sow & wse
DESCRIPTION
SOW & WSE. Tsai, Meng-Ru Consultant Microsoft Technologies Centre Microsoft Taiwan Corp. Agenda. Service-Oriented Architecture Introduction Web Service Introduction and WSE. SOA. Service-Oriented Architecture - PowerPoint PPT PresentationTRANSCRIPT
SOW & WSESOW & WSE
Tsai, Meng-RuTsai, Meng-RuConsultantConsultant
Microsoft Technologies CentreMicrosoft Technologies CentreMicrosoft Taiwan Corp.Microsoft Taiwan Corp.
AgendaAgenda
Service-Oriented Architecture IntroductionService-Oriented Architecture Introduction
Web Service Introduction and WSEWeb Service Introduction and WSE
SOASOA
Service-Oriented ArchitectureService-Oriented Architecture– A set of components which can be invoked, and A set of components which can be invoked, and
whose interface descriptions can be published and whose interface descriptions can be published and discovered (W3C). discovered (W3C).
– Services can be invoked, published and discovered, Services can be invoked, published and discovered, and are abstracted away from the implementation and are abstracted away from the implementation using a single, standards-based form of interface. using a single, standards-based form of interface. (CBDI)(CBDI)
Services EverywhereServices Everywhere
“Scales Down”to devices
“Scales In” on a machine
“Scales Up” on large systems
“Scales Away” spans organizations
and geographies
“Scales Out”by adding machines
Form-Factor FriendlyForm-Factor Friendly
Flexible, end-to-end security
Unlocks rich client assets
Low-cost devices via the PC…
Empowers users withhigh-end communications
Dynamic protocol negotiation
Doesn’t require centralized services
SOA :Business Process Centric!SOA :Business Process Centric!
Evolution PhasesEvolution Phases
Be Incremental Be Incremental
– Crawl, Walk, RunCrawl, Walk, Run
Identify key services for building a connected Identify key services for building a connected systemsystem
Build Web service façades in front of themBuild Web service façades in front of them
Exploit the value of those services with Smart Exploit the value of those services with Smart Clients and Business ProcessesClients and Business Processes
Evolve apps behind façade as necessary Evolve apps behind façade as necessary
How to approach SOA?How to approach SOA?
AgendaAgenda
Service-Oriented Architecture IntroductionService-Oriented Architecture Introduction
Web Service Introduction and WSEWeb Service Introduction and WSE
Web ServicesWeb ServicesSee What Web Services Can Do for YouSee What Web Services Can Do for YouBuilt on industry standards, Web Services provide Built on industry standards, Web Services provide a means for software to interoperate across a means for software to interoperate across programming languages, platforms and operating programming languages, platforms and operating systems.systems.– Loosely CoupledLoosely Coupled– Popular CommunicationPopular Communication– Generic Data FormatGeneric Data Format
Classic Web Service limitationsClassic Web Service limitations– No WS-* implementationsNo WS-* implementations
Lack of non-functional requirements of SOA (Security, Lack of non-functional requirements of SOA (Security, Transaction, Large transmission data, Stateful Session, etc)Transaction, Large transmission data, Stateful Session, etc)
Web Service EnhancementsWeb Service Enhancements
WSE is an extension to the .NET WSE is an extension to the .NET FrameworkFramework– Provides support for several WS-* specsProvides support for several WS-* specs– Can be used to extend ASMX behaviorCan be used to extend ASMX behavior– Fully integrated with Visual Studio 2005Fully integrated with Visual Studio 2005– Fully supported product with customer supportFully supported product with customer support
Communication Security Communication Security
•Authentication
•Message Integrity
•Confidentiality
Secure CommunicationSecure CommunicationProtocol-level securityProtocol-level security
Sender must trust intermediariesSender must trust intermediaries
Message decrypted at intermediariesMessage decrypted at intermediaries
Encrypts the entire messageEncrypts the entire message
Restricts protocols that can be usedRestricts protocols that can be used
EncryptedEncrypted EncryptedEncrypted
Secure CommunicationSecure CommunicationMessage-level securityMessage-level security
End-to-end message security independent End-to-end message security independent of transportof transport
Supports multiple protocols and multiple Supports multiple protocols and multiple encryption technologiesencryption technologies
Can encrypt parts of the messageCan encrypt parts of the message
Sender need only trust ultimate receiverSender need only trust ultimate receiver
