J June 28 28, 2007

Secure and Interoperable Web services Michael Bechauf President and Chairman of the Board, WS-I Vice President, Industry Standards, SAP AG

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

1

SOA and the Web of Services

Business Network

C t Customer Challenges Ch ll Winning the Present • Flexible execution • Predictable performance • Compliance Adapting to Accelerating Change g agility g y • Strategic • Faster business model innovation • Flexible networks

Dist

Final Assembly Mfg

BPOs

Customer service

IT Ecosystem

Eng

The Web as the ubiquitous dial tone • Geographically distributed • Homogeneous technology • Accessible everywhere • Multi-vendor

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

SOA and Web Services: D Dependencies d i Web services must interoperate to be effective  Reality: an enterprise consists of tools and solutions from multiple providers quality, y, modularity, y, evolve-ability, y, etc.  Customers want and need q  Interoperability is a major step towards meeting customer requirements The Web services adoption and support cycle  Web services succeed in direct proportion to the technologies that support them V Vendors d will ill need d tto d deliver li more and db better tt supportt as adoption d ti increases  As more common services become available the pace of adoption will accelerate Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

Web Services Interoperability Organization An open industry effort  Advancing Web services interoperability Broad participation  160+ companies Software Vendors, Consultants, Industry Organizations, etc.

Establish best practices for achieving interoperability  Based on existing open standards Cooperate with standards development organizations  OASIS / W3C  Others as appropriate Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

4

WS-I: Value Proposition Reduce cost, complexity y and risk Provides confidence in interoperability Common implementation guidelines

Improve productivity and accelerate time to market Facilitates collaboration, both internally and with business partners Allows All companies i tto ffocus on added dd d value, l nott b basic i plumbing l bi

Simplify Web services buying decisions Ask for WS WS-II conformance before buying Download and use the deliverables at www.ws-i.org g Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

The Web Services Standards Set Additional Capabilities

Management g

Business Process Orchestration Composable Service Elements

Portals

Composition/Orchestration

Security

Reliable Messaging

Transactionality

Messaging

Endpoint Identification, Publish/Subscribe

Description

XML Schema, WSDL, UDDI, SOAP with Attachments

Invocation

XML, SOAP

Transports

HTTP, HTTPS,Others

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

The Web services standards set: WS I Work to Date WS-I Additional Capabilities

Management g

Business Process Orchestration Composable Service Elements

Portals

Composition/Orchestration

Security

Reliable Messaging

Transactionality

Messaging

Endpoint Identification, Publish/Subscribe

Description

XML Schema, WSDL, UDDI, SOAP with Attachments

Invocation

XML, SOAP

Transports

HTTP, HTTPS, Others

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

Deliverables Profiles  Guidelines and conventions for using a defined set of specifications to ensure interoperability  Selected set of specification p based on customer requirements q

Sample applications  Sample code and applications support multiple environments  Demonstrate interoperability for completed Profiles

Test tools and supporting materials  Test profile implementations for conformance  Supporting documentation Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

8

Progress to Date Final material Basic Profile 1.0 and 1.1 Simple SOAP Binding Profile 1.0 Attachments Att h t Profile P fil 1.0 10 Security Challenges, Threats and Countermeasures 1.0 REL and SAML Token Profiles Basic Security Profile 1.0 • Work in Process Basic Security Profile 1.1 Basic Profile 1.2 & 2.0 Reliable Secure Profile 1.0 Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

9

Upcoming WS-I Profiles Basic Profile 1.2  SOAP 1.1 Binding for MTOM W3C member submission  W3C WS-Addressing and MTOM/XOP ¾T ¾Target t completion l ti – 2H07 Basic Profile 2.0  Replacing SOAP 1.1 with SOAP 1.2  WSDL 1.1 Binding for SOAP 1.2 W3C member submission b i i ¾Target completion --- 2H07

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

10

Upcoming WS-I Profiles Reliable Secure Profile 1.0 OASIS WS-Reliable Messaging 1.1 OASIS WS-Secure Conversation 1.3 C Composes with ith BP1.2 BP1 2 or BP2 BP2.0 0 and d BSP1 BSP1.x ¾Target completion --- 2H07

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

11

Why are Profiles necessary ?

WS-II P WS Profile fil P Provides id IInteroperability bili Guidance

Eliminates ambiguity by tightening requirements (MAY, SHOULD Æ MUST)

Avoids difference in interpretations by clarifying semantics

Fill the gap created by composing different specifications together

Example - Reliable Secure Profile (RSP)

IIssue 37 WS-RM : Receiver SHOULD ignore unrecognized extensions RSP : Receiver MUST ignore unrecognized extension

Issue 30: Define the semantics of a “one-way” message

IIssue 16 WS-RM : Defines protocol elements – headers and body WS-S : Defines how to secure headers and/or body RSP : Requires securing both WS-RM headers and body Issue 29 RSP : Requires R i that th t WS-RM WS RM should h ld nott mess up WS WS-A A headers h d

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

What’s Next: The Semantics Problem Eachh organization E i ti independently i d d tl creates t th the same PO message that th t iis ffunctionally ti ll the same in a business process but because they use different design rules, the messages are totally incompatible. This creates high B2B integration costs, particularly across industries.

≠

≠

≠

UN/CEFACT Design Methodology –

Defines the basic data types (consistent vocabulary)

–

Defines a methodology that enables consistency in Naming and Structuring (consistent Grammar)

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

WS-I Sample App Demonstration „ Live Sample p App pp Demo „ Demonstration of Sample Applications developed for BSP 1.0 „ See solutions developed by IBM, Microsoft, Novell, SAP and Sun interoperate „ Understand how WS-I Interoperability Testing is done „ Talk to people who helped develop the WS-I Sample Applications

„ Where and When „ Hospitality Suite, Plaza B „ 6:00-9:30 PM, Thursday June 28th (Today)

„ Win a Prize „ Attendees can enter a raffle for a XBOX 360 Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved

Conclusions „ It took the telecommunications industry 100 years to establish a ubiquitous network „ Industry is on its way to establish “dial dial tone tone” interoperability „ Next challenge will be consolidation of grammars and vocabularies to establish a common language of business

Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved