Professional Documents
Culture Documents
operation, both the provider and requester communicate with each other directly
without the involvement of the service registry.
Firewalls allow the HTTP messages to pass through them. So, we write our own
XML text- based protocol message and place it on HTTP and send it across the
firewall. This approachof wrapping our SOAP message with the HTTP so that it can
safely pass through the firewall is called as HTTP Tunneling.
6. Explain what is “Software as a service”? What is its main difference with
traditional software? (2010)
Software as Service (Saas) is
a software application delivery model
where
• a software vendor develops a software application
• hosts the software application and
• operates the application
for use by its customers
The main difference between Saas and traditional software is that customers do not
pay for owning the software, but rather for using it.
coupling: The human-centric approach is faster and tightly coupled, whereas both
application-centric and automated web are loosely coupled and relatively slower.
8. What are the advantages of web services technology over the traditional
distributed computing technologies like CORBA, RMI and COM ?
Coupling: CORBA / RMI / COM makes the application integration tightly coupled,
whereas Web services makes application integration loosely coupled thereby
allowing it to be highly flexible. - CORBA / RMI / COM support only RPC whereas
web services support both RPC and document-centric messaging.
10.Explain the interaction between service requester, SOAP, WSDL and UDDI
in realizing a web service application.
10.1 The service requester queries the UDDI registry to find a service
! matching the search parameters.
10.2 The UDDI returns the location of the WSDL for the appropriate service.
10.3 The requester accesses the WSDL and gets the necessary data to invoke
! and use the Web service.
10.4 The requester creates a SOAP-message request and sends it to the web
! service.
10.5 The web service processes the incoming SOAP-message !request and
! sends back the SOAP-message response to the service ! requester.
• Registry approach.
• Registry first and the you can get some information.
• It has centralized register
• Indexed approach. (Google)
• They registry the index of services, like google.
• It doesn't has centralized register.
• Peer-To-Peer approach.
• Services stores in some nodes. Then it know some neighbors. When it has
to find some services, it ask to the neighbors. If they know, then finish; it
not, the neighbors will ask to their neighbors.
V0.4 Last modification: 29/05/2010! Page 4
Programming Web Services! Exam questions & Answeres
• Some times it can't guarantee that it can find the right services.
Registry approach is centralized and therefore faster than the other approaches. It
has the limitation that only the services registered in the registry are available.
Indexed approach involves the searching through out the web and therefore it is
slower. But the requester is left with a wider window of accessing many other web
services.
13.What are the differences between Web services and Application Service
Providers?
Permission: The service requester needs the permission of ASP to use a service.
Whereas the service requester does not need the permission to use a service in a
web service.
Granularity: Web Services can have different granularity, but ASP cannot.
Lecture 2: XML
1. Explain why do we have different XML parsing models?
2. What are the input(s) and output(s) of an XML Schema compiler? How
many times we need to invoke schema compiler during parsing?
3. What are the main parsing models? Give their advantages and
disadvantages.
Pull:
• Advantage:
• Disadvantage:
One-step:
• Advantage:
• Easy to manipulate XML documents.
• Parsing done in a single step.
• Disadvantage:
• More memory usage.
Hybrid:
• Advantage: Efficient usage of time and memory.
• Disadvantage:
4. We considered 4 parsing models for XML. Briefly explain them and suggest
in which cases each of them is more suitable to use. (2010)
Pull parsing:
• The application always has to ask the parser to give it the next piece of
information about the document.
• The XML community has not yet defined standard APIs for pull parsing.
Hybrid parsing
• This approach combines characteristics of the other three parsing models
• For example, combining pull parsing with one-step parsing.
• The application thinks itʼs working with a one-step parser, but as the
application keeps accessing more objects on the DOM tree, the parsing
continues incrementally.
5. What is the difference between import and include in XML schema reuse?
How?
Namespace collision: Using include you can retrieving the definitions but it makes
no namespace changes. Using import it merges schemas from multiple
namespaces into one schema. With import is possible to merge the contents of the
namespace into other namespace. You just have to specify the new namespace
when you are importing.
Different documents: With include, the fully qualified name of the elements needs
to be used. Then, if we include different document you cannot hide this fact.
Whereas on using import, this fact can be hidden cause we do not need to use the
fully qualified name.
The XML parser checks for both well-formed ness and validity of the XML
document.
To check the well-formedness the parser needs the XML document alone.
To check the validity of the document the parser needs the XML document and
either its DTD or schema document.
8. Show how you represent phone number “+46 8 790 04 13” in XML using
elements and using attributes? Give advantages and disadvantages of one
representation compare to another?
The XML schema compiler is a tool that analyzes the XML schema and code-
generates the corresponding marshalling and un-marshalling modules.
12. What are the 2 XML processing techniques? Explain the differences
between them. Give examples for both.
13. What is the difference between a pre-defined data type and constructed
data type.
Pre-defined data type are the data types that are already defined in the XML. eg:
string, positiveInteger, date, time etc.
Constructed data type can be any new data types which are constructed from the
pre-defined data types.
A simple element is an XML element that can contain only text. It cannot contain
any other elements or attributes.
Restriction implies that the values that an XML element contains are bound to
certain rules as defined in the schema document. For e.g. : The usage of
“xsd:enumeration” restricts the XML elementʼs values to limited set of values.
Similarly the usage if “xsd:pattern” restricts the XML elementʼs values to a certain
pattern.
V0.4 Last modification: 29/05/2010! Page 10
Programming Web Services! Exam questions & Answeres
16. List the basic schema reusability mechanisms in XML schema? Explain
the difference between intra-document reusability and inter-document
reusability.
Reusability mechanisms:
• Element reference
• Attribute reference
• Model groups reference
• Schema includes
• Schema imports
17. Which mechanisms for re-use in XML do you know? Briefly explain each
of them. (2010)
We can classify the mechanism to reuse XML into two types: Intra-XML reuse and
Inter-XML reuse.
The Intra-XML reusage refers to the mechanism that reuse a part of the same
document. In this case, the keyword "ref" is used.
The inter-XML reusage refers to the mechanism that reuse a part of other
document as their own. There are two types: "include" and "import".
When we use "include" we are reusing a part of other XML document without
changing its original namespace. But if we want to reuse parts of different
documents that have the same namespace, then the namespace collision could be
avoid using "import". With "import" we can merge the components of the
namespace and assign them new namespace
Intermediaries are the nodes that exist in the SOAP message path in between the
service requestor and the service provider. Their purpose is to process the header
part of the SOAP message thereby providing secured exchange of SOAP
messages, notarization, providing message tracing facilities etc. It therefore
provides horizontal extensibility
3. What are possible values of the role attribute in SOAP headers? Briefly
explain the meaning of its special values.
The possible values of the role attribute will be the URI of the intermediary node or
that of the ultimate service provider node.
Using the headers to add functionality for the SOAP messages is called as the
vertical extensibility. This can include adding information regarding the security,
routing, notarization etc. It is implemented over the middleware layer of the SOAP
binding framework.
Horizontal extensibility is the process of targeting the different parts of the same
SOAP message to different recipients. This is achieved through the intermediaries.
This is done in order to allow the processing of the header elements by different
nodes.
Header contains auxiliary information and itʼs optional. Body contains main
information. Header can contain authentication information, routing information,
actor/role attribute, mustUnderstand attribute, ...
The Body contains the actual SOAP message intended for the ultimate endpoint of
the message. The header contains informations that could be processed by
intermediate nodes.
The name of the request struct is the name of the method and arguments are puts
inside as elements.
The RPC convention said that the name of the response struct is the name of the
method with Response appended to the end.
There are two types of parameters that could be send in SOAP message: out and
inout.
1. Determine the set of roles that the node is to act. This is decided by going
through all the header elements.
2. Identify all the header blocks targeted at the node that are mandatory.
3. If any of the elements identified in the above step are not understood then
generate a SOAP fault message with code set to env:mustUnderstood. And
processing in stopped.
4. Process all mandatory headers targeted at the node. If the node is the ultimate
node then the body is also processed.
5. Relay the message if it is intermediary.
Feature is a semantic that has a name and a specification. Eg: security, reliable
messaging, quality of service etc. They are expressed by bindings and modules.
10. What is role in SOAP headers and what kind of information they usually
include?
Role specifies the node which has to process the header element. It is usually
denoted as a URI of the node. It can have some special values like none,
ultimateReceiver and next.
The HTTP POST operation is usually used by the SOAP message exchanges.
12. Explain what is Message Exchange Pattern (MEP)? What are standard
MEPs in SOAP?
MEPs are features that specify how many messages move around in a given
interaction, from where they originate and to where they terminate. The 2 standard
MEPs are
Request-Response MEP:
This involves a requesting node and a responding node. The requesting node
sends its requests in the form of a SOAP message. The responding node
processes this SOAP request and sends back the SOAP response message.
This involves a requesting node and a response node. The requesting node does
not necessarily send a SOAP message, so the responding node does not trigger
the SOAP processing model. But the response message will be a SOAP response
message.
The intermediary node processes header and the service provider processes both
header and the body.
14. In the class we considered the following guiding schema for selection of
data encoding in SOAP. Your task is to fill in cells which have question
mark (you can put labels into the cells and then refer to them)
<product
! soapenv:encodingStyle=”http://www.w3.org/2003/05/soap-encoding”>
The encoding is a set of rules to map that data model into XML to send by SOAP
message.
The feature is a semantic that has a name and a specification. For example, the
authentication feature or the colour feature.
The properties are pieces of states named with URI which affect the operation of
features. For example, for the security, the properties could be the username and
the password.
17. Explain how the same feature can be expressed by binding and by
modules.
A binding is a means for performing functions below the SOAP processing model;
and a module is a means for performing functions using the SOAP processing
model, via headers.
Using SOAP module it could provides encryption and signing of a SOAP message
across any binding.
Advantages of RESTful
• Lightweight: it doesn't require a lot of markup
• Easy to build: It doesn't required any toolkit.
• Low bandwidth consuming
Disadvantage of RESTful
• Service discovery: Client should know the address of the service.
• Not complex requirements: It cannot address complex requirements
• Not asynchronous mode: It cannot handle asynchronous processing and
invocation
• Mutual understanding: The service producer and the service consumer have to
had a mutual understanding of the context and the content.
Lecture 4: WSDL
Example of usage:
V0.4 Last modification: 29/05/2010! Page 20
Programming Web Services! Exam questions & Answeres
! <message name=”checkInvoiceRequest”>
! ! <part name=”invoiceNumber” type=”xsd:integer”/>
! </message>
The part in the above WSDL code refers to the invoice number parameter to be
sent to the web service.
The functional description defines details of how theWeb service is invoked, where
itʼs invoked, and so on.
This description is focused on details of the syntax of the message and how to
configure the network protocols to deliver the message.
The nonfunctional description provides other details that are secondary to the
message. For example, security policy or privacy policy.
Other example could be that It could instruct the requestorʼs runtime environment to
include additional SOAP headers
What: WSDL
Who: WS-Policy
Why: WS-Policy
Where: WSDL
How: WSDL and WS-
Policy.
5. Explain the differences between the “document” and “RPC” values of the
style attribute of the binding element. For which kind of “portType” you
should use a “document” style binding?
The style attribute of binding indicates that operations will follow a document-centric
approach or a RPC approach.
The document-centric approach means the body of the SOAP message is to be
interpreted as XML.
The RPC approach indicates that binding uses the Remote Procedure Call (RPC)
conventions for the SOAP body.
The document style should be only used when itʼs binding for portTypes that
reference messages that contain parts using the element attribute.
If a portType references a message whose parts use the type attribute, you should
define only RPC bindings for it.
It means that the policy assertions are re-written so that all the possible
combinations are considered. It usually begins with the wsp:ExactlyOne.
Example:
! <wsp:Policy ...>
! ! <wsp:All>
! ! ! <wsp:ExactlyOne>
! ! ! ! <nsSecurityAssertion wsp:Optional=”true” />
! ! ! ! <nsReliableMessagingAssertion />
! ! ! </wsp:ExactlyOne>
! ! ! <nsTransactionAssertion />
! ! ! <nsAuditAssertion />
! ! </wsp:All>
! </wsp:Policy>
V0.4 Last modification: 29/05/2010! Page 22
Programming Web Services! Exam questions & Answeres
Normalization: In normalization, the policy assertions are re-written so that all the
possible combinations are considered. It usually begins with wsp:ExactlyOne.
Merging: Union operation in set theory. It put together all the possible policies.
Intersection: It involves the merging of two policies into a single one where only
those policies that are common to both are considered.
We normalize the policy cause for merging and intersection itʼs easier do them if
the policy is already in normal form.
Merge is used when we have hierarchy of elements and each element has its own
policy. Then put all together we can create the join policy for all them.
The intersection is applied when the sender and the receiver have different policy,
and the policy can be applied only when both of them understand it. If one of them
cannot understand it, you cannot send the message. Then we can make
intersection of the policies and apply it both to the receiver and the sender.
11. Explain role of the binding element in a WSDL document. Which standard
binding extensions are defined in WSDL
Binding element defines how will the message be transmitted and what are SOAP-
specific details (message format and protocol details).
The standard binding extensions that are defined in WSDL are SOAP, HTTP GET/
POST operations, and MIME attachments.
1. All: This policy states that all of the assertions are in effect.
! Example:
! ! <wsp:Policy name=”PolicyExample1”
! ! ! TargetNamespace=”http://ww.skatestown.com/policies” >
! ! ! <wsp:all>
! ! ! ! <Assertion:A />
! ! ! ! <Assertion:B />
! ! ! ! <Assertion:C />
! ! ! </wsp:all>
! ! </wsp:Policy>
2. ExactlyOne: This policy states that ONLY ONE of the assertions A, B and C is
effect.
! Example:
! ! <wsp:Policy name=”PolicyExample2”
! ! ! TargetNamespace=”http://www.skatestown.com/policies” >
! ! ! <wsp:ExactlyOne>
! ! ! ! <Assertion: A />
! ! ! ! <Assertion:B />
! ! ! ! <Assertion:C />
! ! ! </wsp:ExactlyOne>
! ! </wsp:Policy>
3. OneOrMore: This policy states that some subset of the policy assertions listed as
child element is in effect.
4. Others: The operators can nest. Any of the Assertion elements can be replaced by
an operator.
Lecture 5: UDDI
Basic:
• A set of data structure specifications to store the metadata in the registry.
• A set of create, read, update and delete(CRUD) operations to manipulate the data
structure in the registry.
Metadata:
• Ownership and containment.
• Categorization
• A logical referencing mechanism.
Operations:
• Authentication for operations that change the registry.
• Open access for read and query operations.
In the first approach, the service provider sends the service description through
email, ftp or CD to the service requestor in accordance to a previously agreed
business partnership. This is a static and a very simple approach.
The UDDI approach provides the concept of point to a service definition. The
providers can define a taxonomical classification of their services, provide a
new technical model, reference an existing technical model which might later be
used by other service providers. The provider can change his service description
without changing the UDDI reference.
4. What are main data structures in the UDDI description? Explain briefly their
roles.
• businessServices:
• It describes a group of related Web service offered by a businessEntity.
• bindingTemplate:
• It provides technical information necessary to use a Web services.
• tModel:
• It acts as generic container for any kind of specification
• publisherAssertion:
• It defines a relationship between two or more businessEntity elements.
• Service interface -> tModel. As the service interface in the WSDL defines a
reusable definition of a service it corresponds to the tModel of the UDDI. If the
service interface definition contains more than one binding element then the
reference to the service interface may include a pointer to a specific WSDL
binding element.
• Service implementation -> businessService: The service implementation is
defined by the WSDL service element which corresponds to the businessService
element.
• Service location -> accessPoint: The web service location listed in the WSDL
port element must be the same as the accessPoint element in UDDI.
7. What is tModel and what is its role in UDDI? Give an example of its usage.
! ! ! ! tModelKey=”...sometModeKey...”>
! ! </categoryBag>
! </tModel>
Example:
! <tModel tModelKey=”...YahootModelKey...”>
! ! <name>Yahoo! Business Taxonomy</name>
! ! <description xml:lang=”en”>Yahoo! Business Taxonomy</description>
! ! <categoryBag>
! ! ! <keyedReference keyName=”Yahoo! category”
! ! ! ! keyValue=”categorization”
! ! ! ! tModelKey=”...sometModeKey...”>
! ! </categoryBag>
! </tModel>
! <categoryBag>
! ! <keyedReference keyName=”Sporting and Athletic Goods
Manufacturing”
! ! ! keyValue=”33992”
! ! ! tModelKey=”...NAICStModelKey...” />
! ! <keyedReference keyName=”New York”
! ! ! keyValue=”US-NY”
! ! ! tModelKey=”...ISO3166tModelKey...”>
! ! <keyedReference keyName=”Yahoo Business Taxonomy”
! ! ! keyValue=”Business_and_Economy/Shopping_and_Services/
Sports/
! ! ! ! ! ! ! skateboarding/
Deck_andTruck_Makers/”
! ! ! tModelKey=”...YahootModelKey”>
! </categoryBag>
To describe out identification we use the identifierBag. With that the users can
search (discover) your business with a specific identifier like D-U-N-S number.
Example:
<identifierBag>
V0.4 Last modification: 29/05/2010! Page 29
Programming Web Services! Exam questions & Answeres
! <keyedReference keyName=”DUNS”
! ! keyValue=”00-11-1111”
! ! tModelKey=”...D-U-N-StModelKey...” />
</identifierBag>
Lecture 6: WS-Security.
• WS-Security: It defines on
• how to include the security tokens in SOAP messages and
• how to protect messages with digital signatures and encryption.
• WS-policy: Provide a framework for describing Web services Meta-information.
• WS-Trust: It prescribes an interaction protocol to obtain Security Tokens Services.
• WS-SecureConversation: It defines a security context with which parties can
share a secret key to sign and encrypt parts of messages efficiently.
• WS-Federation: Provides a framework for federating multiple security domains.
• WS-Privacy: Provides a framework for describing the privacy policy of web
services.
• WS-Authorization: Defines on how to exchange the authorization information
among parties.
Key: In symmetric key the same key is used on both the sender and receiver side
to encrypt and decrypt messages. In asymmetric encryption the receiverʼs public
key is used to encrypt the message on the sender side and the receiverʼs private
key is used to decrypt the message on the receiver side.
Speed: The asymmetric encryption is much slower than symmetric encryption
technique.
Asymmetric encryption is suitable for web services. This is because the usage of
different keys ensures authorization.
Authentication and message integrity can be ensured by digital signatures which
implements asymmetric encryption.
3. What is a security model for web services? What are its purposes? What
are the elements of this model?
The user provides his authentication information namely user id and password only
once to access several applications within a certain interval of time. This is called
as single sign-on.
It defines a security context with which parties can share a secret key to sign and
encrypt parts of messages efficiently.
<wsse:Security
! xmlns:wsse=“http://schemas.xmlsoap.org/ws/2003/06/secext”>
! <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”>
! </Signature>
! <EncryptedKey xmlns=“http://www.w3.org/2001/04/enc-enc-enc#”>
! </EncryptedKey>
! <wsse:UsernameToken
! ! xmlns=“http://schemas.xmlsoap.org/ws/2003/06/secext”>
! </wsse:UsernameToken>
</wsse:Security>