![Page 1: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/1.jpg)
Apr 10, 2023 HL7 Working Group Meeting – October 2002
XML Web Services Standards
Roberto [email protected] Technical StrategistMicrosoft Corporation
Mark [email protected] ConsultantMicrosoft Corporation
![Page 2: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/2.jpg)
2Apr 10, 2023 HL7 Working Group Meeting – October 2002
Objectives of This Presentation
Educate on WS-Standards WS-Standards design philosophy WS-Standards overview Drill down on WS-Security
Educate on the industry efforts around WS-Standards
Interoperability What is coming
Discuss next steps
![Page 3: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/3.jpg)
3Apr 10, 2023 HL7 Working Group Meeting – October 2002
Web Services ArchitectureExtending the Foundation
SOAP (Logical Messaging Model)SOAP (Logical Messaging Model)SOAP (Logical Messaging Model)SOAP (Logical Messaging Model)
XML, Encoding, and TransportsXML, Encoding, and TransportsXML, Encoding, and TransportsXML, Encoding, and Transports
FoundationFoundationFoundationFoundationWSDL and UDDI (Web Services Description and Directory)WSDL and UDDI (Web Services Description and Directory)WSDL and UDDI (Web Services Description and Directory)WSDL and UDDI (Web Services Description and Directory)
DescriptionDescriptionDescriptionDescription AttachmentsAttachmentsAttachmentsAttachments RoutingRoutingRoutingRouting SecuritySecuritySecuritySecurity
PrivacyPrivacyPrivacyPrivacyExtended Extended FoundationFoundation
Secure, Secure, Reliable,Reliable,
TransactedTransacted
Extended Extended FoundationFoundation
Secure, Secure, Reliable,Reliable,
TransactedTransacted
FederationFederationFederationFederation Reliable Reliable MessagingMessagingReliable Reliable
MessagingMessaging TransactionsTransactionsTransactionsTransactions
![Page 4: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/4.jpg)
4Apr 10, 2023 HL7 Working Group Meeting – October 2002
WS-* Standards Design Principles
Modular and composable Factored to stand alone or work together
General-purpose Agnostic to place it is running or originated
Federated No central point of administration, control, failure
Standards-based Multi-vendor interoperation critical
44
![Page 5: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/5.jpg)
5Apr 10, 2023 HL7 Working Group Meeting – October 2002
Modular
Provides a framework for SOAP/WSDL extensibility
These protocols augment domain-specific protocols (e.g., healthcare)
Designed to supercede and integrate with many of the industry specs today
Defined by composable SOAP headers and SOAP message
The specifications combined for end-to-end capabilities
![Page 6: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/6.jpg)
6Apr 10, 2023 HL7 Working Group Meeting – October 2002
Modular: Example
<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header>
<!-- A Simple Quote Web Service -->
</S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body></S:Envelope>
<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <m:path xmlns:m="http://schemas.xmlsoap.org/rp"> <m:action>http://tickers-r-us.org/getQuote</m:action> <m:to>soap://tickers-r-us.org/stocks</m:to> <m:from>mailto:[email protected]</m:from> <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id> </m:path>
</S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body></S:Envelope>
SOAPSOAPMessageMessage
Security and
License
Routing
<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header>
<wssec:credentials xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security"> <wslic:binaryLicense xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses" wslic:valueType="wslic:x509v3" xsi:type="xsd:base64Binary"> dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wslic:binaryLicense> </wssec:credentials> </S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body></S:Envelope>
<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <m:path xmlns:m="http://schemas.xmlsoap.org/rp"> <m:action>http://tickers-r-us.org/getQuote</m:action> <m:to>soap://tickers-r-us.org/stocks</m:to> <m:from>mailto:[email protected]</m:from> <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id> </m:path> <wssec:credentials xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security"> <wslic:binaryLicense xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses" wslic:valueType="wslic:x509v3" xsi:type="xsd:base64Binary"> dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wslic:binaryLicense> </wssec:credentials> </S:Header> <S:Body> <tru:StockSymbol xmlns:tru="http://tickers-r-us.org/payloads"> QQQ </tru:StockSymbol> </S:Body></S:Envelope>
![Page 7: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/7.jpg)
7Apr 10, 2023 HL7 Working Group Meeting – October 2002
General-Purpose
Universal communications
Across organizations Across machines Across process
Flexible communications Extensible headers Extensible body Transport protocol neutral
Platform neutral Devices Desktops Clusters Datacenters
Application category neutral
Enterprise Application Integration
Business-to-Business Business-to-Consumer Peer-to-Peer
Applies to HL7 2.x, 2.XML, v3.0, CDA, CCOW, X12N (HIPAA)
![Page 8: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/8.jpg)
8Apr 10, 2023 HL7 Working Group Meeting – October 2002
Federated
Fully distributed Crosses organization and trust domains
Can be inspected by firewalls
Does not require centralized servers or administration
Will sometimes require “edge” software to do protocol translation, security work, routing, etc.
