Webservices
-
Upload
david-brabant -
Category
Documents
-
view
276 -
download
2
description
Transcript of Webservices
David Brabant, Siemens MEDDavid Brabant, Siemens MED
2
AgendaAgenda Part1: SOA for “dummies”Part1: SOA for “dummies”
(a soft introduction to service oriented architectures)(a soft introduction to service oriented architectures)
Things aren’t getting simpler...Things aren’t getting simpler... The thirst for true system integrationThe thirst for true system integration
The Quest for the The Quest for the Holy GrailHoly Grail Service Oriented Architectures to the rescueService Oriented Architectures to the rescue Conclusions & questionsConclusions & questions
Part 2: SOA for “smarties”Part 2: SOA for “smarties”(not for the faint of heart)(not for the faint of heart) Depends on your feedback todayDepends on your feedback today
3
Things aren’t getting simpler... (1/7)Things aren’t getting simpler... (1/7)
Yesterday’s development tools Yesterday’s development tools (circa 1983)(circa 1983)
““Visual Studio”Visual Studio”
Sophisticated Sophisticated features:features:
cut, copy and paste,cut, copy and paste,delete/undelete,delete/undelete,undo/redo stackundo/redo stack
Can be learned in less than 1 Can be learned in less than 1 hour!hour!
4
Things aren’t getting simpler... (2/7)Things aren’t getting simpler... (2/7)
Today’s development tools...Today’s development tools...(circa
2005)
Every oval on this Every oval on this figure requires figure requires
severalseveraldays to severaldays to severalmonths of trainingmonths of trainingbefore being fullybefore being fullymastered...mastered...
5
Things aren’t getting simpler (3/7)Things aren’t getting simpler (3/7)
Typical enterprise environment Typical enterprise environment (circa (circa 1983)1983)
Mini or mainframe
Enterprise’sEnterprise’scritical critical
applicationsapplications
Typical configuration for a VAX 11/750
• 32 bits, 6 MHz processor• 12 MB of memory• 2 x 400 MB disks
Sony Ericsson K750i (2005)
• 32 bits, 200 MHz processor• 32 MB ROM• 64 MB RAM• 4GB memory stick available• Java virtual machine
6
Things aren’t getting simpler... (4/7)Things aren’t getting simpler... (4/7)
Typical today’s enterprise Typical today’s enterprise environmentenvironment
Mobile phones /PDAsMobile phones /PDAs Various form factorsVarious form factors
BranchnetworksBranch
networksWirelessaccess
Wirelessaccess
ERP systems
ERP systems
Public web
portals
Public web
portals
Intranet portals
Intranet portals
(Smart) client
applications
(Smart) client
applications
CRM systems
CRM systems
CustomSystemsCustomSystemsCustom
SystemsCustomSystems
Custom systemsCustom
systems
Enterprise’s critical applications
7
Things aren’t getting simpler... (5/7)Things aren’t getting simpler... (5/7)
Development complexityDevelopment complexity
Mobile phones /PDAsMobile phones /PDAs Various form factorsVarious form factors
BranchnetworksBranch
networksWirelessaccess
Wirelessaccess
ERP systems
ERP systems
Public web
portals
Public web
portals
Intranet portals
Intranet portals
(Smart) client
applications
(Smart) client
applications
CRM systems
CRM systems
CustomSystemsCustomSystemsCustom
SystemsCustomSystems
Custom systemsCustom
systems
Enterprise’s critical applicationsEnterprise’s critical applications
1970s: mainframes and centralized computing1970s: mainframes and centralized computing(the “dumb terminals” era)(the “dumb terminals” era)1970s: mainframes and centralized computing1970s: mainframes and centralized computing(the “dumb terminals” era)(the “dumb terminals” era)
1980s: decentralization and client/server1980s: decentralization and client/server(the “fat clients” era)(the “fat clients” era)1980s: decentralization and client/server1980s: decentralization and client/server(the “fat clients” era)(the “fat clients” era)
1990s: client/server and the Web1990s: client/server and the Web(the beginning of “light clients” era)(the beginning of “light clients” era)1990s: client/server and the Web1990s: client/server and the Web(the beginning of “light clients” era)(the beginning of “light clients” era)
2000s: heterogeneous, 2000s: heterogeneous, distributed, deeply Integrated distributed, deeply Integrated systems (the “smart client” era)systems (the “smart client” era)
2000s: heterogeneous, 2000s: heterogeneous, distributed, deeply Integrated distributed, deeply Integrated systems (the “smart client” era)systems (the “smart client” era)
8
Things aren’t getting simpler... (6/7)Things aren’t getting simpler... (6/7)
Living in total chaosLiving in total chaos For all big enterprises, one constant: For all big enterprises, one constant:
heterogeneityheterogeneity
Hundreds, if not thousands, of applications, which are custom built, Hundreds, if not thousands, of applications, which are custom built, acquired from third party, part of a legacy system, or a combination acquired from third party, part of a legacy system, or a combination thereof, operating in multiple tiers of different operating system thereof, operating in multiple tiers of different operating system platforms, running on geographically dispersed sites...platforms, running on geographically dispersed sites...
How do businesses allow themselves to get into How do businesses allow themselves to get into such a mess?such a mess?
Business constraints, technical constraints, geographical constraints, Business constraints, technical constraints, geographical constraints, history, politics, merger/acquisitions...history, politics, merger/acquisitions...
Creating a single, huge application to run a complete business is next Creating a single, huge application to run a complete business is next to impossibleto impossible (hey, (hey, do you hear me, Soarian?do you hear me, Soarian?))
Spreading business across multiple applications provides the flexibility Spreading business across multiple applications provides the flexibility to select the “best” accounting package, the “best” CRM, the “best” to select the “best” accounting package, the “best” CRM, the “best” order processing system... for its needsorder processing system... for its needs
Overlap in functionality between different applicationsOverlap in functionality between different applications
And this will And this will never, evernever, ever change... change...
9
Things aren’t getting simpler... (7/7)Things aren’t getting simpler... (7/7)
Critical applicationsCritical applications
What’s a critical application?What’s a critical application? Any application that is critical to the proper running of a Any application that is critical to the proper running of a
business business Meaning that, if this application fails for any length of time, Meaning that, if this application fails for any length of time,
you may very well go out of businessyou may very well go out of business
How many business critical applications in How many business critical applications in a typical enterprise?a typical enterprise?
General Electrics (300,000 employees): more than General Electrics (300,000 employees): more than 6,0006,000 Télé Secrétariat (18 employees): Télé Secrétariat (18 employees): 33 in 1995; in 1995; 1515 in 2005 in 2005 SAP (32,000 employees): SAP (32,000 employees): 1 1
10
The thirst for true system integration (1/3)The thirst for true system integration (1/3)
Information silosInformation silos Most businesses rely on an ever increasing number of Most businesses rely on an ever increasing number of
critical applications, complex and costly to developcritical applications, complex and costly to develop Today, many of these applications are information silos Today, many of these applications are information silos
((“this data is mine!”“this data is mine!”) ) Silos make sense for software vendors, not for users...Silos make sense for software vendors, not for users... Information is hard to find and correlateInformation is hard to find and correlate
• No single application can cover all enterprise requirementsNo single application can cover all enterprise requirements
• No single application can manage all enterprise data No single application can manage all enterprise data
• Anyway, requirements and data change faster than you can develop Anyway, requirements and data change faster than you can develop applicationsapplications
• No user can possibly know (and care!) where which data isNo user can possibly know (and care!) where which data is
Result: information gathering is costlyResult: information gathering is costly Answering a question like Answering a question like
““What is the status of my business today?What is the status of my business today?””
on a on a global scaleglobal scale is next to impossible is next to impossible
11
The thirst for true system integration (2/3)The thirst for true system integration (2/3)
Today’s challengesToday’s challenges Design applications so that they easily integrate Design applications so that they easily integrate
with otherswith others... but also be prepared to integrate applications that ... but also be prepared to integrate applications that were never meant to be integrated!were never meant to be integrated!
Design applications so that they perform to Design applications so that they perform to specificationsspecifications
... but also scale to the unexpected!... but also scale to the unexpected!
Monitor and manage many applicationsMonitor and manage many applications Provide consistent usability across applicationsProvide consistent usability across applications Be ready to make changes as soon as possibleBe ready to make changes as soon as possible Build and roll out new functionality quicklyBuild and roll out new functionality quickly
12
The thirst for true system integration (3/3)The thirst for true system integration (3/3)
In other words: adapt or perishIn other words: adapt or perish
Be an Be an intimate service providerintimate service provider to your to your businessbusiness … … or get fired and outsourcedor get fired and outsourced
Automate and integrate to save timeAutomate and integrate to save time … … which you can spend on better servicewhich you can spend on better service … … which you can spend on more functionalitywhich you can spend on more functionality
Become a driver of optimizing work Become a driver of optimizing work organizationorganization … … instead of maintaining disks and patchesinstead of maintaining disks and patches ... instead of being driven... instead of being driven
Act, don't react!Act, don't react!
13
Integrating applications or ...Integrating applications or ...
... the Quest for the ... the Quest for the Holy GrailHoly Grail (nih?)(nih?)
14
The quest for the holy grail (1/8)The quest for the holy grail (1/8)
In the beginning there was...In the beginning there was...... Eden!... Eden!
My computer ...
Application A
Application B
Simple enough, Simple enough, uh?uh?
Remember “good old Remember “good old times”?times”?
DDEDDE OLE 2OLE 2 DLL hellDLL hell conflicting typelibsconflicting typelibs COM registration COM registration deployment deployment
nightmaresnightmares ......
And these are justAnd these are justtechnicalitiestechnicalities......
What aboutWhat about““semanticalities”semanticalities”??
15
The quest for the holy grail (2/8)The quest for the holy grail (2/8)
TechnicalitiesTechnicalities Even within the Even within the same applicationsame application, there are problems when , there are problems when
“parts” or modules developed in different contexts are “parts” or modules developed in different contexts are mixed...mixed...
Calling conventions and stack clean up: Pascal, CCalling conventions and stack clean up: Pascal, C Name manglingName mangling Type representations: strings (VB, C, Pascal, MFC, OLESTR, bstr, Type representations: strings (VB, C, Pascal, MFC, OLESTR, bstr,
ATL, STL, WTL...), floats (IEEE 754 or not...), dates (ex.: VB and MFC), ATL, STL, WTL...), floats (IEEE 754 or not...), dates (ex.: VB and MFC), structure padding...structure padding...
Mixing Unicode and ANSIMixing Unicode and ANSI Binary compatibilitiesBinary compatibilities Memory handlingMemory handling Threading modelsThreading models Deployment, versioning and registrationDeployment, versioning and registration
Across applications running on the Across applications running on the same machinesame machine, many , many techniques available with pros and constechniques available with pros and cons
DDE (still supported by Office 2003!)DDE (still supported by Office 2003!) shared data segments, DLL injection, memory mapped files...shared data segments, DLL injection, memory mapped files... COM(+)COM(+) .NET Interop, P/Invoke.NET Interop, P/Invoke mail slots, named pipes, sockets, .NET remoting (CLR to CLR)mail slots, named pipes, sockets, .NET remoting (CLR to CLR)
16
The quest for the holy grail (3/8)The quest for the holy grail (3/8)
”Semanticalities””Semanticalities”More “philosophical” questions:More “philosophical” questions:
How to expose application’s functionality in a consistent How to expose application’s functionality in a consistent way?way?
How to conciliate discrepancies in object models?How to conciliate discrepancies in object models? How to deal with changes in application’s “boundaries”?How to deal with changes in application’s “boundaries”? How to negotiate a “fallback” position when the How to negotiate a “fallback” position when the
available application isn’t the version we expect?available application isn’t the version we expect? How to support transaction handling across applications?How to support transaction handling across applications? How to federate security across applications?How to federate security across applications? What should happen if one of the applications crashes or What should happen if one of the applications crashes or
is temporarily unavailable?is temporarily unavailable? ......
17
The quest for the holy grail (4/8)The quest for the holy grail (4/8)
Things become a little bit more Things become a little bit more challengingchallenging
My Computer... Your Computer...
NetworkApplication
AApplication
B
One order of magnitude increase in complexity!One order of magnitude increase in complexity!
Network unreliabilityNetwork unreliability Call latencyCall latency Limited bandwidthLimited bandwidth Network is insecureNetwork is insecure Topology changesTopology changes Where is the administrator?Where is the administrator? Transport costTransport cost
Still more challenges...Still more challenges...
Little endian/big endian, word Little endian/big endian, word size...size...
Marshalling strategiesMarshalling strategies Shared states managementShared states management Concurrent access, resources Concurrent access, resources
pooling, load balancing...pooling, load balancing... Routing and NAT traversalRouting and NAT traversal Protocol must be “firewall Protocol must be “firewall
friendly”friendly”
18
The quest for the holy grail (5/8)The quest for the holy grail (5/8)
First attempt to make the network First attempt to make the network “transparent”“transparent”: : DCE/RPC DCE/RPC (circa 1991)(circa 1991)
My Computer... Your Computer...
x = foo(42)
ApplicationA
int foo(int bar)
ApplicationB
int foo(int bar)
Application Application B.IDLB.IDL
IDL compilerIDL compiler
ProxyProxyint foo(int bar)int foo(int bar)
DCE runtimeDCE runtime
StubStubint foo(int bar)int foo(int bar)
DCE runtimeDCE runtime
19
The quest for the holy grail (6/8)The quest for the holy grail (6/8)
Distributed ComputingDistributed Computing DCE was the first attempt to provide a complete distributed DCE was the first attempt to provide a complete distributed
computing environmentcomputing environment
Remote Procedure CallRemote Procedure Call Distributed securityDistributed security Distributed filesDistributed files Directory serviceDirectory service ......
