web services new hype or real use? presented by joseph j. sarna jr., mcsd jjs systems, llc
Post on 18-Dec-2015
213 views
TRANSCRIPT
![Page 1: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/1.jpg)
Web ServicesNew Hype or Real Use?
Presented by
Joseph J. Sarna Jr., MCSD
JJS Systems, LLC
![Page 2: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/2.jpg)
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
![Page 3: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/3.jpg)
What are Web Services?
• The next generation of applications designed for machine consumption
• Applications that can be called remotely via HTTP requests
• Language agnostic• Can be called from any platform or client type• Uses SOAP and XML as the transfer medium• Allows passing of data through firewalls
![Page 4: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/4.jpg)
Examples of Web Services
• Stock price retrieval• Monetary Conversion• Credit Card Validations• Dictionary Service• Language Conversion
• Purchase history retrieval• Current inventory Retrieval• Employee benefits updates
![Page 5: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/5.jpg)
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
![Page 6: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/6.jpg)
How Do We Create or Use Web Services?
• What do we need as developers to:– Create a web service?– Consume a web service?
• Especially if we need to communicate with different platforms and programming languages
• Standards!
![Page 7: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/7.jpg)
World Wide Web Consortium Standards
• W3C Standards - http://www.w3.org/
• W3C Web Services Group-http://www.w3.org/2002/ws/
• W3C SOAP Group - http://www.w3.org/2000/xp/Group/
• W3C XML Group - http://www.w3.org/XML/
![Page 8: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/8.jpg)
Requirements for Web Services Development
• A standard way to represent data • A common, extensible, message format • A common, extensible, service description language • A way to discover services located on a particular Web
site • A way to discover service providers
![Page 9: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/9.jpg)
Standard Representation of Data
• XML 1.0 defines the universally supported transfer syntax
• XML Schema defines XML's type system.
• Plain text transferred in a relational format
![Page 10: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/10.jpg)
Common Message Format
• SOAP – Simple Object Access Protocol• A protocol specification that defines a uniform way of
passing XML-encoded data. (Wrapper around the XML Data)
• Defines a way to perform remote procedure calls (RPCs) using HTTP as the underlying communication protocol.
• Submitted in 2000 to the W3C as a Note by IBM, Microsoft, UserLand, and DevelopMentor
![Page 11: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/11.jpg)
Common Service Description Language
• WSDL – Web Services Description Language
• Provides a way for service providers to describe the basic format of web service requests over different protocols or encodings.
• WSDL is a template for how web services should be described and bound to clients
• Fed-Ex Tracking WSDL
![Page 12: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/12.jpg)
Method to Discover Services and Providers
• UDDI – Universal Description, Discovery and Integration
• Provides a mechanism for clients to dynamically find other web services.
• A UDDI registry is established to allow:– Businesses to publish a service and its usage interfaces– Clients to obtain services and bind programmatically to them.
![Page 13: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/13.jpg)
Consuming Web Services
![Page 14: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/14.jpg)
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
![Page 15: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/15.jpg)
Platform Comparisons - Service Description
• J2EE – Supports WSDL – Supports web services registries
• .NET – Supports the WSDL 1.1 specification, however, an XML
namespace is used within a WSDL document to uniquely identify the Web Service's endpoints.
– Supports Web services registries
![Page 16: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/16.jpg)
Platform Comparisons - Service Implementation
• J2EE – Existing Java classes and applications can be wrapped using
the Java API for XML-based RPC (JAX-RPC) and exposed as Web Services.
– With J2EE, business services written as Enterprise JavaBeans are wrapped and exposed as Web Services.
• .NET – .NET applications are compiled to an intermediate binary code
called the Microsoft Intermediate Language (MSIL). – This code is then compiled to native code using a Just In Time
compiler (JIT) at run time and run in a virtual machine called the Common Language Runtime (CLR).
![Page 17: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/17.jpg)
Service Publishing, Discovery and Binding
• J2EE – Java API for XML Registries (JAXR) is a single general purpose API
for interoperating with multiple registry types. There are three types of JAXR providers:
– The JAXR Pluggable Provider, which implements features of the JAXR specification that are independent of any specific registry type.
– The JAXR Bridge Provider, which serves as a bridge to a class of registries such as ebXML or UDDI.
• .NET – Discovery of Web Services with DISCO in the form of a discovery
(DISCO) file, an XML document that contains links to other resources that describe the Web Service.
– Supports UDDI– Provides a .NET UDDI server
![Page 18: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/18.jpg)
Service Invocation and Execution
• J2EE – J2EE uses the Java API for XML-based RPC (JAX-RPC) to
send SOAP method calls to remote parties and receive the results.
– A Web Service client uses a JAX-RPC service by invoking remote methods on a service port described by a WSDL document.
• .NET – Implementing a Web Service listener by:
o Using the built in .NET SOAP message classes o Constructing a Web Service listener manually, using MSXML,
ASP, or ISAPI, etc. o Using the Microsoft Soap Toolkit to build a Web Service listener
that connects to a business application, implemented using COM.
![Page 19: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/19.jpg)
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
![Page 20: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/20.jpg)
Web Services Security
• Three types of potential threats that need to be considered and addressed:
– The SOAP message could be modified or read by hackers. – A hacker could send messages to a service that, while well-
formed, lack appropriate security claims to carry on the processing.
– Service theft
• Addressed by the WS-Security Standards of W3C
![Page 21: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/21.jpg)
Message Security
• The specification only indicates that security tokens may be bound to messages.
• A claim can be either endorsed or unendorsed by a trusted authority with a signed security token that is digitally signed or encrypted by the authority.
• An unendorsed claim, on the other hand, can be trusted if there is a trust relationship between the sender and the receiver.
• One special type of unendorsed claim is Proof-of-Possession. For example, a username/password combination.
![Page 22: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/22.jpg)
Message Protection
• WS-Security provides a means to protect messages by encrypting and/or digitally signing a body, a header, an attachment, or any combination of these items.
• Message integrity is provided by using XML Signature in conjunction with security tokens to ensure that messages are transmitted without modifications.
• Message confidentiality leverages XML Encryption in conjunction with security tokens to keep portions of a SOAP message confidential.
![Page 23: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/23.jpg)
Missing or Inappropriate Claims
• The standards specify that a message receiver should reject a message with an invalid signature, or missing or inappropriate claims, as if it is an unauthorized (or malformed) message.
![Page 24: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/24.jpg)
Agenda
• What are web services?• How Do We Create or Use Web Services?• Platform Comparisons • Web Services Security• Summary
![Page 25: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/25.jpg)
Summary
• Hype? – Still a ways to go for mainstream use.– Security still needs work.
• Real Use?– Informational services available now, some free, some fee.– Internal web services (Intranets) possible now.– Security via SSL or VPN available now.
![Page 26: Web Services New Hype or Real Use? Presented by Joseph J. Sarna Jr., MCSD JJS Systems, LLC](https://reader035.vdocument.in/reader035/viewer/2022081516/56649d245503460f949fb1b1/html5/thumbnails/26.jpg)
New Hampshire User Groups
• Manchester Java User Group – Second Wednesday of the month – SNHU campus – http://www.manjug.org
• NE C# User Group – Second Thursday of the month – SNHU campus – http://www.csharp.4square.us/
• NH .NET User Group – Third Thursday of the month – BU Training Center, Tyngsboro, MA - http://www.nhdnug.net/
• NH VB User Group – Fourth Wednesday of the month – SNHU campus – http://www.nhvbug.com