enterprise application integration paulo marques informatics engineering department university of...
Post on 19-Dec-2015
227 views
TRANSCRIPT
Enterprise Application Integration
Paulo MarquesInformatics Engineering DepartmentUniversity of [email protected]
2008
/200
9
4. Service Oriented Architecture4.1. An Introduction
2
SOA = Service Oriented Architecture
Enterprise Service Bus (ESB) SOA = Service Oriented Architecture
The services on the ESB are: a) thought to be integrated – “service oriented”;b) registered on a directory server; c) typically orchestrated.
Web Services
3
SOA
Service Oriented Architecture A system is made up of autonomous entities (sub-
systems) which act independently of each other. All systems have interfaces which were thought explicitly for system integration.
Sub-systems have a course granularity (e.g. billing, warehouse, purchasing, etc.), typically being capable of executing independently of each other. These subsystems, and in particular their integration interfaces, are called services.
A possible way of implementing a SOA is using Web Services and related technologies.«An SOA is an orchestrated sequence of «An SOA is an orchestrated sequence of messaging, transformation, routing and messaging, transformation, routing and processing events in which XML technologies processing events in which XML technologies expose the message content and the expose the message content and the components that operate on the messages.»components that operate on the messages.»
4
SOA in a nutshell
SystemA
ServiceInterface
SystemB
ServiceInterface
SystemC
ServiceInterface
SystemD
ServiceInterface
EnterpriseService Bus
ProcessOrchestrator
ServiceDirectory
A Service OrientedArchitecture
5
Services != Distributed Objects
Different Deployment Model Services are “hosted” instead of distributed based on
their computational function Encapsulation is made at the interface level (business
driver) and not at implementation level Interception and chaining of services is natural Routing is performed based on content and context High level of granularity High autonomy
Integration Structure Integration interfaces (services) where thought explicitly
for that Common business models among partners
6
Why use a SOA?
Future, Scalability and Evolution! An organization is made up of many different systems.
Sooner or later they will have to talk to each other. (typically, sooner than latter!)
If systems are not thought from the beginning for integration, the solutions found for doing so will be ad-hoc, without possibility of evolution, and with high development and maintenance costs
Using a Service Bus and a Service Oriented Architecture allows for future evolution, both by easily adding new services and, if necessary, replacing existing service implementations
A SOA allows to do so with minimal disruption of the business processes of an organization.
7
The importance of Open Standards
It’s absolutely important that a SOA is based on Open Standards It allows the architecture to stay in place on the long-run Allows external services to be easily integrated into the
organization’s infrastructure Allows for the substitution of existing systems by better
ones (e.g. better technology, with a lower cost of ownership, or that are more adequate to the organization’s strategy)
Technologies like XML, HTTP, SOAP e 1st generation Web Services and 2nd generation WS play a vital role«It allows applications to bind to services
that evolve and improve over time without requiring modification to the applications that consume them»
8
Moving into Services
Connections = cost Function oriented Build to last Prolonged development
FromFrom ToTo
Connections = value Process oriented Build for change Incrementally deployed
Application silos Tightly coupled Object oriented
Orchestrated solutions Loosely coupled Message oriented
(c) Microsoft
9
Business Process View
BusinessBusinessComponentComponent
BusinessBusinessComponentComponent
Business Business ProcessProcess
ConsumerConsumerApplicationApplication
Finer Grained Finer Grained Internal Internal Service Service
OperationsOperations
Coarse Coarse Grained Web Grained Web
Service Service OperationsOperations
Fine Grained Fine Grained Object and Object and
database callsdatabase calls
10
SOA based on Web Services
First Generation Web Services HTTP, XML, XSD, WSDL, SOAP Web Services UDDI
Second Generation Web Services Allow for a Service Oriented Architecture WS-* Specifications
WS-SecureConversation
WS-SecurityPolicy
WS-Policy
WS-PolicyAttachment
WS-PolicyAssertions
WS-Addressing
WS-ReliableMessaging
WS-Routing
WS-Referral
WS-Inspection
WS-Security
WS-Attachments
WS-Coordination
WS-Transaction
11
What does it look like?
S3S3 S6S6S4S4 S5S5
Autonomous systems, viewed as services
Orchestration Logic
S2S2
S1S1
S7S7
S8S8
They are capable of sending and receiving messages
UI1UI1
UI2UI2 UI3UI3UI4UI4
User Interfaces
Enterprise Application Integration
Paulo MarquesInformatics Engineering DepartmentUniversity of [email protected]
2008
/200
9
4. Service Oriented Architecture4.2. Web Services
14
Web Services?
Portal
Warehouse
Billing
VB/ASP
Java/J2EE
COBOL
DCOM
JavaRMI
CORBA
?$#%$#
?$#%$# ?$#%$#
15
Web Services!
The first step to have interoperable systems is to based them on open standards, de facto supported by industry
All systems must be able to talk a common language
Portal
Warehouse
Billing
VB/ASP
Java/J2EE
COBOL
WS
WS
WS
SOAPXML
SOAPXML
SOAPXML
16
Web Services
What’s a web service?
«A web service consists in an «A web service consists in an application identified by a URI which application identified by a URI which can be accessed over the internet can be accessed over the internet using open standards like SOAP/XML»using open standards like SOAP/XML»
17
Evolution of the Web
XMLXML
ProgrammabilityProgrammabilityConnectivityConnectivity
HTMLHTML
PresentationPresentation
TCP/IPTCP/IP
Technology
Technology
Innovation
Innovation
FTP,FTP, E-mail, Gopher
E-mail, GopherWeb Pages
Web Pages
Browse Browse the Webthe Web
Program Program the Webthe Web
Web Services
Web Services
1
2
3
18
Web Services
XML Representing messages using a platform-independent
universal format.
SOAP = Simple Object Access Protocol Allows to transport XML messages between systems in a
simple an middleware-independent way. The underlying protocol is normally HTTP. But, others can
be used (SMTP, FTP, ...) HTTP Port 80 is good [Well, sort of... ]
WSDL = Web Services Definition Language Describes web services (i.e. the service contract)
UDDI = Universal Description, Discovery, and Integration Directory service which allows to register and discover web
services
19
Web Service Model
Service Description
Service
Service Description
FIND
WSDL, UDDI WSDL, UDDI
PUBLICATION
BIND SOAP
ServiceRegistry
ServiceRequester
ServiceProvider
1(1) Web service is installed
(2) Web service is registered
(3) Client(s) lookup web service
(4) Web service is instantiated (n times), possibly by many clients
23
4
21
SOAP
XML based protocol for exchange of information Encoding rules for
datatype instances Convention for
representing RPC invocations
Designed for loosely-coupled distributed computing No remote references
Used with XML Schema Transport independent SOAP with Attachments
allow arbitrary data to be packaged.
SOAP1.1 MessageStructure
SOAPEnvelope
HeaderEntries
[Header Element]
Body Element
[FaultElement]
22
Node types
Three node types: sender nodes, intermediate nodes, receiver nodes Destination nodes (i.e. intermediate or final nodes) are identified
on the Header of the messages (env:role) Typical values of env:role are “next” (processed by the
intermediate and final nodes) and “ultimateReceiver” (only processed by the final node)
Messages (payload) exchanged between SOAP nodes can be: RPC-based (i.e. method invocation) Document-based (i.e. you send/receive an XML document) It’s also possible to exchange messages containing BLOBs of binary
data (SOAP Messages with Attachments)
Service Requester
IntermediaryService
ServiceProvider
SOAP Sender SOAP Intermediary SOAP Receiver
23
Web Services Types
Document/Literal (Wrapped) The payload of the SOAP message is an XML document that
can be validated against XML schema. The document itself is represented as method parameters (Wrapped approach).
Document/Literal (Bare) Bare is an implementation detail from the Java domain.
Neither in the abstract contract (i.e. wsdl+schema) nor at the SOAP message level is a bare endpoint recognizable.
A bare endpoint or client uses a Java bean that represents the entire document payload.
RPC/Literal (Wrapped) With RPC there is a wrapper element that names the endpoint
operation. Child elements of the RPC parent are the individual parameters. It’s “calling methods” using XML, not passing documents.
Note: there is no complex type in XML schema that could validate the entire SOAP message payload.
RPC/Encoded Shouldn’t be used! “SOAP encodeding style is defined by the
infamous chapter 5 of the SOAP-1.1 specification. It has inherent interoperability issues that cannot be fixed. The Basic Profile-1.0 prohibits this encoding style”
24
Web Services Types
JBoss extends available web services types to include a very useful mechanism: direct XML Elements. “You may come to the point where RPC/literal or
Document/literal is not what you are looking for. This may be the case for instance, when you want to do the XML processing yourself instead of deferring it to the SOAP stack. JBossWS offers the possiblity to setup message style endpoints that do exchange raw XML documents mapped to DOM elements or SOAPElements”
(JBoss Web Services Guide) This means that you can pass directly an XML tree
created in memory as parameter. Called “Message Style Endpoints”public interface Shop extends Remote
{ public Element getInvoice(Element client) throws RemoteException;}
http://labs.jboss.com/jbossws/user-guide/en/html/1.0.4/en/html/getting-started.html
25
SOAP Messages
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <getProductDetails xmlns="http://warehouse.example.com/ws"> <productID>827635</productID> </getProductDetails> </soap:Body></soap:Envelope>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <getProductDetailsResponse xmlns="http://warehouse.example.com/ws"> <getProductDetailsResult> <productName>Toptimate 3-Piece Set</productName> <productID>827635</productID> <description>3-Piece luggage set.</description> <price>96.50</price> <inStock>true</inStock> </getProductDetailsResult> </getProductDetailsResponse> </soap:Body></soap:Envelope>
Request
Response
26
What’s the problem with all this?
Computationally heavy and data heavy! 1 byte of information many bytes of context 1 byte of information many CPU cycles of processing
Sender Receiver
HTTP Request
HTTP Body
XML Syntax
SOAP Envelope
SOAP Body
SOAP Body Block
Textual Integer
0x0b66
27
WSDL = Web Services Description Language
Used for describing SERVICE INTERFACES Datatypes used by the web service What methods are available for invocation What are the input and output parameters
Which are the SERVICE IMPLEMENTATIONS available Which are the endpoints (bindings) Which are the supported transport protocols
WSDL is the Interface Definition Language of Web Services
28
What does a WSDL document looks like?
A WSDL document describes What the service can do Where it resides How to invoke it
WSDL are like IDL but lot more flexible and extensible
Defines binding for SOAP1.1, HTTP GET/POST and MIME
WSDL descriptions can be made available from an UDDI registry
WSDL1.1 DocumentStructure
WSDLDocument
[Types]
{Messages}
{Port Types}
{Bindings}
{Services}
29
Format of a WSDL document
<definitions> <types> <schema></schema> </types> <message> <part></part> </message> <portType> <operation></operation> </portType> <binding> <operation></operation> </binding> <service> <port></port> </service></definitions>
XML-Schema of all data types
Parameters of a service
Listing of available services
Maps services to protocols:SOAP, HTTP, etc.
The service’s URL
30
WSDL example
<?xml version="1.0" encoding="utf-8"?><definitions name=“BookStore" ... > ... </definitions> <types> <schema> ... </schema> </types>
<message name="ISBN_Number"> <part name="isbn" type="xs:string"/> </message> <message name="BookInfo"> <part name="title" type="xs:string"/> <part name="author" type="xs:string"/> </message>
<portType name="Catalog"> <operation name="GetBookByISBN"> <input name="isbn_number" message="ISBN_Number"/> <output name=“result" message="BookInfo"/> </operation> </portType>
...
Data types
Messages used by the service
Abstract service definition
31
WSDL example (2)
<binding name="BookByISBN_SOAP_Binding" type="Catalog"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <operation> <soap:operation soapAction="/GetBookByISBN"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </operation> </binding>
<service name="ACME_Book_Service"> <documentation>ACME BOOKS CATALOG</documentation> <port name="BookByISBN_Port" binding="BookByISBN_SOAP_Binding"> <soap:address location="http://acmebooks.com/webservices"/> </port> </service>
</definitions>
Maps the service into the HTTP protocol
Binds the service mapping into an address endpoint
32
Luckly...
In many cases you don’t need to know the details behind WSDL. (But some times you do!) There are tools to automatically generate all the necessary
classes for the target programming language you are using
33
UDDI
A directory service for web services
UDDI Business Registry
Marketplaces, search engines, and business apps query the registry to discover services at other companies
3.
Service TypeRegistrations
SW companies, standards bodies, and programmers populate the registry withdescriptions of different types of services
1.
BusinessRegistrations
Businesses populate the registry withdescriptions of the services they support
2.
Business uses this data to facilitate easier integration with each other over the Web
4.
34
UDDI (2)
The initial objective was that different organizations and companies would register their businesses on a central directory. Other companies looking for functionality would look them up.
Didn’t happen! Organizations and companies don’t work that way!
Even so, UDDI is extremely useful when implementing a SOA. It can serve as a centralized repository for all services available in an organization! Easy lookup and orchestration
37
Interoperability
With so many specifications (XML, XSD, SOAP, WSDL, UDDI), it’s really hard to setup a system that is able to talk with another system on a different platform Different versions, different implementation, different
interpretations of standards…
Web Services Interoperability Organization Supervises the process of
having compatible WS stacks among players
Strategy: Profiles and Tests
38
WS-I Basic Profile 1.1
A WS stack implementation is compliant with WS-I Basic Profile 1.1 if it correctly supports: SOAP 1.1 HTTP/1.1 HTTP State Management Mechanism (RFC2965) XML 1.0 (2nd Edition) XML Schema (Part I+II) WSDL 1.1 UDDI 2.0 (2.04 API, 2.03 Data Structure, 2 XML Schema) HTTP over TLS (RFC2818) TLS 1.0 SSL 3.0 X.509 (RFC2459)
... with some extensions and amendments... WS-I Basic Profile 1.2 was issued on March 2007
Enterprise Application Integration
Paulo MarquesInformatics Engineering DepartmentUniversity of [email protected]
2008
/200
9
4. Service Oriented Architecture4.3. APIs for Web Services
41
APIs for Web Services
For developing web services you can use a number of platforms, application servers, and APIs Sun J2EE Application Server AXIS + Tomcat BEA WebLogic Microsoft.NET + IIS JBoss WS
Seen in SD
We’ll see it as an example...
Recommended for the 2nd assignment(but not compulsory)
42
A simple web service
<%@ WebService Language="C#" Class="Algoritmos" %>
using System;using System.Web.Services;
public class Algoritmos : WebService{ [WebMethod] public int Soma(int a, int b) { return a + b; }}
Algoritmos.asmx
43
Example of a web service
<%@ WebService Language="C#" Class="Algoritmos" %>
using System;using System.Web.Services;
public class Algoritmos : WebService{ [WebMethod] public int Soma(int a, int b) { return a + b; }}
Says that the web serviceis written in C#
Says which class corresponds to theweb service
Algoritmos.asmx
44
How to deploy it?
Using MS Internet Information Server (IIS)...
You just have to create a new folder in the IIS web document directory and copy the file there.
c:\Inetput\wwwroot\Matematica\Algoritmos.asmx
http://localhost/Matematica/Algoritmos.asmx
49
tempuri.org?
“tempuri.org” is a temporary namespace. To change it, define it at the web service level.
