book

Understanding SOA with Web Services

Name: Understanding SOA with Web Services
ISBN: 0321180860

by Eric Newcomer, Greg Lomow

December 2004

Intermediate to advanced

480 pages

9h 45m

English

Addison-Wesley Professional

Read now

Unlock full access

Copyright
Dedication
Praise for Understanding SOA with Web Services
Independent Technology Guides
Preface
Acknowledgments
About the Authors
Introduction
What’s in the BookOrganization of the BookChapter 1—Introduction to SOA with Web ServicesPart IChapter 2—Overview of Service-Oriented ArchitectureChapter 3—SOA and Web ServicesChapter 4—SOA and Web Services for IntegrationChapter 5—SOA and Multi-Channel AccessChapter 6—SOA and Business Process ManagementPart IIChapter 7—Metadata ManagementChapter 8—Web Services SecurityChapter 9—Advanced MessagingChapter 10—Transaction Processing
1. Introduction to SOA with Web Services
The Service-Oriented EnterpriseService-Oriented DevelopmentService AbstractionService-Oriented ArchitectureWhat Are Services?What is Service-Oriented Architecture?Challenges to AdoptionSOA and Web ServicesRapid IntegrationMulti-Channel AccessOccasionally Connected ComputingBusiness Process ManagementExtended Web Services SpecificationsStandardizationSpecification ComposabilityMetadata ManagementAddressingPolicyAcquiring MetadataSecurityReliability and MessagingTransactionsOrchestrationSummary
I. SOA and Business Process Management Concepts
2. Overview of Service-Oriented Architecture
Service-Oriented Business and GovernmentService-Oriented Architecture ConceptsSOA Processes, Principles, and ToolsServicesLine of Business ServicesReusable Technical ServicesService ContractsWeb Services PlatformService Requesters and Service ProvidersApproved Products, Technologies, and FacilitiesService Governance, Processes, Guidelines, Principles, Methods, and ToolsSOA Governance Policies and ProcessesSOA Principles and GuidelinesKey Service CharacteristicsPrimary CharacteristicsLoosely Coupled ServicesWell-Defined Service ContractsMeaningful to the Service RequesterOpen, Standards-BasedSecondary CharacteristicsPredictable Service-Level AgreementsDynamic, Discoverable, Metadata-DrivenDesign Service Contracts with Related Services in MindImplementation Independent of Other ServicesConsider the Need for Compensating TransactionsDesign for Multiple Invocation StylesDesign Stateless ServicesDesign Services with Performance in MindSOA Guidelines for Service RequestersSOA Guidelines for Legacy Systems and Legacy ServicesTechnical Benefits of a Service-Oriented ArchitectureEfficient DevelopmentMore ReuseSimplified MaintenanceIncremental AdoptionGraceful EvolutionService-Oriented Architecture—Business BenefitsIncreased Business AgilityBetter Business AlignmentImproved Customer SatisfactionReduced Vendor Lock-In and Reduced Switching CostsReduced Integration CostsImproved ROI of Existing IT AssetsSummary

3. SOA and Web Services
The Web Services PlatformElements of the Web Services PlatformWeb Services Platform PrinciplesService ContractsService Contract ElementsElements of Service ContractFor Each OperationDocumenting and Defining Service ContractsService Contract PrinciplesService Contracts Focus on Service-Level AbstractionsWSDL and Service ContractsWSDL Service Contract ArchitectureExample WSDL Service Contract—Calendar ServiceService-Level Data ModelRelationship Between Service-Level Data Models and Internal Data ModelsReconciling Disparate Data Models Across Different Service DomainsUsing XML-Related Technologies for the Service-Level Data Model and Data HandlingService Discovery—Registration and LookupService-Level SecurityService-Level Interaction PatternsA Quick Look at SOAP and HTTPRequest/Response InteractionsRequest/Callback Interaction ParadigmAsynchronous Store-and-Forward MessagingExample Business Scenario Using Request/Response and Asynchronous MessagingPublish/Subscribe Interaction ParadigmAtomic Services and Composite ServicesGenerating Proxies and Skeletons from Service ContractsGenerating Java Classes from Service ContractsGenerating C# Classes from Service ContractsGenerating C++ Classes from Service ContractsService-Level Communication and Alternative TransportsWSDL ExtensibilitySOAP over IBM WebSphere MQSOAP over JMSSOAP over CORBA IIOPSOAP over Tibco RendezvousA Retrospective on Service-Oriented ArchitecturesOverview of Selected Technologies That Have Been Used to Implement SOAsWebSphere MQCORBAJava and J2EEB2B PlatformsDetailed Comparison of SOA TechnologiesSummary
4. SOA and Web Services for Integration
Overview of IntegrationCommon Business Drivers for IntegrationCommon Technical Challenges Faced During IntegrationRequirements That the “Ideal” Integration Solution Must SatisfyIntegration Can Be Performed at Different Layers of the Technology StackIntegration and Interoperability Using XML and Web ServicesTwo Approaches for Using XML and Web Services for Integration and InteroperabilityWeb Services Integration (WSI)Service-Oriented Integration (SOI)Applying SOA and Web Services for Integration—.NET and J2EE InteroperabilityApplying SOA and Web Services for Integration—Service-Enabling Legacy SystemsExample #1—CICS and IMSExample #2—CORBAApplying SOA and Web Services for Integration—Enterprise Service Bus PatternSummary—SOA and Web Services for Integration
5. SOA and Multi-Channel Access
Business Benefits of SOA and Multi-Channel AccessMulti-Channel Access Reduces Staffing CostsMulti-Channel Access Eliminates Obsolete and Expensive InfrastructureService-Oriented Architecture Reduces Costs and Improves EfficiencyA Service-Oriented Architecture for Multi-Channel AccessArchitectural ChallengesArchitecture for Multi-Channel AccessClient/Presentation TierChannel Access TierCommunication InfrastructureBusiness Service Access TierBusiness Service TierExample—SOA for Developing Composite ApplicationsExample—SOA for Multi-Channel Access ArchitectureSummary
6. SOA and Business Process Management
Basic Business Process Management ConceptsBusiness Process Management SystemsProcess ModelingProcess ExecutionProcess MonitoringBusiness Activity MonitoringExample Business ProcessCombining BPM, SOA, and Web ServicesBenefits of BPM, SOA, and Web ServicesDefining Atomic and Composite ServicesOrchestration and Choreography SpecificationsComparing Web Services Orchestration and ChoreographyWS-BPELChoreography Description LanguageExample of Web Services CompositionOrchestration-Centric ApproachChoreography-Centric ApproachComparing Orchestration-Centric and Choreography-Centric ApproachesPart I Summary: Benefits of Combining BPM, SOA, and Web ServicesIndividual Features and Benefits of BPM, SOA, Web Services, and XMLComplementary Features and Benefits of BPM, SOA, and Web Services
II. Extended Web Services Specifications
7. Metadata Management
The Simple Approach to Metadata ManagementUsing Plain SOAP and WSDLMetadata SpecificationsXMLWSDL 2.0UDDIAddressingWS-AddressingWS-MessageDeliveryPolicyWS-PolicyWS-PolicyFrameworkWS-PolicyAssertionsWS-PolicyAttachmentWeb Services Policy Language (WSPL)WSDL 2.0 Features and PropertiesComparing the Policy SpecificationsWS-MetadataExchangeSummary
8. Web Services Security
Overarching ConcernCore ConceptsIdentityAuthenticationDigital SignatureSummary of Challenges, Threats, and RemediesMessage InterceptionPerson in the Middle AttacksSpoofingReplay AttacksDenial-of-Service AttacksSecuring the Communications LayerIP Layer SecurityTransport-Level SecurityMessage-Level SecurityThe WS-Security FrameworkWS-SecurityPolicyWS-TrustWS-SecureConversationWS-FederationSecurity Assertion Markup Language (SAML)XACML: Communicating Policy InformationXML Key Management Specification (XKMS)Data-Level SecurityXML EncryptionXML SignatureSummary
9. Advanced Messaging
Reliable MessagingOverviewConcepts and TechnologiesGuaranteed Message DeliveryRetriesMessage IDsDuplicate EliminationMessage OrderingMessage PriorityMessage StatusMessage CorrelationReply AddressBenefits of Reliable MessagingUsage Scenarios for Reliable MessagingLong-Running Business Transactions (#1 in Figure 9-2)Application Integration and Data Synchronization (#2 in Figure 9-2)Business-to-Business Integration (#3 in Figure 9-2)Mobile Workers and Occasionally Connected Users (#4 in Figure 9-2)Web Services Reliable Messaging SpecificationsWS-ReliableMessagingWeb Services ReliabilityebXML Messaging ServiceComparing the SpecificationsComparing Web Services Reliable Messaging and Asynchronous Message QueuingNotificationWS-EventingWS-NotificationMobile Workers and Occasionally Connected ComputingSummary
10. Transaction Processing
OverviewThe Transaction ParadigmImpact of Web Services on TransactionsProtocols and CoordinationActivityContextAddressingPolicyCoordinationProtocol TypesTransaction SpecificationsThe Web Services CoordinatorWS-AtomicTransactionWS-BusinessActivityWS-ContextWS-Coordination FrameworkWS-Transaction ManagementACIDLRABusiness Process TransactionsSummary
Bibliography
BooksTechnology ReferencesArticlesSpecificationsGeneralMetadataSecurityReliabilityNotificationTransactionsOrchestrationOrchestration Historical ReferencesWfMC, Wf-XML, and XPDLRosettaNetOther Resources

Content preview from Understanding SOA with Web Services

Chapter 8. Web Services Security

Web services provide significant new benefits for SOA-based applications, but they also expose significant new security risks. Creating and managing a secure Web services environment involves dealing with various Internet, XML, and Web services security mechanisms. Other security mechanisms may be already in place within the execution environment, especially when existing systems become service-enabled to join the SOA.

The general approach is relatively straightforward, taking into account:

Transport-level security such as firewalls, virtual private networks, basic authentication, non-repudiation, and encryption.
Message-level security such as using authentication tokens to validate requester identity and authorization ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0321180860Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Understanding SOA with Web Services

by Eric Newcomer, Greg Lomow

Chapter 8. Web Services Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.