Xml web services standards
This presentation is the property of its rightful owner.
Sponsored Links
1 / 28

XML Web Services Standards PowerPoint PPT Presentation


  • 67 Views
  • Uploaded on
  • Presentation posted in: General

XML Web Services Standards. Roberto Ruggeri [email protected] Healthcare Technical Strategist Microsoft Corporation Mark Oswald [email protected] Principal Consultant Microsoft Corporation. Objectives of This Presentation. Educate on WS-Standards WS-Standards design philosophy

Download Presentation

XML Web Services Standards

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Xml web services standards

XML Web Services Standards

Roberto Ruggeri

[email protected]

Healthcare Technical Strategist

Microsoft Corporation

Mark Oswald

[email protected]

Principal Consultant

Microsoft Corporation


Objectives of this presentation

Objectives of This Presentation

  • Educate on WS-Standards

    • WS-Standards design philosophy

    • WS-Standards overview

    • Drill down on WS-Security

  • Educate on the industry efforts around WS-Standards

    • Interoperability

    • What is coming

  • Discuss next steps


Web services architecture extending the foundation

Federation

Privacy

Reliable Messaging

Transactions

Extended

Foundation

Secure,

Reliable,

Transacted

Description

Attachments

Routing

Security

WSDL and UDDI (Web Services Description and Directory)

Foundation

SOAP (Logical Messaging Model)

XML, Encoding, and Transports

Web Services ArchitectureExtending the Foundation


Ws standards design principles

WS-* Standards Design Principles

  • Modular and composable

    • Factored to stand alone or work together

  • General-purpose

    • Agnostic to place it is running or originated

  • Federated

    • No central point of administration, control, failure

  • Standards-based

    • Multi-vendor interoperation critical

4


Modular

Modular

  • Provides a framework for SOAP/WSDL extensibility

  • These protocols augment domain-specific protocols (e.g., healthcare)

  • Designed to supercede and integrate with many of the industry specs today

  • Defined by composable SOAP headers and SOAP message

    • The specifications combined for end-to-end capabilities


Modular example

Routing

Security

andLicense

SOAP

Message

Modular: Example

<?xml version="1.0" encoding="utf-8"?>

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<S:Header>

<!-- A Simple Quote Web Service -->

</S:Header>

<S:Body>

<tru:StockSymbol

xmlns:tru="http://tickers-r-us.org/payloads">

QQQ

</tru:StockSymbol>

</S:Body>

</S:Envelope>

<?xml version="1.0" encoding="utf-8"?>

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<S:Header>

<m:path xmlns:m="http://schemas.xmlsoap.org/rp">

<m:action>http://tickers-r-us.org/getQuote</m:action>

<m:to>soap://tickers-r-us.org/stocks</m:to>

<m:from>mailto:[email protected]</m:from>

<m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>

</m:path>

</S:Header>

<S:Body>

<tru:StockSymbol

xmlns:tru="http://tickers-r-us.org/payloads">

QQQ

</tru:StockSymbol>

</S:Body>

</S:Envelope>

<?xml version="1.0" encoding="utf-8"?>

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<S:Header>

<wssec:credentials

xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security">

<wslic:binaryLicense

xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses"

wslic:valueType="wslic:x509v3"

xsi:type="xsd:base64Binary">

     dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD

</wslic:binaryLicense>

</wssec:credentials>

</S:Header>

<S:Body>

<tru:StockSymbol

xmlns:tru="http://tickers-r-us.org/payloads">

QQQ

</tru:StockSymbol>

</S:Body>

</S:Envelope>

<?xml version="1.0" encoding="utf-8"?>

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<S:Header>

<m:path xmlns:m="http://schemas.xmlsoap.org/rp">

<m:action>http://tickers-r-us.org/getQuote</m:action>

<m:to>soap://tickers-r-us.org/stocks</m:to>

<m:from>mailto:[email protected]</m:from>

<m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>

</m:path>

<wssec:credentials

xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security">

<wslic:binaryLicense

xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses"

