Transcript luc
W3C Constraints and
Capabilities for Web Services
Toufic Boubez – Layer 7 Technologies
Luc Clement – Systinet
October 2004
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Agenda
Introduce fundamental position and beliefs
Discuss proposed use case
Quick coverage of some additional use cases
Moving up the stack:
• The evolution from Web services to dynamic SOA
Open Issues
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
2
Web Services – Preface
“A distributed system is one in which the failure of a computer
you didn't even know existed can render your own computer
unusable.” – Leslie Lamport
• Flexibility was and still is one of the most dominant themes of
software engineering.
• Brittleness is still one of its most dominant realities.
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
3
The Promise and Reality of Web Services
The Promise: Business agility through Just-in-time Integration
• How to build flexible systems: loose coupling between software
components
eliminate unnecessary dependencies between a service and its
consumers
make late binding between them possible.
The Reality: Brittle connections, programmed at each endpoint
• Promise of loose coupling is only real for the simplest, most “vanilla”
Web services (e.g. no security requirements)
• Usage preferences for services have to be hard-coded
• Any changes in these preferences will cause breakages (“render your
own computer unusable”)
• WSDL is essentially an IDL and only and IDL – conveys API
necessary but not sufficient
only goes so far in describing access a service (could be argued
that the “D” in WSDL is not quite complete)
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
4
Fundamental Beliefs and Position
Programmers should only have to worry about writing business
functionality. Everything else should be:
• Declarative
• Configurable
• Centrally managed
• Delegated to the infrastructure
From a Programmer’s perspective:
• WSDL describes the elements that should go in the <Body>
element of a SOAP message.
• There is no agreement on a language to describe what goes
in the <Header> element. We call that “Policy”.
• These two aspects of a service description are
complementary and need to be discovered dynamically using
similar mechanisms.
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
5
Concept of Policy Missing From WSDL
A Policy is simply a set of constraints and capabilities that
governs how a Web service and its consumers interact.
Simple policies typically include rules describing
• Who can access that service;
• What kind of credentials are acceptable;
• Whether encryption or signatures are required;
• How messages get routed to the service;
• What endpoint to use for a particular request;
• If there are any necessary transformations to be applied.
The Policy concept is a very prevalent and common requirement
in every aspect of IT, but nonexistent in Web services
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
6
Proposed Use Case
A Web service wishes to stipulate that clients:
• are required to support a reliable messaging protocol, AND
• encrypt a specific header with WS-Security
using a X.509 OR
user name security token in order to send an acceptable
request message
• Furthermore, the service has a P3P policy associated with its
operations.
(Such constraints and capabilities might be associated with the
Web service via a SOAP header or a WSDL file)
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
7
Proposed Use Case Discussion
1. “Reliable Messaging Protocol”
• Issues of semantics aside, the term is ambiguous
Is there a reference to a commonly accepted list of such
protocols?
Issues of versioning of this definition.
• More acceptable is a list of protocols acceptable to the service.
This is common usage pattern in other mechanisms (e.g.
negotiation of encryption)
2. “Discoverability”
• Although complete from an endpoint perspective, does not take into
account context of a SOA deployment:
From the perspective of organizational policies, the ability to push
or replace global “corporate” policies needs to be addressed.
Registering and discovering these policy documents needs to be
addressed by this group through integration with UDDI.
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
8
Example Policy Document
<Policy>
<AND>
<OR>
<Reliability>w3c:SomeProtocol</Reliability>
<Reliability>w3c:SomeOtherProtocol</Reliability>
</OR>
<OR>
<Encrypt>
<XpathExpression xpathExpressionValue="included">
<Expression stringValue="SomeXPathExpression"/>
</XpathExpression>
<wsse:SecurityToken>
<wsse:TokenType>wsse:X509v3</wsse:TokenType>
</wsse:SecurityToken>
</Encrypt>
<Encrypt>
<XpathExpression xpathExpressionValue="included">
<Expression stringValue="SomeXPathExpression"/>
</XpathExpression>
<wsse:SecurityToken>
<wsse:TokenType>wsse:Username</wsse:TokenType>
</wsse:SecurityToken>
</Encrypt>
</OR>
<P3P policyref="SomeURL">
</AND>
©2004 Layer 7 Technologies Inc.
</Policy>
©2004
Systinet Corporation
W3C Constraints and Capabilities for Web Services
Signed?
Oct 2004
9
Differentiated Access Use Case
Firewall
Web Services
Clients
Web
Services
Server
Logs
Directory
Server
Policy for identities
in group BLUE
Scott
Toufic
Corporate
Network
Phil
Identities in
group BLUE
Luc
Application X
Policy for identities
in group GREEN
Identities in
group GREEN
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
10
Private Policy Use Case
Web Services
Provider
and are assertions
sharable to the identity
and are assertions
private to the requestor
Requestor
identity-filtered
policy view
Provider-side
Policy
Web Services
Client
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
11
Refresh/Fault Use Case
Web
Services
Server
Provider-side
policy
Web Services
Client
Policy
replication
Corporate
Network
Policy refresh
Dimitri
Program
X
Local policy
cache
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
12
Evolution To Web Services
SOA
Dynamic Interoperability
Business
Interoperability
Business Services
Web services reuse & governance
Web Services
Standard-based enablement
Time
Key Issue
Key Solution
Leverage
No Rip and Replace
investments
Heterogeneous
Cross Platform
environments
Proprietary
Standards
Web Services Enablement Phase
• Developer-driven web services, standardsbased interoperability (SOAP, WSDL)
• Substitute for Proprietary API’s
• Reuse of discrete legacy applications (Java,
C++, MOM etc.) and newly created applications
Interfaces
©2004 Layer
7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
13
Evolution To Business Services
SOA
Dynamic Interoperability
Business
Interoperability
Business Services
Web services reuse & governance
Web Services
Standard-based enablement
Time
Key Issue
Key Solution
Business Alignment
Business Taxonomy
Compliance
Policy-driven
Business Reuse
Standards-driven
Business Services Enablement Phase
• Systematic approach to Web services on
enterprise level
• Adding visibility, compliance,
governance, security and manageability.
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
14
Evolution To SOA Dynamic Interoperability
SOA
Dynamic Interoperability
Business
Interoperability
Business Services
Web services reuse & governance
Web Services
Standard-based enablement
Time
Key Issue
Key Solution
Business
BPM, Workflow
Integration
Dynamic Services
Standard
SOA Enablement Phase
Adding and integrating higher-level
infrastructure services (BPM, transactions,
workflow)
infrastructure
Service
Management
©2004 Layer
7 Technologies Inc.
©2004 Systinet Corporation
Enablement &
Registry
W3C Constraints and Capabilities for Web Services
Oct 2004
15
SOA – Composable Infrastructure and Business Services
Web Service Enablement
CRM
Infrastructure Services
Packaged Applications
MOM
SCM
Web
Services
PLM
Business
Service
Registry
BPM &
Orchestration
Transactions
J2EE - Portal
.COM
Visibility
Sales
Composite Applications
Invoicing
Adaptability
Compliance
CrossSelling
Message
Routing
Reuse
Purchasing
Business Services
Message
Transformation
Partner
Integration
Management
Pricing
Compliance
Security
Microsoft .net
Outsource/
Offshore
SQL
SQL
Management
Customer
EAI Legacy
Applications
Orders
Products
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Publishing &
Discovery
of Services
Integration,
Management &
Mediation Between
Services
W3C Constraints and Capabilities for Web Services
Corporate
Reuse
Oct 2004
16
Capabilities and Constraints Discovery
Enablement
Business Drivers
Publishing
Discovery Management
Service Type
• Retail Accounts DB
• CMS Document Publish
• HR Employee Info
• CRM Customer Info
Department
• Retail
• Securities
• Wholesale
Service Lifecycle
Location
• New York
• London
• Singapore
Response Time
• < 0.1 s
• < 0.5 s
•<1s
•<5s
Policy
Taxonomies
Governance
Technical
• WS-I
• Security
Benefits
• Cost Center
• IT
Visibility
Reusability
Adaptability
SLA
• Availability
• Performance
Regulatory
• FDA
• SarbOx
Corporate
• SLA
• Governance
Manageability
Policies – Capabilities & Constraints
Transport
• HTTP
• JMS
• IIOP
• SMTP/POP
Authentication
• HTTP Digest
• X.509
• Kerberos
• XML Sign
Service
Interfaces
• WSDL
• XML Schema
Documents
• Functional
Specification
•API reference
•Examples
Specifications / Capabilities
Business Service Registry
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
17
Capabilities and Constraints Key to SOA Governance
Enablement
Publishing
Discovery
Management
Administrator deploys and configures services
according to policies:
• Assurances – reliability, performance,
scalability
• Security – authentication, access control
• Deployment policies
WS Developer implements web services
according to policies:
• Compliance to industry and corporate standards
–FpML, OFX etc.
