CERN

IDS
 CERN – European Organization for Nuclear Research
Administrative Support - Internet Development Services

Implementing Soap & Web Services

By Jozef Dranseld (ST-MA)

&
Derek Mathieson (AS-IDS)
 Presentation Roadmap

Past
Present
Future

CERN
IDS
 Why Web Services?

“The Web can grow significantly in power and scope

if it is extended to support communication between
applications, from one program to another.”

- From the W3C XML Protocol Working Group Charter

CERN
IDS
 The Hype
 New paradigm?
 Reason to move platforms?
 Replacement for EDI?

CERN
IDS
 Gartner’s ‘Hype’ Curve
Key: Time to “plateau”
Visibility
Less than two years
Biometrics Grid Computing
Two to five years
Five to 10 years
Natural-language
search Web Services Beyond 10 years

Identity services
Virtual
Personal digital
Wireless private
Nanocomputing assistant phones Text-to- LANs/802.11 networks
speech
E-tags
Speech recognition in
Peer-to-peer call centers
Voice over IP
Personal computing
fuel cells Bluetooth
WAP/ Public key infrastructure
Wireless
Web Location
Speech recognition on desktops
sensing
Peak of
Technology inflated Trough of Slope of Plateau of
trigger expectations disillusionment enlightenment productivity
Maturity

CERN Source: Gartner Group June 2002

IDS
 What are Web Services?
 Identifiedby a URI
 Interfaces defined using XML
 Can be discovered by other systems
 Interact using XML based messages
conveyed by Internet protocols

Source: Web Services Glossary

CERN
IDS
 What are Web Services?

Application 1 Application 2

XML

CERN
IDS
 Is this New?
 Sun RPC (1985)
 CORBA (1992)
 DCE / RPC (1993)
 Microsoft COM (1993)
 Microsoft DCOM (1996)
 Java RMI (1996)

CERN
IDS
 Is this New?

CERN
IDS
 A Brief History …

CERN
IDS
 Is this Different?
 Platformneutral
 Open Standards
– Interoperable
 Based on ubiquitous software
– XML Parsers
– HTTP Server

CERN
IDS
 The Components

CERN
IDS
 Transport
 HTTP POST is most common
 But other protocols such as
– FTP
– SMTP
– HTTP GET
 And other exotic ones:
– Jabber
– BEEP

CERN
IDS
 Packaging – Soap
 Used to mean
– Simple
– Object
– Access
– Protocol
 From SOAP 1.2 > SOAP is no longer
an acronym
 Two Types of SOAP

CERN
IDS
 Packaging – Soap

 SOAP RPC:
– encode and bind data structures into xml.
– encode an RPC call

CERN
IDS
 Serialization

<PurchaseOrder>
<item type=“xsd:string”>
class PurchaseOrder { Serializer socks
String item = “socks”; </item>
int amount = 1; <amount type=“xsd:int”>
} 1
</amount>
</PurchaseOrder>

CERN
IDS
 Packaging - SOAP
 SOAP ‘document style’
– packages xml in an envelope

CERN
IDS
 Packaging – Soap
HTTP Post

SOAP Envelope

SOAP Head

SOAP Body

CERN
IDS
 Packaging – Soap

<s:Envelope xmlns:s=“URN”>
<s:header>
<s:transaction xmlns:m=“soap-
transaction”>
<m:transactionID>
1234
</m:transactionID >
</s:transaction>
</s:header>

CERN
IDS
 Packaging – Soap

<s:Body>
<n:purchaseOrder xmlns:n=“URN”>
<n:item>socks</n:item>
<n:amount>1</n:amount>
</n:purchaseOrder>
</s:Body>
</s:Envelope>

CERN
IDS
 Description – WSDL
 Web Services Description Language
 “Web Services Description Language
(WSDL) provides a model and an
XML format for describing Web
services.” w3c.org

CERN
IDS
 Description – WSDL

Types

Messages

Operations

Encoding

Endpoint
CERN
IDS
 Types

<types>
<schema targetNamespace=" IMessageService.xsd"
xmlns="…/XMLSchema" xmlns:SOAPENC="…
/soap/encoding/"/>
</types>

CERN
IDS
 Messages

<message name=“purchase">
<part name=“item" type="xsd:string"/>
<part name=“quantity" type="xsd:integer"/>
</message>

CERN
IDS
 Operations

<operation name="setMessage">
<input name="setMessageRequest“
message="tns:setMessageRequest"/>
<output name="setMessageResponse“
message="tns:setMessageResponse"/>
</operation>

CERN
IDS
 Encoding

<soap:operation soapAction="" style="rpc"/>

<input name="setMessage0Request">
<soap:body use="encoded"
namespace="MessageService"
encodingStyle="…/soap/encoding/"/>
</input>

CERN
IDS
 Endpoint

<service name="MessageService">
<port name="MessageServicePort"
binding="tns:MessageServiceBinding">
<soap:address location="http://localhost:8080/setMessage/"/>
</port>
</service>

CERN
IDS
 Discovery – UDDI
 Universal Description, Discovery and
Integration
 A UDDI Server acts as a registry for
Web Services and makes them
searchable.

