Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.

Qusay H. Mahmoud CIS* Web Services Basic/Core (first generation) Standards –WSDL (interface description) –SOAP (service invocation) –UDDI (service management) Now that we have the standards, how to architect systems that use services to gain the benefits promised by SOA/WS

Qusay H. Mahmoud CIS* Web Services Many data formats are used in the enterprise world; difficult to collaborate at the application level Service reuse XML: offers platform-neutral view of data Web services enable interoperability through a set of XML-based standards –Businesses describe service in WSDL –Publish services in XML-based registry (UDDI) –Invoke services using XML-based protocol (SOAP)

Qusay H. Mahmoud CIS* WSDL Web Services Description Language –A standard to specify the interface of a service. Describes what functions the service provides, what parameters the functions require, and what results the functions return Describes a service using key elements: –A Port Type: defines “what” the service does, and is described by a number of operations, and each operation the data it sends/receives described by a Message –The Binding: define “how” the service is invoked –The Port: specifies the address “where” the service is located

Qusay H. Mahmoud CIS* WSDL Review the following slides from the password-protected IBM slides –Slides

Qusay H. Mahmoud CIS* SOAP Simple Object Access Protocol –A specification: how to provide parameter info to a service and how to receive result info Review the following slides from the password-protected IBM slides Review the following slides from the password-protected IBM slides –Slides

Qusay H. Mahmoud CIS* UDDI XML-based registries –A registry is a shared resource –XML registry doesn’t imply the use of XML database (XML standards play a significant role) –A key component in web services architecture –Not a directory (e.g. LDAP, JNDI). A registry has a rich metadata model and query capabilities Standards: –UDDI: University Description, Discovery and Integration (uddi.org) –ebXML (ebxml.org)

Qusay H. Mahmoud CIS* UDDI An XML-based registry that offers standard mechanisms for businesses to publish their services, discover other services Programmatic registration and discovery (APIs) Think of it as: –Yellow pages: Businesses can register themselves under different categories and classifications –White pages: Contain business address and contact information –Green pages: Contain technical information (enough to invoke a given service)

Qusay H. Mahmoud CIS* UDDI Yellow Pages (industrial categorizations) –Industry: NAICS (North American Industry Classification System) Example: Computer Training –Products and Services: UNSPSC (United Nations Standard Products and Services Code) –Location: ISO 3166 Geographic Taxonomy Provides geographic categorization of businesses and services (CA Canada, CA-BC British Columbia)

Qusay H. Mahmoud CIS* UDDI Information model contains four core elements –Business information: Described using businessEntity element (physical organization). Contains info such as name, description, and contacts. Supports yellow pages taxonomies –Service information: Described using businessService (groups related services offered by an organization) –Binding information: Described using bindingTemplate: provides instructions on how to invoke a remote service. Instructions can be in WSDL or text-based document –Info about specifications for services: Described using a tModel element (abstract representation of technical spec). A tModel has a name, publishing organization, and URL pointers to actual specifications

Qusay H. Mahmoud CIS* UDDI What is in the registry Source: IBM

Qusay H. Mahmoud CIS* UDDI The UDDI APIs are divided into two logical parts; they describe the SOAP messages used to published and discovery entries Publish API –Methods for publishing and updating registry info: save_business, save_service, save_binding, save_tModel: take authToken (if no other authentication is used) and one or more businessEntity elements –Methods for deleting info: delete_business, …,: take uuid key (generated by the registry when information was first published Inquiry API –Methods of querying the registry: find_service, get_businessDetail, get_serviceDetail, get_bindingDetail, get_tModelDetail

Qusay H. Mahmoud CIS* UDDI Searching the UDDI Source: IBM

Qusay H. Mahmoud CIS* UDDI Service Discovery –Programmatically, by using: Categorization (yellow pages) Identity information (white pages) Drill-down (once you have one of the four main data types, use that key to access full registered details Name patterns (wild cards:*, ?) –UDDI Browser Binding and Invocation –Get WSDL interface from tModel –Get port address from bindingTemplate –Construct WSDL instance and create service proxy –Invoke service

Qusay H. Mahmoud CIS* UDDI Issues –Public experimental servers (Microsoft, IBM, SAP), What about production-quality deployment & usage –How to determine if the data you get is legitimate and up to date? –QoS guarantee? –Access control to register and use data? –How to synchronize data in multi-registry environments? –How to select the best service? UDDI Version 3 provides some solutions –

Qusay H. Mahmoud CIS* UDDI Review the following slides from the password-protected IBM slides –Slides

Qusay H. Mahmoud CIS* UDDI WSRB (Web Service Repository Builder) Source: Al-Masri, E.; Mahmoud, Q.H.: A Framework for Efficient Discovery of Web Services across heterogeneous registries. Proceedings of IEEE CCNC’07

Qusay H. Mahmoud CIS* UDDI WSRB Crawler Engine

Qusay H. Mahmoud CIS* UDDI WSRB Results

Qusay H. Mahmoud CIS* ebXML A framework for B2B; a joint project between UN/CEFACT and OASIS Allows organizations to publish and discover information about businesses It stored –Collaboration-Protocol Profile (CPP): XML document describing information about a business and how it exchanges information with others –Collaboration-Protocol Agreement (CPA): XML document describing specific capabilities that two businesses have agreed to use in a business collaboration

Qusay H. Mahmoud CIS* ebXML Offers many unique features for e-business collaboration: –It can hold arbitrary content and not just metadata –Data validation improves integrity of data (URLs are checked before saved into registry) –Supports lifecycle management (versions, status, stability, expiration) of registry entries –Provides a security information model with digital signatures based authentication, authorization –…and others…

Qusay H. Mahmoud CIS* System Architecture We have the standards: –WSDL for interface description –SOAP for service invocation –UDDI for service management How to architect systems that use services to gain the benefits promised by SOA/WS The concept of a “service bus” – common carrier of web services invocation

Qusay H. Mahmoud CIS* Enterprise Service Bus Central to the workings of SOA/WS Source: IBM

Qusay H. Mahmoud CIS* Service Bus Another view Source: Papazoglou, M.P.; Service-Oriented Computing: Concepts, Characteristics and Directions

Qusay H. Mahmoud CIS* Challenges (bus based on SOAP/HTTP) Mediation –Messages can be transformed, and their content used to control aspects of transport –Allows enterprise to have control over how incoming requests are processed, and what information leaves the enterprise as a result –Provides a means of satisfying very specific security requirements –The bus provides a single point at which rules can be enforced

Qusay H. Mahmoud CIS* Challenges… Reliability –HTTP is very cheap to realize as a service bus –But HTTP is not a reliable protocol –Web browsing: has an order been placed? –Imagine a web service request to move money from one account to another –The use of HTTP as a protocol is not required. Any protocol that can carry a SOAP message from one point to another can be used as the service bus. Must allow services to maintain independence (e.g. location independence)

Qusay H. Mahmoud CIS* Challenges… Security –Largest ongoing challenge in history of Internet –HTTP is not a secure protocol –HTTPS encrypts the entire message. But useless for web services Encryption of entire message (bus needs to take actions based on content) Encryption/Decryption are slow –Several standardization efforts are addressing the security problem (we’ll discuss them in details later in the course)

Qusay H. Mahmoud CIS* Moving to SOA & Web Service Should be done incrementally Source: IBM