1 / 26

Web Services New Hype or Real Use?

Web Services New Hype or Real Use?. Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC. Agenda . What are web services? How Do We Create or Use Web Services? Platform Comparisons Web Services Security Summary. What are Web Services?.

paige
Download Presentation

Web Services New Hype or Real Use?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web ServicesNew Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC

  2. Agenda • What are web services? • How Do We Create or Use Web Services? • Platform Comparisons • Web Services Security • Summary

  3. What are Web Services? • The next generation of applications designed for machine consumption • Applications that can be called remotely via HTTP requests • Language agnostic • Can be called from any platform or client type • Uses SOAP and XML as the transfer medium • Allows passing of data through firewalls

  4. Examples of Web Services • Stock price retrieval • Monetary Conversion • Credit Card Validations • Dictionary Service • Language Conversion • Purchase history retrieval • Current inventory Retrieval • Employee benefits updates

  5. Agenda • What are web services? • How Do We Create or Use Web Services? • Platform Comparisons • Web Services Security • Summary

  6. How Do We Create or Use Web Services? • What do we need as developers to: • Create a web service? • Consume a web service? • Especially if we need to communicate with different platforms and programming languages • Standards!

  7. World Wide Web Consortium Standards • W3C Standards - http://www.w3.org/ • W3C Web Services Group-http://www.w3.org/2002/ws/ • W3C SOAP Group - http://www.w3.org/2000/xp/Group/ • W3C XML Group - http://www.w3.org/XML/

  8. Requirements for Web Services Development • A standard way to represent data • A common, extensible, message format • A common, extensible, service description language • A way to discover services located on a particular Web site • A way to discover service providers

  9. Standard Representation of Data • XML 1.0 defines the universally supported transfer syntax • XML Schema defines XML's type system. • Plain text transferred in a relational format

  10. Common Message Format • SOAP – Simple Object Access Protocol • A protocol specification that defines a uniform way of passing XML-encoded data. (Wrapper around the XML Data) • Defines a way to perform remote procedure calls (RPCs) using HTTP as the underlying communication protocol. • Submitted in 2000 to the W3C as a Note by IBM, Microsoft, UserLand, and DevelopMentor

  11. Common Service Description Language • WSDL – Web Services Description Language • Provides a way for service providers to describe the basic format of web service requests over different protocols or encodings. • WSDL is a template for how web services should be described and bound to clients • Fed-Ex Tracking WSDL

  12. Method to Discover Services and Providers • UDDI – Universal Description, Discovery and Integration • Provides a mechanism for clients to dynamically find other web services. • A UDDI registry is established to allow: • Businesses to publish a service and its usage interfaces • Clients to obtain services and bind programmatically to them.

  13. Consuming Web Services

  14. Agenda • What are web services? • How Do We Create or Use Web Services? • Platform Comparisons • Web Services Security • Summary

  15. Platform Comparisons - Service Description • J2EE • Supports WSDL • Supports web services registries • .NET • Supports the WSDL 1.1 specification, however, an XML namespace is used within a WSDL document to uniquely identify the Web Service's endpoints. • Supports Web services registries

  16. Platform Comparisons - Service Implementation • J2EE • Existing Java classes and applications can be wrapped using the Java API for XML-based RPC (JAX-RPC) and exposed as Web Services. • With J2EE, business services written as Enterprise JavaBeans are wrapped and exposed as Web Services. • .NET • .NET applications are compiled to an intermediate binary code called the Microsoft Intermediate Language (MSIL). • This code is then compiled to native code using a Just In Time compiler (JIT) at run time and run in a virtual machine called the Common Language Runtime (CLR).

  17. Service Publishing, Discovery and Binding • J2EE • Java API for XML Registries (JAXR) is a single general purpose API for interoperating with multiple registry types. There are three types of JAXR providers: • The JAXR Pluggable Provider, which implements features of the JAXR specification that are independent of any specific registry type. • The JAXR Bridge Provider, which serves as a bridge to a class of registries such as ebXML or UDDI. • .NET • Discovery of Web Services with DISCO in the form of a discovery (DISCO) file, an XML document that contains links to other resources that describe the Web Service. • Supports UDDI • Provides a .NET UDDI server

  18. Service Invocation and Execution • J2EE • J2EE uses the Java API for XML-based RPC (JAX-RPC) to send SOAP method calls to remote parties and receive the results. • A Web Service client uses a JAX-RPC service by invoking remote methods on a service port described by a WSDL document. • .NET • Implementing a Web Service listener by: • Using the built in .NET SOAP message classes • Constructing a Web Service listener manually, using MSXML, ASP, or ISAPI, etc. • Using the Microsoft Soap Toolkit to build a Web Service listener that connects to a business application, implemented using COM.

  19. Agenda • What are web services? • How Do We Create or Use Web Services? • Platform Comparisons • Web Services Security • Summary

  20. Web Services Security • Three types of potential threats that need to be considered and addressed: • The SOAP message could be modified or read by hackers. • A hacker could send messages to a service that, while well-formed, lack appropriate security claims to carry on the processing. • Service theft • Addressed by the WS-Security Standards of W3C

  21. Message Security • The specification only indicates that security tokens may be bound to messages. • A claim can be either endorsed or unendorsed by a trusted authority with a signed security token that is digitally signed or encrypted by the authority. • An unendorsed claim, on the other hand, can be trusted if there is a trust relationship between the sender and the receiver. • One special type of unendorsed claim is Proof-of-Possession. For example, a username/password combination.

  22. Message Protection • WS-Security provides a means to protect messages by encrypting and/or digitally signing a body, a header, an attachment, or any combination of these items. • Message integrity is provided by using XML Signature in conjunction with security tokens to ensure that messages are transmitted without modifications. • Message confidentiality leverages XML Encryption in conjunction with security tokens to keep portions of a SOAP message confidential.

  23. Missing or Inappropriate Claims • The standards specify that a message receiver should reject a message with an invalid signature, or missing or inappropriate claims, as if it is an unauthorized (or malformed) message.

  24. Agenda • What are web services? • How Do We Create or Use Web Services? • Platform Comparisons • Web Services Security • Summary

  25. Summary • Hype? • Still a ways to go for mainstream use. • Security still needs work. • Real Use? • Informational services available now, some free, some fee. • Internal web services (Intranets) possible now. • Security via SSL or VPN available now.

  26. New Hampshire User Groups • Manchester Java User Group – Second Wednesday of the month – SNHU campus – http://www.manjug.org • NE C# User Group – Second Thursday of the month – SNHU campus – http://www.csharp.4square.us/ • NH .NET User Group – Third Thursday of the month – BU Training Center, Tyngsboro, MA - http://www.nhdnug.net/ • NH VB User Group – Fourth Wednesday of the month – SNHU campus – http://www.nhvbug.com

More Related