wslic:valueType="wslic:x509v3"

xsi:type="xsd:base64Binary">

     dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD

</wslic:binaryLicense>

</wssec:credentials>

</S:Header>

<S:Body>

<tru:StockSymbol

xmlns:tru="http://tickers-r-us.org/payloads">

QQQ

</tru:StockSymbol>

</S:Body>

</S:Envelope>


General purpose

Universal communications

Across organizations

Across machines

Across process

Flexible communications

Extensible headers

Extensible body

Transport protocol neutral

Platform neutral

Devices

Desktops

Clusters

Datacenters

Application category neutral

Enterprise Application Integration

Business-to-Business

Business-to-Consumer

Peer-to-Peer

Applies to HL7 2.x, 2.XML, v3.0, CDA, CCOW, X12N (HIPAA)

General-Purpose


Federated

Federated

  • Fully distributed

  • Crosses organization and trust domains

    • Can be inspected by firewalls

  • Does not require centralized servers or administration

  • Will sometimes require “edge” software to do protocol translation, security work, routing, etc.


Standards based

Standards-Based

  • Industry commitment to

    • Publishing specifications

    • Working with partners to refine specifications

    • Working with partners, customers, and standards bodies for broad adoption

  • Different standards bodies for different specs, based on the spec


Interop priority ws i org

Interop PriorityWS-i.org

  • An open industry effort

    • Industry initiative focused on promoting Web services interoperability

    • Organization formed by industry leaders

    • Open membership and participation

  • Based on partnerships

    • Symbiotic relationship with other standards organizations through integration of their outputs

    • Goal: Enable interoperability across platforms, applications, and programming languages

    • Success will accelerate adoption and deployment of Web services


So what has been delivered to date

So, What Has Been Delivered To Date?


Ws routing submitted to w3c

WS-RoutingSubmitted to W3C

  • A SOAP-based, stateless protocol for exchanging one-way SOAP messages from an initial sender to the ultimate receiver, potentially via a set of intermediaries

  • Also provides an optional reverse message path enabling two-way message exchange patterns like:

    • Request/response

    • Peer-to-peer conversations

    • Return of message acknowledgements, faults


Dime and ws attachments submitted to ietf

DIME And WS-AttachmentsSubmitted to IETF

  • Direct Internet Message Encapsulation (DIME)

    • A lightweight, binary message format that can be used to encapsulate one or more application-defined payloads of arbitrary type and size into a single message construct

    • Each payload is described by a type, a length, and an optional identifier

  • WS-Attachments is how to encapsulate SOAP in DIME


Ws security submitted to oasis

WS-SecuritySubmitted to OASIS

  • A specification for proposed SOAP extensions to be used when building secure Web services.

    • Supercedes the following specifications

      • SOAP-SEC

      • Microsoft’s WS-Security, WS-License

      • IBM’s security token and encryption

    • Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP…

    • End-to-end message-level security

    • Defined schema

  • Designed to be composed with other Web service protocols


A couple of details

A Couple of Details…


New soap elements ws security

New SOAP ElementsWS-Security

  • New

    • <Security> Header

      • <Security SOAP:actor="...">

      • SOAP:actor is optional

      • One header per actor

      • All security information together

    • Including and referencing security tokens

      • <UsernameToken>

      • <BinarySecurityToken>

      • <SecurityTokenReference>

  • Existing

    • XML Signature

    • XML Encryption

    • Token formats (e.g., X.509, Kerberos, XrML, SAML)


Simple example

Simple Example

  • Requesting a stock quote

  • Security token indicates username

  • Signature uses key generated from password


Simple example 1 of 2

Simple Example (1 of 2)

