Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC.
-
date post
18-Dec-2015 -
Category
Documents
-
view
213 -
download
0
Transcript of Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC.
Web ServicesNew Hype or Real Use?
Presented by
Joseph J. Sarna Jr., MCSD
JJS Systems, LLC
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
What are Web Services?
• The next generation of applications designed for machine consumption
• Applications that can be called remotely via HTTP requests
• Language agnostic• Can be called from any platform or client type• Uses SOAP and XML as the transfer medium• Allows passing of data through firewalls
Examples of Web Services
• Stock price retrieval• Monetary Conversion• Credit Card Validations• Dictionary Service• Language Conversion
• Purchase history retrieval• Current inventory Retrieval• Employee benefits updates
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
How Do We Create or Use Web Services?
• What do we need as developers to:– Create a web service?– Consume a web service?
• Especially if we need to communicate with different platforms and programming languages
• Standards!
World Wide Web Consortium Standards
• W3C Standards - http://www.w3.org/
• W3C Web Services Group-http://www.w3.org/2002/ws/
• W3C SOAP Group - http://www.w3.org/2000/xp/Group/
• W3C XML Group - http://www.w3.org/XML/
Requirements for Web Services Development
• A standard way to represent data • A common, extensible, message format • A common, extensible, service description language • A way to discover services located on a particular Web
site • A way to discover service providers
Standard Representation of Data
• XML 1.0 defines the universally supported transfer syntax
• XML Schema defines XML's type system.
• Plain text transferred in a relational format
Common Message Format
• SOAP – Simple Object Access Protocol• A protocol specification that defines a uniform way of
passing XML-encoded data. (Wrapper around the XML Data)
• Defines a way to perform remote procedure calls (RPCs) using HTTP as the underlying communication protocol.
• Submitted in 2000 to the W3C as a Note by IBM, Microsoft, UserLand, and DevelopMentor
Common Service Description Language
• WSDL – Web Services Description Language
• Provides a way for service providers to describe the basic format of web service requests over different protocols or encodings.
• WSDL is a template for how web services should be described and bound to clients
• Fed-Ex Tracking WSDL
Method to Discover Services and Providers
• UDDI – Universal Description, Discovery and Integration
• Provides a mechanism for clients to dynamically find other web services.
• A UDDI registry is established to allow:– Businesses to publish a service and its usage interfaces– Clients to obtain services and bind programmatically to them.
Consuming Web Services
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
Platform Comparisons - Service Description
• J2EE – Supports WSDL – Supports web services registries
• .NET – Supports the WSDL 1.1 specification, however, an XML
namespace is used within a WSDL document to uniquely identify the Web Service's endpoints.
– Supports Web services registries
Platform Comparisons - Service Implementation
• J2EE – Existing Java classes and applications can be wrapped using
the Java API for XML-based RPC (JAX-RPC) and exposed as Web Services.
– With J2EE, business services written as Enterprise JavaBeans are wrapped and exposed as Web Services.
• .NET – .NET applications are compiled to an intermediate binary code
called the Microsoft Intermediate Language (MSIL). – This code is then compiled to native code using a Just In Time
compiler (JIT) at run time and run in a virtual machine called the Common Language Runtime (CLR).
Service Publishing, Discovery and Binding
• J2EE – Java API for XML Registries (JAXR) is a single general purpose API
for interoperating with multiple registry types. There are three types of JAXR providers:
– The JAXR Pluggable Provider, which implements features of the JAXR specification that are independent of any specific registry type.
– The JAXR Bridge Provider, which serves as a bridge to a class of registries such as ebXML or UDDI.
• .NET – Discovery of Web Services with DISCO in the form of a discovery
(DISCO) file, an XML document that contains links to other resources that describe the Web Service.
– Supports UDDI– Provides a .NET UDDI server
Service Invocation and Execution
• J2EE – J2EE uses the Java API for XML-based RPC (JAX-RPC) to
send SOAP method calls to remote parties and receive the results.
– A Web Service client uses a JAX-RPC service by invoking remote methods on a service port described by a WSDL document.
• .NET – Implementing a Web Service listener by:
o Using the built in .NET SOAP message classes o Constructing a Web Service listener manually, using MSXML,
ASP, or ISAPI, etc. o Using the Microsoft Soap Toolkit to build a Web Service listener
that connects to a business application, implemented using COM.
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
Web Services Security
• Three types of potential threats that need to be considered and addressed:
– The SOAP message could be modified or read by hackers. – A hacker could send messages to a service that, while well-
formed, lack appropriate security claims to carry on the processing.
– Service theft
• Addressed by the WS-Security Standards of W3C
Message Security
• The specification only indicates that security tokens may be bound to messages.
• A claim can be either endorsed or unendorsed by a trusted authority with a signed security token that is digitally signed or encrypted by the authority.
• An unendorsed claim, on the other hand, can be trusted if there is a trust relationship between the sender and the receiver.
• One special type of unendorsed claim is Proof-of-Possession. For example, a username/password combination.
Message Protection
• WS-Security provides a means to protect messages by encrypting and/or digitally signing a body, a header, an attachment, or any combination of these items.
• Message integrity is provided by using XML Signature in conjunction with security tokens to ensure that messages are transmitted without modifications.
• Message confidentiality leverages XML Encryption in conjunction with security tokens to keep portions of a SOAP message confidential.
Missing or Inappropriate Claims
• The standards specify that a message receiver should reject a message with an invalid signature, or missing or inappropriate claims, as if it is an unauthorized (or malformed) message.
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
Summary
• Hype? – Still a ways to go for mainstream use.– Security still needs work.
• Real Use?– Informational services available now, some free, some fee.– Internal web services (Intranets) possible now.– Security via SSL or VPN available now.
New Hampshire User Groups
• Manchester Java User Group – Second Wednesday of the month – SNHU campus – http://www.manjug.org
• NE C# User Group – Second Thursday of the month – SNHU campus – http://www.csharp.4square.us/
• NH .NET User Group – Third Thursday of the month – BU Training Center, Tyngsboro, MA - http://www.nhdnug.net/
• NH VB User Group – Fourth Wednesday of the month – SNHU campus – http://www.nhvbug.com