520 likes | 688 Views
I ntegrate Applications Using Web Services and BizTalk. Microsoft .NET 技術代言人 林耀珍 Michael. 林耀珍. 現職 IT 顧問 經歷 第三波資訊 技術總監 育碁數位科技 總經理 第三波資訊 ERP 專案經理 專業認證與專長 微軟 .NET 技術 、 軟體開發流程、資訊系統規劃、 J2EE Microsoft MCSD/MCSE/MCDBA 物件導向技術, Rational OOAD 認證講師 Lotus Notes principle CLP/CLI.
E N D
Integrate Applications Using Web Servicesand BizTalk Microsoft .NET 技術代言人 林耀珍 Michael .NET技術代言人 林耀珍 2004/06/29
林耀珍 • 現職 • IT 顧問 • 經歷 第三波資訊 技術總監 育碁數位科技 總經理 第三波資訊 ERP專案經理 • 專業認證與專長 微軟 .NET 技術 、 軟體開發流程、資訊系統規劃、J2EE Microsoft MCSD/MCSE/MCDBA 物件導向技術,Rational OOAD 認證講師 Lotus Notes principle CLP/CLI .NET技術代言人 林耀珍 2004/06/29
目標與對象 對象 • 技術平台的決策人員 • 軟體建構師 • 系統分析師 • 專案經理 • 應用程式開發人員 目標 • 介紹應用程式整合的技術 .NET技術代言人 林耀珍 2004/06/29
大綱 • Overview • Web Services Architecture • Web Services Security • Build EAI & B2B Application with BizTalk .NET技術代言人 林耀珍 2004/06/29
Users Communication Operational Management Security UI Components UI Process Components Service Interfaces Business Workflows Business Components Business Entities Data Access Components Service Agents Data Sources Services .NET Enterprise Application Architecture .NET技術代言人 林耀珍 2004/06/29
Employees Employees Customers Customers Suppliers Suppliers Suppliers Partners Partners Partners The Vision – A Connected World .NET技術代言人 林耀珍 2004/06/29
The Problems • Communication Protocol • Data Schema • Registration • Security • Business Process Integration • Document (Format & Semantics) • Procedure • Business Rules (Agreements) • Transaction • Compensation • Human Workflow Integrartion • …. .NET技術代言人 林耀珍 2004/06/29
What is SOA? • An architectural approach to creating systems built from autonomousservices • A service is a program you interact with via message exchanges • Services are built to last • Availability and stability are critical • A system is a set of deployed services cooperating in a given task • Systems are built to change • Adapt to new services after deployment .NET技術代言人 林耀珍 2004/06/29
Common Bus • Web Service is the Foundation of SOA • Independent of Communication Protocols • XML,SOAP,WSDL,UUDI .NET技術代言人 林耀珍 2004/06/29
大綱 • Overview • Web Services Architecture • Web Services Security • Build EAI & B2B Application with BizTalk .NET技術代言人 林耀珍 2004/06/29
Web Services Architecture Source: W3C Web Services Architecture Working Draft, August 2003
Requirements of Security • Integrity • Non-Repudiation • Authentication/Identity • Authorization • Confidentiality .NET技術代言人 林耀珍 2004/06/29
Secure Communication • Encrypts the entire message • Sender must trust all intermediaries • Restricts protocols that can be used SSL Security SSL Security .NET技術代言人 林耀珍 2004/06/29
Secure Message • End to end message security independent of transport • Supports multiple protocols and multiple encryption technologies • Encrypt only parts of the message • Sender need only trust endpoint .NET技術代言人 林耀珍 2004/06/29
Privacy Federation Authorization Policy Trust SecureConversation Web Services Security Architecture Security SOAP Foundation .NET技術代言人 林耀珍 2004/06/29
Web Services Security • The initial set of Web Services Security specifications completed OASIS Public Review in October 2003 • now are OASIS Committee Approved Specifications • OASIS Call For Vote is due March 31, 2004, at which time Web Services Security may become an OASIS standard • The WS-Security specification was created as part of the Global XML Web Services Architecture (GXA) framework • It was originally authored by Microsoft, IBM, and Verisign and was released in October 2001 • Submitted to OASIS in June 2002 • Security information can be username/password, X.509 certificate, Kerberos ticket (future), SAML assertion (future), XrML token (future), biometric information (future), etc.
Web Services Security • A framework for building security protocols • Integrity • Confidentiality • Propagation of security tokens • Supports end-to-end SOAP message security • Supports multiple intermediaries • Independent of underlying transport • Support for pluggable algorithms • Encryption, Digest, Signature, Canonicalization, Transforms .NET技術代言人 林耀珍 2004/06/29
Security Tokens • Tokens assert claims about identity, capability, privileges Unsigned Proof of Possession … Username Signed Secret/Shared Key Kerberos X.509 Password … Security Context XrML SAML .NET技術代言人 林耀珍 2004/06/29
Authenticating With Tokens • Tokens carry claims that are backed by “proof of possession” • Shared secret (password, symmetric key) • Private key signed by trusted third-party service • Authenticating involves checking for this knowledge • Validating username token passwords • Verifying the digital signature .NET技術代言人 林耀珍 2004/06/29
Username token • Simple method of conveying username • Password is used to generate a secret key for signing and encrypting • Password can be sent as plaintext or digest • WSE also provides built-in replay detection mechanism • WSE automatically creates Windows Principal for plain-text passwords .NET技術代言人 林耀珍 2004/06/29
Authorization With Tokens • WSE uses the SecurityToken.Principal to perform authorization • Automatically set for UsernameToken and KerberosSecurityToken • IPrincipal • Basis of all code-level authorization and role-based security • Support for custom IPrincipal types .NET技術代言人 林耀珍 2004/06/29
AuthorizationTechniques • Programmatic …If token.Principal.IsInRole("Banker") Then ' Allow user to perform action End If… • Policy-based • WSE supports the use of Policy for Role-based Authorization • Works without having to write code .NET技術代言人 林耀珍 2004/06/29
Binary Tokens X509 Tokens • Provides a way to encode X509 certificates • Supplied by Certificate Authority such as Windows Certificate Services • Contains public key and digital signature from Certificate Authority • Supports asymmetric encryption and signing .NET技術代言人 林耀珍 2004/06/29
Digital Signatures For Integrity • Signing involves hashing the data and encrypting the hash value with a private key • Parts of a message can be signed to ensure integrity • Know that the message hasn’t been tampered with • Know that only the sender could have sent it • Unless specified, WSE signs a default set of message parts .NET技術代言人 林耀珍 2004/06/29
XML Encryption • Parts of a message can be encrypted to ensure confidentiality • Plain text replaced with cipher text .NET技術代言人 林耀珍 2004/06/29
Request for SCT SCT Issued to client Series of messages signed with issued SCT Client Server Creating Security Contexts • Asymmetric keys are slow • WS-SecureConversation defines a SecurityContext token (SCT) • Based on a symmetric key • Faster for multiple calls .NET技術代言人 林耀珍 2004/06/29
Creating Security Contexts • Context can be established in a variety of ways • Using WS-Trust • Having one party create the context • Through negotiation • STS may be located at the service or a separate endpoint • WSE supports the automatic use of Secure Conversation • Recommended if clients make > 2 calls .NET技術代言人 林耀珍 2004/06/29
WSSecurityPolicy • Describes the security requirements of a web service, not with coding • Policy • Only accept x509 tokens from trusted CA • Token must contain known subject • Only callers who are in the Manager role .NET技術代言人 林耀珍 2004/06/29
WS-SecurityPolicy • Describes the security requirements of a web service • Provides a way of specifying • Supported Token types • Signing and encryption requirements • Role-based authorization decisions • Secure Conversation requirements .NET技術代言人 林耀珍 2004/06/29
大綱 • Overview • Web Services Architecture • Web Services Security • Build EAI & B2B Application with BizTalk .NET技術代言人 林耀珍 2004/06/29
Business Integration Defined • Business Integration is enabling applications to communicate and work with other applications in an Automated and Efficient manner. • EAI: Applications inside a company • B2B: Applications between companies • This usually involves converting data from one format to another • Can be very complex process .NET技術代言人 林耀珍 2004/06/29
buyer supplier ERP Initiate project Discuss requirements Send PO Create PO Approve with comments Discuss comments Update PO Send changes Confirm PO approve Status? Ship notice Receive Receive Close Project Close PO Invoice Example Scenario: Purchase Order .NET技術代言人 林耀珍 2004/06/29
SOAP Application IntegrationAn Idealized Picture ERP Application .NET Application Packaged Application X J2EE Application Unix Application AS/400 Application CICS Application Packaged Application Y .NET技術代言人 林耀珍 2004/06/29
Business Process Application IntegrationThe Reality ERP Application .NET Application Packaged Application X J2EE Application Unix Application AS/400 Application CICS Application Packaged Application Y .NET技術代言人 林耀珍 2004/06/29
Process Services Activity Services Entity Services Database Component Partner Legacy Platform For Business Integration Clients Agents BizTalk Workflow (BPEL) and compenstation support for business processes BizTalk Orchestration supports highly dynamic activities BizTalk Document Schema and Transformation BizTalk Adapters Support integration .NET技術代言人 林耀珍 2004/06/29
Communication with other applications Business process implementation BTS 2004 Engine Scalability support Modifiable business rules Business Rules Engine Process monitoring Technical: Health and Activity Tracking Business: Business Activity Monitoring Tools for working with trading partners Business Activity Services Cross-application authentication Enterprise Single Sign-On Human interaction with business processes Human Workflow Services A Business Process Platform .NET技術代言人 林耀珍 2004/06/29
<XML Message> <XML Message> <XML Message> <XML Message> Incoming Message Outgoing Message Message Path The BTS 2004 Engine Orchestrations Receive Adapter Receive Pipeline Send Pipeline Send Adapter Subscriptions MessageBox .NET技術代言人 林耀珍 2004/06/29
Communication BTS 2004 Adapters • Standard adapters from Microsoft include • Web Services adapter • MQSeries adapter • SAP adapter • More • Many third-party adapters are available, including • EDI adapter • PeopleSoft adapter • Lots more .NET技術代言人 林耀珍 2004/06/29
Communication Tools • For building adapters • Microsoft.BizTalk.Adapter.Framework namespace • Within Visual Studio.NET • Pipeline Designer • Used to create custom pipelines • BizTalk Editor • Used to create XSD message schemas • BizTalk Mapper • Used to define mappings and XSLT transformations between message schemas .NET技術代言人 林耀珍 2004/06/29
Orchestrations • Define the operations in a business process using shapes • Compile into standard .NET assemblies • Example shapes: • Decide: an if-then-else statement • Loop: performs an action repeatedly • Send: sends a message • Receive: receives a message • Parallel Actions: performs multiple operations in parallel • Tools • Visual Studio .NET & Visio .NET技術代言人 林耀珍 2004/06/29
Scope X: Atomic 1) Update and commit .NET Application CICS Application 3) Compensate ERP Application BizTalk Server 2004 Engine Scope Y: Long-running 2) Attempt update, fail Scopes • Scope: supports transactions • Atomic: recovery via rollback • Long-running: recovery via compensation x .NET技術代言人 林耀珍 2004/06/29
Purchase Order PO# 5978 . . . Invoice PO# 5978 ERP Application . . . Purchase Order PO# 6013 Invoice . . . BizTalk Server 2004 Engine PO# 6013 . . . Correlation • Routes messages to an orchestration instance based on their contents • Doesn’t require the orchestration to block waiting for a response message .NET技術代言人 林耀珍 2004/06/29
BPEL Definition Generated Process Implementation The Business Process Execution Language (BPEL) Web Services BizTalk Server 2004 Other Integration Platform .NET技術代言人 林耀珍 2004/06/29
Web Services Clients BizTalk Server 2004 Engine J2EE Application Unix Application AS/400 Application CICS Application Packaged Application Aggregating Services .NET技術代言人 林耀珍 2004/06/29
Business Rules Engine Rules The Business Rules Engine • For processes with stable rules • For processes with volatile rules Orchestration Process and Rules State MessageBox Orchestration Process State MessageBox .NET技術代言人 林耀珍 2004/06/29
Tools for Business Rules • The Business Rule Composer allows a process’s rules to be expressed in a more natural way • Example • Business process terms • Quantity Requested (from an order message) • Maximum Allowed Order Quantity (set to 100) • Business process rule • if Quantity Requested is greater than Maximum Allowed Order Quantity, then send Order Rejected message .NET技術代言人 林耀珍 2004/06/29
Process Monitoring • Health and Activity Tracking (HAT) provides graphical access to information about orchestrations and messages, such as • When an orchestration starts and ends • When each shape within it is executed • When each of its messages is sent and received • What’s in each message • Much more • Tool: Health and Activity Tracking tool .NET技術代言人 林耀珍 2004/06/29
Tracing Process .NET技術代言人 林耀珍 2004/06/29
Microsoft Excel Other Clients Business Activity Monitoring (BAM) BizTalk Server 2004 Engine Tracking Monitored Events and Messages Business Activity Monitoring • Allows information workers to monitor business processes .NET技術代言人 林耀珍 2004/06/29
An Example BAM View .NET技術代言人 林耀珍 2004/06/29