book

Understanding SOA with Web Services

by Eric Newcomer, Greg Lomow

December 2004

Intermediate to advanced

480 pages

9h 45m

English

Addison-Wesley Professional

Read now

Unlock full access

Dedication
What’s in the BookOrganization of the BookChapter 1—Introduction to SOA with Web ServicesPart IChapter 2—Overview of Service-Oriented ArchitectureChapter 3—SOA and Web ServicesChapter 4—SOA and Web Services for IntegrationChapter 5—SOA and Multi-Channel AccessChapter 6—SOA and Business Process ManagementPart IIChapter 7—Metadata ManagementChapter 8—Web Services SecurityChapter 9—Advanced MessagingChapter 10—Transaction Processing
The Service-Oriented EnterpriseService-Oriented DevelopmentService AbstractionService-Oriented ArchitectureWhat Are Services?What is Service-Oriented Architecture?Challenges to AdoptionSOA and Web ServicesRapid IntegrationMulti-Channel AccessOccasionally Connected ComputingBusiness Process ManagementExtended Web Services SpecificationsStandardizationSpecification ComposabilityMetadata ManagementAddressingPolicyAcquiring MetadataSecurityReliability and MessagingTransactionsOrchestrationSummary
Service-Oriented Business and GovernmentService-Oriented Architecture ConceptsSOA Processes, Principles, and ToolsServicesLine of Business ServicesReusable Technical ServicesService ContractsWeb Services PlatformService Requesters and Service ProvidersApproved Products, Technologies, and FacilitiesService Governance, Processes, Guidelines, Principles, Methods, and ToolsSOA Governance Policies and ProcessesSOA Principles and GuidelinesKey Service CharacteristicsPrimary CharacteristicsLoosely Coupled ServicesWell-Defined Service ContractsMeaningful to the Service RequesterOpen, Standards-BasedSecondary CharacteristicsPredictable Service-Level AgreementsDynamic, Discoverable, Metadata-DrivenDesign Service Contracts with Related Services in MindImplementation Independent of Other ServicesConsider the Need for Compensating TransactionsDesign for Multiple Invocation StylesDesign Stateless ServicesDesign Services with Performance in MindSOA Guidelines for Service RequestersSOA Guidelines for Legacy Systems and Legacy ServicesTechnical Benefits of a Service-Oriented ArchitectureEfficient DevelopmentMore ReuseSimplified MaintenanceIncremental AdoptionGraceful EvolutionService-Oriented Architecture—Business BenefitsIncreased Business AgilityBetter Business AlignmentImproved Customer SatisfactionReduced Vendor Lock-In and Reduced Switching CostsReduced Integration CostsImproved ROI of Existing IT AssetsSummary

