How AI, OpenAI, and ChatGPT impact business and software.
Core mechanisms for Web Services extensions
1. 2007
Next Generation
Web Services Practices
Core mechanisms for
Web Services extensions
Miguel Pardal
miguel.pardal@dei.ist.utl.pt
Lisbon, Seoul, October 30th, 2007
Portugal
2. Outline
• Service-oriented Enterprise Applications
• Web Service Extensions
– Core mechanisms
• Conclusions
2007-10-30 Core mechanisms for Web Services extensions 2
3. Outline
• Service-oriented Enterprise Applications
• Web Service Extensions
– Core mechanisms
• Conclusions
2007-10-30 Core mechanisms for Web Services extensions 3
4. “The whole world is made of
change” ~ Luís Vaz de Camões
16th Century
Portuguese Poet
Cobol
Fortran
C
DCE
Java
CORBA
Dot Net
DCOM
Web
Services
2007-10-30 Core mechanisms for Web Services extensions 4
5. Service-oriented approach to
Enterprise Applications
• Customers’ needs change
– Enterprises must adapt
– And so do their applications
• Services
– Focus on flexibility, reuse and interoperability
– Web Services (WS) technology
– Service-Oriented Architecture (SOA)
2007-10-30 Core mechanisms for Web Services extensions 5
6. Web Services in action
#1 Publish
Client Service
#2 Discover
Data
XML Schema
WS
#3 Generate
stubs Functions
WSDL
#4 Configure Policy
WS-Policy
WS
libraries
#5 Invoke
#6 Execute
2007-10-30 Core mechanisms for Web Services extensions 6
7. Web Services libraries
#4 Configure Policy
WS-Policy
WS
libraries
• WS-Policy specifies additional requirements
– Like security, distributed transactions, reliable
messaging, etc.
– But libraries are necessary to actually
implement the requirements
2007-10-30 Core mechanisms for Web Services extensions 7
8. Requirements
• Functional
– What the service does
• Input, output, faults
• Non-functional
– What properties hold when the service executes
– Depend on circumstances and must be balanced
• E.g. Security
– Low value messages can use a weaker but faster cipher
algorithm; high value messages use stronger security
– Intranet requests use local security credentials; Internet
requests use cross-domain credentials
2007-10-30 Core mechanisms for Web Services extensions 8
9. Outline
• Service-oriented Enterprise Applications
• Web Service Extensions
– Core mechanisms
• Conclusions
2007-10-30 Core mechanisms for Web Services extensions 9
10. WS standards for every requirement
“Are we there yet?”
Short answer:
No, but we’re moving
forward
Long answer:
Visit WS-Map ☺
(or another overview site…)
http://web.ist.utl.pt/miguel.pardal/ws-map
2007-10-30 Core mechanisms for Web Services extensions 10
11. Why go beyond the standards?
• “One size does not fit all”
• Vendor WS implementations
– From Microsoft, IBM, Sun, Oracle, …
– Good library implementations of complex WS standards
– Solve 90% of the problem but are difficult to customize to
specific needs
• WS Extensions
– Simpler library development
– Appeal to a much broader developer community
– Handle the remaining 10%...
2007-10-30 Core mechanisms for Web Services extensions 11
12. Analogy:
Mozilla Firefox extensions
• Firefox implements 90% of requirements
– Extensions add value to users, meeting specific needs
and improving the browsing experience
2007-10-30 Core mechanisms for Web Services extensions 12
13. Example extension:
Security report
• Some applications prefer not to know about security,
they just want it
– But others need to know, for instance, to store audit information
in a database
• Security report extension
– A report is produced during WS-Security processing
• All actions and all parameters described
• In a simple, easy-to-use object model
– Leverage WS-Security standard implementation
– Enables context sharing through meaningful abstractions,
delegating security decisions in a simple and effective way
2007-10-30 Core mechanisms for Web Services extensions 13
14. Problem statement
• What are the core mechanisms required
for developing Web Services extensions ?
– Like “security report”
2007-10-30 Core mechanisms for Web Services extensions 14
15. Proposed core mechanisms
• Policy
• Configuration
• Contexts
management
• Message flow
interception
• Operation
implementation
interception
Packages and dependencies
2007-10-30 Core mechanisms for Web Services extensions 15
16. Policy
• Requirements declaration
– e.g. Declare that a WS can be invoked with transport
security or with message security
• Policy negotiation between client and server
2007-10-30 Core mechanisms for Web Services extensions 16
17. Configuration
• Parameters
– Which extensions to engage?
– What are the parameter values?
• e.g. Which digital certificate to use?
2007-10-30 Core mechanisms for Web Services extensions 17
18. Contexts
management
• Scoped state variables
– Application
– Session
– Operation
– Thread
• Enable data sharing between extensions and
service implementation
2007-10-30 Core mechanisms for Web Services extensions 18
19. Message flow
interception
• Message handling at service endpoint
– Incoming or outgoing
– Read/write header and body of SOAP messages
• e.g. Do digital signature of body and place it in header
2007-10-30 Core mechanisms for Web Services extensions 19
20. Operation
implementation
interception
• Execute additional code before or after the
service implementation
– e.g. Implement authorization and access logging
• Object factories can return different
implementations according to the desired
behavior
2007-10-30 Core mechanisms for Web Services extensions 20
21. Proof-of-concept
• All mechanisms implemented on Java Web Services
– Apache Commons Policy 1.0
• Policy
– JAX-WS Handlers
• Message interception
– Custom coding
• Configuration, Contexts and Operation Execution
• Field-tested on a prototype and several course projects:
– Security and distributed transactions extensions
– Multiple development teams
– Significant improvements in ease of development and learning
2007-10-30 Core mechanisms for Web Services extensions 21
22. Outline
• Service-oriented Enterprise Applications
• Web Service Extensions
– Core mechanisms
• Conclusions
2007-10-30 Core mechanisms for Web Services extensions 22
23. Conclusions
• Web Services development
– Functional requirements are satisfied with components
– Non-functional requirements are satisfied with aspects that
can differ according to invocation circumstances
• Web Services extensions
– Simplify custom library development
– Broaden developer community
• Future work:
– Enterprise application framework
• Local and remote services
• Integrated extensions engine
– Platform-independent extensions: Java and Dot Net
2007-10-30 Core mechanisms for Web Services extensions 23
24. Looking ahead…
With extensions, more developers can try new ideas.
This encourages competition and best-of-breed selections,
that can further advance the state-of-the-art of
Web Services technology
Obrigado
Thank you
Questions
&
Answers
miguel.pardal@dei.ist.utl.pt
2007-10-30 Core mechanisms for Web Services extensions 24