Web Services

A good example of how the interconnectivity among the three technologies works would be a user trying to buy a plane ticket online. The user would access a travel agency’s Web page to query for the availability of seats, date and time of the flight and prices of the plane ticket. In this querying process, HTTP acts as the language that users end up using to communicate with the Web server that actually can access the information of flight date, time, seat availability and prices from the airlines database. According to the values users input into the Web page (i.e. GUI) and transmitted to the Web server via HTTP, the Web server performs the command of search by sending out commands of this query to each individual airline’s flight schedule databases using an application to application interface, i.e. Web services. Web services translate whichever markup language the Web server uses into the universally understood XML that gets relayed to the databases of all the airlines. When the XML is received by the airline databases, Web services then translates the XML into whatever programming language that each database is using so that the database would be able to understand the command the Web server sent out. After the query has been completed, the result would be transmitted back to the Web server through Web services again. Then the Web server would relay these search results to the user via HTTP which would present the information to the user through an HTML file that could be interpreted by a browser.

The future vision of E-commerce on the basis of Web ser- vices is that anybody must be able to trade and negotiate with everybody else. However, such an open and flexible approach to E-commerce has to deal with many obstacles before it becomes reality. To bring Web services and fully en- abled E-commerce to reality, mechanized support is needed in dealing with numerous and heterogeneous data formats as well as numerous and heterogeneous business logics. Ma- chine processable semantics of information is a key essential element in mechanizing these tasks. Therefore, beside ex- ploiting semantics for the basic Web service stack, we also emphasize that semantics is essential within heterogeneous environments allowing for flexible mediation on a conceptual basis.

sentence aligner of parallel corpora, two different word aligners for parallel texts, an advanced search engine and a question answering system for Romanian) that are already implemented as stand-alone applications and which we plan to include into the web services platform. The future developments of our present linguistic web services platform as well as the assurance of the interoperability with other existing web service platforms will be our major responsibilities in the CLARIN project. The access to the web services is research license-based and up to now it was used by various colleagues from Bulgaria, Canada, Denmark, France, Italy, The Netherlands, Romania and USA for processing Romanian texts totalizing more than 2 billion words.

Consider its use of the IaaS. It uses WS-Policy to describe its Web services security policy, and it has a dedicated virtual private network (VPN) tunnel for its corporate network, which leverages the STS based on WS-Trust to translate tokens. It also exchanges an incoming username and password (invoked by a business partner) token for a SAML token with an XACML profile. Finally, it uses an XACMLcompliant PEP to enforce access control for service requests.

In this review takes security issues like authentication in web services and its techniques. Security mechanism is essential environment for protecting the user data. Privacy awareness is most important factor in authentication and authorization helps to secure the information form the unauthorized users. It focus on the privacy and access control. In distributed world it’s hard to secure data in sharing. This review some authentication principles are discussed furthermore it has to enhance in future works are implement with more authentication mechanisms, mechanisms based on evolutionary algorithms, universal authentication framework with suitable protocol and elaborate model in international network.

Although this book focuses on the fundamentals, it's no "for Dummy's" book. Readers are expected to have an understanding of Java and XML. Web service APIs are easy to learn, but can be tedious. Before reading this book, you should be fluent in the Java language and have some practical experience developing business solutions. If you are unfamiliar with the Java language, we recommend that you pick up a copy of Learning Java by Patrick Neimeyer and Jonathan Knudsen (formerly Exploring Java) (O'Reilly). If you need a stronger background in distributed computing, we recommend Java Distributed Computing by Jim Farley (O'Reilly). If you need additional information on XML, we recommend Java and XML by Brett McLaughlin (O'Reilly) and XML in a Nutshell by Elliotte Harold and W. Scott Means (O'Reilly). Other O'Reilly books covering web services include Programing Web Services with SOAP by Doug Tidwell, James Snell, and Pavel Kulchenko and Programming Web Services with XML-RPC by Simon St. Laurent, Joe Johnston, and Edd Dumbill.

• Web service specific technology artifacts. These include things such as WSDL files, assemblies implementing client and server calls, SOAP messages and so forth. The threats to these assets are the web services technology specific threats. Threats to these assets usually lead indirectly to threats to application specific assets (e.g. leaking of an assembly might give an attacker the necessary information on how to attack a back-end system, a SOAP message will usually include application specific information, tampering with a WSDL file may enable service spoofing, and so forth…)

y Service binding: Following the discovery phase, the client must bind to the remote service. WSDL supports bindings to services using different mechanisms including SOAP and CORBA. Thereafter, interactions can be viewed as traditional client-server interactions. There is nothing particularly new about this architecture. Client-server remote procedure calls have been implemented in numerous ways, as has the service repository. As just one example, WebFlow implements a specialized naming service for looking up services and their service module. The difference here is that the repository is designed to offer a standard XML description of the services using WSDL. The service description itself is independent of wire protocols and Remote Procedure Call (RPC) mechanisms. There still is the problem that the client must implement the appropriate RPC stubs to access the server. But, given the number of protocols and RPC mechanisms available, there is an advantage in the various grid computing environment projects coming to an agreement on a specific RPC protocol. Guided by the surge of development in support of SOAP for web services and its compatibility with HTTP, we suggest this should be evaluated as the appropriate common language for interoperable portals. Legacy and alternative RPC mechanisms such as used by WebFlow can be reached through bridges.

In case of failure, Rimage web services always return an error code and an error message in the Response object. This section lists all the error codes and corresponding messages. Because Rimage web services relies on the Rimage Rapid API for communication with Rimage systems, the Rapid API error codes are listed first, followed by web services specific error codes.

Operator billing represents the payment mechanism used by mobile network operators to acquire payment from their customers for services provided. A content provider using this payment method with the Web Services framework would be requesting that the network operator will bill the mobile user according when the service provided in being used. The network operator will then forward that payment on to the content provider after deducting a payment service charge. The amount to be billed may be deducted from a mobile user’s pre-paid account or added to their next post-paid phone bill. The process of which way the cost of the service is transacted from the mobile user to the network operator should be transparent to the content provider. The payment service provider in this case may be the network operator or an independent organisation with access to the network operator’s payment infrastructure. In the development of the framework the network operator infrastructure is simulated as it is unrealistic to be able to gain access to an enclosed network operator system for the purposes of a research project.

Web services are modular and self-describing applications, which can either be composed with other Web services to create businesses or simply deployed as reusable components to provide some functionality to their clients. An important characteristics of a Web service is that it is a black box as far as any client agent (human or artificial) is concerned. In this respect, service interface-based discovery including the matching of service inputs and outputs seem to be a good starting point in service discovery process [Paolucci et al., 2002a]. On the other hand, most of the time, discovering a service based on its outer skin may not give the desirable match; because of the service’s inner underlying decisions and workings that can affect the service’s quality. For example, a DocToPdf Converter Web service may take a .doc file as input and produce a .pdf file as output. However, this information will not be enough for a user who wants all the hyperlinks or the characters written in Tahoma format in his document to be converted properly.

The current WBCM interface provided a web- based marking facility. However, in some cases the necessity of a web access could be a disadvantage. For example, if an instructor wishes to mark assignments while on a train, web access as a necessity is problematic. A better scheme might be for him to have a copy all assignment submissions available to him locally. This would require the instructor to first download all (or some of) the submissions to his local m/c. Then he would have to mark them and record his comments and finally upload the marks. Two web services are clearly involved, one to download the submissions of a set of students and another to upload the marks with comments. A local application would be desirable to properly organize the marks and the comments. The local application could very well be third party, though it would be desirable to have simple prototype applications available as part of the tool. This would make the tool more usable.

When we talk about “statelessness,” what counts as “state”? What’s the difference between persistent data, the useful server-side data that makes us want to use web services in the first place, and this state we’re trying to keep off the server? The Flickr web service lets you upload pictures to your account, and those pictures are stored on the server. It would be crazy to make the client send every one of its pictures along with every request to flickr.com , just to keep the server from having to store any state. That would defeat the whole point of the service. But what’s the difference between this scenario, and state about the client’s session, which I claim should be kept off the server? The problem is one of terminology. Statelessness implies there’s only one kind of state and that the server should go without it. Actually, there are two kinds of state. From this point on in the book I’m going to distinguish between application state, which ought to live on the client, and resource state, which ought to live on the server. When you use a search engine, your current query and your current page are bits of client state. This state is different for every client. You might be on page 3 of the search results for “jellyfish,” and I might be on page 1 of the search results for “mice.” The page number and the query are different because we took different paths through the application. Our respective clients store different bits of application state.

A merchant typically needs to send transaction requests in support of business transactions to a payment service. The merchant sends transac- tion requests (e.g., Charge) to Optimal Payments via the Web Services SDK, which acts as a secure transport medium.

2) Define a new Functional Domain. You can choose any name as long as it does not collide with an existing functional domain. Make sure this name accurately qualifies the AM information you will expose. As Asset Manager manages Web Services versions for you (tag system), you should not insert version information in this name.

The package we use is produced by WSS4J project under Apache. Written in Java as its name speaks, WSS4J is a fully implementation of WS-Security 1.0 OASIS standard; it also convenes active contributors for WS-SecureConversation and WS-Trust. Originally forked from Web services project, however, WSS4J is closely involved with Axis. For example, the current WS- SecureConversation implementation deals with MessageContext, an Axis construct instead of W3C Document object or Sun standardized SOAPPart. The feature of Axis affinity benefits those

A Web-service is a software system identified by a URI [RFC 2396], whose public interfaces and bindings are defined and described using XML. Its definition can be discovered by other software systems. These systems may then interact with the Web-service in a manner prescribed by its definition, using XML based messages conveyed by Internet protocols. Web-services depend on standard and widespread web technologies such as XML. This feature is meant to help integrate the middlewares and information systems of companies connected via a network, thereby facilitating the business to business (b2b) activities. If a company runs a service p,

simple interactive visualization application could be delivered over the web using a web browser as a user interface (see section 5). Alternatively, visualization could be part of a larger application; in this case visualization could be incorporated by using web services to access one or more predefined visualization pipelines. Data would be passed to the service and a visualized result returned for display within the application. While these two examples deal with potentially static pipeline descriptions, there is no reason why an application could not be constructed that allowed the dynamic construction of a network of visualization processes. The user could then interact with these processes in the same way that modules are used in a conventional dataflow visualization toolkit [13], changing parameters and connections to effect new visualization results. Unlike these toolkits, however, the user can create an alternative interface without having to abandon the visualization functionality provided.

With the wide spread use of web services, failures due to software aging in a web service can be catastrophic. In this paper we discuss the use of an open source tool CLRProfiler [8] to analyze memory allocation in a .NET based web services and detect memory leaks through analysis of heap graphs. The web service, the CLR profiler and other tools are integrated in a test bench called Software Rejuvenation Test Bench [9]. Software Rejuvenation Test Bench has a Rejuvenation Profiler which triggers rejuvenation as per the pre determined condition. In this paper, we discuss how prediction based rejuvenation method can be applied to counteract software aging in web service. The method and its advantages are discussed with application on real life .Net applications.

Web services extend the World Wide Web infrastructure to provide the means for software to connect to other software applications[4]. Applications access Web services via ubiquitous Web protocols and data formats such as HTTP, XML, and SOAP, with no need to worry about how each Web service is implemented. Web services combine the best aspects of component-based development and the Web, and are a cornerstone of the Microsoft .NET programming model.