The Web Services PlatformElements of the Web Services PlatformWeb Services Platform PrinciplesService ContractsService Contract ElementsElements of Service ContractFor Each OperationDocumenting and Defining Service ContractsService Contract PrinciplesService Contracts Focus on Service-Level AbstractionsWSDL and Service ContractsWSDL Service Contract ArchitectureExample WSDL Service Contract—Calendar ServiceService-Level Data ModelRelationship Between Service-Level Data Models and Internal Data ModelsReconciling Disparate Data Models Across Different Service DomainsUsing XML-Related Technologies for the Service-Level Data Model and Data HandlingService Discovery—Registration and LookupService-Level SecurityService-Level Interaction PatternsA Quick Look at SOAP and HTTPRequest/Response InteractionsRequest/Callback Interaction ParadigmAsynchronous Store-and-Forward MessagingExample Business Scenario Using Request/Response and Asynchronous MessagingPublish/Subscribe Interaction ParadigmAtomic Services and Composite ServicesGenerating Proxies and Skeletons from Service ContractsGenerating Java Classes from Service ContractsGenerating C# Classes from Service ContractsGenerating C++ Classes from Service ContractsService-Level Communication and Alternative TransportsWSDL ExtensibilitySOAP over IBM WebSphere MQSOAP over JMSSOAP over CORBA IIOPSOAP over Tibco RendezvousA Retrospective on Service-Oriented ArchitecturesOverview of Selected Technologies That Have Been Used to Implement SOAsWebSphere MQCORBAJava and J2EEB2B PlatformsDetailed Comparison of SOA TechnologiesSummary
Overview of IntegrationCommon Business Drivers for IntegrationCommon Technical Challenges Faced During IntegrationRequirements That the “Ideal” Integration Solution Must SatisfyIntegration Can Be Performed at Different Layers of the Technology StackIntegration and Interoperability Using XML and Web ServicesTwo Approaches for Using XML and Web Services for Integration and InteroperabilityWeb Services Integration (WSI)Service-Oriented Integration (SOI)Applying SOA and Web Services for Integration—.NET and J2EE InteroperabilityApplying SOA and Web Services for Integration—Service-Enabling Legacy SystemsExample #1—CICS and IMSExample #2—CORBAApplying SOA and Web Services for Integration—Enterprise Service Bus PatternSummary—SOA and Web Services for Integration
Business Benefits of SOA and Multi-Channel AccessMulti-Channel Access Reduces Staffing CostsMulti-Channel Access Eliminates Obsolete and Expensive InfrastructureService-Oriented Architecture Reduces Costs and Improves EfficiencyA Service-Oriented Architecture for Multi-Channel AccessArchitectural ChallengesArchitecture for Multi-Channel AccessClient/Presentation TierChannel Access TierCommunication InfrastructureBusiness Service Access TierBusiness Service TierExample—SOA for Developing Composite ApplicationsExample—SOA for Multi-Channel Access ArchitectureSummary
Basic Business Process Management ConceptsBusiness Process Management SystemsProcess ModelingProcess ExecutionProcess MonitoringBusiness Activity MonitoringExample Business ProcessCombining BPM, SOA, and Web ServicesBenefits of BPM, SOA, and Web ServicesDefining Atomic and Composite ServicesOrchestration and Choreography SpecificationsComparing Web Services Orchestration and ChoreographyWS-BPELChoreography Description LanguageExample of Web Services CompositionOrchestration-Centric ApproachChoreography-Centric ApproachComparing Orchestration-Centric and Choreography-Centric ApproachesPart I Summary: Benefits of Combining BPM, SOA, and Web ServicesIndividual Features and Benefits of BPM, SOA, Web Services, and XMLComplementary Features and Benefits of BPM, SOA, and Web Services
The Simple Approach to Metadata ManagementUsing Plain SOAP and WSDLMetadata SpecificationsXMLWSDL 2.0UDDIAddressingWS-AddressingWS-MessageDeliveryPolicyWS-PolicyWS-PolicyFrameworkWS-PolicyAssertionsWS-PolicyAttachmentWeb Services Policy Language (WSPL)WSDL 2.0 Features and PropertiesComparing the Policy SpecificationsWS-MetadataExchangeSummary
Overarching ConcernCore ConceptsIdentityAuthenticationDigital SignatureSummary of Challenges, Threats, and RemediesMessage InterceptionPerson in the Middle AttacksSpoofingReplay AttacksDenial-of-Service AttacksSecuring the Communications LayerIP Layer SecurityTransport-Level SecurityMessage-Level SecurityThe WS-Security FrameworkWS-SecurityPolicyWS-TrustWS-SecureConversationWS-FederationSecurity Assertion Markup Language (SAML)XACML: Communicating Policy InformationXML Key Management Specification (XKMS)Data-Level SecurityXML EncryptionXML SignatureSummary
Reliable MessagingOverviewConcepts and TechnologiesGuaranteed Message DeliveryRetriesMessage IDsDuplicate EliminationMessage OrderingMessage PriorityMessage StatusMessage CorrelationReply AddressBenefits of Reliable MessagingUsage Scenarios for Reliable MessagingLong-Running Business Transactions (#1 in Figure 9-2)Application Integration and Data Synchronization (#2 in Figure 9-2)Business-to-Business Integration (#3 in Figure 9-2)Mobile Workers and Occasionally Connected Users (#4 in Figure 9-2)Web Services Reliable Messaging SpecificationsWS-ReliableMessagingWeb Services ReliabilityebXML Messaging ServiceComparing the SpecificationsComparing Web Services Reliable Messaging and Asynchronous Message QueuingNotificationWS-EventingWS-NotificationMobile Workers and Occasionally Connected ComputingSummary
OverviewThe Transaction ParadigmImpact of Web Services on TransactionsProtocols and CoordinationActivityContextAddressingPolicyCoordinationProtocol TypesTransaction SpecificationsThe Web Services CoordinatorWS-AtomicTransactionWS-BusinessActivityWS-ContextWS-Coordination FrameworkWS-Transaction ManagementACIDLRABusiness Process TransactionsSummary
BooksTechnology ReferencesArticlesSpecificationsGeneralMetadataSecurityReliabilityNotificationTransactionsOrchestrationOrchestration Historical ReferencesWfMC, Wf-XML, and XPDLRosettaNetOther Resources

Content preview from Understanding SOA with Web Services

Chapter 8. Web Services Security

Web services provide significant new benefits for SOA-based applications, but they also expose significant new security risks. Creating and managing a secure Web services environment involves dealing with various Internet, XML, and Web services security mechanisms. Other security mechanisms may be already in place within the execution environment, especially when existing systems become service-enabled to join the SOA.

The general approach is relatively straightforward, taking into account:

Transport-level security such as firewalls, virtual private networks, basic authentication, non-repudiation, and encryption.
Message-level security such as using authentication tokens to validate requester identity and authorization ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

SOA Using Java™ Web Services

Mark D. Hansen

Securing Web Services with WS-Security

Jothy Rosenberg, David L. Remy

Web Services Platform Architecture: SOAP, WSDL, WS-Policy, WS-Addressing, WS-BPEL, WS-Reliable Messaging, and More

Sanjiva Weerawarana, Francisco Curbera, Frank Leymann, Tony Storey, Donald F. Ferguson

J2EE™ Web Services

Richard Monson-Haefel

Publisher Resources

ISBN: 0321180860Purchase book