolution… Types of Web Services… OASIS Activities… Questions…
© 2001-2002 OASIS Open Inc.
Resources & References
OASIS source material for this presentation: http://www.oasis-open.org http://xml.coverpages.org http://xml.org http://www.ebxml.org http://ibm.com/developerworks/speakers/colan http://www.ws-I.org/Documents.aspx
If you would like a copy of the presentation: mailto:jim_hughes@hp.com
© 2001-2002 OASIS Open Inc.
QUESTIONS?