1. Reliable Messaging in the Real World Paul Fremantle Co-chair, OASIS WS-RX TC VP and Founder, WSO2 Inc OASIS Adoption Forum Ditton Manor, October 29 th -30 th 2007

2. Introductions Paul Fremantle  Co-chair of WS-RX Technical Committee  Co-founder and VP/Technical Sales, WSO2 WSO2  60 employees in Colombo, London, Mountain View  Pure Open Source company  Enterprise Service Bus, Registry  Support for OASIS standards in J2EE, C, PHP  Funded by Intel Capital

3. Strong Requirement for Reliability Strongest demand – after Security The requirement is not just for “SOAP services”  Customers are usually looking for a Secure Reliable Channel  Binary data (MTOM) is a key capability

4. Too much or too little choice? WS-RM WS-Reliability ebMS AMQP MQSeries JMS ActiveMQ

5. WS-R* at OASIS February 2003 WSRM TC formed to standardize WS-Reliability November 2004 – WS-Reliability standardized May 2005 – WSRX TC formed to unify WS- ReliableMessaging and WS-Reliability June 2007 – WSRM 1.1 approved as an OASIS Standard

6. Aims of WS-ReliableMessaging 1.1 Allow interoperable systems to exchange messages with assured delivery  In particular Exactly-Once In Order Or both sides alerted to failure Composable with other standards  WS-Addressing, WS-Security, WS- SecureConversation, SSL/TLS, WS-Policy Support one-way and two-way exchanges Optionally support two-way exchanges with NAT, firewalls, Internet configuration BUT NOT wire-level compatible between WSRM1.0/1.1

7. WSRM core model and terminology

8. How does it work? The core concept is a Sequence  Sender requests a sequence with CreateSequence  Messages allocated to the sequence  Receiver Acknowledges  Sender resend of unacknowledged messages  Finally TerminateSequence Effectively a Sequence is a contract to reliably deliver a set of messages

9. Simple example

10. Some aspects to take note of! Each sequence is unidirectional  Need two sequences to support two-way  Creation can be optimized with Offer Acknowledgements are for the whole sequence, not just individual messages Can be composed with SSL/TLS or SecureConversation to prevent sequence hijacking Durability is not part of the specification  But it IS an aspect of implementations

11. Sequence Hijacking and Security Concern that the sequence itself may be attacked  Famously happened to TCP/IP Prevented by “binding” a sequence to a specific security context  Only the creator of the sequence can post messages, request acknowledgements, terminate the sequence Explicit support for binding to:  SSL/TLS session  SecureConversation

12. WS-RM Policy Example

13. Anonymous clients When the client is using HTTP Request/Response and has no “contactable” URI For example when I’m sitting in Starbucks/Café Nero/etc using Wifi to connect Works for one-way reliability but not two- way One approach is to use another transport  SMTP, XMPP, YahooIM, SIP, etc

14. WS-MakeConnection 1.0 client CS+Offer(seq2) server CSR(seq1)+Accept msg1(seq1) response1(seq2) +ack(seq1) msg2(seq1) + ack(seq2) msg3(seq1) + ack(seq2) response3(seq2) + ack(seq1) MakeConnection(seq2) response2(seq2) The other approach is to use a “replay” model

15. Implementations IBM WebSphere 6.1 – WSRM1.0 and 1.1 Microsoft.NET 3.0 – WSRM1.0 .NET 3.5 beta – WSRM 1.1 support BEA WebLogic Server – WSRM1.0 SAP Netweaver PI 7.1 – WSRM1.0 (1.1?) Sun Project Tango – WSRM1.0 Apache Sandesha2 – WSRM1.0 and 1.1 WSO2 Web Services Application Server – WSRM1.0 and 1.1 WSO2 WSF/PHP – WSRM 1.0 and 1.1

16. Real-world interoperability PRESTO  French government sponsored interop  WSRM 1.0 + WS-Security + MTOM Danish Government OIO SOI  WSRM 1.0, Replay model  HTTP and SMTP  WS-Security .NET 3.0 and Apache Axis2/Sandesha2

17. Futures I predict much greater uptake of WSRM 1.1 in 2008  Based on more implementations and further “real-world” interop  WS-I RSP The OASIS TC is still open  Minor updates and errata  Conformance with WS-Policy 1.5  Likely to produce a 1.1.1/1.2

18. WS-I Reliable Secure Profile Creating a profile of:  OASIS WS-ReliableMessaging 1.1  OASIS WS-SecureConversation 1.3  WS-Addressing  MTOM (efficient binary)  Other Base profile aspects (SOAP, WSDL) http://www.ws-i.org/deliverables/workinggroup.aspx?wg=reliablesecure

19. Resources CoverPages overview on Reliability  http://xml.coverpages.org/reliableMessaging.html http://xml.coverpages.org/reliableMessaging.html Introduction to WS-RM  http://www.infoq.com/news/ws-rm-introduction http://www.infoq.com/news/ws-rm-introduction WS-RX website  http://www.oasis-open.org/committees/ws-rx http://www.oasis-open.org/committees/ws-rx Apache Sandesha2  http://ws.apache.org/sandesha/sandesha2/index.html http://ws.apache.org/sandesha/sandesha2/index.html WSO2 Web Services Application Server 2.1  http://wso2.com/products/wsas/ http://wso2.com/products/wsas/ Me!  http://pzf.fremantle.org http://pzf.fremantle.org  paul@wso2.com paul@wso2.com