J June 28 28, 2007
Secure and Interoperable Web services Michael Bechauf President and Chairman of the Board, WS-I Vice President, Industry Standards, SAP AG
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
1
SOA and the Web of Services
Business Network
C t Customer Challenges Ch ll Winning the Present • Flexible execution • Predictable performance • Compliance Adapting to Accelerating Change g agility g y • Strategic • Faster business model innovation • Flexible networks
Dist
Final Assembly Mfg
BPOs
Customer service
IT Ecosystem
Eng
The Web as the ubiquitous dial tone • Geographically distributed • Homogeneous technology • Accessible everywhere • Multi-vendor
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
SOA and Web Services: D Dependencies d i Web services must interoperate to be effective Reality: an enterprise consists of tools and solutions from multiple providers quality, y, modularity, y, evolve-ability, y, etc. Customers want and need q Interoperability is a major step towards meeting customer requirements The Web services adoption and support cycle Web services succeed in direct proportion to the technologies that support them V Vendors d will ill need d tto d deliver li more and db better tt supportt as adoption d ti increases As more common services become available the pace of adoption will accelerate Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
Web Services Interoperability Organization An open industry effort Advancing Web services interoperability Broad participation 160+ companies Software Vendors, Consultants, Industry Organizations, etc.
Establish best practices for achieving interoperability Based on existing open standards Cooperate with standards development organizations OASIS / W3C Others as appropriate Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
4
WS-I: Value Proposition Reduce cost, complexity y and risk Provides confidence in interoperability Common implementation guidelines
Improve productivity and accelerate time to market Facilitates collaboration, both internally and with business partners Allows All companies i tto ffocus on added dd d value, l nott b basic i plumbing l bi
Simplify Web services buying decisions Ask for WS WS-II conformance before buying Download and use the deliverables at www.ws-i.org g Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
The Web Services Standards Set Additional Capabilities
Management g
Business Process Orchestration Composable Service Elements
Portals
Composition/Orchestration
Security
Reliable Messaging
Transactionality
Messaging
Endpoint Identification, Publish/Subscribe
Description
XML Schema, WSDL, UDDI, SOAP with Attachments
Invocation
XML, SOAP
Transports
HTTP, HTTPS,Others
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
The Web services standards set: WS I Work to Date WS-I Additional Capabilities
Management g
Business Process Orchestration Composable Service Elements
Portals
Composition/Orchestration
Security
Reliable Messaging
Transactionality
Messaging
Endpoint Identification, Publish/Subscribe
Description
XML Schema, WSDL, UDDI, SOAP with Attachments
Invocation
XML, SOAP
Transports
HTTP, HTTPS, Others
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
Deliverables Profiles Guidelines and conventions for using a defined set of specifications to ensure interoperability Selected set of specification p based on customer requirements q
Sample applications Sample code and applications support multiple environments Demonstrate interoperability for completed Profiles
Test tools and supporting materials Test profile implementations for conformance Supporting documentation Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
8
Progress to Date Final material Basic Profile 1.0 and 1.1 Simple SOAP Binding Profile 1.0 Attachments Att h t Profile P fil 1.0 10 Security Challenges, Threats and Countermeasures 1.0 REL and SAML Token Profiles Basic Security Profile 1.0 • Work in Process Basic Security Profile 1.1 Basic Profile 1.2 & 2.0 Reliable Secure Profile 1.0 Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
9
Upcoming WS-I Profiles Basic Profile 1.2 SOAP 1.1 Binding for MTOM W3C member submission W3C WS-Addressing and MTOM/XOP ¾T ¾Target t completion l ti – 2H07 Basic Profile 2.0 Replacing SOAP 1.1 with SOAP 1.2 WSDL 1.1 Binding for SOAP 1.2 W3C member submission b i i ¾Target completion --- 2H07
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
10
Upcoming WS-I Profiles Reliable Secure Profile 1.0 OASIS WS-Reliable Messaging 1.1 OASIS WS-Secure Conversation 1.3 C Composes with ith BP1.2 BP1 2 or BP2 BP2.0 0 and d BSP1 BSP1.x ¾Target completion --- 2H07
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
11
Why are Profiles necessary ?
WS-II P WS Profile fil P Provides id IInteroperability bili Guidance
Eliminates ambiguity by tightening requirements (MAY, SHOULD Æ MUST)
Avoids difference in interpretations by clarifying semantics
Fill the gap created by composing different specifications together
Example - Reliable Secure Profile (RSP)
IIssue 37 WS-RM : Receiver SHOULD ignore unrecognized extensions RSP : Receiver MUST ignore unrecognized extension
Issue 30: Define the semantics of a “one-way” message
IIssue 16 WS-RM : Defines protocol elements – headers and body WS-S : Defines how to secure headers and/or body RSP : Requires securing both WS-RM headers and body Issue 29 RSP : Requires R i that th t WS-RM WS RM should h ld nott mess up WS WS-A A headers h d
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
What’s Next: The Semantics Problem Eachh organization E i ti independently i d d tl creates t th the same PO message that th t iis ffunctionally ti ll the same in a business process but because they use different design rules, the messages are totally incompatible. This creates high B2B integration costs, particularly across industries.
≠
≠
≠
UN/CEFACT Design Methodology –
Defines the basic data types (consistent vocabulary)
–
Defines a methodology that enables consistency in Naming and Structuring (consistent Grammar)
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
WS-I Sample App Demonstration Live Sample p App pp Demo Demonstration of Sample Applications developed for BSP 1.0 See solutions developed by IBM, Microsoft, Novell, SAP and Sun interoperate Understand how WS-I Interoperability Testing is done Talk to people who helped develop the WS-I Sample Applications
Where and When Hospitality Suite, Plaza B 6:00-9:30 PM, Thursday June 28th (Today)
Win a Prize Attendees can enter a raffle for a XBOX 360 Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved
Conclusions It took the telecommunications industry 100 years to establish a ubiquitous network Industry is on its way to establish “dial dial tone tone” interoperability Next challenge will be consolidation of grammars and vocabularies to establish a common language of business
Copyright © 2005-2007 by The Web Services Interoperability Organization (WS-I). All Rights Reserved