But, when introduced by OSF...But, when introduced by OSF...
rejected by Sun (ONC)rejected by Sun (ONC) rejected by Novell (Netware RPC)rejected by Novell (Netware RPC) only partially supported by IBM (DSOM)only partially supported by IBM (DSOM) only partially implemented by Microsoft (MS/RPC)only partially implemented by Microsoft (MS/RPC)
Biggest problem with DCE:Biggest problem with DCE: “impedance mismatch” “impedance mismatch”
Nevertheless, RPC variants have been used as a base Nevertheless, RPC variants have been used as a base for implementing “distributed objects” technologies andfor implementing “distributed objects” technologies andso-called ORBs (object request brokers):so-called ORBs (object request brokers):
DCOMDCOM, , CORBACORBA, , DSOMDSOM, , Java RMIJava RMI
20
The quest for the holy grail (7/8)The quest for the holy grail (7/8)
The promises of DCOM and CORBAThe promises of DCOM and CORBA Applications can be seen as a set of distributed Applications can be seen as a set of distributed
objects or “components”objects or “components”
Pluggable architectures provides malleability:Pluggable architectures provides malleability:assemble and extend applications at your will by assemble and extend applications at your will by picking/replacing appropriate componentspicking/replacing appropriate components
Components can be used in unpredictable Components can be used in unpredictable combinationscombinations
Location transparencyLocation transparency
COM+ and CORBA Services: COM+ and CORBA Services: provide a global infrastructure for concurrency, provide a global infrastructure for concurrency, security and transaction handlingsecurity and transaction handling
Language neutralityLanguage neutrality
21
The quest for the holy grail (8/8)The quest for the holy grail (8/8)
Were those promises kept?Were those promises kept? Network transparency is a lure Network transparency is a lure Synchronous modelsSynchronous models Heavy runtime dependenciesHeavy runtime dependencies Deployment nightmares Deployment nightmares No cross platform interoperabilityNo cross platform interoperability Tight couplingTight coupling Deep binding Deep binding No real contract exchange (typelibs aren't contracts)No real contract exchange (typelibs aren't contracts) Other “oddities” (routability, firewalls...)Other “oddities” (routability, firewalls...)
More importantlyMore importantly::
The focus has always been on solving The focus has always been on solving technical technical integrationintegration
problems, but not on solving problems, but not on solving business integrationbusiness integration problemsproblems
Fundamentally flawed because of
Install two runtimes on each side?If they are available for both platforms...
Also a "collateral damage" of huge runtimesand the infrastructure they provide
22
Service Oriented ArchitecturesService Oriented Architecturesto the rescueto the rescue
"Rien ne se perd, rien ne se crée, tout se transforme"
Antoine Laurent de Lavoisier
"There is nothing special about web services. [...]
Web services will change the world."Steve Benfield, SilverStream Software
23
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
"Applications" vs "Systems" "Applications" vs "Systems" ApplicationApplication Functionality for a scoped set of requirementsFunctionality for a scoped set of requirements Customizable within scopeCustomizable within scope Runs on a defined platform, best suited for itRuns on a defined platform, best suited for it
SystemSystem Assembly of functions from multiple Assembly of functions from multiple
applicationsapplications Covers requirements beyond single app's Covers requirements beyond single app's
scopescope Runs on and across multiple platformsRuns on and across multiple platforms
24
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
The applications worldThe applications world
App C
PlanExaminations
App C
PlanExaminations
App B
Reserve a bed
App B
Reserve a bed
App A
Register Patient
App A
Register Patient
NursesNurses
Logon to PC
Logon to terminal
A patient is admitted
First application to registerthe patient
Second application toreserve a bed
Third application to plan examinations
Two logons,three applications,with the obligation to encodethe same information multiple times...whenever a patient is admitted
25
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
The system worldThe system world
App C
PlanExaminations
App C
PlanExaminations
App B
Reserve a bed
App B
Reserve a bed
App A
Register Patient
App A
Register Patient
NursesNurses
A patient is admitted
Patientregistrationservice
Bedreservati
on
service
Examinationsplanningservice
Patientadmissionservice
Facadesto
legacy applicatio
ns
Aggregator/Orchestrator
LogonSmart
Client
Web Form
Process (services domain)
built on top offunctionality
(applicationsdomain)
26
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
What is a service?What is a service? If you ask it to five people in the field, you'll If you ask it to five people in the field, you'll
probably get at least six different answersprobably get at least six different answers
Definition from the W3C (*):
A service is a software application or component identified by a URI, whose interfaces and binding are capable of being described by standard formats and supports direct interactions with other software applications or components via Internet-based protocols
(*) after two weeks of intense negotiations and 400 e-mails exchanged between the 75 members of the working group
27
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
What is a service?What is a service? Other definitions:Other definitions:
“Services are loosely coupled software components delivered over standard Internet technologies.” (Daryl Plummer, Gartner)
"Services are loosely coupled, reusable software components that semantically encapsulate discrete functionality and are distributed and programmatically accessible over standard Internet protocols.” (Brent Sleeper and Bill Robins, Stencil Group)
“A service is any piece of software that makes itself available over the Internet and uses a standardized XML messaging system.” (Ethan Cerami, author of Web Services Essentials)
28
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
What is a service?What is a service? The "pornography" definitionThe "pornography" definition
"I can't define it, but I know it when I see it""I can't define it, but I know it when I see it"
Business "invariants"Business "invariants"
Exposes capabilities of one or more applicationsExposes capabilities of one or more applications Used to build systems that span applicationsUsed to build systems that span applications
Technical "invariants"Technical "invariants"
The four tenets of service orientationThe four tenets of service orientation (next slide) (next slide) Support for asynchronous communicationSupport for asynchronous communication
29
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
The four tenets of service The four tenets of service orientationorientation P P olicy negotiated behaviorsolicy negotiated behaviors E E xplicitness of boundariesxplicitness of boundaries A A utonomyutonomy C C ontracts ontracts E E xchange of schemasxchange of schemas
What the heck does that mean?What the heck does that mean?
30
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
AutonomyAutonomy Services are Services are software agentssoftware agents. They are . They are "alive" "alive" and in control and in control
of their own activation/deactivation. They are free to spin of their own activation/deactivation. They are free to spin their own threads, they may wake up periodically to do work their own threads, they may wake up periodically to do work on their own...on their own...
Services Services control and hide their own statescontrol and hide their own states
ServicesServices OWN their data OWN their data
Services Services never share their states with othersnever share their states with others Don't depend on, or assume their is a common data Don't depend on, or assume their is a common data
storestore Don't depend on shared "in-memory" statesDon't depend on shared "in-memory" states Don't share states among instancesDon't share states among instances
No sideline communications between services and opaque No sideline communications between services and opaque side-effects: side-effects: all communications are always explicitall communications are always explicit
31
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Breaking the autonomy Breaking the autonomy principleprinciple
TTTT
DataDataDataData
TTTT TTTT
DataDataDataData
Store data, retrieve data token ("primary key")
Store data, retrieve data token ("primary key")
Pass tokenPass token
Pass token, retrieve data
Pass token, retrieve data
Can't switch data store without Siamese twin surgery
Can't switch data store without Siamese twin surgery
S1 S2
32
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Autonomous servicesAutonomous services
DataDataDataData
Pass data, not references
Pass data, not references
S1 S2
No assumption about shared data storeNo assumption about shared data storeNo assumption about shared data storeNo assumption about shared data store
33
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
ContractsContracts Earlier ORPC systems (DCOM, CORBA) attemptedEarlier ORPC systems (DCOM, CORBA) attempted
to hide all the wire-level details from the developerto hide all the wire-level details from the developer
OK when systems use the same ORPC infrastructure, OK when systems use the same ORPC infrastructure, but fails in a heterogeneous worldbut fails in a heterogeneous world
Solution: explicitly define what goes on the wire using open Solution: explicitly define what goes on the wire using open standards based on XMLstandards based on XML
In order for two entities to communicate they have to agree In order for two entities to communicate they have to agree on what, and how they do iton what, and how they do it
[Webster] Definitions of the word [Webster] Definitions of the word contractcontract A A binding agreementbinding agreement between two or more persons or between two or more persons or
partiesparties A document describing the terms of a contractA document describing the terms of a contract
34
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Contracts and interfacesContracts and interfaces A contract defines the complete interaction between two A contract defines the complete interaction between two
servicesservices
A contract is the A contract is the business protocolbusiness protocol
You send me a requestYou send me a request I send you back an estimation for priceI send you back an estimation for price You confirm you accept that priceYou confirm you accept that price I send you the results as soon as they are availableI send you the results as soon as they are available
Defines all Defines all messagesmessages and their format and their format Defines all possible Defines all possible message sequencesmessage sequences Defines protocols, authentication mechanisms…Defines protocols, authentication mechanisms…
THESE ARE THE ONLY THINGS EVER SHARED BETWEEN PARTIESTHESE ARE THE ONLY THINGS EVER SHARED BETWEEN PARTIES
A service interface specifies a role in a contractA service interface specifies a role in a contract
A contract establishes links between matching service interfacesA contract establishes links between matching service interfaces Think of a plug and a socketThink of a plug and a socket
Design timeaspects
35
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Contracts illustratedContracts illustrated
ContractContract
ServiceService
ServiceService
ProcessProcess
DocumentDocumentAA
DocumentDocumentCC11
DocumentDocumentCC22
DocumentDocumentBB
EitherEitherCC11 or C or C22
ProcessProcess
ContractContractService InterfaceService Interface
Service InterfaceService Interface
Service InterfaceService Interface
Service InterfaceService Interface
36
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Contracts enable loose couplingContracts enable loose coupling Tightly Coupled (the "ORPCs" world)Tightly Coupled (the "ORPCs" world)
Common trust domain, synchronous execution, Common trust domain, synchronous execution, shared transaction, shared life cycleshared transaction, shared life cycle
Loosely Coupled (the "services" world)Loosely Coupled (the "services" world)Different trust domains, asynchronous execution, separate Different trust domains, asynchronous execution, separate transactions, administered by different organizationstransactions, administered by different organizations
Component Component
Execution context
Service
Execution contextTrust Boundary
Communication Channel
Service(not running)
37
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
PoliciesPolicies Metadata defining the "runtime" part of contractsMetadata defining the "runtime" part of contracts
Regulate every aspects of service interactions and Regulate every aspects of service interactions and behaviorsbehaviors What are the credentials needed to access specific What are the credentials needed to access specific
service access points?service access points? Should messages be encrypted internally and/or Should messages be encrypted internally and/or
externally?externally? What messages should be signed?What messages should be signed? What about delivery guarantee and reliability?What about delivery guarantee and reliability? How to handle transactions?How to handle transactions? How to gracefully deal with situations where the service How to gracefully deal with situations where the service
on the other side is not the expected version?on the other side is not the expected version? How to dynamically route messages depending on some How to dynamically route messages depending on some
conditions?conditions?
Policies are assertions about services
Capabilities: "I can"Preferences: "I prefer"Requirements: "You must"
38
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Contracts and policies Contracts and policies illustratedillustrated
My organizationMy organization Your organizationYour organization
PolicyPolicy PolicyPolicy
My ServiceMy Service
ServiceService ServiceService
Your ServiceYour ServiceRuntime contractRuntime contract
Runtime ContractRuntime Contract
1. We’ll use SOAP over HTTPS1. We’ll use SOAP over HTTPS2. We'll sign confirmation messages2. We'll sign confirmation messages
Design time ContractDesign time Contract
1. I’ll send a request1. I’ll send a request2. You’ll send price proposal2. You’ll send price proposal3. I'll send confirmation3. I'll send confirmation4. You'll send results4. You'll send results
"My organization" policy"My organization" policy
1. Internally we’ll use binary SOAP over MSMQ1. Internally we’ll use binary SOAP over MSMQ2. Externally we’ll only allow SOAP over HTTPS2. Externally we’ll only allow SOAP over HTTPS3. Confirmation messages must be signed3. Confirmation messages must be signed
39
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Writing contractsWriting contracts Contracts (both for design time and run time) are Contracts (both for design time and run time) are
written following XML based standards defined by written following XML based standards defined by the W3C the W3C
WSDLWSDL/XML Schema used to define the messages /XML Schema used to define the messages exchangedexchanged
XML SchemaXML Schema used to define used to define data typesdata types ("message ("message parameters")parameters")
WS-*WS-* (or the so called "WS-Soup") (or the so called "WS-Soup")WS-Policy, WS-Trust, WS-Federation, WS-Security, WS-Policy, WS-Trust, WS-Federation, WS-Security, WS-Addressing and many, many others...WS-Addressing and many, many others...
40
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
XML Schemas for defining data XML Schemas for defining data typestypes<xsd:simpleType name=“Probability”> <xsd:restriction base="xsd:double"> <xsd:minInclusive value="0"/> <xsd:maxInclusive value="100"/> </xsd:restriction></xsd:simpleType>
<xsd:simpleType name=“Probability”> <xsd:restriction base="xsd:double"> <xsd:minInclusive value="0"/> <xsd:maxInclusive value="100"/> </xsd:restriction></xsd:simpleType>
<xsd:complexType name="PurchaseOrder"> <xsd:sequence> <xsd:element name="CompanyName" type="xsd:string"/> <xsd:element name="Items"> <xsd:complexType> <xsd:sequence> <xsd:element name="Item" maxOccurs="unbounded"> <xsd:complexType> <xsd:sequence> <xsd:element name="Quantity" type="xsd:int"/> <xsd:element name="UnitPrice" type="xsd:double"/> <xsd:element name="ExtendedPrice" type="xsd:double"/> </xsd:sequence> <xsd:attribute name="sku" type="xsd:string"/> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:sequence> <xsd:attribute name="id" type="xsd:string"/></xsd:complexType>
<xsd:complexType name="PurchaseOrder"> <xsd:sequence> <xsd:element name="CompanyName" type="xsd:string"/> <xsd:element name="Items"> <xsd:complexType> <xsd:sequence> <xsd:element name="Item" maxOccurs="unbounded"> <xsd:complexType> <xsd:sequence> <xsd:element name="Quantity" type="xsd:int"/> <xsd:element name="UnitPrice" type="xsd:double"/> <xsd:element name="ExtendedPrice" type="xsd:double"/> </xsd:sequence> <xsd:attribute name="sku" type="xsd:string"/> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:sequence> <xsd:attribute name="id" type="xsd:string"/></xsd:complexType>
41
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Explicitness of boundariesExplicitness of boundaries Services are always built according to a Services are always built according to a layered layered
architecturearchitecture
The outermost layer (i.e., the The outermost layer (i.e., the edgeedge) provides one or ) provides one or more access points (or "interfaces" or "APIs") to the more access points (or "interfaces" or "APIs") to the functionality offered by the servicefunctionality offered by the service
The code in that layer does only one thing:The code in that layer does only one thing: routeroute the the calls to the entities/resources capable of fulfilling calls to the entities/resources capable of fulfilling the corresponding requestthe corresponding request
The edge layer code never/ever contains any logicThe edge layer code never/ever contains any logic beside routing callsbeside routing calls
42
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Explicitness of boundariesExplicitness of boundaries
Service edgesMy Computer Your Computer
Service access points(URIs)
Admit ("Brabant", http://PatientAdmitted)
Service workers
Admit access point
PatientAdmittedaccess point
43
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Explicitness of boundariesExplicitness of boundaries
Crossing boundaries must always be explicitly visible in the codeCrossing boundaries must always be explicitly visible in the code
Remoting and RPC trick the programmer into thinking that there is no substantial difference between calling a local or a remote object. This is a damn lie, which always leads to disaster.
