SlideShare uma empresa Scribd logo

Understanding XML and Web Services Performance

CA API Management
CA API Management

Security will be the major cause of Web services performance problems in the future. What’s needed is a new approach to managing this.

Tecnologia
1 de 20
Baixar para ler offline
Understanding XML and Web Services Performance K. Scott Morrison Director, Architecture January 2005
Bio – K. Scott Morrison Director, Architecture at Layer 7 Technologies • http://www.layer7tech.com • Layer 7 is based in Vancouver BC, Canada Co-author of Sams’ Java Web Services Unleashed & Wrox’s Professional JMS • Over 40 other publications in academic journals and trade magazines Co-editor WS-I Basic Security Profile Frequent speaker on Web services, XML, mobile/wireless computing systems, distributed systems architecture, and Java design issues Jan 2005 SecureSpan™ Solution Overview 2
Agenda and Theme Performance and Web services WS-Paradigm Shift: Why Web services perform so poorly And why security will exacerbate the problem… Designing for performance Transaction tuning: a new approach to dealing with Web services performance issues Theme: Security will be the major cause of Web services performance problems in the future. What’s needed is a new approach to managing this. Jan 2005 SecureSpan™ Solution Overview 3
What Does Performance Mean for Web Services? The Typical Web Services Firewall Use Case Provider (Web Services Server) SOAP Request SOAP Msg Response Msg Requestor Provider (Web Services Client) Network Identity Requestor Network Jan 2005 SecureSpan™ Solution Overview 4
Performance is Measurable Performance requirements may be articulated through QoS: • Availability/Accessibility • Reliability • Throughput Audit • Response time/Latency • Regulatory (Sarbanes-Oxley, etc) • Security Policy Throughput Resource Response Utilization Time Identity Real goals are critical Jan 2005 SecureSpan™ Solution Overview 5
Haven’t We Been Dealing With This For Years? Yes; however, XML is particularly problematic… “Traditional” Process Data… Distributed Computing (CORBA, COM+, etc) Clean separation between content and transport Serialize Data Unserialize Data Tight, fast protocols (fixed Security, routing, Transport Transport reliability, etc binary, name/value pairs, etc) Network The Web Services Process Data… Approach XML-based, contained Process Msg Security, routing, Protocol reliability, etc in SOAP header Serialize Data Unserialize Data Pushed up the Transport Transport stack into the message itself Jan 2005 SecureSpan™ Solution Overview 6
Consider WS-Addressing: <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"> <S:Header> <wsa:MessageID> uuid:6B29FC40-CA47-1067-B31D-00DD010662DA </wsa:MessageID> <wsa:ReplyTo> <wsa:Address>http://business456.example/client1</wsa:Address> </wsa:ReplyTo> <wsa:To>http://fabrikam123.example/Purchasing</wsa:To> <wsa:Action>http://fabrikam123.example/SubmitPO</wsa:Action> </S:Header> <S:Body> ... </S:Body> </S:Envelope> All intermediates need to parse XML to route, kill duplicates, etc. There are also many additional fields in WS-A not shown here. Source: Web Services Addressing – Core, W3C Working Draft 8 December 2004 http://www.w3.org/TR/2004/WD-ws-addr-core-20041208/ Jan 2005 SecureSpan™ Solution Overview 7
Security Exacerbates Performance Issues Consider OASIS Web Services Security (WSS) Core spec describes a mechanism for securing SOAP messages using arbitrary security tokens under existing W3C specs: W3C Signing W3C Canonicalization W3C Encryption These W3C approaches were designed for generalized document security, and are certainly not optimized for performance For example, consider signing: Jan 2005 SecureSpan™ Solution Overview 8
<SOAP-ENV:Envelope> <SOAP-ENV:Header> <wsse:Security> <wsu:Timestamp wsu:Id="T0"> Subject signs timestamp <wsse:BinarySecurityToken wsu:Id=“x509token"> Base64 Encoded X509.v3 Certificate <ds:Signature> <ds:SignedInfo> Subject may sign security token ds:Reference Reference to … elements Subject’s certificate <ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> Subject signs body <SOAP-ENV:BODY wsu:Id=“B0"> Jan 2005 SecureSpan™ Solution Overview 9