![Page 9: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/9.jpg)
9Apr 10, 2023 HL7 Working Group Meeting – October 2002
Standards-Based
Industry commitment to Publishing specifications Working with partners to refine specifications Working with partners, customers, and
standards bodies for broad adoption
Different standards bodies for different specs, based on the spec
![Page 10: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/10.jpg)
10Apr 10, 2023 HL7 Working Group Meeting – October 2002
Interop PriorityWS-i.org
An open industry effort Industry initiative focused on promoting Web services
interoperability Organization formed by industry leaders Open membership and participation
Based on partnerships Symbiotic relationship with other standards organizations
through integration of their outputs Goal: Enable interoperability across platforms,
applications, and programming languages Success will accelerate adoption and deployment of
Web services
![Page 11: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/11.jpg)
11Apr 10, 2023 HL7 Working Group Meeting – October 2002
![Page 12: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/12.jpg)
Apr 10, 2023 HL7 Working Group Meeting – October 2002
So, What Has Been Delivered
To Date?
![Page 13: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/13.jpg)
13Apr 10, 2023 HL7 Working Group Meeting – October 2002
WS-RoutingSubmitted to W3C
A SOAP-based, stateless protocol for exchanging one-way SOAP messages from an initial sender to the ultimate receiver, potentially via a set of intermediaries
Also provides an optional reverse message path enabling two-way message exchange patterns like:
Request/response Peer-to-peer conversations Return of message acknowledgements, faults
![Page 14: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/14.jpg)
14Apr 10, 2023 HL7 Working Group Meeting – October 2002
DIME And WS-AttachmentsSubmitted to IETF
Direct Internet Message Encapsulation (DIME)
A lightweight, binary message format that can be used to encapsulate one or more application-defined payloads of arbitrary type and size into a single message construct
Each payload is described by a type, a length, and an optional identifier
WS-Attachments is how to encapsulate SOAP in DIME
![Page 15: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/15.jpg)
15Apr 10, 2023 HL7 Working Group Meeting – October 2002
WS-SecuritySubmitted to OASIS
A specification for proposed SOAP extensions to be used when building secure Web services.
Supercedes the following specifications•SOAP-SEC•Microsoft’s WS-Security, WS-License•IBM’s security token and encryption
Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP…
End-to-end message-level security Defined schema
Designed to be composed with other Web service protocols
![Page 16: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/16.jpg)
Apr 10, 2023 HL7 Working Group Meeting – October 2002
A Couple of Details…
![Page 17: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/17.jpg)
17Apr 10, 2023 HL7 Working Group Meeting – October 2002
New SOAP ElementsWS-Security New
<Security> Header• <Security SOAP:actor="...">• SOAP:actor is optional• One header per actor• All security information together
Including and referencing security tokens• <UsernameToken>• <BinarySecurityToken>• <SecurityTokenReference>
Existing XML Signature XML Encryption Token formats (e.g., X.509, Kerberos, XrML, SAML)
![Page 18: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/18.jpg)
18Apr 10, 2023 HL7 Working Group Meeting – October 2002
Simple Example
Requesting a stock quote Security token indicates username Signature uses key generated
from password
![Page 19: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/19.jpg)
19Apr 10, 2023 HL7 Working Group Meeting – October 2002
Simple Example (1 of 2)
(001) <?xml version="1.0" encoding="utf-8"?>(002) <S:Envelope xmlns:S=“.../soap-envelope“ xmlns:ds=“…/xmldsig#">(003) <S:Header>(004) <m:path xmlns:m="http://schemas.xmlsoap.org/rp/">(005) <m:action>http://fabrikam.org/getQuote</m:action>(006) <m:to>http://fabrikam.org/stocks</m:to>(007) <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>(008) </m:path>(009) <wsse:Security xmlns:wsse=“…/secext">(010) <wsse:UsernameToken Id="MyID">(011) <wsse:Username>Zoe</wsse:Username> (012) </wsse:UsernameToken>(013) <ds:Signature>(014) <ds:SignedInfo>(015) <ds:CanonicalizationMethod Algorithm=".../xml-exc-c14n#"/>(016) <ds:SignatureMethod Algorithm=".../xmldsig#hmac-sha1"/>
![Page 20: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/20.jpg)
20Apr 10, 2023 HL7 Working Group Meeting – October 2002
Simple Example (2 of 2)
(017) <ds:Reference URI="#MsgBody">(018) <ds:DigestMethod Algorithm="http://.../xmldsig#sha1"/>(019) <ds:DigestValue>LyLsF0Pi4wPU...</ds:DigestValue>(020) </ds:Reference>(021) </ds:SignedInfo>(022) <ds:SignatureValue>DJbchm5gK...</ds:SignatureValue>(023) <ds:KeyInfo>(024) <wsse:SecurityTokenReference>(025) <wsse:Reference URI="#MyID"/>(026) </wsse:SecurityTokenReference>(027) </ds:KeyInfo>(028) </ds:Signature>(029) </wsse:Security>(030) </S:Header>(031) <S:Body Id="MsgBody">(032) <tru:StockSymbol xmlns:tru=“…">QQQ</tru:StockSymbol>(033) </S:Body>
![Page 21: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/21.jpg)
Apr 10, 2023 HL7 Working Group Meeting – October 2002
What’s Coming?
![Page 22: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/22.jpg)
22Apr 10, 2023 HL7 Working Group Meeting – October 2002
Security Roadmap Specs
Federated security Authentication and authorization Security protocol independent Brokered (aka Transitive) trust
SecuritySecurity
PrivacyPrivacyTrustTrustPolicyPolicy
AuthorizationAuthorizationFederationFederationSecureConversationSecureConversation
SOAP FoundationSOAP Foundation
TodayToday
![Page 23: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/23.jpg)
23Apr 10, 2023 HL7 Working Group Meeting – October 2002
Messaging
Includes WS-Routing in familyRouting virtualizes the network
Transport-independent addressing End-to-end versus hop-by-hop model
Reliable Messaging model multi-message conversations
Resilient in face of multi-hop routing Supports multiple QOS levels (e.g. in order, no duplicates, etc.)
![Page 24: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/24.jpg)
24Apr 10, 2023 HL7 Working Group Meeting – October 2002
Transactions And Coordination
Models distributed agreement in terms of transactions
Short-lived transactions use two-phase commit
Common in DBMS and OLTP worlds
Long-lived/x-trust-domain transactions use coordinated compensation
Common in workflow/EAI world
![Page 25: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/25.jpg)
25Apr 10, 2023 HL7 Working Group Meeting – October 2002
Business Processes
Business Process Execution Language (BPEL4WS)
Proposed by the Microsoft, IBM and BEABuilt on top of WS-TransactionsA language for formally describing
interoperable business processes and business interaction protocols
In short, it is a language for enabling the orchestration of web services to specify business processes
Supercedes XLANG (MS) and WSFL (IBM)
![Page 26: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/26.jpg)
26Apr 10, 2023 HL7 Working Group Meeting – October 2002
Work with horizontal standards Restrict the domain by limiting the scope and imposing
additional policies Provide feedback to the standards to improve healthcare
“friendliness”
Benefit from widely available technologies On many platforms Many implementations on the same platform Vendors investing big $$$
How do WE Take Advantage
MLLPebXML(EBMS)
WS-* FTP/S S/MIME HTTP/S
HL7 v2.x HL7 v2.XML CDA HL7 v3
…
…Payload
Transport
![Page 27: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/27.jpg)
27Apr 10, 2023 HL7 Working Group Meeting – October 2002
Next Steps…
POC @ HIMMS 2003More in-depth analysis and evaluation
Inside one of the current SIGs Web Services SIG (?)
Work with WS-I to leverage the work done for conformance and interoperability
![Page 28: 11-Feb-14HL7 Working Group Meeting – October 2002 XML Web Services Standards Roberto Ruggeri rruggeri@microsoft.com Healthcare Technical Strategist Microsoft](https://reader035.vdocuments.us/reader035/viewer/2022070305/5514d67b55034693478b5259/html5/thumbnails/28.jpg)
Apr 10, 2023 HL7 Working Group Meeting – October 2002
Discussion