Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Pocket This Decoder for WS-Alphabet Soup  : Page 2

The alphabet soup of WS-* is difficult to master and yet, very essential for the immediate future. Here's our pocket guide to the basics of the 12 most important WS standards and in what situations they apply, for both .NET and Java.


advertisement
WS-Authorization, WS-Reliability, and Four More
7. WS-Authorization
  • What is it?
    A specification that allows you to specify how the users of your Web service will be authorized against various functionality.
  • When would you use it?
    When you have a large user base and different users are permitted access to different aspects of your service.
  • Tell me more!
    This specification (forthcoming) specifies the policy parameters for how Web services will authorize users. Authorization is different from authentication in that once a user is authenticated their authorization will determine which aspects of the service they may access. For example, one may need to authenticate against a service to use that service, but different users will have access to different sets of Web methods on the service. This is determined by their authorization profile, and this specification will provide a schema to uniformly describe that profile.

8. WS-Reliability

  • What is it?
    A set of enhancements to SOAP that allows you to guarantee message reliability for your Web service.
  • When would you use it?
    When it is vitally important that messages from your Web service have guaranteed delivery and/or duplicate elimination requirements.
  • Tell me more!
    This specification is designed to ensure guaranteed delivery, to ensure that duplicate messages are eliminated, and to ensure message ordering, when necessary.

As the name says, its purpose is to enable reliable communication between Web services. Reliable message delivery means the ability to ensure that a message will be delivered with the desired and specified levels of quality of service. Some examples of this are:

  • Message sent at least once (guaranteed delivery)
  • Message sent at most once (guaranteed duplicate elimination)
  • Message sent exactly once (guaranteed delivery and duplicate elimination)
An example of a WS-Reliability message is shown below:


<?xml version="1.1"?> <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP:Header> <rm:MessageHeader xmlns:rm="http://schemas.fujitsu.com/rm” SOAP:mustUnderstand="1"> <rm:From>requestor@anyuri.com</rm:From> <rm:To>responder@someuri.com</rm:To> <rm:Service>urn:services:ItemQuoteService</rm:Service> <rm:MessageId>20020907-12-34@anyuri.com</rm:MessageId> <rm:Timestamp>2002-09-07T10:19:07</rm:Timestamp> </rm:MessageHeader> <rm:ReliableMessage xmlns:rm="http://schemas.fujitsu.com/rm" SOAP:mustUnderstand="1"> <rm:MessageType>Message</rm:MessageType> <rm:ReplyTo>http://server1.anyuri.com/service/</rm:ReplyTo> <rm:TimeToLive>2002-09-14T10:19:00</rm:TimeToLive> <rm:AckRequested SOAP:mustUnderstand="1" synchronous="false" /> <rm:DuplicateElimination/> </rm:ReliableMessage> <rm:MessageOrder xmlns:rm:="http://schemas.fujitsu.com/rm" SOAP:mustUnderstand="1"> <rm:GroupId status="Continue">020907-45261-0450@a.com</rm:GroupId> <rm:SequenceNumber>12</rm:SequenceNumber> </rm:MessageOrder> </SOAP:Header> <SOAP:Body> <gip:GetItemPrice xmlns:gip="Some-URI"> <gip:itemnumber>product12345</gip:itemnumber> </gip:GetItemPrice> </SOAP:Body> </SOAP:Envelope>

You can see that in this case the SOAP envelope has headers attached to it for the Message, its reliability characteristics, and order. Applications that can manage documents with this schema will then encapsulate the reliability characteristics the specification is driving.

You can see the full schema for a WS-Reliability document at http://developers.sun.com/sw/platform/technologies/ws-reliability.schema.txt.

9. WS-ReliableMessaging

  • What is it?
    A specification (proposed) that allows for reliable message delivery between applications. It isn't limited to SOAP and Web services.
  • When would you use it?
    When you have a system that requires reliable message delivery between varied software components.
  • Tell me more!
    WS-ReliableMessaging is similar in concept to WS-Reliability in that it is designed to ensure reliability of message interchange between distributed applications. However, WS-Reliable messaging goes a step further in that it is designed to maintain reliability characteristics even in the presence of software component, system, or network failures. The protocol is transport-independent, allowing it to be implemented with network technologies other than SOAP, but a SOAP binding is also defined within the specification. The full specification is available at http://specs.xmlsoap.org/ws/2005/02/rm/ws-reliablemessaging.pdf.

