210 likes | 600 Views
An Architecture for an ebXML Message Service Handler. Peter Stamps, Software AG, Darmstadt peter.stamps@softwareag.com. Topics. Objective and Design Goals of an ebXML Message Service Handler The message layout The architecture and functions Benefits of using Tamino – a Native XML Server
E N D
An Architecture for an ebXML Message Service Handler Peter Stamps, Software AG, Darmstadt peter.stamps@softwareag.com
Topics • Objective and Design Goals of an ebXML Message Service Handler • The message layout • The architecture and functions • Benefits of using Tamino – a Native XML Server • Some security considerations
Objective of ebXML Message Service Handler (MSH) • The objective of an ebXML Message Service Handler (MSH) is to provide: 1. application interoperability and 2. integration services 3. based on XML standards4. irrespective of the middleware solutions that are already in place
Design goals for Message Service Handler • Based on standards: XML, XSLT, HTTP, SMTP, SOAP • Flexible and adaptable processing • Open framework for customer specific processing • Use native XML as much as possible • Allow integration of existing middleware (MQ, Seebeyond, EntireX,…) • Support legacy integration • Provide encryption and signature support (XML signature, XML encryption) • Provide easy security integration • Support access to repositories (UDDI, ebXML repos)
Fundamental connectivity aspects • 3 fundamental aspects of any connectivity solution: addressing, business information and security • Addressing allows applications that support the business processes to exchange messages with each other • Business information is what applications act on in support of the business processes • Security allows exchange of information in a save way
SOAP envelope SOAP envelope SOAP header SOAP header eb:MessageHeader eb:MessageHeader eb:TraceHeaderList eb:TraceHeaderList eb:Acknowledgement eb:Acknowledgement eb:Via eb:Via SOAP body SOAP body eb:Manifest eb:Manifest Message Layout:email, SOAP, ebXML MIME envelope MIME part MIME part Payload MIME part Payload
Example Message: SOAP, ebXML <eb:MessageHeader id="SAG-338661" eb:version="1.0" SOAP-ENV:mustUnderstand="1">- <eb:From> <eb:PartyId eb:type="SAG_PartyID">ElectraCorp.Sales.Netherlands</eb:PartyId> </eb:From>- <eb:To><eb:PartyId eb:type="SAG_PartyID">ElectraCorp.Sales.Netherlands</eb:PartyId> </eb:To> <eb:CPAId>http://www.ElectraCorp.SAG/cpa/inter_domain/d1_d2.xml</eb:CPAId> <eb:Service eb:type="SAG_service">OrderProcessing</eb:Service> <eb:Action>NewPurchaseOrder</eb:Action>- <eb:MessageData> <eb:MessageId>mid:UUID-2</eb:MessageId> <eb:Timestamp>2000-07-25T12:19:05Z</eb:Timestamp> <eb:RefToMessageId>mid:UUID-1</eb:RefToMessageId> </eb:MessageData> <<eb:QualityOfServiceInfoeb:deliverySemantics="OnceAndOnlyOnce" eb:messageOrderSemantics="Guaranteed" eb:deliveryReceiptRequested="Signed" /></eb:MessageHeader>- <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://ebxml.org/project_teams/transport/envelope.xsd" xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" xmlns:ino="http://namespaces.softwareag.com/tamino/response2" xmlns:xql="http://metalab.unc.edu/xql/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">- <SOAP-ENV:Header>- <eb:MessageHeader id="SAG-338661" eb:version="1.0" SOAP-ENV:mustUnderstand="1">- <eb:From> <eb:PartyId eb:type="SAG_PartyID">ElectraCorp.Sales.Netherlands</eb:PartyId> </eb:From>- <eb:To><eb:PartyId