Docstoc

XML Web Services Standards

Document Sample
XML Web Services Standards Powered By Docstoc
					       XML Web Services Standards

       Roberto Ruggeri
       rruggeri@microsoft.com
       Healthcare Technical Strategist
       Microsoft Corporation
       Mark Oswald
       markosw@microsoft.com
       Principal Consultant
       Microsoft Corporation



29-Dec-11                                HL7 Working Group Meeting – October 2002
  Objectives of This Presentation
   Educate on WS-Standards
       WS-Standards design philosophy
       WS-Standards overview

       Drill down on WS-Security


   Educate on the industry efforts around
    WS-Standards
       Interoperability
       What is coming


   Discuss next steps



29-Dec-11                          HL7 Working Group Meeting – October 2002   2
  Web Services Architecture
  Extending the Foundation




                                    Reliable
    Federation        Privacy                      Transactions
                                   Messaging                         Extended
                                                                    Foundation
                                                                        Secure,
                                                                       Reliable,
    Description     Attachments     Routing          Security         Transacted




    WSDL and UDDI (Web Services Description and Directory)
                  SOAP (Logical Messaging Model)                    Foundation
                  XML, Encoding, and Transports


29-Dec-11                                 HL7 Working Group Meeting – October 2002   3
  WS-* Standards Design Principles
   Modular and composable
         Factored to stand alone or work together
   General-purpose
         Agnostic to place it is running or originated
   Federated
         No central point of administration, control, failure
   Standards-based
         Multi-vendor interoperation critical




29-Dec-11                              HL7 Working Group Meeting – October 2002   44
  Modular
   Provides a framework for SOAP/WSDL
    extensibility
   These protocols augment domain-specific
    protocols (e.g., healthcare)
   Designed to supercede and integrate with many
    of the industry specs today
   Defined by composable SOAP headers and SOAP
    message
         The specifications combined for end-to-end
          capabilities



29-Dec-11                            HL7 Working Group Meeting – October 2002   5
  Modular: Example
               <?xml version="1.0" encoding="utf-8"?>
   SOAP        <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
                   xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  Message          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <S:Header>
                 <m:path xmlns:m="http://schemas.xmlsoap.org/rp">
                   <m:action>http://tickers-r-us.org/getQuote</m:action>
                   <m:to>soap://tickers-r-us.org/stocks</m:to>
    Routing        <m:from>mailto:johnsmith@isps-r-us.com</m:from>
                 <!-- A Simple Quote Web Service -->
                   <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>
                 </m:path>
                 <wssec:credentials
                    xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security">
                    <wslic:binaryLicense
    Security             xmlns:wslic="http://schemas.xmlsoap.org/ws/2001/10/licenses"
      and                wslic:valueType="wslic:x509v3"
                        xsi:type="xsd:base64Binary">
    License          dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD
                    </wslic:binaryLicense>
                 </wssec:credentials>
                </S:Header>
                <S:Body>
                  <tru:StockSymbol
                      xmlns:tru="http://tickers-r-us.org/payloads">
                    QQQ
                  </tru:StockSymbol>
                </S:Body>
               </S:Envelope>

29-Dec-11                                     HL7 Working Group Meeting – October 2002   6
  General-Purpose
   Universal communications            Application category
         Across organizations          neutral
         Across machines                   Enterprise Application
         Across process                     Integration
                                            Business-to-Business
   Flexible communications                 Business-to-Consumer
         Extensible headers                Peer-to-Peer
         Extensible body
         Transport protocol neutral    Applies to HL7 2.x, 2.XML,
                                        v3.0, CDA, CCOW, X12N
   Platform neutral                    (HIPAA)
         Devices
         Desktops
         Clusters
         Datacenters

29-Dec-11                               HL7 Working Group Meeting – October 2002   7
  Federated

           Fully distributed
           Crosses organization and trust domains
               Can be inspected by firewalls
           Does not require centralized servers
            or administration
           Will sometimes require “edge” software to do
            protocol translation, security work, routing, etc.




