CERN IDS
CERN – European Organization for Nuclear Research Administrative Support - Internet Development Services Implementing Soap & Web Services By Jozef Dranseld (ST-MA) & Derek Mathieson (AS-IDS)
CERN IDS Presentation Roadmap Past Future Present
CERN IDS Why Web Services? The Web can grow significantly in power and scope if it is extended to support communication between applications, from one program to another. - From the W3C XML Protocol Working Group Charter
CERN IDS The Hype New paradigm? Reason to move platforms? Replacement for EDI?
CERN IDS Plateau of productivity Slope of enlightenment Trough of disillusionment Peak of inflated expectations Technology trigger Gartners Hype Curve Key: Time to plateau Less than two years Two to five years Five to 10 years Beyond 10 years Biometrics Grid Computing Web Services Nanocomputing Personal fuel cells Text-to- speech Wireless LANs/ Virtual private networks Visibility Maturity Source: Gartner Group June 2002 Natural-language search Identity services Personal digital assistant phones E-tags Speech recognition in call centers Voice over IP Bluetooth Public key infrastructure Speech recognition on desktops Location sensing WAP/ Wireless Web Peer-to-peer computing
CERN IDS What are Web Services? Identified by a URI Interfaces defined using XML Can be discovered by other systems Interact using XML based messages conveyed by Internet protocols Source: Web Services Glossary
CERN IDS What are Web Services? XML Application 2Application 1
CERN IDS Is this New? Sun RPC (1985) CORBA (1992) DCE / RPC (1993) Microsoft COM (1993) Microsoft DCOM (1996) Java RMI (1996)
Is this New? CERN IDS
CERN IDS A Brief History …
CERN IDS Is this Different? Platform neutral Open Standards –Interoperable Based on ubiquitous software –XML Parsers –HTTP Server
CERN IDS The Components
CERN IDS Transport HTTP POST is most common But other protocols such as –FTP –SMTP –HTTP GET And other exotic ones: –Jabber –BEEP
CERN IDS Packaging – Soap Used to mean –Simple –Object –Access –Protocol From SOAP 1.2 > SOAP is no longer an acronym Two Types of SOAP
CERN IDS Packaging – Soap SOAP RPC: –encode and bind data structures into xml. –encode an RPC call
CERN IDS Serialization class PurchaseOrder { String item = socks; int amount = 1; } socks 1 Serializer
CERN IDS Packaging - SOAP SOAP document style –packages xml in an envelope
CERN IDS Packaging – Soap HTTP Post SOAP Envelope SOAP Body SOAP Head
CERN IDS Packaging – Soap 1234
CERN IDS Packaging – Soap socks 1
CERN IDS Description – WSDL Web Services Description Language Web Services Description Language (WSDL) provides a model and an XML format for describing Web services. w3c.org
CERN IDS Description – WSDL Messages Types Operations Encoding Endpoint
CERN IDS Types <schema targetNamespace=" IMessageService.xsd" xmlns="…/XMLSchema" xmlns:SOAPENC="…/soap/encoding/"/>
CERN IDS Messages
CERN IDS Operations
CERN IDS Encoding
CERN IDS Endpoint
CERN IDS Discovery – UDDI Universal Description, Discovery and Integration A UDDI Server acts as a registry for Web Services and makes them searchable.
CERN IDS Discovery – UDDI Demonstration:
CERN IDS Discovery – UDDI UDDI Registry Inquiry Publish
CERN IDS Discovery – UDDI UDDI Registry Inquiry Publish
CERN IDS Examples Java –Client –Server VBScript –Client –high level API –Client – low level API.NET –C# Client –C# Server
CERN IDS Design Recommendations Create a local class Create a method with the same name
CERN IDS Examples (Java Client) URL endpointURL = new URL(endpoint); Call call = new Call(); call.setSOAPTransport(m_httpconn); call.setTargetObjectURI("MessageService"); call.setMethodName("setMessage"); call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
CERN IDS Examples (Java Client) Vector params = new Vector(); params.addElement( new Parameter("name", java.lang.String.class, name, null)); params.addElement( new Parameter("colour", java.lang.String.class, colour, null)); call.setParams(params); Response response = call.invoke(endpointURL, "");
CERN IDS Examples (Java Client) Demonstration
CERN IDS Examples (Java Server) A Web service Server is simple: –New class with method Then: –Register class with soap router –Or –Place the source code in a jws file
CERN IDS Examples (VB Client) High Level API (After adding a Web Service Reference) Dim serv As clsws_MessageService Set serv = New clsws_MessageService serv.wsm_setMessage txtName.Text, txtColor.Text
CERN IDS Examples (VB Client) Serializer.Init Connector.InputStream Serializer.startEnvelope, ENC Serializer.SoapNamespace "xsi", XSI Serializer.SoapNamespace "SOAP-ENC", ENC Serializer.SoapNamespace "xsd", XSD Serializer.startBody Serializer.startElement Method, URI,, "method" Serializer.startElement parameter Serializer.SoapAttribute "type",, "xsd:string", "xsi" Serializer.writeString username Serializer.endElement Serializer.endBody Serializer.endEnvelope Connector.EndMessage
CERN IDS Examples (VB Client) Name Colour
CERN IDS Examples (C# Client) Add a Web References to a project Localhost.MessageService serv = new Localhost.MessageService(); serv.setMessage(x, y);
CERN IDS Examples (C# Client) Demonstration
CERN IDS Examples (C# Server) public class Demo : System.Web.Services.WebService { public Demo() { InitializeComponent(); } [Web Method] public string HelloWorld() { return Hello World; }
Web Services Future CERN IDS
CERN IDS Security WS do not define how to do security, they rely on other mechanisms layered on top. Very common to use SSL –Good for simple cases Weak when multi-tier Forces encryption of all data – sometimes not needed
CERN IDS Security Bookstore Client Application
CERN IDS Security Client Application Bookstore Bank Warehouse
CERN IDS WS Security Standardisation W3C - –XML Encryption –XML Digital Signatures WS-I - –WS Security Profile OASIS - –WS-Security –SAML - Security Assertion Markup Language –XACML - Extensible Access Control Markup Language –XKMS - XML Key Management Specification
CERN IDS Fire Wall Security – Fire Walls Bookstore Client Application
CERN IDS Security Firewall transparency Double-edged sword –Simplifies deployment –Opens up potential holes in enterprise security Similar to CGI, etc.
CERN IDS WS-I Web Services Interoperability Organization R1017A RECEIVER MUST NOT mandate the use of the xsi:type attribute in messages except as required in order to indicate a derived type WS-I Basic Profile Version 1.0
CERN IDS Missing Pieces Security –Single Sign-on, credentials Transactions Quality of service –Timeliness guarantees Asynchronous operations –Co-ordination, workflow
CERN IDS Real Examples Amazon Web Services API Google Web API HP & IBM online stores
CERN IDS Next Steps Overtime Interface Other documents (Materials Request, TID, Transport Request) E-Business – with ebXML
CERN IDS Plateau of productivity Slope of enlightenment Trough of disillusionment Peak of inflated expectations Technology trigger Gartners Hype Curve Key: Time to plateau Less than two years Two to five years Five to 10 years Beyond 10 years Web Services Visibility Maturity Source: Gartner Group June 2002
CERN IDS Thank you Presentation and source code of demos: