PWS Exam Questions 2005 - 2010 V0.4

Programming Web Services!
Exam questions & Answeres
ID2208 Programming Web Service

Exam questions & answers
Lecture 1: SOA and introduction:
1. What is Service Oriented Architecture (SOA)? Which roles and which

operations it assumes?
SOA is an architectural concept where the software components are modeled as
services.
These services will have a well-defined interface through which the other services
can interact with each other to achieve a business purpose. It enables the
publishing and consumption of software services.
The various roles played are as follows

Services Provider: These denotes the entity that develops and deploys the web
services at run-time, create the service description, publishes or registers the
service description to several service registries and handles the incoming service
invocations from service requesters. It can be viewed as the server side of the
client-server relationship, the handles the incoming requests from the service
requester.
Service Requester: This denotes the entity that consumes the web service. Its
responsibility is to find the service description from one or more services registries,
to invoke and bind to the appropriate service provider. It can be viewed as the
“client” side of the client-server relationship.
Service Registry: It acts as a match maker between the service provider and the
service requester. It allows the service provider to publish his service description in
its registry and allows the service requester to search and use the service
description.
The various operations in SOA:

Publish: It is an act of service registration and service advertisement that takes
place between the service provider and the service registry. This operation is done
by the service provider, in which it publishes the description of its web services on
the service registry thereby making it available for the service requesters. In simple
terms, it is an act of moving the web service description to the service registry's
structure.
Find: It is an act of service discovery that takes place between the service
requester and service registry. This operation is done by the service requester. The
service requester provides certain search parameters like type of service, quality of
service etc and the service registry returns those services descriptions that
matches the search criteria.
Bind: It is an act in which the service requester binds with the service provider
using the information from the provider's service description it obtained from the
service registry. It can either be sophisticated and dynamic or static. In this
V0.4 Last modification: 29/05/2010! Page 1

Programming Web Services! Exam questions & Answeres
operation, both the provider and requester communicate with each other directly
without the involvement of the service registry.
2. Show layers and associated Web Services technologies of a Web Service

interoperability stack
3. Is there any difference between SOA and Web services? Justify

The Web services is some kind of SOA. One of the differences is that the Web
services are based on message passing and XML, but SOA could use message
passing or Remote Method Invocation (RMI) or Remote Procedure Call (RPC).
4. Give advantages of Web services as a technology for software integration

a. Operate using open, text-based standards
b. Promote a modular approach to programming
c. Significantly reduce the cost of enterprise applications integrations and B2B
communications
d. Can be implemented incrementally
e. The usage of HTTP enables the web service messages to tunnel through
firewalls of different enterprises.
f. The usage of XML text-based formats for representation of messages
eliminates the byte-order concerns.
g. The expressive nature of attributes and nested elements in XML made it
easier to represent complex data structures.
h. The implementation of SOA style enabled the applications to locate and bind
with the service providers dynamically thereby providing maximum flexibility.
5. Firewalls present a special challenge to integrating inter-enterprise

systems. How is this problems solved for web services?

Firewalls allow the HTTP messages to pass through them. So, we write our own
XML text- based protocol message and place it on HTTP and send it across the
firewall. This approachof wrapping our SOAP message with the HTTP so that it can
safely pass through the firewall is called as HTTP Tunneling.
6. Explain what is “Software as a service”? What is its main difference with
traditional software? (2010)
Software as Service (Saas) is
a software application delivery model
where
• a software vendor develops a software application
• hosts the software application and
• operates the application
for use by its customers
The main difference between Saas and traditional software is that customers do not
pay for owning the software, but rather for using it.
7. Explain the difference between human-centric, application-centric and

automated web
Invocation: In human-centric approach the humans should invoke the service
explicitly. In application- centric, the middle ware layer invokes the service. In the
automated web, both the discovery! and invocation of service are done by the
middle ware layer.
Location: In human-centric approach, the humans should have a knowledge of the

exact location of the service. In both application-centric and automated web,
humans do not need to have the location of the service.
coupling: The human-centric approach is faster and tightly coupled, whereas both
application-centric and automated web are loosely coupled and relatively slower.
8. What are the advantages of web services technology over the traditional
distributed computing technologies like CORBA, RMI and COM ?
Invocation: CORBA / RMI / COM are synchronous method invocation techniques,

where as Web services are asynchronous.
Communication: Web services uses a simple text-based XML messaging to

communicate, whereas! CORBA / RMI / COM does not use XML messaging.
Coupling: CORBA / RMI / COM makes the application integration tightly coupled,
whereas Web services makes application integration loosely coupled thereby
allowing it to be highly flexible. - CORBA / RMI / COM support only RPC whereas
web services support both RPC and document-centric messaging.

Integration: CORBA / RMI / COM are suitable for intra-enterprise application

integration, whereas Web service is suitable for inter-enterprise application
integration.
9. Show the web services protocol stack.
10.Explain the interaction between service requester, SOAP, WSDL and UDDI
in realizing a web service application.
10.1 The service requester queries the UDDI registry to find a service
! matching the search parameters.
10.2 The UDDI returns the location of the WSDL for the appropriate service.
10.3 The requester accesses the WSDL and gets the necessary data to invoke
! and use the Web service.
10.4 The requester creates a SOAP-message request and sends it to the web
! service.
10.5 The web service processes the incoming SOAP-message !request and
! sends back the SOAP-message response to the service ! requester.
11.What are the various service discovery approaches? Explain their

advantages and disadvantages. Which of these approaches are being
used in SOA ? Service discovery approaches are:
• Registry approach.
• Registry first and the you can get some information.
• It has centralized register
• Indexed approach. (Google)
• They registry the index of services, like google.
• It doesn't has centralized register.
• Peer-To-Peer approach.
• Services stores in some nodes. Then it know some neighbors. When it has
to find some services, it ask to the neighbors. If they know, then finish; it
not, the neighbors will ask to their neighbors.
• Some times it can't guarantee that it can find the right services.
Registry approach is centralized and therefore faster than the other approaches. It
has the limitation that only the services registered in the registry are available.
Indexed approach involves the searching through out the web and therefore it is
slower. But the requester is left with a wider window of accessing many other web
services.
In Peer-To-Peer approach, the search is to be done on only those peers attached to

the registry. Thus it is relatively faster than indexed approach and relatively slower
than the registry approach. The requester can only access the services registered
in the peers.
SOA uses the registry approach.
12.List the properties of SOA?

1. Logical view of sources
2. Message exchange between requester and provider
3. Meta data description oriented
4. Small number of operations, large and complex messages
5. Network orientation
6. Platform neutral
13.What are the differences between Web services and Application Service
Providers?
Centralization: Web services is a decentralized approach. ASP is a centralized

approach.
Permission: The service requester needs the permission of ASP to use a service.
Whereas the service requester does not need the permission to use a service in a
web service.
Granularity: Web Services can have different granularity, but ASP cannot.
14.Compare the component based model and web service model.
Coupling: CB models are tightly coupled. WS models are loosely coupled.

Integration: CB models are for intra-enterprise applications. WS models are for
inter-enterprise applications.
Protocols and technologies: CB uses different protocols and technologies. The
Web services model uses common protocols and technologies.

Lecture 2: XML
1. Explain why do we have different XML parsing models?
It is because that XML parsing needs to do trade-off between memory efficiency,

computational efficiency and ease of programming.
2. What are the input(s) and output(s) of an XML Schema compiler? How
many times we need to invoke schema compiler during parsing?
Input(s): XML schema.

Output(s): un-marshaling and marshaling modules specific to the schema.
We need to invoke the XML schema compiler only once.
3. What are the main parsing models? Give their advantages and
disadvantages.
Parsing models are: Push, Pull, One-Step and Hybrid.

Push: (SAX)
• Advantages:
• Least usage of memory.
• Simple to handle.
• Disadvantage:
• It is a single-pass parsing technique hence no random access of nodes.
• It is read-only (in case of SAX).
Pull:
• Advantage:
• Disadvantage:
One-step:
• Advantage:
• Easy to manipulate XML documents.
• Parsing done in a single step.
• Disadvantage:
• More memory usage.
Hybrid:
• Advantage: Efficient usage of time and memory.
• Disadvantage:
Model Memory efficiency Computation Ease of program.

efficiency
Pull High Highest Low

Model Memory efficiency Computation Ease of program.

efficiency
Push (SAX) High High Low
One-Step Low Low High

(DOM)
Hybrid Medium Medium High
4. We considered 4 parsing models for XML. Briefly explain them and suggest
in which cases each of them is more suitable to use. (2010)
The parsing models are Push, Pull, One-Step and Hybrid.
Pull parsing:
• The application always has to ask the parser to give it the next piece of
information about the document.
• The XML community has not yet defined standard APIs for pull parsing.
Push parsing (SAX)

• The parser sends notifications to the application about the types of XML
document pieces.
• The push parsing is also commonly known as event-based parsing.
• Standard: Simple API for XML (SAX)
One-step parsing (DOM)

• The parser reads the whole XML document and generates a data structure
and describing its contents.
• The data structure is typically deeply nested
• The W3C has defined a Document Object Model (DOM)
Hybrid parsing
• This approach combines characteristics of the other three parsing models
• For example, combining pull parsing with one-step parsing.
• The application thinks itʼs working with a one-step parser, but as the
application keeps accessing more objects on the DOM tree, the parsing
continues incrementally.
5. What is the difference between import and include in XML schema reuse?
How?
Namespace collision: Using include you can retrieving the definitions but it makes
no namespace changes. Using import it merges schemas from multiple
namespaces into one schema. With import is possible to merge the contents of the

namespace into other namespace. You just have to specify the new namespace
when you are importing.
Different documents: With include, the fully qualified name of the elements needs
to be used. Then, if we include different document you cannot hide this fact.
Whereas on using import, this fact can be hidden cause we do not need to use the
fully qualified name.
6. What is well-formedness and what is validity of an XML document? Who

checks them and what kind of information is required for their checking?
An XML document is said to be well-formed if it is conformant with the XML syntax

rules.
An XML document is said to be valid if it is conformant with the applied format as

defined either in a Document Type Definition (DTD) document or a XML schema
document.
The XML parser checks for both well-formed ness and validity of the XML
document.
To check the well-formedness the parser needs the XML document alone.
To check the validity of the document the parser needs the XML document and
either its DTD or schema document.
7. Why might we need name spacing of attributes in an XML document? Give

an example.
We need name spacing of attributes for the following reasons.

• To avoid the recognition problem where the parser can understand the
semantic meaning of attributes.
• To avoid the collision problem where two identical attributes are used for
mentioning of distinct entities in the same document.
• To extend the information provided by an XML element without having to make
changes directly to its document type.
Consider a scenario where we have 2 elements “<order>” and “<item>”. If we need

to have an attribute named “priority” for both the elements. In order to clearly
understand their peculiar usage we need to use unique namespace for the attribute
in each element.
8. Show how you represent phone number “+46 8 790 04 13” in XML using
elements and using attributes? Give advantages and disadvantages of one
representation compare to another?

Using Elements: <ContactNo> <CountryCode>46</CountryCode> AreaCode>87</

AreaCode> <PhoneNo>900413</PhoneNo></ContactNo>
Using Attributes: <ContactNo CountryCode=”46” AreaCode=”87”
PhoneNo=”900413”> </ContactNo>
Some disadvantage of Attribute regard to elements are:

1. Not multiple values: It cannot contain multiple values
2. Not easily expansion: Itʼs not easily expandable
3. Not usable to describe structures
4. Harder to be manipulated by program code.
9. Compare advantages and disadvantages of DOM and SAX approaches to

XML parsing.
• DOM is in memory structure, SAX is not

• SAX is simpler than DOM in many ways
• SAX is event-based API
• DOM parser in space while SAX parses in time
10. Explain difference between document centric and data-centric XML.

Which one is used in Web Services? Compare them.
• Ratio markup: The ratio of markup to content in data-centric is much higher

than in document-centric XML
• Machine-generated: Data-centric often includes a machine-generated
information
• Structure: The document and tags are highly structured in data-centric.
• Data structure: Data-centric is easily related to a data structure
• Living Time: Data-centric usually living shorter time than document-centric
Data-centric XML is used in web services
11. Explain the idea of XML schema compiler.

The XML schema compiler is a tool that analyzes the XML schema and code-
generates the corresponding marshalling and un-marshalling modules.
It needs to be invoked only once.

Later the application can use the code-generated modules without requiring the
schema compiler.
12. What are the 2 XML processing techniques? Explain the differences
between them. Give examples for both.
The 2 processing techniques are

• Syntax oriented processing – SAX and DOM
• Data oriented processing - JAXB
XML Structure: Syntax oriented processing depends on the XML structure.

Applications have to work with elements, attributes and pieces of text. Whereas
data centric approach does not depend on the XML structure.
XML Schema compiler: Syntax oriented approach does not use any XML schema
compiler where data-centric uses XML schema compiler.
13. What is the difference between a pre-defined data type and constructed
data type.
Pre-defined data type are the data types that are already defined in the XML. eg:
string, positiveInteger, date, time etc.
Constructed data type can be any new data types which are constructed from the
pre-defined data types.
14. What is the difference between simpleType and complexType elements in

XML schema.
A simple element is an XML element that can contain only text. It cannot contain
any other elements or attributes.
A complex element is an XML element that contains other elements and/or

attributes.
15. Discuss about restrictions and extensions in XML schema.
Restriction implies that the values that an XML element contains are bound to
certain rules as defined in the schema document. For e.g. : The usage of
“xsd:enumeration” restricts the XML elementʼs values to limited set of values.
Similarly the usage if “xsd:pattern” restricts the XML elementʼs values to a certain
pattern.
Extensions imply that the existing functionality of an element can be extended to an

additional set of functionality as defined in the XML schema.
16. List the basic schema reusability mechanisms in XML schema? Explain
the difference between intra-document reusability and inter-document
reusability.
Reusability mechanisms:
• Element reference
• Attribute reference
• Model groups reference
• Schema includes
• Schema imports
In intra-document reusability the elements are reused in the same schema

document.
In inter-document reusability the elements of a schema document are reused in a
different document.
17. Which mechanisms for re-use in XML do you know? Briefly explain each
of them. (2010)
We can classify the mechanism to reuse XML into two types: Intra-XML reuse and
Inter-XML reuse.
The Intra-XML reusage refers to the mechanism that reuse a part of the same
document. In this case, the keyword "ref" is used.
The inter-XML reusage refers to the mechanism that reuse a part of other
document as their own. There are two types: "include" and "import".
When we use "include" we are reusing a part of other XML document without
changing its original namespace. But if we want to reuse parts of different
documents that have the same namespace, then the namespace collision could be
avoid using "import". With "import" we can merge the components of the
namespace and assign them new namespace
18. What is the role of “targetNamespace” attribute in XMl Schema

description?
The targetNameSpace attribute of a schema elements identifies the namespace of
the documents that will conform to the schema.
It indicate where the element defined by this schema come from.

19. Explain why do we have different XML parsing models?

The reasons there are so many different models for parsing XML have to do with
trade- offs between memory efficiency, computational efficiency, and ease of
programming.

Lecture 3.1: SOAP
1. Give advantages of using SMTP for transporting SOAP messages.
• Transfer context information: It has extensible headers that can be used to

transmit context information.
• Authentication: Both sending and receiving of e-mail messages can be
configured to require authentication.
• Multicast: E-mail can support one-to-one and one-to-many participant
configurations.
• Buffering and queueing: E-mail messaging is buffered and queued with
reliable dispatch.
• Scalability: The Internet e-mail server infrastructure is highly scalable.
2. What are intermediaries in SOAP and what is their purpose?
Intermediaries are the nodes that exist in the SOAP message path in between the
service requestor and the service provider. Their purpose is to process the header
part of the SOAP message thereby providing secured exchange of SOAP
messages, notarization, providing message tracing facilities etc. It therefore
provides horizontal extensibility
3. What are possible values of the role attribute in SOAP headers? Briefly
explain the meaning of its special values.
The possible values of the role attribute will be the URI of the intermediary node or
that of the ultimate service provider node.
The special values are

• next: It denotes that the header element should be processed by the next
intermediary node.
• none: It denotes that none of the nodes should process the header element.
The “mustUnderstand” attribute becomes ineffective for this role.
• ultimateReceiver: It denotes that the node at the receiving end of the SOAP
message path will process the body part. Omitting the role attribute or setting it
to “” also denotes that the message should be processed by the final node
4. What is vertical and horizontal extensibility in SOAP?
Using the headers to add functionality for the SOAP messages is called as the
vertical extensibility. This can include adding information regarding the security,
routing, notarization etc. It is implemented over the middleware layer of the SOAP
binding framework.

Horizontal extensibility is the process of targeting the different parts of the same
SOAP message to different recipients. This is achieved through the intermediaries.
This is done in order to allow the processing of the header elements by different
nodes.
5. Why do we place some information in the headers and some information in

the body of SOAP message? What is/are main criteria(s) for making
decision about such placement?
Header contains auxiliary information and itʼs optional. Body contains main
information. Header can contain authentication information, routing information,
actor/role attribute, mustUnderstand attribute, ...
The Body contains the actual SOAP message intended for the ultimate endpoint of
the message. The header contains informations that could be processed by
intermediate nodes.
6. Which predefined attributes of SOAP headers you know? Briefly explain

them?
Predefined attributes of headers are:

• Actor/role: It denotes the node in the SOAP message path that will process
the SOAP message. The role attribute can also have some special values as
follows.
• next: It denotes that the header element should be processed by the next
intermediary node.
• none: It denotes that none of the nodes should process the header
element. The “mustUnderstand” attribute becomes in-effective for this role.
• ultimateReceiver: It denotes that the node at the receiving end of the
SOAP message path will process the body part. Omitting the role attribute
or setting it to “” also denotes that the message should be processed by the
final node
• mustUnderstand: It indicates that the receiver processing the Header must or
not recognize the element. If the receiver does not recognize the element it will
fail when processing the Header.
7. What are RPC conventions in SOAP? How different types of parameters

are sent in SOAP messages?
The name of the request struct is the name of the method and arguments are puts
inside as elements.
The RPC convention said that the name of the response struct is the name of the
method with Response appended to the end.

There are two types of parameters that could be send in SOAP message: out and
inout.
8. Explain the SOAP processing model?
1. Determine the set of roles that the node is to act. This is decided by going
through all the header elements.
2. Identify all the header blocks targeted at the node that are mandatory.
3. If any of the elements identified in the above step are not understood then
generate a SOAP fault message with code set to env:mustUnderstood. And
processing in stopped.
4. Process all mandatory headers targeted at the node. If the node is the ultimate
node then the body is also processed.
5. Relay the message if it is intermediary.
9. What is a feature in SOAP? How can it be expressed?
Feature is a semantic that has a name and a specification. Eg: security, reliable
messaging, quality of service etc. They are expressed by bindings and modules.
10. What is role in SOAP headers and what kind of information they usually
include?
Role specifies the node which has to process the header element. It is usually
denoted as a URI of the node. It can have some special values like none,
ultimateReceiver and next.
11. What HTTP operation is usually used in SOAP exchanges?
The HTTP POST operation is usually used by the SOAP message exchanges.
12. Explain what is Message Exchange Pattern (MEP)? What are standard
MEPs in SOAP?
MEPs are features that specify how many messages move around in a given
interaction, from where they originate and to where they terminate. The 2 standard
MEPs are
Request-Response MEP:

This involves a requesting node and a responding node. The requesting node
sends its requests in the form of a SOAP message. The responding node
processes this SOAP request and sends back the SOAP response message.
SOAP Response MEP:
This involves a requesting node and a response node. The requesting node does
not necessarily send a SOAP message, so the responding node does not trigger
the SOAP processing model. But the response message will be a SOAP response
message.
13. What is the main difference in processing SOAP message by intermediary

node and by service provider node? (03 - 2010)
The intermediary node processes header and the service provider processes both
header and the body.
14. In the class we considered the following guiding schema for selection of
data encoding in SOAP. Your task is to fill in cells which have question
mark (you can put labels into the cells and then refer to them)

15. What is SOAP data model? Give an example.

The data model is an abstract representation of the data structures.
<product
! soapenv:encodingStyle=”http://www.w3.org/2003/05/soap-encoding”>

! <sku> 947-TI </sku>

! <name>Titanium glider </name>
! <type> skateboard </type>
! <desc> Street-style titanium </desc>
! <price> 129.00 </price>
! <inStock> 36 </inStock>
</product>
The encoding is a set of rules to map that data model into XML to send by SOAP
message.
16. Explain meaning of feature and properties in SOAP? Give an example.
The feature is a semantic that has a name and a specification. For example, the
authentication feature or the colour feature.
The properties are pieces of states named with URI which affect the operation of
features. For example, for the security, the properties could be the username and
the password.
17. Explain how the same feature can be expressed by binding and by
modules.
A binding is a means for performing functions below the SOAP processing model;
and a module is a means for performing functions using the SOAP processing
model, via headers.
For example, if we want to have a “security channel” feature, we might imagine a

SOAP binding to the HTTPS protocol, which would specify that it implements the
http://skatestown.com/secureChannel features. The binding specification would
indicate that it natively supports this feature.
Using SOAP module it could provides encryption and signing of a SOAP message
across any binding.
Lecture 3.2: RESTful
1. What are advantages and what are disadvantages of RESTful services in

comparison with Web services?
Advantages of RESTful
• Lightweight: it doesn't require a lot of markup
• Easy to build: It doesn't required any toolkit.
• Low bandwidth consuming

Disadvantage of RESTful
• Service discovery: Client should know the address of the service.
• Not complex requirements: It cannot address complex requirements
• Not asynchronous mode: It cannot handle asynchronous processing and
invocation
• Mutual understanding: The service producer and the service consumer have to
had a mutual understanding of the context and the content.

Lecture 4: WSDL
1.Draw a WSDL informational model
2. What is a purpose of having “parts” in the WSDL “messages”? Give an

example when this is used.
The part mechanism in WSDL is to decompose the WSDL messages in to simpler

units or parts.
Each part can be shown in different ways depending on the network protocol
chosen for the web service.
The part may be referred by the binding in order to specify the binding-specific
information about the part.
Example of usage:
! <message name=”checkInvoiceRequest”>
! ! <part name=”invoiceNumber” type=”xsd:integer”/>
! </message>
The part in the above WSDL code refers to the invoice number parameter to be
sent to the web service.
3. Explain difference between functional and non-functional Web service

description. Which WS-specifications can be used for each of them?
The functional description defines details of how theWeb service is invoked, where
itʼs invoked, and so on.
This description is focused on details of the syntax of the message and how to
configure the network protocols to deliver the message.
The nonfunctional description provides other details that are secondary to the
message. For example, security policy or privacy policy.
Other example could be that It could instruct the requestorʼs runtime environment to
include additional SOAP headers
WSDL can be used for functional description.

WS-Policy can be used for non-functional description. WS-Policy acts as a
container for security policies and other policies.
4. Which components of a WS description present answers to each of the

following questions
about the services:
what, who, why,
where, how?
What: WSDL
Who: WS-Policy
Why: WS-Policy
Where: WSDL
How: WSDL and WS-
Policy.

5. Explain the differences between the “document” and “RPC” values of the
style attribute of the binding element. For which kind of “portType” you
should use a “document” style binding?
The style attribute of binding indicates that operations will follow a document-centric
approach or a RPC approach.
The document-centric approach means the body of the SOAP message is to be
interpreted as XML.
The RPC approach indicates that binding uses the Remote Procedure Call (RPC)
conventions for the SOAP body.
The document style should be only used when itʼs binding for portTypes that
reference messages that contain parts using the element attribute.
If a portType references a message whose parts use the type attribute, you should
define only RPC bindings for it.
6. What does the binding element serve for WSDL description?
The binding element provides the concrete implementation of the WS interface

defined by the portType element. It denotes the protocol that will be used to bind
and send the SOAP messages, the style (RPC or document-centric) of the
message, operations and their corresponding messages to be sent and received.
7. Normal form in WS-Policy. What does it mean? Give an example of its

usage.
It means that the policy assertions are re-written so that all the possible
combinations are considered. It usually begins with the wsp:ExactlyOne.
Example:
! <wsp:Policy ...>
! ! <wsp:All>
! ! ! <wsp:ExactlyOne>
! ! ! ! <nsSecurityAssertion wsp:Optional=”true” />
! ! ! ! <nsReliableMessagingAssertion />
! ! ! </wsp:ExactlyOne>
! ! ! <nsTransactionAssertion />
! ! ! <nsAuditAssertion />
! ! </wsp:All>
! </wsp:Policy>
After the normalization, it will be like

!
! <wsp:Policy ...>
! ! <wsp:ExactlyOne>
! ! ! <wsp:All>
! ! ! ! <nsSecurityAssertion/>
! ! ! ! <nsTransactionAssertion />
! ! ! ! <nsAuditAssertion />
! ! ! </wsp:All>
! ! ! <wsp:All>
! ! ! ! <nsReliableMessagingAssertion />
! ! ! </wsp:All>
! ! ! <wsp:All>
! ! ! </wsp:All>
! ! </wsp:ExactlyOne>
! </wsp:Policy>
8. Explain policy normalization, merging and intersection. Why and when do

we need them?
Normalization: In normalization, the policy assertions are re-written so that all the
possible combinations are considered. It usually begins with wsp:ExactlyOne.
Merging: Union operation in set theory. It put together all the possible policies.
Intersection: It involves the merging of two policies into a single one where only
those policies that are common to both are considered.
We normalize the policy cause for merging and intersection itʼs easier do them if
the policy is already in normal form.
Merge is used when we have hierarchy of elements and each element has its own
policy. Then put all together we can create the join policy for all them.
The intersection is applied when the sender and the receiver have different policy,
and the policy can be applied only when both of them understand it. If one of them
cannot understand it, you cannot send the message. Then we can make
intersection of the policies and apply it both to the receiver and the sender.
9. What are major elements of WSDL specification?

10.What is role of targetNamespace attribute in WSDL definition?

Generally, the attribute targetNamespace defines how to form QName, portType,
and so on. And how to combine WSDL descriptions that span multiple files.
In Java and WSDL mapping, when the stub class is generated from binding, the
name of class, package is taken from targetNamespace.
11. Explain role of the binding element in a WSDL document. Which standard
binding extensions are defined in WSDL
Binding element defines how will the message be transmitted and what are SOAP-
specific details (message format and protocol details).
The standard binding extensions that are defined in WSDL are SOAP, HTTP GET/
POST operations, and MIME attachments.
12. What are WS-Policy operators? Briefly explain them.
The WS-Policy operators are:
1. All: This policy states that all of the assertions are in effect.
! Example:
! ! <wsp:Policy name=”PolicyExample1”
! ! ! TargetNamespace=”http://ww.skatestown.com/policies” >
! ! ! <wsp:all>
! ! ! ! <Assertion:A />
! ! ! ! <Assertion:B />
! ! ! ! <Assertion:C />
! ! ! </wsp:all>
! ! </wsp:Policy>

2. ExactlyOne: This policy states that ONLY ONE of the assertions A, B and C is
effect.
! Example:
! ! <wsp:Policy name=”PolicyExample2”
! ! ! TargetNamespace=”http://www.skatestown.com/policies” >
! ! ! <wsp:ExactlyOne>
! ! ! ! <Assertion: A />
! ! ! ! <Assertion:B />
! ! ! ! <Assertion:C />
! ! ! </wsp:ExactlyOne>
! ! </wsp:Policy>
3. OneOrMore: This policy states that some subset of the policy assertions listed as
child element is in effect.
4. Others: The operators can nest. Any of the Assertion elements can be replaced by
an operator.

Lecture 5: UDDI
1. What are the main registry requirements?
Basic:
• A set of data structure specifications to store the metadata in the registry.
• A set of create, read, update and delete(CRUD) operations to manipulate the data
structure in the registry.
Metadata:
• Ownership and containment.
• Categorization
• A logical referencing mechanism.
Operations:
• Authentication for operations that change the registry.
• Open access for read and query operations.
2. How information in UDDI can be conceptually categorized?
Using predefined categories:

• Businesses classification: Using the North American Industry Classification
System (NAICS)
• Product and service classification: the Universal Standard Product and
Services Classification (UNSPSC).
• Geographic location classification: the ISO 3166 standard
3. What are main mechanisms of Web services discovery? Briefly explain

each of them. Which of them is mainly used in web services discovery?
There are 4 mechanisms in web services discovery:

• Discovery through email, ftp, CD etc.
• Discovery at the point of offering.
• WSDL repository.
• UDDI
In the first approach, the service provider sends the service description through
email, ftp or CD to the service requestor in accordance to a previously agreed
business partnership. This is a static and a very simple approach.
In the point of offering mechanism, the service description is downloaded from a

formerly known list of services. This is an effective approach in statically settled
business agreements. But it is neither dynamic nor does offer a wide range of
choices for the service requestor.

The WSDL repository is a distributed approach where the service requestor

searches in a wide range of distributed repository of service descriptions. This
approach is much more dynamic.
The UDDI approach provides the concept of point to a service definition. The
providers can define a taxonomical classification of their services, provide a
new technical model, reference an existing technical model which might later be
used by other service providers. The provider can change his service description
without changing the UDDI reference.
The web services use the UDDI approach.
4. What are main data structures in the UDDI description? Explain briefly their
roles.
The main data structures are

• businessEntity:
• It describes an organization that provides web services.
• It contains references to one or more businessService
• businessServices:
• It describes a group of related Web service offered by a businessEntity.
• bindingTemplate:
• It provides technical information necessary to use a Web services.
• tModel:
• It acts as generic container for any kind of specification
• publisherAssertion:
• It defines a relationship between two or more businessEntity elements.
• Subscription (UDDI 3.0):

• Itʼs used to keep track of changes of entities.
5. Which changes will appear in the businessEntity element after the

invocation of the save_business operation for this businessEntity element
for the first time?
• A new business key

• A discovery URL
• An operator name: The name of the custodian who give it the key
• An authorized name: the name of the entity who published the information.
6. Explain how major WSDL elements map into UDDI elements?

• Service interface -> tModel. As the service interface in the WSDL defines a
reusable definition of a service it corresponds to the tModel of the UDDI. If the
service interface definition contains more than one binding element then the
reference to the service interface may include a pointer to a specific WSDL
binding element.
• Service implementation -> businessService: The service implementation is
defined by the WSDL service element which corresponds to the businessService
element.
• Service location -> accessPoint: The web service location listed in the WSDL
port element must be the same as the accessPoint element in UDDI.
7. What is tModel and what is its role in UDDI? Give an example of its usage.
A tModel is a generic container for any kind of specification.

It is used to define the technical specifications for a service.
Example of tModel:
<tModel tModelKey=”...YahootModelKey...”>
! ! <name>Yahoo! Business Taxonomy</name>
! ! <description xml:lang=”en”>Yahoo! Business Taxonomy</description>
! ! <categoryBag>
! ! ! <keyedReference keyName=”Yahoo! category”
! ! ! ! keyValue=”categorization”
! ! ! ! tModelKey=”...sometModeKey...”>
! ! </categoryBag>
! </tModel>
8. How to describe our classification or identification schema in UDDI? Give

an example.
To describe our classification we have to:

1. Define one tModel
2. reference that tModel in the categoryBag
Example:
! <tModel tModelKey=”...YahootModelKey...”>
! ! <name>Yahoo! Business Taxonomy</name>
! ! <description xml:lang=”en”>Yahoo! Business Taxonomy</description>
! ! <categoryBag>
! ! ! <keyedReference keyName=”Yahoo! category”
! ! ! ! keyValue=”categorization”
! ! ! ! tModelKey=”...sometModeKey...”>
! ! </categoryBag>
! </tModel>
! <categoryBag>
! ! <keyedReference keyName=”Sporting and Athletic Goods
Manufacturing”
! ! ! keyValue=”33992”
! ! ! tModelKey=”...NAICStModelKey...” />
! ! <keyedReference keyName=”New York”
! ! ! keyValue=”US-NY”
! ! ! tModelKey=”...ISO3166tModelKey...”>
! ! <keyedReference keyName=”Yahoo Business Taxonomy”
! ! ! keyValue=”Business_and_Economy/Shopping_and_Services/
Sports/
! ! ! ! ! ! ! skateboarding/
Deck_andTruck_Makers/”
! ! ! tModelKey=”...YahootModelKey”>
! </categoryBag>
To describe out identification we use the identifierBag. With that the users can
search (discover) your business with a specific identifier like D-U-N-S number.
Example:
<identifierBag>
! <keyedReference keyName=”DUNS”
! ! keyValue=”00-11-1111”
! ! tModelKey=”...D-U-N-StModelKey...” />
</identifierBag>
9. Explain the difference between registry-based and index-based service

discovery mechanisms.
Location: In registry-based approach all the service descriptions are published in a

common registry. Whereas in index based approach the service descriptions are
published at different locations.
static/dynamic finding: dIn registry-based approach, the service requestor has a

static knowledge on the location of the registry. In index based approach the
requestor should dynamically find for the location of several registries through some
search operations.
Limitation: In registry-based approach the requestor is bound to the limit of the

registry, whereas in index based approach the requestor is has no bounds as it can
search through the entire range of options available.

Lecture 6: WS-Security.
1. What are the purposes of each specification?
• WS-Security: It defines on
• how to include the security tokens in SOAP messages and
• how to protect messages with digital signatures and encryption.
• WS-policy: Provide a framework for describing Web services Meta-information.
• WS-Trust: It prescribes an interaction protocol to obtain Security Tokens Services.
• WS-SecureConversation: It defines a security context with which parties can
share a secret key to sign and encrypt parts of messages efficiently.
• WS-Federation: Provides a framework for federating multiple security domains.
• WS-Privacy: Provides a framework for describing the privacy policy of web
services.
• WS-Authorization: Defines on how to exchange the authorization information
among parties.
2. What is the difference between symmetric and asymmetric encryption?

Which one is more suitable for web services? Explain your answers.
Key: In symmetric key the same key is used on both the sender and receiver side
to encrypt and decrypt messages. In asymmetric encryption the receiverʼs public
key is used to encrypt the message on the sender side and the receiverʼs private
key is used to decrypt the message on the receiver side.
Speed: The asymmetric encryption is much slower than symmetric encryption
technique.
Asymmetric encryption is suitable for web services. This is because the usage of
different keys ensures authorization.
Authentication and message integrity can be ensured by digital signatures which
implements asymmetric encryption.
3. What is a security model for web services? What are its purposes? What
are the elements of this model?

The security model provides a model for a secured transaction of messages

between the service requestor and the service provider.
A third entity name security authority comes into play in order to provide security
token for the requestor.
Its purposes are

• To provide an abstract model that combines all the existing security mechanisms.
• To provide security tokens like the certificates to the service requestors.
• To provide authentication, authorization and message integrity.
Elements of this model are:

• Security Token Service
• Service Requestor
• Service Provider
• Security Tokens
• Claims
• Policy
4. What are security requirements for WS?
1. Privacy: The transmitted information has not been captured or passed to a

third party without your knowledge.
2. Integrity: Guarantee message not changed during the transmission.
3. Authentication: Guarantee the identity of the sender and the receive..
4. Authorization: manage access to protected resources.
5. Non-repudiation: Guarantee that the message sender cannot deny having
sent it.
6. Availability: Guarantee that the system operates continuously.
5. What is single sign-on? How is it achieved in Kerberos security

infrastructure?

The user provides his authentication information namely user id and password only
once to access several applications within a certain interval of time. This is called
as single sign-on.
Kerberos achieves Single sign-on as follows

1. The sender sends the user id and password to the KDC and gets a Ticket
Granting Ticket (TGT).
2. The sender now again sends the TGT to the KDC and gets a Service Ticket
(ST).
! ! The ST contains
• the senderʼs ID
• senderʼs session key and
• the TGT expiration time.
3. The sender send his/her message authenticated through the ST until the
expiration time, without using his/her username and password for each
transaction.
6. What is WS-Trust? Why do we need WS-Trust? What is the difference

between the usage of PKI and Kerberos in WS-Trust?
WS-Trust prescribes an interaction protocol to obtain security tokens from security

authorities.
We need WS-trust in order to establish trust relationships between security
authorities. (WS-Federation)
Differences between PKI and Kerberos

• In Kerberos, we request for the username for ourselves. In PKI, we request for the
certificate of others.
• In Kerberos, the token type is TGT where as in PKI the token type is certificate.
7. What is WS-SecurityPolicy and where is it mentioned?
WS-securityPolicy is a domain-specific language to represent policies for WS-

Security.
For example, you can describe your desired policy in such a way that a signature is
required on a particular element and that a particular element must be encrypted.
WS-SecurityPolicy will be usually mentioned under the WS-Policy of the Web

services description (WSDL) file.
8. What is WS-SecureConversation? What are the 3 ways to achieve it?
It defines a security context with which parties can share a secret key to sign and
encrypt parts of messages efficiently.

The Security Context Token can be created in the following ways.

1. A security token service issues the security context token.
2. One of the communicating parties issues the security context token.
3. Both the communicating parties negotiate with each other and agree on the
security context token.
9. Give a basic syntax of WS-Security.
<wsse:Security
! xmlns:wsse=“http://schemas.xmlsoap.org/ws/2003/06/secext”>
! <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”>
! </Signature>
! <EncryptedKey xmlns=“http://www.w3.org/2001/04/enc-enc-enc#”>
! </EncryptedKey>
! <wsse:UsernameToken
! ! xmlns=“http://schemas.xmlsoap.org/ws/2003/06/secext”>
! </wsse:UsernameToken>
</wsse:Security>

PWS Exam Questions 2005 - 2010 V0.4

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PWS Exam Questions 2005 - 2010 V0.4

Uploaded by

Copyright:

Available Formats

Programming Web Services!

Exam questions & Answeres

ID2208 Programming Web Service

Lecture 1: SOA and introduction:

1. What is Service Oriented Architecture (SOA)? Which roles and which

The various roles played are as follows

The various operations in SOA:

V0.4 Last modification: 29/05/2010! Page 1

2. Show layers and associated Web Services technologies of a Web Service

3. Is there any difference between SOA and Web services? Justify

4. Give advantages of Web services as a technology for software integration

5. Firewalls present a special challenge to integrating inter-enterprise

V0.4 Last modification: 29/05/2010! Page 2

7. Explain the difference between human-centric, application-centric and

Location: In human-centric approach, the humans should have a knowledge of the

Invocation: CORBA / RMI / COM are synchronous method invocation techniques,

Communication: Web services uses a simple text-based XML messaging to

V0.4 Last modification: 29/05/2010! Page 3

Integration: CORBA / RMI / COM are suitable for intra-enterprise application

9. Show the web services protocol stack.

11.What are the various service discovery approaches? Explain their

In Peer-To-Peer approach, the search is to be done on only those peers attached to

SOA uses the registry approach.

12.List the properties of SOA?

Centralization: Web services is a decentralized approach. ASP is a centralized

14.Compare the component based model and web service model.

Coupling: CB models are tightly coupled. WS models are loosely coupled.

V0.4 Last modification: 29/05/2010! Page 5

It is because that XML parsing needs to do trade-off between memory efficiency,

Input(s): XML schema.

We need to invoke the XML schema compiler only once.

Parsing models are: Push, Pull, One-Step and Hybrid.

Model Memory efficiency Computation Ease of program.

Pull High Highest Low

V0.4 Last modification: 29/05/2010! Page 6

Model Memory efficiency Computation Ease of program.

Push (SAX) High High Low

One-Step Low Low High

Hybrid Medium Medium High

The parsing models are Push, Pull, One-Step and Hybrid.

Push parsing (SAX)

One-step parsing (DOM)

V0.4 Last modification: 29/05/2010! Page 7

6. What is well-formedness and what is validity of an XML document? Who

An XML document is said to be well-formed if it is conformant with the XML syntax

An XML document is said to be valid if it is conformant with the applied format as

7. Why might we need name spacing of attributes in an XML document? Give

We need name spacing of attributes for the following reasons.

Consider a scenario where we have 2 elements “<order>” and “<item>”. If we need

V0.4 Last modification: 29/05/2010! Page 8

Using Elements: <ContactNo> <CountryCode>46</CountryCode> AreaCode>87</

Some disadvantage of Attribute regard to elements are:

9. Compare advantages and disadvantages of DOM and SAX approaches to

• DOM is in memory structure, SAX is not

10. Explain difference between document centric and data-centric XML.

• Ratio markup: The ratio of markup to content in data-centric is much higher

Data-centric XML is used in web services

11. Explain the idea of XML schema compiler.

V0.4 Last modification: 29/05/2010! Page 9

It needs to be invoked only once.

The 2 processing techniques are

XML Structure: Syntax oriented processing depends on the XML structure.

14. What is the difference between simpleType and complexType elements in