!!!. challenges with web services janarbek matai tel:010-6874-2268 mail:[email protected]
TRANSCRIPT
안녕하세요 !!!
Contents
Motivation Technical Challenges Lack of Security at protocol level Lack of transaction management
capabilities Lack of Universal data definition Discovery of Services, Interoperability,
Execution of Composite Services.
Publish
(UD
DI)
WSDL
Service
ProviderWebService
Service
Requester
Find
(UDDI)
WSDLServic
eRegist
ry
Call(SOAP)
WebService
Descriptions
Why WS are not popular?
Motivation
Lack of Security at protocol level Lack of transaction management capabilities Lack of Universal data definition Discovery of Web services Inter-operability of Services Execution of Composed Service Service Portfolio challenges
Still problems not yet solved…!!!
Who are they?
Tim Berners LeeAlbert Einstein May be, you think you can not beat Einstein,
But you can still be scientist like Tim Berners Lee.
Web Service Security IssuesChallenge #1
Lack of Security at protocol level
Theory: This thing has 4 wheel drive But we only take it to the Mall
Practice: In this environment we need 4 wheel drive
Web: Firewalls, SSL
Web Services: Firewalls, SSL
Why Web Services Security is a Challenge HTTP SOAP APIs (dozens of methods for
hackers) Web Services are more complex than
Web Security must be “End-to-End”
Lack of security
The most critical issue limiting the widespread of WS
Without Security, Web Services are Dead on Arrival
Web Service Transaction
Challenge #2
What is a transaction? A transaction is the basic logical unit
of execution in an information system. A transaction is a sequence of operations that must be executed as a whole, taking a consistent (& correct) database state into another consistent (& correct) database state;
For example.
Database in a consistent state
begin Transaction end Transaction
Account A Fred Bloggs £1000
Account B Sue Smith £0 Account B Sue Smith £500
Account A Fred Bloggs £500
Transfer £500
Database in a consistent state
ACID CharacteristicsA. Atomicity: a transaction is an atomic unit
of processing and it is either performed entirely or not at all (Commit, Rollback)
C. Consistency Preservation: a transaction's correct execution must take the database from one correct state to another
I. Isolation/Independence: Each transaction is unaware of other ones executing concurrently.
D. Durability (or Permanency): The changes which have been made persist, even if there are system failures.
Transaction StateA transaction must be in one of thefollowing states:– Active: while the transaction is executing.– Partially committed: after the final statementhas been executed.– Failed: after the discovery that normalexecution can no longer proceed.– Aborted: after the transaction has been rolledback.– Committed: after successful completion.
Transaction Models in WS
ACID transaction -Commit, Rollback, not suitable for all WS Long running action- over a long duration Business process transaction -heterogeneous transaction domains together into
a single business-to-business transaction. OASIS-BTP: HP, Sun BEA, Oracle and others- does not address transaction interoperability WS-C/T: IBM, Microsoft and BEA -Not yet real world implemention
However,
None of these protocols has not yet been finalized and there is not overwhelming agreement between the various Web Services tool vendors on a standard.
Why WS Transaction is a challenge? Current mainstream Web services
standards do not provide a mechanism for handling synchronization across multiple enterprise applications.
For example, Cannot be committed or rolled back at atomic units if they span multiple services.
PC Build and Delivery Services
Casing, End-User peripherals Services
Transportation
Storage Supplier Services
Motherboard Motherboard etc..etc..Supplier Supplier ServicesServices
PC build example.
WS Transaction
Application Message
Transaction Protocol Message
SOAPSOAP
SOAP
SOAP
SOAPInternet
Motherboard etc. Supplier Service
Tx ParticipantS
OA
P S
erve
r
Storage S
upplier S
ervice
Tx Participant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Server
Transaction Coordinator
SOAP Server
PC
Build and
Delivery
Application
Tx AP
I
MS
SO
AP
S
erver
Transaction Coordinator
Activity
Motherboard Service
Storage Supply Service
External Peripheral Supply Service
Create Transaction
Create Transaction
Tx ID
Tx ID
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx IDTx IDTx ID
Purchase m/board etc.
Purchase m/board etc.
Enrol
Enrol
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx IDTx IDTx ID
Buy peripherals
Enrol
Enrol
Buy peripherals
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx IDTx IDTx ID
Enrol
Buy disks
Buy disks
Enrol
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx IDTx ID
Prepare
PreparePrepare
Prepare
Prepare
Prepare
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx IDCommit
Commit
Commit
Commit VoteCommit
Commit
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx ID
Com
mit
Commit
Commit
Commit
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx ID
Su
ccess
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Success
Or…
Tx IDTx ID
Prepare
PreparePrepare
Prepare
Prepare
Prepare
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx IDCommit
Cancel
Commit
Commit VoteCancel
Commit
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx ID
Cancel
Cancel
CancelInternet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Tx ID
Failed
Failed
Internet
Motherboard etc. Supplier Service
Tx Participant
SO
AP
Se
rve
r
Storage S
upplier S
ervice
Tx P
articipant
SOAP Server
Casing, End-user Peripherals
Service
Tx Participant
SO
AP
Se
rver
Transaction Coordinator
SOAP Server
PC
Build
and
Delivery
App
lication
Tx A
PI
MS
SO
AP
S
erver
Limitations of Current Transaction Traditional transactions are good for “short”-
duration activities.Seconds, minutes, …
Resources must remain locked for the duration of the transaction.
Early release of resources may cause cascade-rollback.
Coordinator failure may leave resources locked for extended periods. Implicit assumption of trust
Limitations of Current Transaction Traditional transactions implicitly assume:
Closely coupled environment. All entities involved in a transaction span a LAN, for example.
Short-duration activities. Must be able to cope with resources being locked for periods
Therefore, do not work well in either: Loosely coupled environments; Long duration activities.
Web Services are loosely coupled. B2B activities may be long in duration.
Transactions and Web Services Business-to-business interactions may
be complex.Involving many parties.Spanning many different
organisations.Potentially lasting for hours or days.
e.g., the process of ordering and delivering parts for a computer which may involve different suppliers, and may only be considered to have completed once the parts are delivered to their final destination.
B2B participants cannot afford to lock resources exclusively on behalf of an individual indefinitely. Potential for denial of service. Rules out the use of atomic transactions.
Could Existing Solutions be Applied? In a word, no. World is composed of closely coupled environments
glued together by loosely coupled infrastructure. We already have the closely coupled world tied up
EJB, CORBA, COM (DTC & MTS)
Even if closely coupled solutions could be tailored for Web Services they would have problems Firewalls!
Current protocols do not penetrate firewalls, even though many fine firewall products exist.
One company’s protocol may not interoperate with its partners’.
Web Services architecture is radically different from traditional component architectures.
Lack of Universal data definition
Challenge #3Purpose of WS:•Platform, language independent•Standardization•Application-to-Application•….
Lack of Universal data definition
Web Services rely on XML Schemas for standardizing data formats
There are no universal standards for representation of data
Companies create their own data formats (DTD/XSD)
Discovery of Web services for developers and consumers
Challenge #4 Key word based search
Services could be searched for in UDDI registries by providing keywords describing the service needs.
UDDI uses the classification of services, to provide efficient searches.
As searching UDDI is based on keywords and classifications, the resulting services might not match the service requirements
Ontology based search If services are described using ontologies, then searching based on onto
logies could yield better results.
Inter-operability of ServicesChallenge#5
Structural and Semantic heterogeneity existing between different Web services are needed to be resolved.
Structural heterogeneity Need to handle data mapping, for propagating data from one
service to another How to automate this data mapping ?
Semantic heterogeneity Need to understand the meaning of the terms employed in
the interface descriptions of the services and resolve the differences
Execution of Composed ServiceChallenge #6
A composed process can be enacted in two ways 1. Centralized manner
controller based Execution has the disadvantage of having a single controller coordinating t
he entire process Execution e.g., eFlow system
2. Distributed manner There is no controller involved, execution is based on coordinati
on of service providers complex to implement
Challenge #7
Challenge #7 will be emerge after solving
above problems.
Summary
Lack of Security, Transaction are most challenging problems limiting the widespread of Web Services
Existing or traditional solutions are not enough! There is not yet Universal data definition Discovery of Web services for developers and
consumers Inter-operability of Services Execution of Composed Service
But don’t forget…
Web Services will be the next generation of WEB.
References:
[1] S.Chatterjee, J. Wabber, “Developing Enterprise WS An Architect’s Guide”, Prenti
ce Hall. [2] Sami Bihiri and Olivier Perrin, Ensuring Required Failure Atomicity of Composite
WebServices, VandoeuvrelesNancy Cedex,France, 2005. [3] Luis Felipe Cabrera, “Web Services Atomic Transaction”, Microsoft
[4] A. Nagy and Sanjiva Weerawarana, “Web Services: Why and How”, IBM T.J. Wat
son Research Center 2002 [5] E. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S.
Thatte, D. Winer, \Simple Object Access Protocol (SOAP) 1.1", May 2000. Available at http://www.w3.org/TR/SOAP .
[6] D. Bunting et al. Web Services Transaction Management (WS-TXM) Version 1.0. Arjuna, Fujitsu,IONA, Oracle, and Sun, July 28, 2003.
Thank You!!!