2. SOAP Chandra Dutt Yarlagadda

3. Introduction  Why ?  What ?  How ?  Security Issues in SOAP  Advantages  Uses  Conclusion

4. Why Do We Need SOAP  Heterogeneous systems must be able to communicate  Need for a protocol that uses that already available resources  A firewall-friendly protocol  An extensible framework  KISS  Easy to Implement

5. WHAT IS SOAP  Simple Object Access Protocol  SOAP is a specification for defining... –an encoding style that uses XML to represent information graphs –a standard way to move XML with HTTP –rules for passing messages –error (fault) definition –a medium for performing Remote Procedure Calls (RPC) –one layer in a multi-layer architecture

6. What do we have to work with?  XML - An extensible framework that is easy-to-use and has a low-cost of entry  HTTP/SMTP - Industry accepted transport protocols that are already supported by Enterprise servers and are friendly with firewalls  In a simple equation SOAP = XML + HTTP

7. Where are we? Transport (e.g. HTTP) Application Envelope/Header/Body TCP/IP Message Encoding Transport (e.g. HTTP) Web Service Envelope/Header/Body TCP/IP Message Encoding Interface Semantics SOAP

8.  Envelope package  Header/Body pattern –Similar to how HTTP works How It Works Header Body

9. Header  Contains Information such as –Authentication information –Message routes –Logging –Transaction flow

10. Body  Contains Interface – Specific Information –RPC method name and parameters –Serialized objects (instances of types) –Messages

11. c = Add(a, b) 1234 3 4 A Simple Example

12. System Flow 1234 3 4 1234 7 Response Request

13. Make Method Call Serialize Method Call Into a SOAP-XML Request De-serialize Method Call Into a SOAP-XML Response Extract SOAP-XML Response from HTTP Response Wrap SOAP-XML Request into HTTP Request Return value HTTP Response received from SOAP server HTTP Encoding/ Decoding SOAP Serialization/ De-serialization Client code 6 HTTP Request sent to SOAP server 12 3 4 5 SOAP Package Client process Process at Client

14. Server Side Process

15. Actual SOAP Request <SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/” SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/”> 1234 3 4

16. <SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/” SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/”> 1234 7 Actual SOAP Response

17. Binding to HTTP (Request) POST /Calculator.pl HTTP/1.0 Host: www.a.com Accept: text/* Content-type: text/xml Content-length: nnnn SOAPAction: “http://www.a.com/Calculator#Add” <SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/” SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/”> 1234 3 4

18. Binding to HTTP (Response) HTTP/1.0 200 OK Content-type: text/xml Content-length: nnnn <SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/” SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/”> 1234 7

19. Security  SOAP spec says nothing  Delegated to other levels –Transport (HTTPS/SSL)  Included in interface semantics  Needs standardization  Digital Signature

20. Uses of SOAP  Databases  Internetworking  E-Commerce Systems  Intelligent Devices

21. Advantages  Interoperability  Simplicity  Free from Firewalls  Industry Support  Easy to Implement

22. Conclusion :A Quick Comparison  COM – DCOM  CORBA – IIOP  JAVA - RMI

23. QUESTIONS