<%@ WebService Language="C#" Class="Algoritmos" %>
using System;using System.Web.Services;
[WebService(Namespace="http://www.dei.uc.pt/Algoritmos")] public class Algoritmos : WebService{ [WebMethod] public int Soma(int a, int b) { return a + b; }}
50
How can I use the service?
Obviously, the idea is to use the web service from an application, not through a web browser.
The wsdl.exe application generates the necessary files for including the service into your code.
51
A simple application that uses the web service...
using System;
public class Somador { public static void Main(string[] args) { // Cria um objecto que representa o web service no servidor Algoritmos algoritmos = new Algoritmos(); // Chama o web service e imprime o resultado int a = ConvertTo.Int32(args[0]); int b = ConvertTo.Int32(args[1]); int resultado = algoritmos.Soma(a, b);
Console.WriteLine("O resultado é: {0}", resultado); }}
53
Separate Compilation
Many times, it’s not a good idea to place the web service source code of the on the document directory of the web server! You want to pre-compile and deploy it
Steps: Create a .CS file with the source code of the web service
(Algoritmos.asmx.cs) Compile this file into a library (DLL)
csc /t:library /out:Algoritmos.asmx.dll Algoritmos.asmx.cs Create a folder named bin on the web server’s deployment
directory and copy the DLL therecopy Algoritmos.asmx.dll c:\Inetput\wwwroot\Matematica\bin
Remove the class definition from the Algoritmos.asmx file and state that the correspondign implementation lives in the compiled class <%@ WebService Language="C#“ Class="Algoritmos,Algoritmos.asmx" %>
54
What’s the problem with this code?
Note: we want to create a web service that keeps track of how many invocations are being made
using System;using System.Web.Services;
public class Contador : WebService{ private int totalPings = 0;
[WebMethod] public int Ping() { return totalPings++; }}
In .NET, every time Ping() is called a new object is created to take careof the request! [Note: the same thing happens in JSP.]
55
The solution...
Since the web service class is derived from WebService, it inherits some very interesting properties: Application: Represents the application as a whole. It’s not
associated to any client in particular nor any session. Context: Encapsulates all information present in the current
HTTP request. In particular, this object contains the information submitted on current HTTP header and the object to be used as response.
Server: Represents the server where the request is being processed. You can find out the name of the machine, current time, create COM objects, etc.
Session: Represents the current session with the client. A session corresponds to all the invocations performed by a single client, since the first invocation takes place until the connection is closed.
User: represents the user currently corrected, containing its security credentials.
56
So, to save the ping() information...
using System;using System.Web.Services;
public class Contador : WebService{ private const int TOTAL_INVOCACOES = “Invocações”;
public Contador() { if (Application[TOTAL_INVOCACOES] == null) Application[TOTAL_INVOCACOES] = 0; }
[WebMethod] public int Ping() { int totalInvocacoes = (int) Application[TOTAL_INVOCACOES]; ++totalInvocacoes; Application[TOTAL_INVOCACOES] = totalInvocacoes;
return totalInvocacoes; }}
57
But...
using System;using System.Web.Services;
public class Contador : WebService{ private const int TOTAL_INVOCACOES = “Invocações”;
public Contador() { if (Application[TOTAL_INVOCACOES] == null) Application[TOTAL_INVOCACOES] = 0; }
[WebMethod] public int Ping() { int totalInvocacoes = (int) Application[TOTAL_INVOCACOES]; ++totalInvocacoes; Application[TOTAL_INVOCACOES] = totalInvocacoes;
return totalInvocacoes; }}
DANGEROUS!!!!
58
You must synchronize your code!
using System;using System.Web.Services;
public class Contador : WebService{ private const int TOTAL_INVOCACOES = “Invocações”;
public Contador() { Application.Lock(); if (Application[TOTAL_INVOCACOES] == null) Application[TOTAL_INVOCACOES] = 0; Application.UnLock(); }
[WebMethod] public int Ping() { Application.Lock(); int totalInvocacoes = (int) Application[TOTAL_INVOCACOES]; Application[TOTAL_INVOCACOES] = ++totalInvocacoes; Application.UnLock();
return totalInvocacoes; }}
59
To know more...
Service-Oriented Architecture: A Field Guide to Integrating XML and Web Servicesby Thomas Erl Chapter 3
Developing Java Web Services: Architecting and Developing Secure Web Services Using Javaby Ramesh Nagappan et. al. Chapters 1, 2 and 3
Enterprise Application Integration
Paulo MarquesInformatics Engineering DepartmentUniversity of [email protected]
2008
/200
9
4. Service Oriented Architecture4.4. 2nd Generation Web Services
62
Needs
HTTP, XML, WSDL, UDDI Allows to exchange information between endpoints on a
platform- independent format Allows to discover services and their interfaces
But, we need more! We need, at least, to: Name the endpoints and route messages between them Have reliability when sending messages Provide for security Transactional support Asynchronous messaging Metadata for policies and capabilities of systems Support for binary data
65
How can we do this with SOAP??
send_image(“joke.jpg”)
From: ATo: B Company_Proxy
BA
WS-AttachmentsSOAP with Attachments (SwA)
WS-Addressing
66
Attachments e WS-Addressing
SOAP with Attachments (SwA): Used for including binary data in SOAP messages (XML) Different message parts are encapsulated using MIME
(Multipurpose Internet Mail Extensions)
WS-Attachments: Same objective as SwA but the encapsulation is done
using DIME (Direct Internet Message Encapsulation)
WS-Addressing: Specifies how to identify services independently of the
transport protocol
68
SOAP with Attachments (2)
--MIME_boundaryContent-Type: application/xop+xml; charset=UTF-8; type="application/soap+xml; action=\"ProcessData\""Content-Transfer-Encoding: 8bitContent-ID: <[email protected]>
<soap:Envelope> <soap:Body> <m:photo xmlmime:contentType='image/png'> <xop:Include href='cid:http://example.org/me.png'/> </m:photo> </soap:Body></soap:Envelope>
--MIME_boundary
Content-Type: image/png
Content-Transfer-Encoding: binary
Content-ID: <http://example.org/me.png>
// binary octets for png
--MIME_boundary--
69
WS-Addressing
<soap:Envelope xmlns:soap="http://www.w3.org/2002/12/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2003/03/addressing">
<soap:Header>
<wsa:ReplyTo> <wsa:Address>http://ws.dei.uc.pt/is/client</wsa:Address> </wsa:ReplyTo> <wsa:To>http://ws.dei.uc.pt/is/server</wsa:To> <wsa:Action>http://ws.dei.uc.pt/is/server/gradeStu</wsa:Action>
</soap:Header>
<soap:Body> ... </soap:Body>
</soap:Envelope>
71
Let’s consider some problems
BankServicetransfer(amount, from, to)
invoke(“transfer”, 5000, “joao”, “jose”)
? invoke again
WS-ReliableMessagingWS-Reliability
ok
72
WS-ReliableMessaging e WS-Reliability
Objective: to exchange messages asynchronously having different delivery guaranties at-most-once, at-least-once, exactly-once, in-order
Uses the Header field of SOAP messages Message identifiers, sequence numbers, response
information, etc. Remember: those fields are optional
Supporters WS-ReliableMessaging: BEA + Microsoft + IBM WS-Reliability: Sun + Oracle OASIS
Biggest Differences: WS-ReliableMessaging uses other standards (WS-Security,
WS-Addressing); WS-Reliability doesn’t.
74
Web Services Stack
WS-Security
WS-SecureConversation
WS-Trust
WS-SecurityPolicy
WS-AtomicTransaction
WS-Coordination
WS-BusinessActivity
75
So, what happens in this case?
“Transfer 5000€ from theCGD account to the MGaccount”
widraw(5000, #4598)
deposit(5000, #7653)
deposit(5000, #7653)
(Application Server)
(Application Server) (DB Server)
(DB Server)
76
So, what happens in this case?