Security Exacerbates Performance Issues (cont.) And that’s just signing! • Canonicalization is insanely expensive Encryption similarly complex Considerably more complicated are mechanisms like OASIS SAML Token Profile, under the Holder-of-key mechanism. How can we design for this? Jan 2005 SecureSpan™ Solution Overview 10
Design Strategies A lot of designing for performance is using common sense Optimization is an iterative process toward a concrete goal Key is to adopt certain principles up front, profile constantly, but don’t optimize until it’s possible to understand where the problem is Compartmentalize bottlenecks and optimize − Problems distributed throughout programming logic are very difficult to optimize Eg: XML Security SSL acceleration is a good example of this eXtreme Programming (XP) codifies this process: Test constantly Optimize last Optimization is all about balance between effort and payoff •Remember: Assumptions are the villain here. So is lore. •BTW: We’ve found Apache Bench useful, but is only one simple piece in a full arsenal of load testers (eg: it’s no good for SSL) • http://httpd.apache.org/docs-2.0/programs/ab.html So here are some general approaches: Jan 2005 SecureSpan™ Solution Overview 11
API Design Chunky vs. chatty APIs: Think coarse granularity • Aggregate behind façade patterns • But watch for stupidly large transfers Favour document/literal over RPC/encoded APIs • Be very careful of complex objects. Favour simple, strongly typed parameters Validate schemas early (esp. externally) Avoids costly parsing faults in processing Cache where appropriate Never encapsulate large binary data sets in XML • SwA • XOP, MTOM, & RRSHB (New W3C recommendations from just this last Tuesday) Go asynchronous when possible Jan 2005 SecureSpan™ Solution Overview 12
Compression and Binary XML Usually a win only in high latency or very expensive networks Wireless, satellite Trans-ocean Problem is, it destroys readability GZIP very easy, but slow WAP WBXML W3C Binary Characterization WG • Plus many others Compressed XML et rn te In Regular uncompressed Web services call Wireless Svc Provider Equipment In particular, keep an eye on XOP, MTOM, & RRSHB from the W3C Jan 2005 SecureSpan™ Solution Overview 13
Scaling Up and Scaling Out More Powerful Server Scaling up Blade servers, of Overloaded course, attempt to Servers combine the best of both worlds Scaling Server out Farms Not as simple as it seems. Lots Sprayer of general affinity issues: • Replay defense • Caching • DB Cursors, transactions, locks, etc Jan 2005 SecureSpan™ Solution Overview 14
Intelligent Parsing STOP! Do you really need to write your own Web services framework? OK, then avoid DOM Avoid DOM some more Use SAX, but consider also pull parsers • Interestingly, some standards work is helping here Consider XPATH • This is an area where hardware acceleration can provide huge wins Example is Layer 7’s partnership with Tarari Jan 2005 SecureSpan™ Solution Overview 15
Intelligent Parsing (cont.) Outgoing SOAP Hybrid hardware/software message Layer 7 solution SecureSpan 1. Responsive to change Gateway 2. Acceleration of well- understood problems Incoming SOAP • Message classification message • Validation • Policy application cribs • Cryptographic acceleration • etc Classify Extract Locate Jan 2005 SecureSpan™ Solution Overview 16
Offloading Processing Delegation of Gateway Appliance Responsible for: Responsibility to Gateway • Consistent application of security policy • Validation of schemas • Transform • Monitoring Web Svc • PKI Servers • Policy publication Appliances offer consistency and performance SOAP Request Msg Internal Network DMZ Web Service Client Layer 7 SecureSpan Gateway Jan 2005 SecureSpan™ Solution Overview 17
Transaction Tuning Bridge/Gateway Combination Allows: • Complete, end-to-end control over Web services security • Dynamic, run-time application of Policy • Security model can be tuned anytime against observed performance • All without any code changes! Secure SOAP Msg (WS-Security) Internal Network WS-Policy DMZ Document Layer 7 SecureSpan Bridge Jan 2005 SecureSpan™ Solution Overview 18
For further information: K. Scott Morrison Layer 7 Technologies Suite 501 – 858 Beatty St. Vancouver, BC V6B 1C1 Canada (800) 681-9377 smorrison@layer7tech.com http://www.layer7tech.com January 2005
Axis Jan 2005 SecureSpan™ Solution Overview 20

Recomendados

Java ee 7 platform developing for the cloud kshitiz saxena
Java ee 7 platform developing for the cloud kshitiz saxenaJava ee 7 platform developing for the cloud kshitiz saxena
Java ee 7 platform developing for the cloud kshitiz saxenaIndicThreads
 
S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...
S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...
S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...virtual-campus
 
SOA Summer School: Best of SOA Summer School – Encore Session
SOA Summer School: Best of SOA Summer School – Encore Session SOA Summer School: Best of SOA Summer School – Encore Session
SOA Summer School: Best of SOA Summer School – Encore Session WSO2
 
Deja vu.idc.solutions
Deja vu.idc.solutionsDeja vu.idc.solutions
Deja vu.idc.solutionsdejavusolutions
 
Connectivity for a Smarter Planet
Connectivity for a Smarter PlanetConnectivity for a Smarter Planet
Connectivity for a Smarter PlanetProlifics
 
Xs sho niboshi
Xs sho niboshiXs sho niboshi
Xs sho niboshiThe Linux Foundation
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 

Recomendados

Java ee 7 platform developing for the cloud kshitiz saxena
Java ee 7 platform developing for the cloud kshitiz saxenaJava ee 7 platform developing for the cloud kshitiz saxena
Java ee 7 platform developing for the cloud kshitiz saxenaIndicThreads
 
S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...
S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...
S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...virtual-campus
 
SOA Summer School: Best of SOA Summer School – Encore Session
SOA Summer School: Best of SOA Summer School – Encore Session SOA Summer School: Best of SOA Summer School – Encore Session
SOA Summer School: Best of SOA Summer School – Encore Session WSO2
 
Deja vu.idc.solutions
Deja vu.idc.solutionsDeja vu.idc.solutions
Deja vu.idc.solutionsdejavusolutions
 
Connectivity for a Smarter Planet
Connectivity for a Smarter PlanetConnectivity for a Smarter Planet
Connectivity for a Smarter PlanetProlifics
 
Xs sho niboshi
Xs sho niboshiXs sho niboshi
Xs sho niboshiThe Linux Foundation
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 
Services Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 WorldServices Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 WorldLexumo
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTCA API Management
 
What's new in Exchange 2013?
What's new in Exchange 2013?What's new in Exchange 2013?
What's new in Exchange 2013?Microsoft TechNet - Belgium and Luxembourg
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle - CA API Management
 
03.egovFrame Runtime Environment Training Book
03.egovFrame Runtime Environment Training Book03.egovFrame Runtime Environment Training Book
03.egovFrame Runtime Environment Training BookChuong Nguyen
 
20100907 fuse-community-evening-adrian-trenaman-no-logo
20100907 fuse-community-evening-adrian-trenaman-no-logo20100907 fuse-community-evening-adrian-trenaman-no-logo
20100907 fuse-community-evening-adrian-trenaman-no-logoAdrian Trenaman
 
SQL Server High Availability
SQL Server High AvailabilitySQL Server High Availability
SQL Server High AvailabilityDatabase Architechs
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforcedeimos
 
Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Bob Rhubart
 
Momentum Infocare Corporate Presentation
Momentum Infocare Corporate PresentationMomentum Infocare Corporate Presentation
Momentum Infocare Corporate Presentationeraz
 
SQL Server Workshop Paul Bertucci
SQL Server Workshop Paul BertucciSQL Server Workshop Paul Bertucci
SQL Server Workshop Paul BertucciMark Ginnebaugh
 
2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical Update2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical UpdateWSO2
 
Talk IT_ Oracle_이범_110727
Talk IT_ Oracle_이범_110727Talk IT_ Oracle_이범_110727
Talk IT_ Oracle_이범_110727Cana Ko
 
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackCloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackbuildacloud
 
Java EE Technical Keynote at JavaOne Latin America 2011
Java EE Technical Keynote at JavaOne Latin America 2011Java EE Technical Keynote at JavaOne Latin America 2011
Java EE Technical Keynote at JavaOne Latin America 2011Arun Gupta
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceBob Rhubart
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Enterprise Use Case - Selecting an Enterprise Service Bus
Enterprise Use Case - Selecting an Enterprise Service Bus Enterprise Use Case - Selecting an Enterprise Service Bus
Enterprise Use Case - Selecting an Enterprise Service Bus WSO2
 