MyType obj = new MyType();obj.SomeOp();
MyType obj = new MyType();obj.SomeOp();
MyType obj = MyType.CreateProxy();obj.SomeOp();
MyType obj = MyType.CreateProxy();obj.SomeOp();
Console.Write(obj.SomeOp(1,2,3));Console.Write(obj.SomeOp(1,2,3));MyMessage msg = new MyMessage(1,2,3);MyReply reply = obj.SomeOp(msg);Console.Write(reply.Result);
MyMessage msg = new MyMessage(1,2,3);MyReply reply = obj.SomeOp(msg);Console.Write(reply.Result);
obj.CallMeBack(new MyByRefObj());obj.CallMeBack(new MyByRefObj());obj.CallMeBack( new EndpointReference("http:…"));
obj.CallMeBack( new EndpointReference("http:…"));
44
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
A (very) short introduction to A (very) short introduction to WSDLWSDL WWeb eb SService ervice DDescription escription LLanguageanguage
XML grammar for specifying the design time contract of a service
Allows to fully describe a service in term ofAllows to fully describe a service in term of
OperationsOperations what functionality the service provideswhat functionality the service provides InterfacesInterfaces how the functionality is exposed how the functionality is exposed MessagesMessages what travels on the wirewhat travels on the wire BindingsBindings what protocol to use (SOAP usually)what protocol to use (SOAP usually) EndpointsEndpoints what URIs must be used to access the what URIs must be used to access the
serviceservice
A single WSDL document can describe several versions of A single WSDL document can describe several versions of the same interfacethe same interface
A single WSDL document can describe several related A single WSDL document can describe several related servicesservices
45
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
WSDL skeletonWSDL skeleton<!-- WSDL definition structure --><!-- WSDL definition structure --><definitions name="MathService" targetNamespace="http://example.org/math/" <definitions name="MathService" targetNamespace="http://example.org/math/" xmlns="http://schemas.xmlsoap.org/wsdl/" >xmlns="http://schemas.xmlsoap.org/wsdl/" >
<!-- Abstract definitions --><!-- Abstract definitions --><types> ... </types><types> ... </types><message> ... </message><message> ... </message><portType> ... </portType><portType> ... </portType>
<!-- Concrete definitions --><!-- Concrete definitions --><binding> ... </binding><binding> ... </binding><service> ... </service><service> ... </service>
</definitions> </definitions>
Extremely verbose and not very human readable ButBut precise and complete precise and complete enough to allow enough to allow
unambiguous unambiguous
code generation from the contract description ...code generation from the contract description ... ... or to ... or to generate WSDL from code and meta datagenerate WSDL from code and meta data To "contract first" or not to "contract first", is a hotTo "contract first" or not to "contract first", is a hot
debate in the services worlddebate in the services world
46
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
A (very) short introduction to A (very) short introduction to SOAPSOAP SSimple imple OObject bject AAccess ccess PProtocolrotocol
XML grammarXML grammar for specifying for specifying how to exchange structured, how to exchange structured, typed data between servicestyped data between services
In other words: it provides a serialization format for In other words: it provides a serialization format for exchanging XML documents over a networkexchanging XML documents over a network
SOAP is often seen as a protocol for doing RPC over HTTP, SOAP is often seen as a protocol for doing RPC over HTTP, but this is much more than thatbut this is much more than that
It may be used for RPC like calls in client-server It may be used for RPC like calls in client-server applications, but it is also suitable for applications, but it is also suitable for multicast multicast (one-to-(one-to-many), and many), and publish-subscribepublish-subscribe models (i.e., it support models (i.e., it support asynchronous calls)asynchronous calls)
SOAP is not a transport protocolSOAP is not a transport protocol. You must attach your . You must attach your message to a transport mechanism like HTTP, SMTP, homing message to a transport mechanism like HTTP, SMTP, homing pigeons... (see RFC2459: IP over Avian Carriers with Quality pigeons... (see RFC2459: IP over Avian Carriers with Quality of Service)of Service)
47
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Structure of SOAP messagesStructure of SOAP messages A SOAP message is an XML document containing A SOAP message is an XML document containing
several parts:several parts: Envelope:Envelope: defines the start and the end of the message defines the start and the end of the message Header:Header: contains optional attributes (meta data) for the contains optional attributes (meta data) for the