“Transfer 5000€ from theCGD account to the MGaccount”
deposit(5000, #7653)
The server cashes after havingtaken the money out, but beforethe money has been deposited.What now?
(Application Server) (BD Server)
(DB Server)
WS-CoordinationWS-Transaction
(DB Server)
77
WS-Coordination and WS-Transaction
For solving this type of issues, it’s necessary to use a distributed “Two-Phase Commit” protocol. Careful: on your DB course you’ve only studied transactions that
take place on a single server
WS-Coordination: Specifies how to create and propagate context information to all entities participating in the workflow of web services Including asynchronous interactions and over long periods of time Proposed by BEA, Microsoft and IBM
WS-Transaction: Uses WS-Coordination to support distributed transactions
WS-Atomic Transaction: Similar semantic to distributed transactions in database servers (locking during the whole transaction) WS-Business Activity: Long duration activities. If it’s necessary to
abort, the system takes “compensatory actions” (the system doesn’t lock all participates during the whole transaction)
78
WS-Coordination
Web service Web service Web service
coordinator coordinator coordinator
Web service Web service Web service
coordinator
(a) central coordination
(b) distributed coordination
80
WS-AtomicTransaction
Active Ended
Aborting
PreparingPrepare
Prepared CommittingPrepared Committed
ReadOnlyor
Aborted
Aborted
Commit
Rollback
Participant generatedCoordinator generated
Phase 1 Phase 2
82
Hum, and what about this?
Trust Domain A
Trust Domain B
Encryption?
Digital Signatures?
WS-SecurityWS-Secure ConverstationWS-TrustWS-Federation
83
Web Services Security
WS-Security Basic Security Framework Message integrity (digital signatures – XMLSIG) Message confidentiality (encryption – XMLENC) Propagation of security tokens (typically binary)
WS-SecureConversation Systems want to exchange more than one message. WS-
SecureConversation establishes a context for exchanging several messages in a secure way (i.e. session keys, identifiers, timeouts...)
WS-Trust Allows to establish trust relationships between different systems
according to management policies WS-Federation
Allows to use different systems using the same set of credentials (e.g. for single-sign-on systems)
84
WS-Federation
WS-Federation: Allows to establish security domains All systems belonging to a domain are called “federated” Federated systems can belong to different organizations
Main Objective: “Single Sign-On” over security domains
11
22
22
22
……
IP/STSRequestor
Resource
86
How to ensure policies?
I supporttransactions
I supportencryption
deposit(5000, #7653)
I will only deposit money onsystems supporting dataencryption and transactions!
87
Other WS-Specifications
WS-Policy: Offers a syntax for describing policies associated to
different web services (e.g. service requirements, capabilities, preferences, etc.)
WS-PolicyAttachment: Mechanism for associating policies to endpoints
WS-PolicyAssertions: Mechanism for validating that an endpoint supports a
certain policy
90
BPEL
BPEL: Business Process Execution Language for Web Services Resulted from merging the proposals of IBM (WSFL) and
Microsoft (XLANG). It’s widely supported by companies, including IBM, Microsoft, BEA, among others.
Provides means for specifying data workflows between services and composed business services. It also provides the means to describe business process interfaces so that they can be reused on larger systems.
Interconnects partners which publish and remove XML messages from containers. Business process is the name given to a workflow that combines partners, containers and activities together.
Business Processes execute on a “process manager”(e.g Biztalk Server, BEA Weblogic Integration Server).
91
BPEL
In terms of extensibility, the two most important concepts are encapsulation and composition. A business process has a set of inputs and outputs. But, internally, the way it achieves its results is by invoking different web services
92
BPEL (3)
In terms of implementation, a business process is a workflow Each step is called an activity
Basic activities:<invoke> calls a web service<receive> waits for the invocation of a
web service<reply> generates a response as a result
of a web service invocation<wait> suspends the process execution<assign> copies information<throw> throws an exception<terminate> terminates the service<switch> conditional choice<while> repetition(etc.)
It’s supported by visual tools
93
BPEL (4)
Fault Handling (problems) In general, it’s based on <throw> and <catch> Also supports compensatory actions
A “compensatory action” allows the programmer to specify a number of activities that should take place if something goes wrong. In general, this corresponds to something that is not recoverable by “normal” actions. Example: Up to a certain amount, a store has to accept a
check as a form of payment. But, when the check is deposited, the originator’s bank account may not have any money left! There’s no automatic process that can be performed to collect the money in this case. So, a “compensatory action” may correspond to a notification to the bank manager that he should deal with the problem by calling the client.
94
BPEL vs. Java
BPELJ: BPEL for Java technology
There are some efforts on standardizing BPEL on top of J2EE. But… their future doesn’t look bright. E.g. “JSR 94: Java Rule Engine API”, “JSR 207: Process Definition
for Java”, “JSR 208: JavaTM Business Integration (JBI)”, JBOSS jBPM
96
Do not forget: the Header!
All these protocols are typically implemented at the SOAP header!
AddressingAddressing
SecuritySecurity
ReliabilityReliability
<S:Envelope … > <S:Header> <wsa:ReplyTo xmlns:wsa=“> <wsa:Address>http://business456.com/User12</wsa:Address> </wsa:ReplyTo> <wsa:To>http://fabrikam123.com/Traffic</wsa:To> <wsa:Action>http://fabrikam123.com/Traffic/Status</wsa:Action> <wssec:Security> <wssec:BinarySecurityToken ValueType="wssec:X509v3" EncodingType=“wssec:Base64Binary"> dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wssec:BinarySecurityToken> </wssec:Security> <wsrm:Sequence> <wsu:Identifier>http://fabrikam123.com/seq1234</wsu:Identifier> <wsrm:MessageNumber>10</wsrm:MessageNumber> </wsrm:Sequence> </S:Header> <S:Body> <app:TrafficStatus xmlns:app="http://highwaymon.org/payloads"> <road>520W</road><speed>3MPH</speed> </app:TrafficStatus> </S:Body></S:Envelope>
97
Standard or not standard... ?
SOAP Message
<soap:Envelope xmlns:soap="..."> <soap:Header>
</soap:Header> <soap:Body>
</soap:Body></soap:Envelope>
<!-- payload -->
<!-- pluggable headers -->
Ugh???
98
Advice...
« (...) Still, the emerging standards stories areoccasionally conflicting and can be confusing.They’re certainly not ready for prime time. Whenapplying a pattern, an application developershould avoid getting bogged down by standardsand stay focused instead on the particular usecases at hand. (...)
As standards mature, architects are wise toconsider how their use might extend enterpriseintegration solutions to broader, less risky, lesscostly, and more powerful levels of sophistication »
99
Bibliography
Service-Oriented Architecture: A Field Guide to Integrating XML and Web Servicesby Thomas Erl Chapter 5 http://www.specifications.ws/
Microsoft’s MSDN site on Web Services: http://
msdn.microsoft.com/webservices/webservices/understanding
100
IMPORTANT NOTICE
YOU ARE FREE TO USE THIS MATERIAL FOR YOUR PERSONAL LERNING OR REFERENCE, DISTRIBUTE IT AMONG COLLEGUES OR EVEN USE IT FOR TEACHING CLASSES. YOU MAY EVEN MODIFY IT, INCLUDING MORE INFORMATION OR CORRECTING STANDING ERRORS.
THIS RIGHT IS GIVEN TO YOU AS LONG AS YOU KEEP THIS NOTICE AND GIVE PROPER CREDIT TO THE AUTHOR. YOU CANNOT REMOVE THE REFERENCES TO THE AUTHOR OR TO THE INFORMATICS ENGINEERING DEPARTMENT OF THE UNIVERSITY OF COIMBRA.
(c) 2007 – Paulo Marques, [email protected]