Transcript luc
W3C Constraints and Capabilities for Web Services Toufic Boubez – Layer 7 Technologies Luc Clement – Systinet October 2004 ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Agenda Introduce fundamental position and beliefs Discuss proposed use case Quick coverage of some additional use cases Moving up the stack: • The evolution from Web services to dynamic SOA Open Issues ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 2 Web Services – Preface “A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.” – Leslie Lamport • Flexibility was and still is one of the most dominant themes of software engineering. • Brittleness is still one of its most dominant realities. ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 3 The Promise and Reality of Web Services The Promise: Business agility through Just-in-time Integration • How to build flexible systems: loose coupling between software components eliminate unnecessary dependencies between a service and its consumers make late binding between them possible. The Reality: Brittle connections, programmed at each endpoint • Promise of loose coupling is only real for the simplest, most “vanilla” Web services (e.g. no security requirements) • Usage preferences for services have to be hard-coded • Any changes in these preferences will cause breakages (“render your own computer unusable”) • WSDL is essentially an IDL and only and IDL – conveys API necessary but not sufficient only goes so far in describing access a service (could be argued that the “D” in WSDL is not quite complete) ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 4 Fundamental Beliefs and Position Programmers should only have to worry about writing business functionality. Everything else should be: • Declarative • Configurable • Centrally managed • Delegated to the infrastructure From a Programmer’s perspective: • WSDL describes the elements that should go in the <Body> element of a SOAP message. • There is no agreement on a language to describe what goes in the <Header> element. We call that “Policy”. • These two aspects of a service description are complementary and need to be discovered dynamically using similar mechanisms. ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 5 Concept of Policy Missing From WSDL A Policy is simply a set of constraints and capabilities that governs how a Web service and its consumers interact. Simple policies typically include rules describing • Who can access that service; • What kind of credentials are acceptable; • Whether encryption or signatures are required; • How messages get routed to the service; • What endpoint to use for a particular request; • If there are any necessary transformations to be applied. The Policy concept is a very prevalent and common requirement in every aspect of IT, but nonexistent in Web services ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 6 Proposed Use Case A Web service wishes to stipulate that clients: • are required to support a reliable messaging protocol, AND • encrypt a specific header with WS-Security using a X.509 OR user name security token in order to send an acceptable request message • Furthermore, the service has a P3P policy associated with its operations. (Such constraints and capabilities might be associated with the Web service via a SOAP header or a WSDL file) ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 7 Proposed Use Case Discussion 1. “Reliable Messaging Protocol” • Issues of semantics aside, the term is ambiguous Is there a reference to a commonly accepted list of such protocols? Issues of versioning of this definition. • More acceptable is a list of protocols acceptable to the service. This is common usage pattern in other mechanisms (e.g. negotiation of encryption) 2. “Discoverability” • Although complete from an endpoint perspective, does not take into account context of a SOA deployment: From the perspective of organizational policies, the ability to push or replace global “corporate” policies needs to be addressed. Registering and discovering these policy documents needs to be addressed by this group through integration with UDDI. ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 8 Example Policy Document <Policy> <AND> <OR> <Reliability>w3c:SomeProtocol</Reliability> <Reliability>w3c:SomeOtherProtocol</Reliability> </OR> <OR> <Encrypt> <XpathExpression xpathExpressionValue="included"> <Expression stringValue="SomeXPathExpression"/> </XpathExpression> <wsse:SecurityToken> <wsse:TokenType>wsse:X509v3</wsse:TokenType> </wsse:SecurityToken> </Encrypt> <Encrypt> <XpathExpression xpathExpressionValue="included"> <Expression stringValue="SomeXPathExpression"/> </XpathExpression> <wsse:SecurityToken> <wsse:TokenType>wsse:Username</wsse:TokenType> </wsse:SecurityToken> </Encrypt> </OR> <P3P policyref="SomeURL"> </AND> ©2004 Layer 7 Technologies Inc. </Policy> ©2004 Systinet Corporation W3C Constraints and Capabilities for Web Services Signed? Oct 2004 9 Differentiated Access Use Case Firewall Web Services Clients Web Services Server Logs Directory Server Policy for identities in group BLUE Scott Toufic Corporate Network Phil Identities in group BLUE Luc Application X Policy for identities in group GREEN Identities in group GREEN ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 10 Private Policy Use Case Web Services Provider and are assertions sharable to the identity and are assertions private to the requestor Requestor identity-filtered policy view Provider-side Policy Web Services Client ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 11 Refresh/Fault Use Case Web Services Server Provider-side policy Web Services Client Policy replication Corporate Network Policy refresh Dimitri Program X Local policy cache ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 12 Evolution To Web Services SOA Dynamic Interoperability Business Interoperability Business Services Web services reuse & governance Web Services Standard-based enablement Time Key Issue Key Solution Leverage No Rip and Replace investments Heterogeneous Cross Platform environments Proprietary Standards Web Services Enablement Phase • Developer-driven web services, standardsbased interoperability (SOAP, WSDL) • Substitute for Proprietary API’s • Reuse of discrete legacy applications (Java, C++, MOM etc.) and newly created applications Interfaces ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 13 Evolution To Business Services SOA Dynamic Interoperability Business Interoperability Business Services Web services reuse & governance Web Services Standard-based enablement Time Key Issue Key Solution Business Alignment Business Taxonomy Compliance Policy-driven Business Reuse Standards-driven Business Services Enablement Phase • Systematic approach to Web services on enterprise level • Adding visibility, compliance, governance, security and manageability. ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 14 Evolution To SOA Dynamic Interoperability SOA Dynamic Interoperability Business Interoperability Business Services Web services reuse & governance Web Services Standard-based enablement Time Key Issue Key Solution Business BPM, Workflow Integration Dynamic Services Standard SOA Enablement Phase Adding and integrating higher-level infrastructure services (BPM, transactions, workflow) infrastructure Service Management ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Enablement & Registry W3C Constraints and Capabilities for Web Services Oct 2004 15 SOA – Composable Infrastructure and Business Services Web Service Enablement CRM Infrastructure Services Packaged Applications MOM SCM Web Services PLM Business Service Registry BPM & Orchestration Transactions J2EE - Portal .COM Visibility Sales Composite Applications Invoicing Adaptability Compliance CrossSelling Message Routing Reuse Purchasing Business Services Message Transformation Partner Integration Management Pricing Compliance Security Microsoft .net Outsource/ Offshore SQL SQL Management Customer EAI Legacy Applications Orders Products ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Publishing & Discovery of Services Integration, Management & Mediation Between Services W3C Constraints and Capabilities for Web Services Corporate Reuse Oct 2004 16 Capabilities and Constraints Discovery Enablement Business Drivers Publishing Discovery Management Service Type • Retail Accounts DB • CMS Document Publish • HR Employee Info • CRM Customer Info Department • Retail • Securities • Wholesale Service Lifecycle Location • New York • London • Singapore Response Time • < 0.1 s • < 0.5 s •<1s •<5s Policy Taxonomies Governance Technical • WS-I • Security Benefits • Cost Center • IT Visibility Reusability Adaptability SLA • Availability • Performance Regulatory • FDA • SarbOx Corporate • SLA • Governance Manageability Policies – Capabilities & Constraints Transport • HTTP • JMS • IIOP • SMTP/POP Authentication • HTTP Digest • X.509 • Kerberos • XML Sign Service Interfaces • WSDL • XML Schema Documents • Functional Specification •API reference •Examples Specifications / Capabilities Business Service Registry ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 17 Capabilities and Constraints Key to SOA Governance Enablement Publishing Discovery Management Administrator deploys and configures services according to policies: • Assurances – reliability, performance, scalability • Security – authentication, access control • Deployment policies WS Developer implements web services according to policies: • Compliance to industry and corporate standards –FpML, OFX etc. • Conformance to technical standards – WS-I BP SOA Standards Compliance Configuration Implement Interoperability Deploy Security Best Practices Reliability Design Patterns & Methodologies Dependencies, change management Policy Access control Corporate architecture compliance Corporate & Industry standards compliance Design Manage SOA Architect defines corporate policies: • Reusability/Discoverability - identification and categorization • Compliance to industry and corporate standards – Sarbanes-Oxley, FpML, OFX etc. • Conformance to technical standards – WS-I, SOAP, WSDL, WS-S, WSRM etc. • Assurances – reliability, performance, scalability ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation QoS & SLA Operations Manager verifies and maintains compliance with corporate policies: • Reusability/Discoverability - identification and categorization • Compliance to industry and corporate standards – Sarbanes-Oxley, FpML, OFX etc. • Conformance to technical standards – WS-I, SOAP, WSDL, UDDI, WS-S, WSRM etc. • Assurances – reliability, performance, scalability Oct 2004 W3C Constraints and Capabilities for Web Services 18 Open Issues To Be Discussed Processing Model • Logical expression model Evaluates to TRUE or FALSE No order or evaluation Simple to implement and convey • Language model Implied order in evaluation More complex to convey but more flexible (e.g. conditionals and branching) Scope (Private/Public) • In the context of an organizational deployment, a policy document governs more than the visible endpoint access aspects. • Some aspects of policy (e.g. internal routing, access control lists, auditing rules) are necessarily private and should be labeled so. • These aspects however should be exchangeable and implementable on different platforms Attachment and Discovery • We already have a mechanism to attach and discover metadata • Handling of WSDL in UDDI should be example ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 19 Open Issues To Be Discussed (cont.) Distribution and Enforcement • Distribution of constraints and capabilities solely at the end points will not scale for most enterprises; policy must be discoverable • Enterprise needs to support configurable frameworks based on published policy; policy dispersal from the centrally managed registry • Publication and discovery of policy key to make constraints based configuration and management work Interoperability • Undeniable trend is the emergence of different categories that handle the SOAP message (e.g. WS Security, Management). • Policy documents span categories and should be interoperable between all vendors. Negotiation • Most emphasis so far has been placed on constraints and capabilities of the service. • The service consumer is just as important in our view. • Consumer should be able to discover and negotiate mutually acceptable terms and conditions based on a common language (e.g. TLS server/client negotiation) ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 20 Standards Convergence on Web services Registry Web services specifications are now converging and adopting registry to satisfy publication and discovery needs OASIS UDDI Spec Technical Committee Active in mapping SOA facets • WSDL – publication and discovery of WSDL artifacts • BPEL – publication and discovery of BPEL4WS abstract processes • WSRP – publication and discovery of WSRP Producer and Portlet services • WSDM – publication and discovery of metrics and manageability provider information • WS-Policy – mapping of WS-policy ©2004 Layer 7 Technologies Inc. ©2004 Systinet Corporation Oct 2004 W3C Constraints and Capabilities for Web Services 21