Web Technologies And Services

Name: sravya
Cse 3rd year
Vidya Vikas Institute Of Technology
Email-id : [email protected]

Abstract
Web services are a new breed of Web application.
They are self-contained ,self-describing, modular
applications that can be published, located, and
invoked across the Web. Web services perform
functions, which can be anything from simple requests
to complicated business processes. … Once
a Web service is deployed, other applications (and
other Web services) can discover and invoke the
deployed service. The notion of web services captures
a recent technological development that aims at the
possibility to access services (i.e. applications)
through the Internet infrastructure (i.e. Web
standards). Technologically they represent only a
small change as compared to earlier
distributed computing standards, but the impact of this
new technology is considered as
being very high as it facilitates automated distributed
computing and information access by Here, the service requester is the client of the web
taking advantage of the ubiquitously available Web service, and the service provider is the host of the web
infrastructure. In particular on-demand service. A requester makes SOAP requests to the
use of software is considered as one of the important provider and the provider responses accordingly.
developments Web service technology
is going to support. A service registry can be thought of as a database of
web services. It has the definitions and URIs for web
services. Developers of web services can publish their
An Introduction to Web Services services to a service registry if they wish. After that
someone can query the registry and choose the service
Let's start learning about web services with the from the registry. Since a registry has all the
definition for web service as provided by W3C. information required to develop a web client,
According to them, a web service is a software developers can search and find necessary information
application which is identified by a URI, whose from a service registry using UDDI (Universal
interfaces and binding are capable of being defined, Description, Discovery and Integration).
described and discovered by XML using XML-based
messages via Internet-based protocols. An Introduction to Web Services - A closer
look at SOAP, WSDL and UDDI
A web service is usually identified by a URI (Unified
Recourse Identifier). A web service has WSDL (Web Up to this point we have learned about three elements
Service Description Language) definitions. To of web service platforms: SOAP, WSDL and UDDI. A
communicate with web services we need to use SOAP developer usually publishes the WSDL for their
messages, which are XML based messages transported services in the registry. A client can query the registry
over Internet protocols like HTTP, SMTP, and FTP. using UDDI and get the WSDL from the registry.
Web services can be better described with the After that the client can establish a connection with the
following diagram. service and send SOAP requests to the service, whose
response will also be SOAP messages.
SOAP is used for communication between A definition
applications via the Internet. SOAP is platform
independent. SOAP is also language independent; it is A web service is a programmable component that
based on XML. Each SOAP message has a mandatory provides a service and is accessible over the Internet.
SOAP envelope, and multiple optional attachments. A Web services can be standalone or linked together to
SOAP envelope consists of an optional SOAP header, provide enhanced functionality.
a mandatory body, and optional fault sections. Usually
a SOAP body contains the original requests or the
responses. Web services consist of methods that operate on
messages containing either document-oriented or
procedure-oriented information. An architecture that is
WSDL is an XML document, which is used to based on web services is the logical evolution from a
describe web services. WSDL is also used to locate system of distributed object-oriented components to a
web services. WSDL elements include the following: network of services. Web services provide a loosely
coupled infrastructure that enables cross-enterprise
Types integration.

• Data type definitions Web services differ from existing component object
models and their associated object model specific
Messages protocols, such as CORBA and IIOP, COM and
DCOM, and Java and RMI, in that the distributed
• Abstract, typed definitions of data being components are interfaced via non-object-specific
exchanged (Request/Response) protocols. Web services can be written in any language
and can be accessed using the familiar and firewall-
friendly HyperText Transport Protocol (HTTP).
Operations

• Abstract descriptions of an action

• Refer to input and/or output messages

Port type

• Collection of operations
• Abstract definition of a service

Binding

• Concrete protocol and data format for a

particular

Port

• Defines a single communication endpoint

• Endpoint address for binding

Service Figure 1. Web services stack

• Aggregate set of related ports As shown in Figure 1, web services consist of multiple
layers that, when stacked together, form the basis for a
standard mechanism for discovering, describing, and
UDDI is a directory for storing information about web
invoking the functionality provided by a standalone
services. UDDI is also a directory of web service
web service.
interfaces described by WSDL. UDDI communicates
via SOAP.
Protocol layer
At the bottom of the layered architecture model, any of The SOAP specification also defines bindings to
the standard Internet protocols may be used to invoke transport SOAP messages using the HTTP protocol.
web services over the network. The initial definition SOAP messages are uni-directional. Individual
focuses specifically on HTTP/1.1 (and the encrypted messages are typically combined to form a
HTTPS). request/response mechanism.

HTTP/1.1 is a text-based "request-response" style The SOAP message exchange model requires that
protocol, which specifies that a client opens a applications receiving a SOAP message execute the
connection to a server, then sends a request using a following sequence of actions:
very specific format. The server responds and, if
necessary, keeps the connection open. Other request- 1. Identify all the components of the SOAP
response style protocols, such as FTP and SMTP can message that are intended for this particular
also be used, though they are not yet defined in the application. Applications may act as SOAP
standards around web services. intermediaries and pass parts of the message
on to other applications.
Packaging layer 2. Verify that all the mandatory parts specified
in the SOAP message are supported by the
Simple Object Access Protocol (SOAP) is a application, and process them accordingly.
lightweight protocol designed for the exchange of 3. If the SOAP application is not the end
information. Focused on distributed, decentralized destination of the message, it should remove
environments, it provides a framework to invoke all the parts that the application consumes and
services across the Internet. It also provides the then forward the message to the next
mechanism for enabling cross-platform integration application the message is intended for.
independent of any programming language and
distributed object infrastructure. The SOAP encoding style uses both scalar types
(strings, integers, and so on) and compound types
SOAP represents the evolution of xml-rpc and has (structures and arrays). These types appear as elements
been adopted as an Internet standard. SOAP is text in an XML document. The data types defined in the
based (extensible Markup Language, or XML) and can XML schema specification, along with types derived
run over HTTP, making it better able to operate in the from those, can be used directly as SOAP elements.
face of firewalls than DCOM, RMI, or IIOP. SOAP is
also easy to implement on an embedded device, unlike Any robust messaging system must expect that faults
ORBs. may occur; SOAP is no exception. SOAP has a built-
in fault element that is used to carry error and status
SOAP does not define a programming model or information. Because it is based on XML, the fault-
implementation. Instead, it defines a modular reporting system of SOAP is highly extensible and
packaging model and the encoding mechanisms for quite flexible.
encoding data within modules. This allows SOAP to
be used in any number of systems ranging from The SOAP specification details the mechanisms used
message passing systems to remote procedure calls. to make remote procedure calls (RPC). The example in
Listing 1 actually invokes a remote procedure (in this
A SOAP message is XML-encoded and consists of case a web service called Event Service) by packaging
three parts: the parameters the procedure requires as a structure.
The response to a method invocation is also modeled
as a structure that contains the return value and
• An envelope, which provides the framework possibly the parameters (in the same order they were
for packaging message information passed).
• Encoding rules that define how messages
should be processed Web services and SOAP are two different things.
• An RPC representation that defines how to SOAP is simply one way to package and bind the
represent remote procedure calls and information required to invoke a web service. It
responses happens to be the method that is most commonly
associated with web services, but web services can be
invoked using other encoding techniques, such as
simple URL-encoded messages for bandwidth- The interface to web services is defined in the XML-
constrained scenarios. In addition, SOAP itself is not based Web Services Description Language (WSDL),
strictly relegated to web services. SOAP can be used which provides all of the information necessary for an
as an access mechanism for any type of remote objects application to access the specified service.
or procedures or as a simple message passing
mechanism. A WSDL document is an XML description of a web
service. WSDL takes great pains to promote
Information layer reusability. Several abstract and concrete elements are
combined to define the functionality and access
XML is a meta-language that enables cross-platform mechanisms of a web service. The following list
data interchange using a standard method for encoding enumerates the elements used to define a web service:
and formatting information. Unlike HyperText
Markup Language (HTML), XML lets you publish • types-containers for data type definitions can
information not only about how your data is be scalar or complex, currently based on the
structured, but also about what it means (that is, its XML schema
context). In addition, significant benefits accrue • message-an abstract, typed definition of the
through maintaining an XML document's structure, data being communicated
content, and presentation as three distinct components. • operation-an abstract description of an action
For example, part of the content of an HTML supported by the web service
document may look as follows: • port type-an abstract set of operations
supported by one or more end points
<b>Motor Failure</b> • binding-a concrete protocol and data format
specification for a particular port type
This instructs a browser to display the text string • port-a single endpoint that is an instantiation
"Motor Failure" as bold text. HTML is purely about of a port type in combination with a binding
formatting and display. XML takes it much further and and a network address
provides information about what the content is • service-a collection of related ports
describing, not just about how it looks. For example,
an XML document may take the same text but actually A web service is defined in a collection of ports,
apply a data type to it as follows: which, in turn, are a collection of abstract operations
and messages. Keeping the operations and messages
<FaultType>Motor Failure</FaultType> abstract allows them to be bound to different protocols
and data formats such as SOAP, HTTP GET/POST,
This format gives the interpreter of this document a or MIME.
clearer understanding of what the text signifies.
Discovery layer
Some people will tell you that all you need to do is
support XML in your devices to solve all of the The final, and optional, piece in the web services
world's problems. But XML is only a markup protocol stack is the Universal Description, Discovery,
language; supporting XML does not magically and Integration (UDDI) specification. UDDI offers a
integrate you into a host of business applications or way to publish information about web services, as well
make for a complete solution. XML may provide a as provide a mechanism to discover what web services
description of an event as a fault, but it does not are available. In essence, UDDI is a registration
provide the device or business logic that says what to system instantiated as a series of XML files, and
do when that fault occurs or how to ensure that the associated schema, which contain a description of a
fault indication is properly captured in one or more business entity and the web services that it offers. It is
enterprise applications. That is why the higher-level envisioned that there will ultimately be many public
concept of web services, which are based on XML, is UDDI registration servers distributed about the Web
so important. that continually replicate data amongst themselves.

Service layer The UDDI specification provides a programmatic

interface that allows a business to register a
web service and/or search through the
registry for a specific web service. Once the
 desired web service is identified, a pointer to you. There is also a service, the pharmacy store. The
the location of the WSDL document is central database of information is the Internet, through
provided. It is important to note that UDDI is which you find the location of the pharmacy. In the
entirely optional. Companies with web example, when you fire a search in the search engine,
services that want to limit specific your request is wrapped in a structure, whose language
functionality to people or devices of their is predetermined and localized, and then passed onto
choosing need not advertise their service the server running the search engine.
externally.
In Web Services, SOAP, UDDI, and WSDL represent
Problem Space Addressed by Web the roles mentioned in these steps.
Services
SOAP (Simple Object Access Protocol) is the method
Web Services is probably not the first solution to such by which you can send messages across different
a problem. RMI, COM, CORBA, EDI, and ebXML modules. This is similar to how you communicate with
also address the same problem space. So, what would the search engine that contains an index with the Web
make Web Services so special and different from the sites registered in the index associated with the
rest? keywords.

Web Services is based on the already existing and UDDI (Universal Description, Discovery, and
well-known HTTP protocol, and uses XML as the Integration) is the global look up base for locating the
base language. This makes it a very developer-friendly services. In the example mentioned earlier, this is
service system. However, most of the above- analogous to the index service for the search engine, in
mentioned technologies such as RMI, COM, and which all the Web sites register themselves associated
CORBA involve a whole learning curve. New with their keywords. It maintains a record of all the
technologies and languages have to be learnt to pharmacy store locations throughout the country.
implement these services.
WSDL (Web Services Definition Language) is the
Also, Web Services is based on a set of standardized method through which different services are described
rules and specifications, making it more portable. This in the UDDI. This maps to the actual search engine in
was not the case with the technologies mentioned our example.
earlier.
Figure 1.1 illustrates this concept.
Component Technologies of Web Services

Consider a scenario in which you need to locate a

particular pharmacy store in your area. You would not
go out on the road and ask every person you met the
way to the store. You might, instead, refer the Web
site of the pharmacy on the Internet. If you knew the
pharmacy's Web site, you would look it up directly
and find the location through the store locator link. If
not, you would go to a search engine and type out the
name of the pharmacy in the language that the search
engine was meant to recognize. After getting the
location, you would find the directions to the store,
and then go to the store.

The structure of Web Services is also very similar. Figure 1.1

Web Services provide for each of these previously
described activities.
Imagine if you had to maintain a copy of such
information for each and every service available in
If you carefully look at the preceding example, you your vicinity! With every change in your residence or
will see that there is a requestor or a consumer—that is your requirement, you would need to compile a new
list. The preceding example is a very simplified form applications using the XML, SOAP, WSDL and UDDI
of the Web Services environment. But, don't get fooled open standards over an Internet protocol backbone
by this. The scope of Web Services is not limited to
just a lookup service. So, how does Web Services XML
become important for the business world?
Short for Extensible Markup Language, a
Business Aspects of Web Services specification developed by the W3C. XML is a pared-
down version of SGML, designed especially for Web
Web Services in the business world, in the most documents. It allows designers to create their own
simplistic fashion, provides a mechanism of customized tags, enabling the definition, transmission,
communication between two remote systems, validation, and interpretation of data between
connected through the network of the Web Services. applications and between organizations.
For example, in case of a merger or an acquisition,
companies don't have to invest large sums of money SOAP
developing software to bring the systems of the
different companies together. By extending the
business applications as Web Services, the information Short for Simple Object Access Protocol, a lightweight
systems of different companies can be linked. These XML-based messaging protocol used to encode the
business systems then can be accessed by using simple information in Web service request and response
SOAP messages over the normal HTTP Web protocol. messages before sending them over a network. SOAP
For example, a manufacturing company requires some messages are independent of any operating system or
raw materials to be supplied whenever the material in protocol and may be transported using a variety of
stock reaches the threshold levels. These levels can be Internet protocols, including SMTP, MIME, and
constantly monitored by the business system of a HTTP.
trusted supplier, and promptly replenished, without
having to wait for a supervisor to notice it and WSDL
generate a work order.
Short for Web Services Description Language, an
There are many more important uses of Web Services. XML-formatted language used to describe a Web
These, again, depend on the requirement of your service's capabilities as collections of communication
company. Interested enough to find out more? In our endpoints capable of exchanging messages. WSDL is
next article, you will learn about the architecture of an integral part of UDDI, an XML-based worldwide
Web Services, the technology organization, the business registry. WSDL is the language that UDDI
protocols used, and the basic steps involved in uses. WSDL was developed jointly by Microsoft and
building a Web Services application. IBM.

Web services' distributed computing model allows UDDI

application-to-application communication. For
example, one purchase-and-ordering application could Short for Universal Description, Discovery and
communicate to an inventory application that specific Integration. It is a Web-based distributed directory
items need to be reordered. Because of this level of that enables businesses to list themselves on the
application integration, Web services have grown in Internet and discover each other, similar to a
popularity and are beginning to improve business traditional phone book's yellow and white pages.
processes. In fact, some even call Web services the
next evolution of the Web.
XML is used to tag the data, SOAP is used to transfer
the data, WSDL is used for describing the services
Web Services Technology available and UDDI is used for listing what services
are available. Used primarily as a means for businesses
Web services are built on several technologies that to communicate with each other and with clients, Web
work in conjunction with emerging standards to ensure services allow organizations to communicate data
security and manageability, and to make certain that without intimate knowledge of each other's IT systems
Web services can be combined to work independent of behind the firewall.
a vendor. The term Web service describes a
standardized way of integrating Web-based Security
Security has become a hot topic for Web services. provides a means for partner applications to share user
Because it is based on program-to-program authentication and authorization information. This is
interactions as opposed to human-to-program essentially the single sign-on (SSO) feature being
interaction, it is important for Web service security to offered by all major vendors in their e-commerce
address topics such as access control, authentication, products. In the absence of any standard protocol on
data integrity and privacy. Today the most common sharing authentication information, vendors normally
security scheme is SSL (Secure Sockets Layer), but use cookies in HTTP communication to implement
when it comes to Web services there are limitations SSO. With the advent of SAML, this same data can be
with SSL. The Web service technology has been wrapped inside XML in a standard way, so that
moving towards different XML-based security cookies are not needed and interoperable SSO can be
schemes for Web services. Some of the XML-based achieved.
securities include the following:
ebXML Message Service: The OASIS ebXML
XML digital signature: The XML Signature Message Service defines the message enveloping and
specification is a joint effort of W3C and IETF. XML header document schema used to transfer ebXML
Signatures provide integrity, message authentication messages over a communications protocol such as
and/or signer authentication services for data of any HTTP or SMTP and the behavior of software sending
type, whether located within the XML that includes and receiving ebXML messages.
the signature or elsewhere.
References:
XML Encryption: W3C's XML Encryption
specification addresses the issue of data confidentiality [1] Karl Aberer, EPFL-SSC, Laboratoire de systèmes
using encryption techniques. Encrypted data is d'informations rèpartis
wrapped inside XML tags defined by the XML
Encryption specification.
[2] Srinivas Koushik SVP, Enterprise Chief Technology
Officer Nationwide
XKMS (XML Key Management Specification): The
XML Key Management Specification (XKMS) [3] Juan Jose Rodriguez Hector Galan Marti
comprises two parts ‫ ׫‬the XML Key Information
Service Specification (X-KISS) and the XML Key
Registration Service Specification (X-KRSS). The X-
KISS specification defines a protocol for a Trust
service that resolves public key information contained
in XML-SIGelements. The X-KISS protocol allows a
client of such a service to delegate part or all of the
tasks required to process elements. The X-KRSS
specification defines a protocol for a web service that
accepts registration of public key information. Once
registered, the public key may be used in conjunction
with other web services including X-KISS.

SAML (Secure Assertion Markup Language):

SAML is an XML-based framework for
communicating user authentication, entitlement and
attribute information. As its name suggests, SAML
allows business entities to make assertions regarding
the identity, attributes, and entitlements of a subject
(an entity that is often a human user) to other entities,
such as a partner company or another enterprise
application. The OASIS Security Services Technical
Committee is in charge of defining, enhancing, and
maintaining the specifications that define SAML.

WS-Security (Web Services Security): Security

Assertion Markup Language (SAML) from OASIS