10. WS-Routing

  • What is it?
    A protocol that allows you to specify how SOAP messages get routed between software services.
  • When would you use it?
    When you have a complex business process that requires a message to pass through many handlers and you want a guarantee of proper routing.
  • Tell me more!
    This is a simple, stateless, SOAP-based protocol that is used to route SOAP messages asynchronously over transports such as TCP, UDP, or HTTP. When using it, the entire message path for a SOAP message, as well as its return path is described within the SOAP envelope. It supports one-way, two-way, and peer-to-peer messages as well as long-running transactions.

An example of a SOAP message that moves from point A to point D through points B and C, specified using WS-Routing would look like this:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2001/06/soap-envelope"> <SOAP-ENV:Header> <wsrp:path xmlns:wsrp="http://schemas.xmlsoap.org/rp/"> <wsrp:action>http://www.im.org/chat</wsrp:action> <wsrp:to>soap://D.com/some/endpoint</wsrp:to> <wsrp:fwd> <wsrp:via>soap://B.com</wsrp:via> <wsrp:via>soap://C.com</wsrp:via> </wsrp:fwd> <wsrp:from>soap://A.com/some/endpoint</wsrp:from> <wsrp:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</wsrp:id> </wsrp:path> </SOAP-ENV:Header> <SOAP-ENV:Body> ... </SOAP-ENV:Body> </SOAP-ENV:Envelope>

The full specification for WS-Routing can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ws-routing.asp.

11. XML-Encryption

  • What is it?
    A specification that defines how to encrypt and decrypt part or all of an XML document.
  • When would you use it?
    Any time you want information passing across the wire to be private. A classic example is transmitting a password up to a Web service.
  • Tell me more!
    XML-Encryption is used to encrypt and decrypt digital content, including part or all of an XML document. It is particularly useful because of its ability to encrypt only part of a document. When full XML documents are encrypted it is easier for a hacker to attempt to decrypt them, as much of the document contents can be guessed at (for example <xml> or <SOAP> is present in many documents). It is generally used to encrypt a part of a document, for example, user name and password information, while leaving the rest of the document in clear text. The W3C has a great resource for learning more about XML-Encryption and how to use it.

12. XML-Signature

  • What is it?
    A specification that defines how to ensure the validity of the sender of a document.
  • When would you use it?
    Any time you want to send or receive information and need to know for sure that the service that you are sending to or receiving from is the one that you expect.
  • Tell me more!
    XML-Signature is another encryption standard but this one uses a standard public key/private key algorithm to validate the authenticity of the originator of a document. The publisher of the information has a combination of a private and public key that is computationally infeasible to factorize and signs the document with this combination. The recipient of the document can then, based on this signature, derive that he isn't being spoofed and that the document is from who he thinks it's from. You can learn more about how it works and how to implement it at http://www.w3.org/TR/xmldsig-core/.

WS-Finished (for Now)
There are more standards for Web services and service-oriented architecture than you can shake a stick at and more are being added all the time. For this article, I picked 12 of the best-known (and most useful) standards and gave you a quick overview of what they are and when to apply them. Developers who make themselves familiar with the WS-* specs are learning very valuable skills for the near future, as the world is quickly becoming more and more service oriented. DevX will have more articles to describe the application of specific tricky specs and situations in the future. But for now, it's up to you—go forth and standardize and secure with WS-*!



Laurence Moroney is a freelance enterprise architect who specializes in designing and implementing service-oriented applications and environments using .NET, J2EE, or (preferably) both. He has authored books on .NET and Web services security, and more than 30 professional articles. A former Wall Street architect, and security analyst, he also dabbles in journalism, reporting for professional sports. You can find his blog at http://www.philotic.com/blog.
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap