Professional Documents
Culture Documents
WS-Standards and
Beyond
By
Kaushalye Kapuruge
Why open source?
Open source Vs Source open?
The community
The quality
The knowledge
Experts,Novice, Students, Professors,
Businessmen, Developers and of course lots
of geeks
2
Opensource the Apache Way
A community of developers and users
Organizational, Financial and Legal
support
Conferences
Many web services projects
Axis2, Rampart, Sandesha etc.
3
How can I get involved?
Users
Patches, Suggestions, Mailing lists
Committers
Project Management Committee
Project Leaders
4
Web Services
Lot’s of standards
SOAP, XML, MTOM, XOP, WS-
Addressing, WS-Security, WS-RM, WS-
Policy(No-way), WS-Federation, WS-MEX
etc…
Grrrr…
5
Introducing my friend, Mr Banda
Mr. Banda is an enthusiastic chap
He likes new techie stuff
Banda knows HTTP
Banda finds XML
Banda thinks
How to combine these two?
XML-RPC
6
XML as the message format
Banda is happy with it
<Message>Im Happy</Message>
But W3C accepts SOAP
All others talk about SOAP
Banda needs to try SOAP
SOAP over HTTP and SOAP over SMTP
<Envelope>
<Header></Header>
<Body> <Message>Im Happy</Message> </Body>
<Envelope>
7
Banda needs to send a movie
Use base64?
Too large
Performance?
Use MTOM + XOP
MTOM = Message Transmission Optimization
Mechanism
XOP = XML Optimized Packaging
As a MIME attachment
Banda is Happy!
8
Policy
Banda needs to send a message to Sanda
Sanda shows his policies
I need this… I need that…
You can’t encrypt but you must sign
9
Security?
Banda needs to send a secret message to
Sanda. So that Panda can’t read it
Banda knows HTTPS
Banda is Happy !
But Sanda needs to know it’s actually from
Banda
Non-repudiation (what?)
Banda needs to sign it
???
10
MLS vs TLS
11
More…
Now Banda can do more security stuff
Banda can encrypt a part of message so
that other intermediaries can view the rest
Banda can sign a part of message so that
others can sign other parts
Banda can add timestamps
Banda can use username tokens
12
Needs to speedup
Smart Banda use WS-Secure Conversation
Secure conversation use symmetric encryption
in contrast to traditional asymmetric encryption
Performance
More Security
Initial key (secret) exchange Asymmetric
Then both Banda and Sanda can derive keys
13
Trust?
Linda does NOT trust Banda but Linda Trusts
Sanda
Banda gets a token from Sanda and Give it to
Linda (WS-Trust)
Boar=? Flower=?
14
Federated Trust
Banda is crazy. He starts a company
Banda’s company collaborate with Linda’s
company
Linda doesn’t know Kanda, who works for Banda
Kanda needs to access Linda’s (Org) resources
???
WS-Federation
15
Reliability?
Banda needs to guarantee that there are
no losses in message while its on transit.
WS-Reliable Messaging
Protocols : how messages are delivered
reliably
16
Apache Ramaprt/C
A pluggable module that works with
Axis2/C
A quick example
17
Ramaprt/C not only in C
19
Beyond
Many web services standards
Semantic SOA
Adaptive services
Web services ecosystem
What’s the next BIG thing? Who knows?
20
Any burning questions?
21
Thank you
22
References
http://www.w3.org/
http://www.apache.org/
http://ws.apache.org/axis2/c/
http://ws.apache.org/rampart/c/
http://www.wso2.org/
http://www.ibm.com/developerworks/
23