• Conformance to technical standards – WS-I BP
SOA Standards Compliance
Configuration
Implement
Interoperability
Deploy
Security
Best Practices
Reliability
Design Patterns & Methodologies
Dependencies, change management
Policy
Access control
Corporate architecture compliance
Corporate & Industry standards compliance
Design
Manage
SOA Architect defines corporate policies:
• Reusability/Discoverability - identification and
categorization
• Compliance to industry and corporate standards –
Sarbanes-Oxley, FpML, OFX etc.
• Conformance to technical standards – WS-I, SOAP,
WSDL, WS-S, WSRM etc.
• Assurances – reliability, performance, scalability
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
QoS & SLA
Operations Manager verifies and maintains
compliance with corporate policies:
• Reusability/Discoverability - identification and
categorization
• Compliance to industry and corporate
standards – Sarbanes-Oxley, FpML, OFX etc.
• Conformance to technical standards – WS-I,
SOAP, WSDL, UDDI, WS-S, WSRM etc.
• Assurances – reliability, performance, scalability
Oct 2004
W3C Constraints and Capabilities for Web Services
18
Open Issues To Be Discussed
Processing Model
• Logical expression model
Evaluates to TRUE or FALSE
No order or evaluation
Simple to implement and convey
• Language model
Implied order in evaluation
More complex to convey but more flexible (e.g. conditionals and
branching)
Scope (Private/Public)
• In the context of an organizational deployment, a policy document governs
more than the visible endpoint access aspects.
• Some aspects of policy (e.g. internal routing, access control lists, auditing
rules) are necessarily private and should be labeled so.
• These aspects however should be exchangeable and implementable on
different platforms
Attachment and Discovery
• We already have a mechanism to attach and discover metadata
• Handling of WSDL in UDDI should be example
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
19
Open Issues To Be Discussed (cont.)
Distribution and Enforcement
• Distribution of constraints and capabilities solely at the end points will not
scale for most enterprises; policy must be discoverable
• Enterprise needs to support configurable frameworks based on published
policy; policy dispersal from the centrally managed registry
• Publication and discovery of policy key to make constraints based
configuration and management work
Interoperability
• Undeniable trend is the emergence of different categories that handle the
SOAP message (e.g. WS Security, Management).
• Policy documents span categories and should be interoperable between all
vendors.
Negotiation
• Most emphasis so far has been placed on constraints and capabilities of the
service.
• The service consumer is just as important in our view.
• Consumer should be able to discover and negotiate mutually acceptable
terms and conditions based on a common language (e.g. TLS server/client
negotiation)
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
20
Standards Convergence on Web services Registry
Web services specifications are now converging and adopting
registry to satisfy publication and discovery needs
OASIS UDDI Spec Technical Committee Active in mapping SOA
facets
• WSDL – publication and discovery of WSDL artifacts
• BPEL – publication and discovery of BPEL4WS abstract
processes
• WSRP – publication and discovery of WSRP Producer and
Portlet services
• WSDM – publication and discovery of metrics and
manageability provider information
• WS-Policy – mapping of WS-policy
©2004 Layer 7 Technologies Inc.
©2004 Systinet Corporation
Oct 2004
W3C Constraints and Capabilities for Web Services
21