1 / 28

XML Web Services Standards

XML Web Services Standards. Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft Corporation Mark Oswald markosw@microsoft.com Principal Consultant Microsoft Corporation. Objectives of This Presentation. Educate on WS-Standards WS-Standards design philosophy

amena
Download Presentation

XML Web Services Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft Corporation Mark Oswald markosw@microsoft.com Principal Consultant Microsoft Corporation

  2. Objectives of This Presentation • Educate on WS-Standards • WS-Standards design philosophy • WS-Standards overview • Drill down on WS-Security • Educate on the industry efforts around WS-Standards • Interoperability • What is coming • Discuss next steps

  3. Federation Privacy Reliable Messaging Transactions Extended Foundation Secure, Reliable, Transacted Description Attachments Routing Security WSDL and UDDI (Web Services Description and Directory) Foundation SOAP (Logical Messaging Model) XML, Encoding, and Transports Web Services ArchitectureExtending the Foundation

  4. WS-* Standards Design Principles • Modular and composable • Factored to stand alone or work together • General-purpose • Agnostic to place it is running or originated • Federated • No central point of administration, control, failure • Standards-based • Multi-vendor interoperation critical 4

  5. Modular • Provides a framework for SOAP/WSDL extensibility • These protocols augment domain-specific protocols (e.g., healthcare) • Designed to supercede and integrate with many of the industry specs today • Defined by composable SOAP headers and SOAP message • The specifications combined for end-to-end capabilities

  6. Routing Security andLicense SOAP Message Modular: Example <?xml version="1.0" encoding="utf-8"?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <!-- A Simple Quote Web Service --> </S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body> </S:Envelope> <?xml version="1.0" encoding="utf-8"?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <m:path xmlns:m="http://schemas.xmlsoap.org/rp"> <m:action>http://tickers-r-us.org/getQuote</m:action> <m:to>soap://tickers-r-us.org/stocks</m:to> <m:from>mailto:johnsmith@isps-r-us.com</m:from> <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id> </m:path> </S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body> </S:Envelope> <?xml version="1.0" encoding="utf-8"?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <wssec:credentials xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security"> <wslic:binaryLicense xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses" wslic:valueType="wslic:x509v3" xsi:type="xsd:base64Binary">      dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wslic:binaryLicense> </wssec:credentials> </S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body> </S:Envelope> <?xml version="1.0" encoding="utf-8"?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <m:path xmlns:m="http://schemas.xmlsoap.org/rp"> <m:action>http://tickers-r-us.org/getQuote</m:action> <m:to>soap://tickers-r-us.org/stocks</m:to> <m:from>mailto:johnsmith@isps-r-us.com</m:from> <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id> </m:path> <wssec:credentials xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security"> <wslic:binaryLicense xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses" wslic:valueType="wslic:x509v3" xsi:type="xsd:base64Binary">      dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wslic:binaryLicense> </wssec:credentials> </S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body> </S:Envelope>

  7. Universal communications Across organizations Across machines Across process Flexible communications Extensible headers Extensible body Transport protocol neutral Platform neutral Devices Desktops Clusters Datacenters Application category neutral Enterprise Application Integration Business-to-Business Business-to-Consumer Peer-to-Peer Applies to HL7 2.x, 2.XML, v3.0, CDA, CCOW, X12N (HIPAA) General-Purpose

  8. Federated • Fully distributed • Crosses organization and trust domains • Can be inspected by firewalls • Does not require centralized servers or administration • Will sometimes require “edge” software to do protocol translation, security work, routing, etc.

  9. Standards-Based • Industry commitment to • Publishing specifications • Working with partners to refine specifications • Working with partners, customers, and standards bodies for broad adoption • Different standards bodies for different specs, based on the spec

  10. Interop PriorityWS-i.org • An open industry effort • Industry initiative focused on promoting Web services interoperability • Organization formed by industry leaders • Open membership and participation • Based on partnerships • Symbiotic relationship with other standards organizations through integration of their outputs • Goal: Enable interoperability across platforms, applications, and programming languages • Success will accelerate adoption and deployment of Web services

  11. So, What Has Been Delivered To Date?

  12. WS-RoutingSubmitted to W3C • A SOAP-based, stateless protocol for exchanging one-way SOAP messages from an initial sender to the ultimate receiver, potentially via a set of intermediaries • Also provides an optional reverse message path enabling two-way message exchange patterns like: • Request/response • Peer-to-peer conversations • Return of message acknowledgements, faults

  13. DIME And WS-AttachmentsSubmitted to IETF • Direct Internet Message Encapsulation (DIME) • A lightweight, binary message format that can be used to encapsulate one or more application-defined payloads of arbitrary type and size into a single message construct • Each payload is described by a type, a length, and an optional identifier • WS-Attachments is how to encapsulate SOAP in DIME