The signature is stored with the dataThe signature is stored with the data
Based on industry best practicesBased on industry best practices
Each scenario represented as an assertionEach scenario represented as an assertion– UsernameOverX509UsernameOverX509
– AnnonymousOverX509AnnonymousOverX509
– UsernameOverTransportUsernameOverTransport
– KerberosKerberos
– MutualX509MutualX509
Turnkey Security ScenariosTurnkey Security Scenarios
Policy Pipeline ArchitecturePolicy Pipeline ArchitecturePolicy describes an input pipelinePolicy describes an input pipeline
Input Input Soap MessageSoap Message S
ecu
rityS
ecu
rity
Tra
cing
Tra
cing
Cu
sto
mC
us
tom
Se
curity
Se
curity
Tra
cing
Tra
cing
Cu
sto
mC
us
tom
ApplicationApplicationProcessingProcessing
OutputOutputSoap MessageSoap Message
Policy assertions Policy assertions transform the messagetransform the message
… … and an output Pipelineand an output Pipeline
Message-Level Security for Large Message-Level Security for Large Amounts of DataAmounts of Data
Message Transmission Optimization Mechanism (MTOM)Message Transmission Optimization Mechanism (MTOM)
ClientClient ServerServerSecuritySecurity SimplifySimplify ReductionReduction
Asymmetric keys (X509 Certificates) are slow for Asymmetric keys (X509 Certificates) are slow for multiple messagesmultiple messages
WS-SecureConversation defines a Security Context WS-SecureConversation defines a Security Context Token (SCT)Token (SCT)– A messaging optimizationA messaging optimization– Faster for multiple calls (client makes > 2)Faster for multiple calls (client makes > 2)
Sessions with Secure ConversationSessions with Secure Conversation
Request for SCTRequest for SCT
SCT Issued to clientSCT Issued to client
Multiple messages Multiple messages Signed and encrypted with SCTSigned and encrypted with SCT
ClientClient ServerServer
WSE 3.0 Session ManagementWSE 3.0 Session Management
Stateful SCTsStateful SCTs– WSE 2.0 required the service to maintain an WSE 2.0 required the service to maintain an
SCT’s state SCT’s state – In WSE 3.0 the state may be preserved with In WSE 3.0 the state may be preserved with
the SCTthe SCT– Enables SCTs to re-establish the sessionEnables SCTs to re-establish the session
SCT CancellationSCT Cancellation– In WSE 2.0 SCTs have a timeoutIn WSE 2.0 SCTs have a timeout– WSE 3.0 provides the ability to cancel a WSE 3.0 provides the ability to cancel a
sessionsession
Re-Establishing SessionsRe-Establishing Sessions
Request for SCTRequest for SCT
SCT Issued to clientSCT Issued to client
Multiple messages Multiple messages Signed and encrypted with SCTSigned and encrypted with SCT
ClientClient ServerServer
Client RequestClient RequestSession Re-EstablishedSession Re-Established
SCTSCTStateState
SCTSCTStateState
Which Specs? WS-*? W3C?Which Specs? WS-*? W3C?
Source: http://msdn.microsoft.com/webservices/understanding/specs/wslicensing.aspxSource: http://msdn.microsoft.com/webservices/understanding/specs/wslicensing.aspx
Messaging SpecificationsMessaging Specifications
SOAP SOAP
WS-Addressing WS-Addressing
MTOM (Attachments) MTOM (Attachments)
WS-Eventing WS-Eventing
Security SpecificationsSecurity Specifications
Web Services Security: Web Services Security: SOAP Message SecuritySOAP Message Security
Web Services Security: Web Services Security: UsernameToken Profile 1.0UsernameToken Profile 1.0
Web Services Security: Web Services Security: X.509 Certificate Token X.509 Certificate Token ProfileProfile
WS-Security WS-Security
WS-SecureConversation WS-SecureConversation
WS-Trust WS-Trust
WS-Federation WS-Federation
WS-Federation Active WS-Federation Active Requestor ProfileRequestor Profile
WS-Federation Passive WS-Federation Passive Requestor ProfileRequestor Profile
Web Services Security Web Services Security Kerberos Binding Kerberos Binding
Specification ProfilesSpecification Profiles
Devices Profile Devices Profile
Reliable Messaging SpecificationsReliable Messaging Specifications
WS-ReliableMessaging WS-ReliableMessaging
Transaction SpecificationsTransaction Specifications
WS-Coordination WS-Coordination
WS-AtomicTransaction WS-AtomicTransaction
WS-BusinessActivity WS-BusinessActivity
Metadata SpecificationsMetadata Specifications
WSDLWSDL
UDDI UDDI
WS-Policy WS-Policy
WS-PolicyAssertions WS-PolicyAssertions
WS-PolicyAttachment WS-PolicyAttachment
WS-SecurityPolicy WS-SecurityPolicy
WS-DiscoveryWS-Discovery
WS-MetadataExchange WS-MetadataExchange
XML SpecificationsXML Specifications
XML XML
Namespaces in XMLNamespaces in XML
XML Information Set XML Information Set
Business Process SpecificationsBusiness Process Specifications
BPEL4WS BPEL4WS