Web Service Technologies. Introduction, Composition and Extensions

(1)

Web Service

Technologies

Introduction, Composition and

Extensions

(2)

Slide title minimum 32 pt (32 pt makes 2 rows)

Text and bullet level 1 minimum 24 pt 5 minimum 20 pt

›

Assignment Types

– Survey Paper

– Practicable Evaluation

– Position Paper

›

Scopes

– Standards

– Theory and Practise

(3)

(4)

›

Study

– The concepts of Policy Negation and Negotiation Protocols

– The concepts of Policy Enforcement

›

Survey Standards for Policies

– WS-Policy, WS-SecurityPolicy, WS-PolicyConstraints, etc.

›

Give an overview of available implementations

Policy Negotiation and

(5)

›

The Vision: study proposed WS-Security Standards

– WS-Security, XMLEncryption, XMLSignatures, etc.

›

The Goal: propose a catalog of criteria to be supported

– E.g. Interoperability and Practicability

›

The Reality: evaluate WS Frameworks for WS-Security

– Java Platform: Apache Rampart, J2EE, JAX-WS

– .NET Platform: MS WCF

– More…

Is Message-Level Security

really Practicable?

(6)

›

Study

– The concepts of authentication (AuthN) for WS

– The concept of Single Sign On (SSO)

– The concept of claim-based security

›

Survey Standards for AuthN and SSO

– WS-Security and modes: (e.g. HTTP, Basic, SAML, Kerberos, …)

– OpenID, LiveID, …

›

Give an overview of available implementations

Does WS-AuthN support Single

Sign-On for WS?

(7)

›

Study

– The concepts of authorization (AuthZ) for WS

– The security concepts for access controls

– The different architectures

›

Survey Standards for AuthZ

– XAML

– OAuth

›

Give an overview of available implementations

Are Ws-AuthZ Architectures

Really Interoperable?

(8)

›

When (async) calling a WS:

– the client is not sure if tme message is received and

– the server is not sure if response is received.

›

WS-ReliableMessaging implements a protocols that

reliable deliveres SOAP messages between distributed

applications in the presence of failures.

›

Message Modes:

– AtLeastOnce, AtMostOnce , ExactlyOnce, and InOrder.

(9)

›

Does it make sense to enable ACID criteria of DBMS for WS?

– Atomic calls to a composite WS: when one of several steps fails,

will all steps be rolled back?

– Consistency in a stateful WS: when failing calls may confuse the states,

can we ensure that WS will be always in a consistent state?

– Can we enable isolation: when multiple WSes call the same WS, there

won‘t be dirty data

– Will state changes be durable, when WS instance is shut down?

›

Standards: WS-Transactions, WS-Coordination, WS-Business

Activity, WS-Atomic Transaction

Do WS-Transaction Provide us

with ACID Criteria?

(10)

(11)

›

Position Paper on the two competitive approaches for Web

services

– SOAP: WSDL, UDDI, …

– REST: WADL, …

›

What are their advantages and disadvantages?

›

Can we do it more light-weight?

›

Can we forget about standards?

Battle field Web Services: Who

has won the war SOAP or REST?

(12)

›

Evaluate and compare WS implementation with different

frameworks

– Axis 2 (SOAP)

– Axis 2 (REST)

– JAX-WS

– Spring WS

›

Benchmark: Compare execution performance of a WS call

›

Interoperability: Validate interop of code- and contract first

Interoperability & Performance

(13)

›

Most WS are use free of charge, however some

value-added service are billed?

›

What Business Models are currently used for WS?

– Free, Freemium, Flat Rate, …

›

What standards can be used? WSLA

Commercial WS Technologies:

Billing Web Service Usages

(14)

›

Study the concept of a Enterprise Service Bus (ESB)

›

Study object-oriented concepts of polymorphy

›

An ESB dispatches WS calls to the right WS implementation

›

Is there a diamond problem 2.0? Name conflicts?

›

Do WS need the inheritance concepts like OOP?

›

Does the REST (of us) need ESBs?

›

Position Paper that discusses similarities and differences?

Enterprise Service BUS =

(15)

›

Can the current de-facto standards for service level

agreements (SLAs) enable serious WS applications?

›

Study de-facto standards in WS SLAs: WSLA, …

›

What frameworks help to enforce SLAs?

– SLA Negotiation

– SLA Monitoring and Enforcement

– SLA Violation Compensation

Do Service Level Agreements

Enable Serious Web Service?

(16)

ADAPTIVITY AND

CONTEXT-AWARENESS

(17)

›

Need to guarantee SALs in presence of QoS change

›

E.g. use different services dynamically switching among

them.

›

Keep a runtime model of current QoS (E.g. Markow Chain)

– Update the model

– Use the model to guide decisions (feedback control)

›

Study the existing frameworks and their features

How to adapt to changing

(18)

›

Recent research explored how to support

context-awareness in web services.

– Devices

– Preferences

– Location

›

Context-aware web services should gracefully operate

under different context conditions.

– Adaptability

– Context combination

›

Analysis of the existing techniques

(19)

›

Context-oriented programming (COP): programming

paradigm for context-aware applications

– Ad hoc, language-level abstractions

›

AOP already proved useful in the WS world.

– AO4BPEL: An Aspect-Oriented Extension to BPEL.

– Crosscutting concerns in WS processes

›

Context-awareness in a hot topic in WS

›

What about introducing COP in WS ?

COP in web services

(20)

›

Study WS- Composition with WS-BPEL

– Understand crosscutting problems in WS-BPEL workflows

›

Study aspect-oriented concepts

›

Compare different approaches of AOP for WS-BPEL

– AO4BPEL, COP, …

Aspect-Oriented

(21)

›

Architectures: Point-2-Point, Pub-Sub, Event-Driven

›

History of Events Standards: Eventing,

WS-Notifications, WS-BrokeredWS-Notifications, WS-Topics,

WS-EventDescriptions,

›

Implementations of WS-Events

Does WS-Eventing ENABLE

Pluggable Enterprises?

(22)