eb:type="SAG_PartyID">ElectraCorp.Sales.Netherlands</eb:PartyId> </eb:To> <eb:CPAId>http://www.ElectraCorp.SAG/cpa/inter_domain/d1_d2.xml</eb:CPAId> <eb:Service eb:type="SAG_service">OrderProcessing</eb:Service> <eb:Action>NewPurchaseOrder</eb:Action>- <eb:MessageData> <eb:MessageId>mid:UUID-2</eb:MessageId> <eb:Timestamp>2000-07-25T12:19:05Z</eb:Timestamp> <eb:RefToMessageId>mid:UUID-1</eb:RefToMessageId> </eb:MessageData> <<eb:QualityOfServiceInfoeb:deliverySemantics="OnceAndOnlyOnce" eb:messageOrderSemantics="Guaranteed" eb:deliveryReceiptRequested="Signed" /></eb:MessageHeader>- <eb:TraceHeaderList eb:id="XMLSAG" eb:version="1.0" SOAP-ENV:mustUnderstand="1">- <eb:TraceHeader>- <eb:Sender> <eb:PartyId>urn:SAGscheme.com:id:Sales-id</eb:PartyId> <eb:Location>http://www.ElectraCorp.SAG/Sales/MessageServiceHub1</eb:Location> </eb:Sender>- <eb:Receiver> <eb:PartyId>urn:SAGscheme.com:id:Production-id</eb:PartyId> <eb:Location>http://www.ElectraCorp.SAG/Production/MessageServiceHub4</eb:Location> </eb:Receiver> <eb:Timestamp>2000-12-16T21:19:35Z</eb:Timestamp> </eb:TraceHeader> </eb:TraceHeaderList><eb:ViaSOAP-ENV:mustUnderstand="1" eb:version="1.0" SOAP-ENV:actor="http://schemas.xmlsoap.org/soap/actor/next" eb:syncReply="false" /> </SOAP-ENV:Header>- <SOAP-ENV:Body>- <eb:Manifest xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" id="X0011" SOAP-ENV:mustUnderstand="1" eb:version="1.0">- <eb:Reference id="X0012" xlink:href="cid:ebxmlpayload@www.ElectraCorp.SAG" xlink:role="XLinkRole" xlink:type="simple"><eb:Description xml:lang="en-us">New Purchase Order</eb:Description> </eb:Reference> </eb:Manifest> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
ebXML Application MSH Interface Message Service Handler Authentication, authorization and non-repudation services Header Processing Encryption, Digital Signature MSH Services Error Handling Message Packaging Delivery, Send/Receive, Transport mapping and Binding HTTP SMTP … IIOP From application to transport
Functions of a MSH - 1 Within a MSH, the following functions are distinguished: • Header Processing - the creation of the SOAP Header elements for the ebXML Message uses input from the application, passed through the Message Service Interface, information from the CPA that governs the message, and generated information such as digital signature, timestamps and unique identifiers. • Header Parsing - extracting or transforming information from a received SOAP Header or Body element into a form that is suitable for processing by the MSH implementation. • Security Services - digital signature creation and verification, authentication and authorization. These services may be used by other components of the MSH including the Header Processing and Header Parsing components.
Functions of a MSH - 2 • Reliable Messaging Services - handles the delivery and acknowledgment of ebXML Messages sent with a delivery requirement of once and only once. The service includes handling for persistence, retry, error notification and acknowledgment of messages requiring reliable delivery. • Message Packaging - the final enveloping of an ebXML Message (SOAP Header or Body elements and payload) into its SOAP Messages with Attachments container. • Error Handling - this component handles the reporting of errors encountered during MSH or Application processing of a message.
Application Application Application Overview of environment HTTP/SOAP Gateway XML Applications Application J2EE,.Net, Other Web Services XML Config XSLT + CPA Logging HTTP Server Legacy Systems XML Wrapper Mainframe,Unix, AS400Windows, etc. XML/SOAP LDAP OCSP XKMS SAML e-mail Gateway Mail Directory/ Trust Service Authorization System SMTP EntiteXGateway MQ EntireX …. OCSP=Online Certificate Status Protocol LDAP=Lightweight Directory Access Protocol XKMS=XML Key Management Specification SAML=Security Assertions Markup Language various
Sequencing the processing components of the Message Service Handler component Emerger: examines the contents based on rules and set properties emerger Sequence document (flow control) transformer Transfomer: uses stylesheets (XSLT) to transform the XML stream aggregator validator Gate- Way encryptor Aggregator: cut and paste portions of various XML streams together based on your specifications logger decrementer Validator: used to validate the XML document - i.e., the payload of an XML message -against a specified DTD or schema payloadsetter HTTP Gateway Other Gateways Encryptor: allows the encryption/decryption of XML documents • HTTP Gateway • EntireX XML Wrapper Gateway • EntireX Broker Gateway • SOAP Gateway • E-mail Gateway PayloadSetter: allows you to completely replace the XML document portion of the current message with some new XML document Logger: logs XML documents and properties in file system or Tamino Decrementer: allows you to decrement a counter in a sequence document
Flexible and adaptable processing • A XML sequence or emerger document is assigned to an ebXML input document • The sequence document describes the flow of (conditional) processing steps • In case of errors another sequence can be executed to handle the error properly • Each processing step activates a component (e.g. servlet) • Each component has (optional) properties for input and control of the process • (New) properties can be set and checked to control the flow of following processing steps • Standard components are available for various tasks • Customer can develop and use its own components
<SOAP-ENV:Envelope….. <eb:CPAId>http://www.ElectraCorp.SAG/cpa/inter_domain/d1_d2.xml</eb:CPAId> ….. </SOAP-ENV:Envelope> Example of a sequence document <sequence> <block on_error=" http://saghost/error01sequence.xml"> <step component="SagTaminoLogger" logmessage="Original SOAP Envelope with ebXML payload " xbd.taminoLogger.database="http://saghost/tamino/ebXML/LogMessage" /> <step component="SagEmerger" xbd.emerger.modelName="CheckCPAId" xbd.emerger.modelSourceURL="http://saghost/CPAIdemerger.xml" /> <if property="CPAId.present" relation="exists"> <block on_error=" http://saghost/error02sequence.xml"> <step component="SagLogger" logmessage="before gateway to CPA Server" /> <replicate xbd.aggregator.collection.model="ebXMLmodel" xbd.aggregator.modelSourceURL="http://saghost/CPAIdaggregator.xml"> <replicant ID="original"> <step component="SagHttpGateway" xbd.http.method="GET" xbd.http.target.url="http://saghost/tamino/xml/ebxml?_xql =/CollaborationProtocolAgreement[@tp:cpaid='http://www.ElectraCorp.pais/cpa/inter_domain/d1_d2.xml']" /> …… </block> …… </sequence> Mediator
The MSH architecture – explained with example ApplicationServer yes SOAP-ebXML message logging log? no yes XML keyinfo & certificate decrypt decrypt? no W E B S E R V E R XML signature yes verifysignature authen-ticate? XML no Web Services yes OK? HTTPgateway no errorhandling collaboration protocolagreement no yes errorhandling CPA-id exists? get CPA stylesheet response transform XML doc yes trans-formation? XQUERY no yes OK? no Variousgateways OUT no final destination? errorhandling yes application gateway
The MSH architecture – benefits Tamino as MSH repository SOAP-ebXML message • Native XML storage • Validated against XML Schema or DTD • Well-formed • Non-XML Storage (binary) • XQUERY retrieval incl Full text access • Transactional node-level update • Support for UDDI • Xtentions (remote function integration) • Xnode (remote data access: rdbms, Adabas) • WebDAV & WebServices support • Security • Replication & Clustering support XML keyinfo & certificate XML signature collaboration protocolagreement stylesheet XQUERY
World Wide Web Application Application MSH Message processingTransport, routing and packaging Authentication/Authorize Call application Build ebXML SOAP blocks Final? Add header info Encrypt? Encrypt Process ebXML information Create ebXML SOAP message Encrypt? Decrypt? Decrypt Get ebXML SOAP blocks Receive ebXML SOAP message ebXML message Pass on to the next MSH
Security Requirements • Confidentiality • Only intended recipient should be able to read messages • Authentication • Service provider must verify identity of requestor • Authorization • Service provider must verify that requestor is allowed to access the service requested • Integrity • Service provider must check messages were not modified by some third party • Non-repudiation/Accountability • Service provider must track usage of services to ensure accountability for transactions processed • Data validation • Service provider must ensure that content of message is not damaging to the Service
Requirements The following technologies satisfy the various security principles • Confidentiality • SSL, XML Encryption • Authentication • X.509 certificates (LDAP directories, XKMS services) • Authorization • SAML, X.509 certificates (Authorization Servers) • Integrity • XML Signature • Non-repudiation/Accountability • XML Signature + X.509 certificates • Data validation • XML Signature, XML Schema and XPath