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
Exchange 2013 ABC's: Architecture, Best Practices and Client AccessExchange 2013 ABC's: Architecture, Best Practices and Client Access
Exchange 2013 ABC's: Architecture, Best Practices and Client AccessMicrosoft TechNet - Belgium and Luxembourg
 
The spring 32 update final
The spring 32 update finalThe spring 32 update final
The spring 32 update finalJoshua Long
 

Mais conteúdo relacionado

Mais procurados

Services Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 WorldServices Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 WorldLexumo
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTCA API Management
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
 
03.egovFrame Runtime Environment Training Book
03.egovFrame Runtime Environment Training Book03.egovFrame Runtime Environment Training Book
03.egovFrame Runtime Environment Training BookChuong Nguyen
 
20100907 fuse-community-evening-adrian-trenaman-no-logo
20100907 fuse-community-evening-adrian-trenaman-no-logo20100907 fuse-community-evening-adrian-trenaman-no-logo
20100907 fuse-community-evening-adrian-trenaman-no-logoAdrian Trenaman
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforcedeimos
 
Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Bob Rhubart
 
Momentum Infocare Corporate Presentation
Momentum Infocare Corporate PresentationMomentum Infocare Corporate Presentation
Momentum Infocare Corporate Presentationeraz
 
SQL Server Workshop Paul Bertucci
SQL Server Workshop Paul BertucciSQL Server Workshop Paul Bertucci
SQL Server Workshop Paul BertucciMark Ginnebaugh
 
2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical Update2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical UpdateWSO2
 
Talk IT_ Oracle_이범_110727
Talk IT_ Oracle_이범_110727Talk IT_ Oracle_이범_110727
Talk IT_ Oracle_이범_110727Cana Ko
 
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackCloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackbuildacloud
 
Java EE Technical Keynote at JavaOne Latin America 2011
Java EE Technical Keynote at JavaOne Latin America 2011Java EE Technical Keynote at JavaOne Latin America 2011
Java EE Technical Keynote at JavaOne Latin America 2011Arun Gupta
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceBob Rhubart
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 

Mais procurados (19)

Services Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 WorldServices Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 World
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
What's new in Exchange 2013?
What's new in Exchange 2013?What's new in Exchange 2013?
What's new in Exchange 2013?
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...
 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle -
 
03.egovFrame Runtime Environment Training Book
03.egovFrame Runtime Environment Training Book03.egovFrame Runtime Environment Training Book
03.egovFrame Runtime Environment Training Book
 
20100907 fuse-community-evening-adrian-trenaman-no-logo
20100907 fuse-community-evening-adrian-trenaman-no-logo20100907 fuse-community-evening-adrian-trenaman-no-logo
20100907 fuse-community-evening-adrian-trenaman-no-logo
 
SQL Server High Availability
SQL Server High AvailabilitySQL Server High Availability
SQL Server High Availability
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
 
Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...
 
Momentum Infocare Corporate Presentation
Momentum Infocare Corporate PresentationMomentum Infocare Corporate Presentation
Momentum Infocare Corporate Presentation
 
SQL Server Workshop Paul Bertucci
SQL Server Workshop Paul BertucciSQL Server Workshop Paul Bertucci
SQL Server Workshop Paul Bertucci
 
2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical Update2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical Update
 
Talk IT_ Oracle_이범_110727
Talk IT_ Oracle_이범_110727Talk IT_ Oracle_이범_110727
Talk IT_ Oracle_이범_110727
 
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackCloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stack
 
Java EE Technical Keynote at JavaOne Latin America 2011
Java EE Technical Keynote at JavaOne Latin America 2011Java EE Technical Keynote at JavaOne Latin America 2011
Java EE Technical Keynote at JavaOne Latin America 2011
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle Coherence
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOA
 

Semelhante a Understanding XML and Web Services Performance

Enterprise Use Case - Selecting an Enterprise Service Bus
Enterprise Use Case - Selecting an Enterprise Service Bus Enterprise Use Case - Selecting an Enterprise Service Bus
Enterprise Use Case - Selecting an Enterprise Service Bus WSO2
 
The spring 32 update final
The spring 32 update finalThe spring 32 update final
The spring 32 update finalJoshua Long
 
Ss Wrap Up Session 13 Aug
Ss Wrap Up Session 13 AugSs Wrap Up Session 13 Aug
Ss Wrap Up Session 13 AugWSO2
 
Viestintäaamupäivä exchange 2013
Viestintäaamupäivä exchange 2013Viestintäaamupäivä exchange 2013
Viestintäaamupäivä exchange 2013Salcom Group
 
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...CloudOps Summit
 
Soa Security Testing
Soa Security TestingSoa Security Testing
Soa Security TestingJaipal Naidu
 
Layer 7: Securing Web 2.0 - What You Need to Know
Layer 7: Securing Web 2.0 - What You Need to KnowLayer 7: Securing Web 2.0 - What You Need to Know
Layer 7: Securing Web 2.0 - What You Need to KnowCA API Management
 
Introducing SQL Server Data Services
Introducing SQL Server Data ServicesIntroducing SQL Server Data Services
Introducing SQL Server Data Servicesgoodfriday
 
Introducing SQL Server Data Services
Introducing SQL Server Data ServicesIntroducing SQL Server Data Services
Introducing SQL Server Data Servicesgoodfriday
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & restxKinAnx
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracleigsc
 
Paving the Way to IT-as-a-Service
Paving the Way to IT-as-a-ServicePaving the Way to IT-as-a-Service
Paving the Way to IT-as-a-Servicebuildacloud
 
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010Oracle BH
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsGovind Maheswaran
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleEwa Stepien
 
04.egovFrame Runtime Environment Workshop
04.egovFrame Runtime Environment Workshop04.egovFrame Runtime Environment Workshop
04.egovFrame Runtime Environment WorkshopChuong Nguyen
 
Cloudfoundry architecture
Cloudfoundry architectureCloudfoundry architecture
Cloudfoundry architectureRamnivas Laddad
 
Jimwebber soa
Jimwebber soaJimwebber soa
Jimwebber soad0nn9n
 

Semelhante a Understanding XML and Web Services Performance (20)

Enterprise Use Case - Selecting an Enterprise Service Bus
Enterprise Use Case - Selecting an Enterprise Service Bus Enterprise Use Case - Selecting an Enterprise Service Bus
Enterprise Use Case - Selecting an Enterprise Service Bus
 
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
Exchange 2013 ABC's: Architecture, Best Practices and Client AccessExchange 2013 ABC's: Architecture, Best Practices and Client Access
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
 
The spring 32 update final
The spring 32 update finalThe spring 32 update final
The spring 32 update final
 
Ss Wrap Up Session 13 Aug
Ss Wrap Up Session 13 AugSs Wrap Up Session 13 Aug
Ss Wrap Up Session 13 Aug
 
Viestintäaamupäivä exchange 2013
Viestintäaamupäivä exchange 2013Viestintäaamupäivä exchange 2013
Viestintäaamupäivä exchange 2013
 
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...
 
Soa Security Testing
Soa Security TestingSoa Security Testing
Soa Security Testing
 
Layer 7: Securing Web 2.0 - What You Need to Know
Layer 7: Securing Web 2.0 - What You Need to KnowLayer 7: Securing Web 2.0 - What You Need to Know
Layer 7: Securing Web 2.0 - What You Need to Know
 
Introducing SQL Server Data Services
Introducing SQL Server Data ServicesIntroducing SQL Server Data Services
Introducing SQL Server Data Services
 
Introducing SQL Server Data Services
Introducing SQL Server Data ServicesIntroducing SQL Server Data Services
Introducing SQL Server Data Services
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & rest
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
 
Paving the Way to IT-as-a-Service
Paving the Way to IT-as-a-ServicePaving the Way to IT-as-a-Service
Paving the Way to IT-as-a-Service
 
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
Oracle tech fmw-02-soa-suite-11g-neum-15.04.2010
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and Infrastructure
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, Oracle
 
04.egovFrame Runtime Environment Workshop
04.egovFrame Runtime Environment Workshop04.egovFrame Runtime Environment Workshop
04.egovFrame Runtime Environment Workshop
 
Cloudfoundry architecture
Cloudfoundry architectureCloudfoundry architecture
Cloudfoundry architecture
 
Jimwebber soa
Jimwebber soaJimwebber soa
Jimwebber soa
 

Mais de CA API Management

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 

Mais de CA API Management (20)