  14. WS-SecuritySubmitted to OASIS • A specification for proposed SOAP extensions to be used when building secure Web services. • Supercedes the following specifications • SOAP-SEC • Microsoft’s WS-Security, WS-License • IBM’s security token and encryption • Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP… • End-to-end message-level security • Defined schema • Designed to be composed with other Web service protocols

  15. A Couple of Details…

  16. New SOAP ElementsWS-Security • New • <Security> Header • <Security SOAP:actor="..."> • SOAP:actor is optional • One header per actor • All security information together • Including and referencing security tokens • <UsernameToken> • <BinarySecurityToken> • <SecurityTokenReference> • Existing • XML Signature • XML Encryption • Token formats (e.g., X.509, Kerberos, XrML, SAML)

  17. Simple Example • Requesting a stock quote • Security token indicates username • Signature uses key generated from password

  18. Simple Example (1 of 2) (001) <?xml version="1.0" encoding="utf-8"?> (002) <S:Envelope xmlns:S=“.../soap-envelope“ xmlns:ds=“…/xmldsig#"> (003) <S:Header> (004) <m:path xmlns:m="http://schemas.xmlsoap.org/rp/"> (005) <m:action>http://fabrikam.org/getQuote</m:action> (006) <m:to>http://fabrikam.org/stocks</m:to> (007) <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id> (008) </m:path> (009) <wsse:Security xmlns:wsse=“…/secext"> (010) <wsse:UsernameToken Id="MyID"> (011) <wsse:Username>Zoe</wsse:Username> (012) </wsse:UsernameToken> (013) <ds:Signature> (014) <ds:SignedInfo> (015) <ds:CanonicalizationMethod Algorithm=".../xml-exc-c14n#"/> (016) <ds:SignatureMethod Algorithm=".../xmldsig#hmac-sha1"/>

  19. Simple Example (2 of 2) (017) <ds:Reference URI="#MsgBody"> (018) <ds:DigestMethod Algorithm="http://.../xmldsig#sha1"/> (019) <ds:DigestValue>LyLsF0Pi4wPU...</ds:DigestValue> (020) </ds:Reference> (021) </ds:SignedInfo> (022) <ds:SignatureValue>DJbchm5gK...</ds:SignatureValue> (023) <ds:KeyInfo> (024) <wsse:SecurityTokenReference> (025) <wsse:Reference URI="#MyID"/> (026) </wsse:SecurityTokenReference> (027) </ds:KeyInfo> (028) </ds:Signature> (029) </wsse:Security> (030) </S:Header> (031) <S:Body Id="MsgBody"> (032) <tru:StockSymbol xmlns:tru=“…">QQQ</tru:StockSymbol> (033) </S:Body>

  20. What’s Coming?

  21. SecureConversation Federation Authorization Policy Trust Privacy Security SOAP Foundation Security Roadmap Specs • Federated security • Authentication and authorization • Security protocol independent • Brokered (aka Transitive) trust Today

  22. Messaging • Includes WS-Routing in family • Routing virtualizes the network • Transport-independent addressing • End-to-end versus hop-by-hop model • Reliable Messaging model multi-message conversations • Resilient in face of multi-hop routing • Supports multiple QOS levels (e.g. in order, no duplicates, etc.)

  23. Transactions And Coordination • Models distributed agreement in terms of transactions • Short-lived transactions use two-phase commit • Common in DBMS and OLTP worlds • Long-lived/x-trust-domain transactions use coordinated compensation • Common in workflow/EAI world

  24. Business Processes • Business Process Execution Language (BPEL4WS) • Proposed by the Microsoft, IBM and BEA • Built on top of WS-Transactions • A language for formally describing interoperable business processes and business interaction protocols • In short, it is a language for enabling the orchestration of web services to specify business processes • Supercedes XLANG (MS) and WSFL (IBM)

  25. How do WE Take Advantage • Work with horizontal standards • Restrict the domain by limiting the scope and imposing additional policies • Provide feedback to the standards to improve healthcare “friendliness” • Benefit from widely available technologies • On many platforms • Many implementations on the same platform • Vendors investing big $$$ HL7 v2.x HL7 v2.XML CDA HL7 v3 … Payload MLLP ebXML(EBMS) WS-* FTP/S S/MIME HTTP/S … Transport

  26. Next Steps… • POC @ HIMMS 2003 • More in-depth analysis and evaluation • Inside one of the current SIGs • Web Services SIG (?) • Work with WS-I to leverage the work done for conformance and interoperability

  27. Discussion

More Related