message, used in processing the message, either at an message, used in processing the message, either at an intermediary point or at the ultimate end pointintermediary point or at the ultimate end point
Body:Body: contains the actual data being sent, serialized as contains the actual data being sent, serialized as an XML documentan XML document
Attachments:Attachments: one or more XML documents attached to one or more XML documents attached to the main messagethe main message
RPC interaction:RPC interaction: defines how to model RPC-style defines how to model RPC-style interactions with SOAPinteractions with SOAP
Encoding:Encoding: defines how to represent simple and complex defines how to represent simple and complex data being transmitted in the messagedata being transmitted in the message
48
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
Contracts and policies in a SOAP Contracts and policies in a SOAP messagemessage
<soap:Envelope> <soap:Header> … </soap:Header> <soap:Body> … </soap:Body></soap:Envelope>
<soap:Envelope> <soap:Header> … </soap:Header> <soap:Body> … </soap:Body></soap:Envelope>
SchemaSchema
WSDLWSDL
PolicyPolicy
Service ContractService Contract
Message ContractMessage Contract
WS-PolicyWS-PolicyAssertionsWS-PolicyAttachment
WS-PolicyWS-PolicyAssertionsWS-PolicyAttachment
W3C XML SchemaWSDL 1.1 / 1.2W3C XML SchemaWSDL 1.1 / 1.2
SOAP message
49
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
A (very) short introduction to UDDIA (very) short introduction to UDDI
UUniversal niversal DDistribution, istribution, DDiscovery, and iscovery, and IInteroperabilitynteroperability
Defines XML data models and SOAP APIs for Defines XML data models and SOAP APIs for registering and discovering services to/from a registering and discovering services to/from a service brokerservice broker
Service brokers are (public or private) Service brokers are (public or private) central central repositoriesrepositories replicated in a way similar to DNS replicated in a way similar to DNS (see, for example, http://www.uddi.org) (see, for example, http://www.uddi.org)
UDDI uses SOAP for registering and discovering UDDI uses SOAP for registering and discovering informationinformation
Doesn't seem to be very much in use until now, Doesn't seem to be very much in use until now, except for "toy" servicesexcept for "toy" services
50
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
UDDI principleUDDI principle
Service ProviderService Consumer
Service broker(central repository
of contracts)
Client Service
BindSOAP, XML
RegisterUDDI publish
XXX
FindUDDI find
XXXServiceContract
WSDL
Provides location
transparency
51
Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)
ConclusionsConclusions If you think about it, there isn't really much new in If you think about it, there isn't really much new in
all what we just saw. All aspects, principles, and all what we just saw. All aspects, principles, and techniques were already present, in one form or techniques were already present, in one form or another, in DCOM and CORBAanother, in DCOM and CORBA
We have reinvented the wheel once moreWe have reinvented the wheel once more
So, what do we gain fundamentally by using So, what do we gain fundamentally by using services?services?
What makes them more flexible and powerful What makes them more flexible and powerful than traditional ORPCs?than traditional ORPCs?
What was deeply buried and hidden in theWhat was deeply buried and hidden in theORPCs runtimes is now explicitly expressed ORPCs runtimes is now explicitly expressed
inin
XMLXMLand can easily be manipulated, transformed,and can easily be manipulated, transformed,
mapped, translated, whatever ... at every placemapped, translated, whatever ... at every placethe information traverses using standard XML the information traverses using standard XML
technologiestechnologiesWell, that's a
fiveseconds
summary,
of course
52
ResourcesResources Lots of articles / presentations available from meLots of articles / presentations available from me
Microsoft’s “Connected Systems” DVDMicrosoft’s “Connected Systems” DVD
http://msdn.microsoft.com/webservices/http://msdn.microsoft.com/webservices/
If you want to read only one book:If you want to read only one book:
"Web Services: a Technical Introduction""Web Services: a Technical Introduction"Deitel Developer SeriesDeitel Developer Series
platform neutral; platform neutral; contains both .NET and Java examples;contains both .NET and Java examples;covers pretty much all the shebangcovers pretty much all the shebang
53
Questions?Questions?Questions?Questions?
??