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 

Último

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Último (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Understanding XML and Web Services Performance

  • 1. Understanding XML and Web Services Performance K. Scott Morrison Director, Architecture January 2005
  • 2. Bio – K. Scott Morrison Director, Architecture at Layer 7 Technologies • http://www.layer7tech.com • Layer 7 is based in Vancouver BC, Canada Co-author of Sams’ Java Web Services Unleashed & Wrox’s Professional JMS • Over 40 other publications in academic journals and trade magazines Co-editor WS-I Basic Security Profile Frequent speaker on Web services, XML, mobile/wireless computing systems, distributed systems architecture, and Java design issues Jan 2005 SecureSpan™ Solution Overview 2
  • 3. Agenda and Theme Performance and Web services WS-Paradigm Shift: Why Web services perform so poorly And why security will exacerbate the problem… Designing for performance Transaction tuning: a new approach to dealing with Web services performance issues Theme: Security will be the major cause of Web services performance problems in the future. What’s needed is a new approach to managing this. Jan 2005 SecureSpan™ Solution Overview 3
  • 4. What Does Performance Mean for Web Services? The Typical Web Services Firewall Use Case Provider (Web Services Server) SOAP Request SOAP Msg Response Msg Requestor Provider (Web Services Client) Network Identity Requestor Network Jan 2005 SecureSpan™ Solution Overview 4
  • 5. Performance is Measurable Performance requirements may be articulated through QoS: • Availability/Accessibility • Reliability • Throughput Audit • Response time/Latency • Regulatory (Sarbanes-Oxley, etc) • Security Policy Throughput Resource Response Utilization Time Identity Real goals are critical Jan 2005 SecureSpan™ Solution Overview 5
  • 6. Haven’t We Been Dealing With This For Years? Yes; however, XML is particularly problematic… “Traditional” Process Data… Distributed Computing (CORBA, COM+, etc) Clean separation between content and transport Serialize Data Unserialize Data Tight, fast protocols (fixed Security, routing, Transport Transport reliability, etc binary, name/value pairs, etc) Network The Web Services Process Data… Approach XML-based, contained Process Msg Security, routing, Protocol reliability, etc in SOAP header Serialize Data Unserialize Data Pushed up the Transport Transport stack into the message itself Jan 2005 SecureSpan™ Solution Overview 6
  • 7. Consider WS-Addressing: <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"> <S:Header> <wsa:MessageID> uuid:6B29FC40-CA47-1067-B31D-00DD010662DA </wsa:MessageID> <wsa:ReplyTo> <wsa:Address>http://business456.example/client1</wsa:Address> </wsa:ReplyTo> <wsa:To>http://fabrikam123.example/Purchasing</wsa:To> <wsa:Action>http://fabrikam123.example/SubmitPO</wsa:Action> </S:Header> <S:Body> ... </S:Body> </S:Envelope> All intermediates need to parse XML to route, kill duplicates, etc. There are also many additional fields in WS-A not shown here. Source: Web Services Addressing – Core, W3C Working Draft 8 December 2004 http://www.w3.org/TR/2004/WD-ws-addr-core-20041208/ Jan 2005 SecureSpan™ Solution Overview 7
  • 8. Security Exacerbates Performance Issues Consider OASIS Web Services Security (WSS) Core spec describes a mechanism for securing SOAP messages using arbitrary security tokens under existing W3C specs: W3C Signing W3C Canonicalization W3C Encryption These W3C approaches were designed for generalized document security, and are certainly not optimized for performance For example, consider signing: Jan 2005 SecureSpan™ Solution Overview 8
  • 9. <SOAP-ENV:Envelope> <SOAP-ENV:Header> <wsse:Security> <wsu:Timestamp wsu:Id="T0"> Subject signs timestamp <wsse:BinarySecurityToken wsu:Id=“x509token"> Base64 Encoded X509.v3 Certificate <ds:Signature> <ds:SignedInfo> Subject may sign security token ds:Reference Reference to … elements Subject’s certificate <ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> Subject signs body <SOAP-ENV:BODY wsu:Id=“B0"> Jan 2005 SecureSpan™ Solution Overview 9
