Transcript SOAP

Simple Object Access Protocol
Karthikeyan Chandrasekaran
&
Nandakumar Padmanabhan
Agenda


Introduction to SOAP
How SOAP works





Architecture
Examples & demo
Security Aspects
Strengths & Weaknesses
Web Services.
Formal Definition

SOAP is lightweight, simple XML-based
protocol designed to exchange information
in a decentralized and distributed
environment.
Current Scenario

Web-based services are popular.

Communication between components on different
computers.

Difference in technologies and platforms.

Difficulty in achieving interoperability.
Solutions

Distributed Component Architecture
(DCOM)

CORBA (Common Object Request Broker
Architecture)

Remote Scripting

Java RMI
Why SOAP ?

Shortcoming of these technologies– they do not natively
interoperate with each other.

In real world scenarios client and server have different
platforms, standards.

Internet supports a wide range of services.

Steep learning curve and the complexities involved .

The solution is SOAP.
Firewall Problems

COM's port management similar to sockets port
management.

Most network administrators don't like opening
their servers to a range of port addresses.

Usually the Http port is open .
HTTP Protocol

HTTP protocol uses port 80 to communicate over
the Internet.

SOAP uses HTTP as its transport mechanism.
Purpose Of SOAP

Improve cross-platform interoperability using the Web and
XML.

Enables different programs, written in different languages and
running on different platforms, to communicate with each other.
Plus Point

SOAP uses HTTP for transport binding.

Most organizations are familiar with HTTP and already have
it incorporated into their network infrastructure.

No complex changes to the network or firewalls needed.
Main Concepts

SOAP consists of four parts :

SOAP envelope - what is in a message, who should
deal with it, and whether it is optional or mandatory.

SOAP encoding rules - Serialization mechanism used
to exchange instances of application-defined datatypes.
Main Concepts (continued)

SOAP RPC representation – A convention that can be
used to represent remote procedure calls and
responses.

SOAP binding - A convention for exchanging SOAP
envelopes between peers using an underlying protocol
for transport.
SOAP Architecture
SOAP Node

SOAP node

Implemented at client(sender) and server(receiver).

Processes messages according to the formal set of
conventions.

Enforces the rules that govern the exchange of SOAP
messages.

Accesses the services provided by the underlying protocols
through SOAP bindings.
SOAP Message Format

Soap message is an XML document that consists of



mandatory SOAP envelope
optional SOAP Header
mandatory SOAP Body.
SOAP Message Header

SOAP Header is a generic mechanism for adding features to
a SOAP message in a decentralized manner.

No prior agreement between the communicating parties is
required.

Header may be edited by intermediaries to change the
information to be sent to the receiver.

Two types of headers are available in HTTP


Request Header – for request messages
Response Header – for response messages.
DEMO>>>
Security Within SOAP

SOAP specification does not define any protocol-specific
security features.

Utilizes standard HTTP security features.


HTTP authentication mechanisms
SSL for secure channel communications (using HTTPS).
Security Aspects

Potential security threat due to plain text nature of
data.

Security features may be added to the SOAP
header.

Transport protocols such as SSL, TLS, and IP
SECurity (IPSec) can provide the integrity and
confidentiality of the message during transmission.
Developing SOAP Application

SOAP toolkits available to create and parse the SOAP
messages.

It helps translate function calls from some kind of language to
a SOAP message.

For example


Microsoft SOAP Toolkit 2.0 translates COM function calls to
SOAP
Apache toolkit translates Java function calls to SOAP.
Pros

Cross Platform Interoperability.

Can support a range of applications – RPC, XML.

Small and easy to implement. Can reuse existing XML Parsers
and HTTP libraries.
Main Advantage

Firewalls block most ports, except the standard HTTP port
80.

Most distributed object protocols like DCOM use
dynamically assigned ports for remote method invocations.

SOAP uses HTTP as the transport mechanism. No problem
invoking SOAP endpoints from either side of a firewall.
Cons

Still Evolving.

SOAP data is sent as XML text for standardization.

Converting all data into text and parsing it back into data
structures at the other end can use up quite a bit of
processing power.

No inbuilt security features.
References






http://www.develop.com/soap/
http://www.microsoft.com/mind/0100/soap/soap.asp
http://msdn.microsoft.com/theshow/Episode010/default.asp
http://www.w3.org/TR/soap12-part1/
http://www.develop.com/soap/soapfaq.htm
http://dcb.sun.com/practices/webservices/overviews/overview_soap.jsp