29-Dec-11                              HL7 Working Group Meeting – October 2002   8
  Standards-Based

           Industry commitment to
               Publishing specifications
               Working with partners to refine specifications
               Working with partners, customers, and standards
                bodies for broad adoption
           Different standards bodies for different specs,
            based on the spec




29-Dec-11                             HL7 Working Group Meeting – October 2002   9
    Interop Priority
    WS-i.org

     An open industry effort
           Industry initiative focused on promoting Web services
            interoperability
           Organization formed by industry leaders
           Open membership and participation
     Based on partnerships
           Symbiotic relationship with other standards organizations through
            integration of their outputs
           Goal: Enable interoperability across platforms, applications, and
            programming languages
           Success will accelerate adoption and deployment of
            Web services


29-Dec-11                                 HL7 Working Group Meeting – October 2002   10
29-Dec-11   HL7 Working Group Meeting – October 2002   11
       So, What Has Been Delivered
       To Date?




29-Dec-11               HL7 Working Group Meeting – October 2002
  WS-Routing
  Submitted to W3C

   A SOAP-based, stateless protocol for exchanging
    one-way SOAP messages from an initial sender to
    the ultimate receiver, potentially via a set of
    intermediaries
   Also provides an optional reverse message path
    enabling two-way message exchange patterns
    like:
       Request/response
       Peer-to-peer conversations

       Return of message acknowledgements, faults




29-Dec-11                         HL7 Working Group Meeting – October 2002   13
  DIME And WS-Attachments
  Submitted to IETF

   Direct Internet Message Encapsulation (DIME)
       A lightweight, binary message format that can be used
        to encapsulate one or more application-defined
        payloads of arbitrary type and size into a single
        message construct
       Each payload is described by a type, a length, and an

        optional identifier
   WS-Attachments is how to encapsulate SOAP in
    DIME




29-Dec-11                          HL7 Working Group Meeting – October 2002   14
  WS-Security
  Submitted to OASIS

   A specification for proposed SOAP extensions to
    be used when building secure Web services.
         Supercedes the following specifications
            • SOAP-SEC
            • Microsoft’s WS-Security, WS-License
            • IBM’s security token and encryption
       Dependent upon XML DIGSIG, XML Encryption, XML
        Schema, SOAP…
       End-to-end message-level security

       Defined schema


   Designed to be composed with other Web service
    protocols

29-Dec-11                                   HL7 Working Group Meeting – October 2002   15
    A Couple of Details…




29-Dec-11              HL7 Working Group Meeting – October 2002
    New SOAP Elements
    WS-Security
     New
               <Security> Header
                •   <Security SOAP:actor="...">
                •   SOAP:actor is optional
                •   One header per actor
                •   All security information together
               Including and referencing security tokens
                •   <UsernameToken>
                •   <BinarySecurityToken>
                •   <SecurityTokenReference>
           Existing
               XML Signature
               XML Encryption
               Token formats (e.g., X.509, Kerberos, XrML, SAML)


29-Dec-11                                       HL7 Working Group Meeting – October 2002   17
   Simple Example

           Requesting a stock quote
           Security token indicates username
           Signature uses key generated
            from password




29-Dec-11                         HL7 Working Group Meeting – October 2002   18
   Simple Example (1 of 2)
    (001) <?xml version="1.0" encoding="utf-8"?>
    (002) <S:Envelope xmlns:S=“.../soap-envelope“ xmlns:ds=“…/xmldsig#">
    (003) <S:Header>
    (004)    <m:path xmlns:m="http://schemas.xmlsoap.org/rp/">
    (005)      <m:action>http://fabrikam.org/getQuote</m:action>
    (006)      <m:to>http://fabrikam.org/stocks</m:to>
    (007)      <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>
    (008)    </m:path>
    (009)    <wsse:Security xmlns:wsse=“…/secext">
    (010)      <wsse:UsernameToken Id="MyID">
    (011)         <wsse:Username>Zoe</wsse:Username>
    (012)      </wsse:UsernameToken>
    (013)      <ds:Signature>
    (014)        <ds:SignedInfo>
    (015)          <ds:CanonicalizationMethod Algorithm=".../xml-exc-c14n#"/>
    (016)          <ds:SignatureMethod Algorithm=".../xmldsig#hmac-sha1"/>




29-Dec-11                                       HL7 Working Group Meeting – October 2002   19
    Simple Example (2 of 2)
    (017)         <ds:Reference URI="#MsgBody">
    (018)           <ds:DigestMethod Algorithm="http://.../xmldsig#sha1"/>
    (019)           <ds:DigestValue>LyLsF0Pi4wPU...</ds:DigestValue>
    (020)         </ds:Reference>
    (021)       </ds:SignedInfo>
    (022)       <ds:SignatureValue>DJbchm5gK...</ds:SignatureValue>
    (023)       <ds:KeyInfo>
    (024)          <wsse:SecurityTokenReference>
    (025)             <wsse:Reference URI="#MyID"/>
    (026)          </wsse:SecurityTokenReference>
    (027)       </ds:KeyInfo>
    (028)     </ds:Signature>
    (029)   </wsse:Security>
    (030) </S:Header>
    (031) <S:Body Id="MsgBody">
    (032)   <tru:StockSymbol xmlns:tru=“…">QQQ</tru:StockSymbol>
    (033) </S:Body>




29-Dec-11                                       HL7 Working Group Meeting – October 2002   20
       What’s Coming?




29-Dec-11               HL7 Working Group Meeting – October 2002
  Security Roadmap Specs

            SecureConversation      Federation                Authorization


                  Policy              Trust                      Privacy


Today                                Security


                                 SOAP Foundation


               Federated security
               Authentication and authorization
               Security protocol independent
               Brokered (aka Transitive) trust

29-Dec-11                             HL7 Working Group Meeting – October 2002   22
  Messaging
   Includes WS-Routing in family
   Routing virtualizes the network
       Transport-independent addressing
       End-to-end versus hop-by-hop model


   Reliable Messaging model
    multi-message conversations
       Resilient in face of multi-hop routing
       Supports multiple QOS levels (e.g. in order, no

        duplicates, etc.)




29-Dec-11                           HL7 Working Group Meeting – October 2002   23
  Transactions And Coordination
   Models distributed agreement in terms of
    transactions
   Short-lived transactions use
    two-phase commit
         Common in DBMS and OLTP worlds
   Long-lived/x-trust-domain transactions use
    coordinated compensation
         Common in workflow/EAI world




29-Dec-11                          HL7 Working Group Meeting – October 2002   24
  Business Processes
   Business Process Execution Language (BPEL4WS)
   Proposed by the Microsoft, IBM and BEA
   Built on top of WS-Transactions
   A language for formally describing interoperable
    business processes and business interaction
    protocols
   In short, it is a language for enabling the
    orchestration of web services to specify business
    processes
   Supercedes XLANG (MS) and WSFL (IBM)


29-Dec-11                     HL7 Working Group Meeting – October 2002   25
  How do WE Take Advantage
   Work with horizontal standards
         Restrict the domain by limiting the scope and imposing additional
          policies
         Provide feedback to the standards to improve healthcare
          “friendliness”
   Benefit from widely available technologies
         On many platforms
         Many implementations on the same platform
         Vendors investing big $$$


     Payload       HL7 v2.x    HL7 v2.XML        CDA             HL7 v3        …

    Transport
                          ebXML
                  MLLP              WS-*     FTP/S      S/MIME     HTTP/S      …
                          (EBMS)


29-Dec-11                                   HL7 Working Group Meeting – October 2002   26
  Next Steps…
   POC @ HIMMS 2003
   More in-depth analysis and evaluation
       Inside one of the current SIGs
       Web Services SIG (?)


   Work with WS-I to leverage the work done for
    conformance and interoperability




29-Dec-11                            HL7 Working Group Meeting – October 2002   27
       Discussion




29-Dec-11           HL7 Working Group Meeting – October 2002

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:12/29/2011
language:
pages:28