  • 10. Security Exacerbates Performance Issues (cont.) And that’s just signing! • Canonicalization is insanely expensive Encryption similarly complex Considerably more complicated are mechanisms like OASIS SAML Token Profile, under the Holder-of-key mechanism. How can we design for this? Jan 2005 SecureSpan™ Solution Overview 10
  • 11. Design Strategies A lot of designing for performance is using common sense Optimization is an iterative process toward a concrete goal Key is to adopt certain principles up front, profile constantly, but don’t optimize until it’s possible to understand where the problem is Compartmentalize bottlenecks and optimize − Problems distributed throughout programming logic are very difficult to optimize Eg: XML Security SSL acceleration is a good example of this eXtreme Programming (XP) codifies this process: Test constantly Optimize last Optimization is all about balance between effort and payoff •Remember: Assumptions are the villain here. So is lore. •BTW: We’ve found Apache Bench useful, but is only one simple piece in a full arsenal of load testers (eg: it’s no good for SSL) • http://httpd.apache.org/docs-2.0/programs/ab.html So here are some general approaches: Jan 2005 SecureSpan™ Solution Overview 11
  • 12. API Design Chunky vs. chatty APIs: Think coarse granularity • Aggregate behind façade patterns • But watch for stupidly large transfers Favour document/literal over RPC/encoded APIs • Be very careful of complex objects. Favour simple, strongly typed parameters Validate schemas early (esp. externally) Avoids costly parsing faults in processing Cache where appropriate Never encapsulate large binary data sets in XML • SwA • XOP, MTOM, & RRSHB (New W3C recommendations from just this last Tuesday) Go asynchronous when possible Jan 2005 SecureSpan™ Solution Overview 12
  • 13. Compression and Binary XML Usually a win only in high latency or very expensive networks Wireless, satellite Trans-ocean Problem is, it destroys readability GZIP very easy, but slow WAP WBXML W3C Binary Characterization WG • Plus many others Compressed XML et rn te In Regular uncompressed Web services call Wireless Svc Provider Equipment In particular, keep an eye on XOP, MTOM, & RRSHB from the W3C Jan 2005 SecureSpan™ Solution Overview 13
  • 14. Scaling Up and Scaling Out More Powerful Server Scaling up Blade servers, of Overloaded course, attempt to Servers combine the best of both worlds Scaling Server out Farms Not as simple as it seems. Lots Sprayer of general affinity issues: • Replay defense • Caching • DB Cursors, transactions, locks, etc Jan 2005 SecureSpan™ Solution Overview 14
  • 15. Intelligent Parsing STOP! Do you really need to write your own Web services framework? OK, then avoid DOM Avoid DOM some more Use SAX, but consider also pull parsers • Interestingly, some standards work is helping here Consider XPATH • This is an area where hardware acceleration can provide huge wins Example is Layer 7’s partnership with Tarari Jan 2005 SecureSpan™ Solution Overview 15
  • 16. Intelligent Parsing (cont.) Outgoing SOAP Hybrid hardware/software message Layer 7 solution SecureSpan 1. Responsive to change Gateway 2. Acceleration of well- understood problems Incoming SOAP • Message classification message • Validation • Policy application cribs • Cryptographic acceleration • etc Classify Extract Locate Jan 2005 SecureSpan™ Solution Overview 16
  • 17. Offloading Processing Delegation of Gateway Appliance Responsible for: Responsibility to Gateway • Consistent application of security policy • Validation of schemas • Transform • Monitoring Web Svc • PKI Servers • Policy publication Appliances offer consistency and performance SOAP Request Msg Internal Network DMZ Web Service Client Layer 7 SecureSpan Gateway Jan 2005 SecureSpan™ Solution Overview 17
  • 18. Transaction Tuning Bridge/Gateway Combination Allows: • Complete, end-to-end control over Web services security • Dynamic, run-time application of Policy • Security model can be tuned anytime against observed performance • All without any code changes! Secure SOAP Msg (WS-Security) Internal Network WS-Policy DMZ Document Layer 7 SecureSpan Bridge Jan 2005 SecureSpan™ Solution Overview 18
  • 19. For further information: K. Scott Morrison Layer 7 Technologies Suite 501 – 858 Beatty St. Vancouver, BC V6B 1C1 Canada (800) 681-9377 smorrison@layer7tech.com http://www.layer7tech.com January 2005
  • 20. Axis Jan 2005 SecureSpan™ Solution Overview 20