CERN
IDS
 Discovery – UDDI
 Demonstration:

https://uddi.ibm.com/ubr/registry.html

CERN
IDS
 Discovery – UDDI
UDDI Registry
Inquiry

Publish

CERN
IDS
 Discovery – UDDI
UDDI Registry
Inquiry

Publish

CERN
IDS
 Examples
 Java
– Client
– Server
 VBScript
– Client –high level API
– Client – low level API
 .NET
– C# Client
– C# Server

CERN
IDS
 Design Recommendations
 Create a local class
 Create a method with the same name

CERN
IDS
 Examples (Java Client)

URL endpointURL = new URL(endpoint);

Call call = new Call();

call.setSOAPTransport(m_httpconn);

call.setTargetObjectURI("MessageService");

call.setMethodName("setMessage");

call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);

CERN
IDS
 Examples (Java Client)
Vector params = new Vector();
params.addElement(
new Parameter("name",
java.lang.String.class, name,
null));
params.addElement(
new Parameter("colour",
java.lang.String.class, colour,
null));
call.setParams(params);
Response response =
call.invoke(endpointURL, "");

CERN
IDS
 Examples (Java Client)
 Demonstration

CERN
IDS
 Examples (Java Server)
A Web service Server is simple:
– New class with method
 Then:
– Register class with soap router
– Or
– Place the source code in a jws file

CERN
IDS
 Examples (VB Client)
 High Level API (After adding a Web
Service Reference)

Dim serv As clsws_MessageService

Set serv = New clsws_MessageService

serv.wsm_setMessage txtName.Text, txtColor.Text

CERN
IDS
 Examples (VB Client)
Serializer.Init Connector.InputStream
Serializer.startEnvelope , ENC
Serializer.SoapNamespace "xsi", XSI
Serializer.SoapNamespace "SOAP-ENC", ENC
Serializer.SoapNamespace "xsd", XSD
Serializer.startBody

Serializer.startElement Method, URI, ,

"method"
Serializer.startElement “parameter“
Serializer.SoapAttribute "type", ,
"xsd:string", "xsi"
Serializer.writeString username
Serializer.endElement

Serializer.endBody
Serializer.endEnvelope
Connector.EndMessage

CERN
IDS
 Examples (VB Client)

Name Bill

Colour blue

Call Web Service

CERN
IDS
 Examples (C# Client)
 Add a Web References to a project

Localhost.MessageService serv = new

Localhost.MessageService();

serv.setMessage(x, y);

CERN
IDS
 Examples (C# Client)
 Demonstration

CERN
IDS
 Examples (C# Server)
public class Demo :
System.Web.Services.WebService {

public Demo() {
InitializeComponent();
}

[Web Method]
public string HelloWorld() {
return “Hello World”;
}
}

CERN
IDS
 Web Services
Future

CERN
IDS
 Security
 WS do not define how to do security,
they rely on other mechanisms
layered on top.
 Very common to use SSL
– Good for simple cases
• Weak when multi-tier
• Forces encryption of all data – sometimes
not needed

CERN
IDS
 Security

Bookstore
Client
Application

CERN
IDS
 Security Bank

Client Bookstore
Application

Warehouse

CERN
IDS
 WS Security Standardisation
 W3C - http://www.w3c.org
– XML Encryption
– XML Digital Signatures

 WS-I - http://www.ws-i.org
– WS Security Profile

 OASIS - http://www.oasis-open.org
– WS-Security
– SAML - Security Assertion Markup Language
– XACML - Extensible Access Control Markup
Language
CERN
– XKMS - XML Key Management Specification
IDS
 Security – Fire Walls

Bookstore
Client
Application

Fire Wall

CERN
IDS
 Security
 Firewall‘transparency’
 Double-edged sword
– Simplifies deployment

– Opens up potential holes in enterprise

security
• Similar to CGI, etc.

CERN
IDS
 WS-I
 Web Services Interoperability
Organization
http://www.ws-i.org

R1017 A RECEIVER MUST NOT mandate the

use of the xsi:type attribute in
messages except as required in order
to indicate a derived type
WS-I Basic Profile Version 1.0
CERN
IDS
 Missing Pieces
 Security
– Single Sign-on, credentials
 Transactions
 Quality of service
– Timeliness guarantees
 Asynchronous operations
– Co-ordination, workflow

CERN
IDS
 Real Examples
 Amazon Web Services API
 Google Web API
 HP & IBM online stores

CERN
IDS
 Next Steps
 Overtime Interface
 Other documents (Materials Request,
TID, Transport Request)
 E-Business – with ebXML

CERN
IDS
 Gartner’s ‘Hype’ Curve
Key: Time to “plateau”
Visibility
Less than two years
Two to five years
Five to 10 years
Beyond 10 years

Web Services

Peak of
Technology inflated Trough of Slope of Plateau of
trigger expectations disillusionment enlightenment productivity
Maturity

CERN Source: Gartner Group June 2002

IDS
 Thank you
 Presentation and source code of
demos:

http://ais.cern.ch/presentations

CERN
IDS