Diploma Thesis - Mirko Richter - Facts

Content

General
What is a WebService?
Composable Services
Problems

General

services execute autonomously (Some previous approaches to distributed applications explicitly assumed a common type space, execution model, and procedure/object reference model. In essence, the "in-memory" programming model defined the distributed system model.) [FS03]
no notion of local execution or common operating environment [FS03]

What is a WebService?

Article found	Fact
Secure, Reliable, Transacted Web Services [FS03]	high-level grouping of the Web service specifications (this figure is not meant to imply a strict layering between the groups; instead it is intended to provide an intuition about the relationships between functional areas. For example, message security does not require Description and similarly Description is a useful development time concept for Messaging.): this figure is not meant to imply a strict layering between the groups; instead it is intended to provide an intuition about the relationships between functional areas. For example, message security does not require Description and similarly Description is a useful development time concept for Messaging. the Web service model does not operate on the notion of shared types that require common implementation. Rather, services interact based solely on contracts (WSDL/BPEL4WS for message processing behavior) and schemas (WSDL/XSD for message structure). This enables the service to describe the structure of messages it can send and/ or receive and sequencing constraints on these messages. The separation between structure and behavior and the explicit, machine verifiable description of these characteristics simplifies integration in heterogeneous environments.
XML / SOAP Web Services Security [Mü02]	Web Services sind Softwarekomponenten, die über Beschreibungsstandards und Standardprotokolle im Internet zugänglich sind. XML Web Services nutzen XML als Beschreibungssprache und HTTP als Übertragungsprotokoll. charakterisiert durch: dezentrale Architektur und Administration heterogene Implementierungen und Systeme unternehmensübergreifende Kommunikation und Verbindungen öffentlicher Zugang über das Internet
Security for Parlay-X - challenges and solutions [Eckardt]	modular, extensible, service-oriented interfaces ASCII-based transfer syntax Loose coupling SOAP appropriate for inter-application communications: asynchronous vs synchronous few, coarse-grained (service-oriented) interfaces vs many fine- grained objectoriented) interfaces extensible specifications vs tightly-coupled implementation dependence Document-based exchange patterns self-contained messages w/o connection-based context! per-message security context vs per-connection security context -> SSL is of limited use only! (XML Encryption, XML Signature more applicable)

Article found

Fact

Secure, Reliable, Transacted Web Services [FS03]

high-level grouping of the Web service specifications (this figure is not meant to imply a strict layering between the groups; instead it is intended to provide an intuition about the relationships between functional areas. For example, message security does not require Description and similarly Description is a useful development time concept for Messaging.):

this figure is not meant to imply a strict layering between the groups; instead it is intended to provide an intuition about the relationships between functional areas. For example, message security does not require Description and similarly Description is a useful development time concept for Messaging.
the Web service model does not operate on the notion of shared types that require common implementation. Rather, services interact based solely on contracts (WSDL/BPEL4WS for message processing behavior) and schemas (WSDL/XSD for message structure). This enables the service to describe the structure of messages it can send and/ or receive and sequencing constraints on these messages. The separation between structure and behavior and the explicit, machine verifiable description of these characteristics simplifies integration in heterogeneous environments.

XML / SOAP Web Services Security [Mü02]

Web Services sind Softwarekomponenten, die über Beschreibungsstandards und Standardprotokolle im Internet zugänglich sind.
XML Web Services nutzen XML als Beschreibungssprache und HTTP als Übertragungsprotokoll.

charakterisiert durch:

dezentrale Architektur und Administration
heterogene Implementierungen und Systeme
unternehmensübergreifende Kommunikation und Verbindungen
öffentlicher Zugang über das Internet

Security for Parlay-X - challenges and solutions [Eckardt]

modular, extensible, service-oriented interfaces
ASCII-based transfer syntax
Loose coupling
- SOAP appropriate for inter-application communications:
  - asynchronous vs synchronous
  - few, coarse-grained (service-oriented) interfaces vs many fine- grained objectoriented) interfaces
  - extensible specifications vs tightly-coupled implementation dependence
Document-based exchange patterns
- self-contained messages w/o connection-based context!
- per-message security context vs per-connection security context
- -> SSL is of limited use only! (XML Encryption, XML Signature more applicable)

Composable Services

Article found	Fact
Secure, Reliable, Transacted Web Services [FS03]	the approach we (IBM, Microsoft and partners) have followed is based on the design principle of composability in the definition of Web service specifications while each specification stands on its own, they are designed to be combined and work with each other Composability enables incremental consumption or progressive discovery of new concepts, tools and services. Developers only need to learn and implement what is necessary, and no more. The complexity of the solution increases only because the problem's requirements increase, and is not due to technology "bloat." Composability has and continues to be one of the key design goals for Web services. One of the fundamental characteristics of a Web service is a regular, multi-part message structure. This structure enables the composition of new functionality. New message elements supporting new services may be added to messages in a manner that does not alter the processing of existing functionality.

Article found

Fact

Secure, Reliable, Transacted Web Services [FS03]

the approach we (IBM, Microsoft and partners) have followed is based on the design principle of composability in the definition of Web service specifications
while each specification stands on its own, they are designed to be combined and work with each other
Composability enables incremental consumption or progressive discovery of new concepts, tools and services. Developers only need to learn and implement what is necessary, and no more. The complexity of the solution increases only because the problem's requirements increase, and is not due to technology "bloat."
Composability has and continues to be one of the key design goals for Web services.
One of the fundamental characteristics of a Web service is a regular, multi-part message structure. This structure enables the composition of new functionality. New message elements supporting new services may be added to messages in a manner that does not alter the processing of existing functionality.

Problems

Article found	Fact
XML / SOAP Web Services Security [Mü02]	Wie setzt man eine übergreifende Sicherheitspolitik durch? Wie kann man versichern, dass Sicherheitspolitiken eingehalten werden, besonders bei Heimanwendern? Wie arbeitet man mit anderen "schwachen" Systemen zusammen? Was macht man mit älteren Anwendungen, die nie für's Internet gedacht waren? Wie administriert und logt man systemübergreifend? Fazit: Web Services stehen noch am Anfang ihrer Entwicklung Sicherheitsrisiken hindern Web Services am großen Durchbruch Viele Unternehmen wagen nicht den ersten Schritt, sondern warten auf andere Vorreiter.

Article found

Fact

XML / SOAP Web Services Security [Mü02]

Wie setzt man eine übergreifende Sicherheitspolitik durch?
Wie kann man versichern, dass Sicherheitspolitiken eingehalten werden, besonders bei Heimanwendern?
Wie arbeitet man mit anderen "schwachen" Systemen zusammen?
Was macht man mit älteren Anwendungen, die nie für's Internet gedacht waren?
Wie administriert und logt man systemübergreifend?

Fazit:

Web Services stehen noch am Anfang ihrer Entwicklung
Sicherheitsrisiken hindern Web Services am großen Durchbruch
Viele Unternehmen wagen nicht den ersten Schritt, sondern warten auf andere Vorreiter.

Project Documentation

WebService Facts

Content

General

What is a WebService?

Composable Services

Problems