!!!. challenges with web services janarbek matai tel:010-6874-2268 mail:janarbek@icu.ac.kr

안녕하세요 !!!

Challenges with WEB SERVICESJanarbek Matai

Tel:010-6874-2268Mail:janarbek@icu.ac.kr

Contents

Motivation Technical Challenges Lack of Security at protocol level Lack of transaction management

capabilities Lack of Universal data definition Discovery of Services, Interoperability,

Execution of Composite Services.

Publish

(UD

DI)

WSDL

Service

ProviderWebService

Service

Requester

Find

(UDDI)

WSDLServic

eRegist

ry

Call(SOAP)

WebService

Descriptions

Why WS are not popular?

Motivation

Lack of Security at protocol level Lack of transaction management capabilities Lack of Universal data definition Discovery of Web services Inter-operability of Services Execution of Composed Service Service Portfolio challenges

Still problems not yet solved…!!!

Who are they?

Tim Berners LeeAlbert Einstein May be, you think you can not beat Einstein,

But you can still be scientist like Tim Berners Lee.

Web Service Security IssuesChallenge #1

Lack of Security at protocol level

Theory: This thing has 4 wheel drive But we only take it to the Mall

Practice: In this environment we need 4 wheel drive

Web: Firewalls, SSL

Web Services: Firewalls, SSL

Why Web Services Security is a Challenge HTTP SOAP APIs (dozens of methods for

hackers) Web Services are more complex than

Web Security must be “End-to-End”

Lack of security

The most critical issue limiting the widespread of WS

Without Security, Web Services are Dead on Arrival

Web Service Transaction

Challenge #2

What is a transaction? A transaction is the basic logical unit

of execution in an information system. A transaction is a sequence of operations that must be executed as a whole, taking a consistent (& correct) database state into another consistent (& correct) database state;

For example.

Database in a consistent state

begin Transaction end Transaction

Account A Fred Bloggs £1000

Account B Sue Smith £0 Account B Sue Smith £500

Account A Fred Bloggs £500

Transfer £500

Database in a consistent state

ACID CharacteristicsA. Atomicity: a transaction is an atomic unit

of processing and it is either performed entirely or not at all (Commit, Rollback)

C. Consistency Preservation: a transaction's correct execution must take the database from one correct state to another

I. Isolation/Independence: Each transaction is unaware of other ones executing concurrently.

D. Durability (or Permanency): The changes which have been made persist, even if there are system failures.

Transaction StateA transaction must be in one of thefollowing states:– Active: while the transaction is executing.– Partially committed: after the final statementhas been executed.– Failed: after the discovery that normalexecution can no longer proceed.– Aborted: after the transaction has been rolledback.– Committed: after successful completion.

Transaction Models in WS

ACID transaction -Commit, Rollback, not suitable for all WS Long running action- over a long duration Business process transaction -heterogeneous transaction domains together into

a single business-to-business transaction. OASIS-BTP: HP, Sun BEA, Oracle and others- does not address transaction interoperability WS-C/T: IBM, Microsoft and BEA -Not yet real world implemention

However,

None of these protocols has not yet been finalized and there is not overwhelming agreement between the various Web Services tool vendors on a standard.

Why WS Transaction is a challenge? Current mainstream Web services

standards do not provide a mechanism for handling synchronization across multiple enterprise applications.

For example, Cannot be committed or rolled back at atomic units if they span multiple services.

PC Build and Delivery Services

Casing, End-User peripherals Services

Transportation

Storage Supplier Services

Motherboard Motherboard etc..etc..Supplier Supplier ServicesServices

PC build example.

WS Transaction

Application Message

Transaction Protocol Message

SOAPSOAP

SOAP

SOAP

SOAPInternet

Motherboard etc. Supplier Service

Tx ParticipantS

OA

P S

erve

r

Storage S

upplier S

ervice

Tx Participant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Server

Transaction Coordinator

SOAP Server

PC

Build and

Delivery

Application

Tx AP

I

MS

SO

AP

S

erver

Transaction Coordinator

Activity

Motherboard Service

Storage Supply Service

External Peripheral Supply Service

Create Transaction

Create Transaction

Tx ID

Tx ID

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx IDTx IDTx ID

Purchase m/board etc.

Purchase m/board etc.

Enrol

Enrol

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx IDTx IDTx ID

Buy peripherals

Enrol

Enrol

Buy peripherals

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx IDTx IDTx ID

Enrol

Buy disks

Buy disks

Enrol

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx IDTx ID

Prepare

PreparePrepare

Prepare

Prepare

Prepare

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx IDCommit

Commit

Commit

Commit VoteCommit

Commit

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx ID

Com

mit

Commit

Commit

Commit

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx ID

Su

ccess

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Success

Or…

Tx IDTx ID

Prepare

PreparePrepare

Prepare

Prepare

Prepare

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx IDCommit

Cancel

Commit

Commit VoteCancel

Commit

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx ID

Cancel

Cancel

CancelInternet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Tx ID

Failed

Failed

Internet

Motherboard etc. Supplier Service

Tx Participant

SO

AP

Se

rve

r

Storage S

upplier S

ervice

Tx P

articipant

SOAP Server

Casing, End-user Peripherals

Service

Tx Participant

SO

AP

Se

rver

Transaction Coordinator

SOAP Server

PC

Build

and

Delivery

App

lication

Tx A

PI

MS

SO

AP

S

erver

Limitations of Current Transaction Traditional transactions are good for “short”-

duration activities.Seconds, minutes, …

Resources must remain locked for the duration of the transaction.

Early release of resources may cause cascade-rollback.

Coordinator failure may leave resources locked for extended periods. Implicit assumption of trust

Limitations of Current Transaction Traditional transactions implicitly assume:

Closely coupled environment. All entities involved in a transaction span a LAN, for example.

Short-duration activities. Must be able to cope with resources being locked for periods

Therefore, do not work well in either: Loosely coupled environments; Long duration activities.

Web Services are loosely coupled. B2B activities may be long in duration.

Transactions and Web Services Business-to-business interactions may

be complex.Involving many parties.Spanning many different

organisations.Potentially lasting for hours or days.

e.g., the process of ordering and delivering parts for a computer which may involve different suppliers, and may only be considered to have completed once the parts are delivered to their final destination.

B2B participants cannot afford to lock resources exclusively on behalf of an individual indefinitely. Potential for denial of service. Rules out the use of atomic transactions.

Could Existing Solutions be Applied? In a word, no. World is composed of closely coupled environments

glued together by loosely coupled infrastructure. We already have the closely coupled world tied up

EJB, CORBA, COM (DTC & MTS)

Even if closely coupled solutions could be tailored for Web Services they would have problems Firewalls!

Current protocols do not penetrate firewalls, even though many fine firewall products exist.

One company’s protocol may not interoperate with its partners’.

Web Services architecture is radically different from traditional component architectures.

Lack of Universal data definition

Challenge #3Purpose of WS:•Platform, language independent•Standardization•Application-to-Application•….

Lack of Universal data definition

Web Services rely on XML Schemas for standardizing data formats

There are no universal standards for representation of data

Companies create their own data formats (DTD/XSD)

Discovery of Web services for developers and consumers

Challenge #4 Key word based search

Services could be searched for in UDDI registries by providing keywords describing the service needs.

UDDI uses the classification of services, to provide efficient searches.

As searching UDDI is based on keywords and classifications, the resulting services might not match the service requirements

Ontology based search If services are described using ontologies, then searching based on onto

logies could yield better results.

Inter-operability of ServicesChallenge#5

Structural and Semantic heterogeneity existing between different Web services are needed to be resolved.

Structural heterogeneity Need to handle data mapping, for propagating data from one

service to another How to automate this data mapping ?

Semantic heterogeneity Need to understand the meaning of the terms employed in

the interface descriptions of the services and resolve the differences

Execution of Composed ServiceChallenge #6

A composed process can be enacted in two ways 1. Centralized manner

controller based Execution has the disadvantage of having a single controller coordinating t

he entire process Execution e.g., eFlow system

2. Distributed manner There is no controller involved, execution is based on coordinati

on of service providers complex to implement

Challenge #7

Challenge #7 will be emerge after solving

above problems.

Summary

Lack of Security, Transaction are most challenging problems limiting the widespread of Web Services

Existing or traditional solutions are not enough! There is not yet Universal data definition Discovery of Web services for developers and

consumers Inter-operability of Services Execution of Composed Service

But don’t forget…

Web Services will be the next generation of WEB.

References:

[1] S.Chatterjee, J. Wabber, “Developing Enterprise WS An Architect’s Guide”, Prenti

ce Hall. [2] Sami Bihiri and Olivier Perrin, Ensuring Required Failure Atomicity of Composite

WebServices, VandoeuvrelesNancy Cedex,France, 2005. [3] Luis Felipe Cabrera, “Web Services Atomic Transaction”, Microsoft

[4] A. Nagy and Sanjiva Weerawarana, “Web Services: Why and How”, IBM T.J. Wat

son Research Center 2002 [5] E. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S.

Thatte, D. Winer, \Simple Object Access Protocol (SOAP) 1.1", May 2000. Available at http://www.w3.org/TR/SOAP .

[6] D. Bunting et al. Web Services Transaction Management (WS-TXM) Version 1.0. Arjuna, Fujitsu,IONA, Oracle, and Sun, July 28, 2003.

Thank You!!!