(001) <?xml version="1.0" encoding="utf-8"?>

(002) <S:Envelope xmlns:S=“.../soap-envelope“ xmlns:ds=“…/xmldsig#">

(003) <S:Header>

(004) <m:path xmlns:m="http://schemas.xmlsoap.org/rp/">

(005) <m:action>http://fabrikam.org/getQuote</m:action>

(006) <m:to>http://fabrikam.org/stocks</m:to>

(007) <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>

(008) </m:path>

(009) <wsse:Security xmlns:wsse=“…/secext">

(010) <wsse:UsernameToken Id="MyID">

(011) <wsse:Username>Zoe</wsse:Username>

(012) </wsse:UsernameToken>

(013) <ds:Signature>

(014) <ds:SignedInfo>

(015) <ds:CanonicalizationMethod Algorithm=".../xml-exc-c14n#"/>

(016) <ds:SignatureMethod Algorithm=".../xmldsig#hmac-sha1"/>


Simple example 2 of 2

Simple Example (2 of 2)

(017) <ds:Reference URI="#MsgBody">

(018) <ds:DigestMethod Algorithm="http://.../xmldsig#sha1"/>

(019) <ds:DigestValue>LyLsF0Pi4wPU...</ds:DigestValue>

(020) </ds:Reference>

(021) </ds:SignedInfo>

(022) <ds:SignatureValue>DJbchm5gK...</ds:SignatureValue>

(023) <ds:KeyInfo>

(024) <wsse:SecurityTokenReference>

(025) <wsse:Reference URI="#MyID"/>

(026) </wsse:SecurityTokenReference>

(027) </ds:KeyInfo>

(028) </ds:Signature>

(029) </wsse:Security>

(030) </S:Header>

(031) <S:Body Id="MsgBody">

(032) <tru:StockSymbol xmlns:tru=“…">QQQ</tru:StockSymbol>

(033) </S:Body>


What s coming

What’s Coming?


Security roadmap specs

SecureConversation

Federation

Authorization

Policy

Trust

Privacy

Security

SOAP Foundation

Security Roadmap Specs

  • Federated security

  • Authentication and authorization

  • Security protocol independent

  • Brokered (aka Transitive) trust

Today


Messaging

Messaging

  • Includes WS-Routing in family

  • Routing virtualizes the network

    • Transport-independent addressing

    • End-to-end versus hop-by-hop model

  • Reliable Messaging model multi-message conversations

    • Resilient in face of multi-hop routing

    • Supports multiple QOS levels (e.g. in order, no duplicates, etc.)


Transactions and coordination

Transactions And Coordination

  • Models distributed agreement in terms of transactions

  • Short-lived transactions use two-phase commit

    • Common in DBMS and OLTP worlds

  • Long-lived/x-trust-domain transactions use coordinated compensation

    • Common in workflow/EAI world


Business processes

Business Processes

  • Business Process Execution Language (BPEL4WS)

  • Proposed by the Microsoft, IBM and BEA

  • Built on top of WS-Transactions

  • A language for formally describing interoperable business processes and business interaction protocols

  • In short, it is a language for enabling the orchestration of web services to specify business processes

  • Supercedes XLANG (MS) and WSFL (IBM)


How do we take advantage

How do WE Take Advantage

  • Work with horizontal standards

    • Restrict the domain by limiting the scope and imposing additional policies

    • Provide feedback to the standards to improve healthcare “friendliness”

  • Benefit from widely available technologies

    • On many platforms

    • Many implementations on the same platform

    • Vendors investing big $$$

HL7 v2.x

HL7 v2.XML

CDA

HL7 v3

Payload

MLLP

ebXML(EBMS)

WS-*

FTP/S

S/MIME

HTTP/S

Transport


Next steps

Next Steps…

  • POC @ HIMMS 2003

  • More in-depth analysis and evaluation

    • Inside one of the current SIGs

    • Web Services SIG (?)

  • Work with WS-I to leverage the work done for conformance and interoperability


Discussion

Discussion


  • Login