Webservices

David Brabant, Siemens MEDDavid Brabant, Siemens MED

2

AgendaAgenda Part1: SOA for “dummies”Part1: SOA for “dummies”

(a soft introduction to service oriented architectures)(a soft introduction to service oriented architectures)

Things aren’t getting simpler...Things aren’t getting simpler... The thirst for true system integrationThe thirst for true system integration

The Quest for the The Quest for the Holy GrailHoly Grail Service Oriented Architectures to the rescueService Oriented Architectures to the rescue Conclusions & questionsConclusions & questions

Part 2: SOA for “smarties”Part 2: SOA for “smarties”(not for the faint of heart)(not for the faint of heart) Depends on your feedback todayDepends on your feedback today

3

Things aren’t getting simpler... (1/7)Things aren’t getting simpler... (1/7)

Yesterday’s development tools Yesterday’s development tools (circa 1983)(circa 1983)

““Visual Studio”Visual Studio”

Sophisticated Sophisticated features:features:

cut, copy and paste,cut, copy and paste,delete/undelete,delete/undelete,undo/redo stackundo/redo stack

Can be learned in less than 1 Can be learned in less than 1 hour!hour!

4


Today’s development tools...Today’s development tools...(circa

2005)

Every oval on this Every oval on this figure requires figure requires

severalseveraldays to severaldays to severalmonths of trainingmonths of trainingbefore being fullybefore being fullymastered...mastered...

5

Things aren’t getting simpler (3/7)Things aren’t getting simpler (3/7)

Typical enterprise environment Typical enterprise environment (circa (circa 1983)1983)

Mini or mainframe

Enterprise’sEnterprise’scritical critical

applicationsapplications

Typical configuration for a VAX 11/750

• 32 bits, 6 MHz processor• 12 MB of memory• 2 x 400 MB disks

Sony Ericsson K750i (2005)

• 32 bits, 200 MHz processor• 32 MB ROM• 64 MB RAM• 4GB memory stick available• Java virtual machine

6


Typical today’s enterprise Typical today’s enterprise environmentenvironment

Mobile phones /PDAsMobile phones /PDAs Various form factorsVarious form factors

BranchnetworksBranch

networksWirelessaccess

Wirelessaccess

ERP systems

ERP systems

Public web

portals

Public web

portals

Intranet portals

Intranet portals

(Smart) client

applications

(Smart) client

applications

CRM systems

CRM systems

CustomSystemsCustomSystemsCustom

SystemsCustomSystems

Custom systemsCustom

systems

Enterprise’s critical applications

7


Development complexityDevelopment complexity

Mobile phones /PDAsMobile phones /PDAs Various form factorsVarious form factors

BranchnetworksBranch

networksWirelessaccess

Wirelessaccess

ERP systems

ERP systems

Public web

portals

Public web

portals

Intranet portals

Intranet portals

(Smart) client

applications

(Smart) client

applications

CRM systems

CRM systems

CustomSystemsCustomSystemsCustom

SystemsCustomSystems

Custom systemsCustom

systems

Enterprise’s critical applicationsEnterprise’s critical applications

1970s: mainframes and centralized computing1970s: mainframes and centralized computing(the “dumb terminals” era)(the “dumb terminals” era)1970s: mainframes and centralized computing1970s: mainframes and centralized computing(the “dumb terminals” era)(the “dumb terminals” era)

1980s: decentralization and client/server1980s: decentralization and client/server(the “fat clients” era)(the “fat clients” era)1980s: decentralization and client/server1980s: decentralization and client/server(the “fat clients” era)(the “fat clients” era)

1990s: client/server and the Web1990s: client/server and the Web(the beginning of “light clients” era)(the beginning of “light clients” era)1990s: client/server and the Web1990s: client/server and the Web(the beginning of “light clients” era)(the beginning of “light clients” era)

2000s: heterogeneous, 2000s: heterogeneous, distributed, deeply Integrated distributed, deeply Integrated systems (the “smart client” era)systems (the “smart client” era)

2000s: heterogeneous, 2000s: heterogeneous, distributed, deeply Integrated distributed, deeply Integrated systems (the “smart client” era)systems (the “smart client” era)

8


Living in total chaosLiving in total chaos For all big enterprises, one constant: For all big enterprises, one constant:

heterogeneityheterogeneity

Hundreds, if not thousands, of applications, which are custom built, Hundreds, if not thousands, of applications, which are custom built, acquired from third party, part of a legacy system, or a combination acquired from third party, part of a legacy system, or a combination thereof, operating in multiple tiers of different operating system thereof, operating in multiple tiers of different operating system platforms, running on geographically dispersed sites...platforms, running on geographically dispersed sites...

How do businesses allow themselves to get into How do businesses allow themselves to get into such a mess?such a mess?

Business constraints, technical constraints, geographical constraints, Business constraints, technical constraints, geographical constraints, history, politics, merger/acquisitions...history, politics, merger/acquisitions...

Creating a single, huge application to run a complete business is next Creating a single, huge application to run a complete business is next to impossibleto impossible (hey, (hey, do you hear me, Soarian?do you hear me, Soarian?))

Spreading business across multiple applications provides the flexibility Spreading business across multiple applications provides the flexibility to select the “best” accounting package, the “best” CRM, the “best” to select the “best” accounting package, the “best” CRM, the “best” order processing system... for its needsorder processing system... for its needs

Overlap in functionality between different applicationsOverlap in functionality between different applications

And this will And this will never, evernever, ever change... change...

9


Critical applicationsCritical applications

What’s a critical application?What’s a critical application? Any application that is critical to the proper running of a Any application that is critical to the proper running of a

business business Meaning that, if this application fails for any length of time, Meaning that, if this application fails for any length of time,

you may very well go out of businessyou may very well go out of business

How many business critical applications in How many business critical applications in a typical enterprise?a typical enterprise?

General Electrics (300,000 employees): more than General Electrics (300,000 employees): more than 6,0006,000 Télé Secrétariat (18 employees): Télé Secrétariat (18 employees): 33 in 1995; in 1995; 1515 in 2005 in 2005 SAP (32,000 employees): SAP (32,000 employees): 1 1

10

The thirst for true system integration (1/3)The thirst for true system integration (1/3)

Information silosInformation silos Most businesses rely on an ever increasing number of Most businesses rely on an ever increasing number of

critical applications, complex and costly to developcritical applications, complex and costly to develop Today, many of these applications are information silos Today, many of these applications are information silos

((“this data is mine!”“this data is mine!”) ) Silos make sense for software vendors, not for users...Silos make sense for software vendors, not for users... Information is hard to find and correlateInformation is hard to find and correlate

• No single application can cover all enterprise requirementsNo single application can cover all enterprise requirements

• No single application can manage all enterprise data No single application can manage all enterprise data

• Anyway, requirements and data change faster than you can develop Anyway, requirements and data change faster than you can develop applicationsapplications

• No user can possibly know (and care!) where which data isNo user can possibly know (and care!) where which data is

Result: information gathering is costlyResult: information gathering is costly Answering a question like Answering a question like

““What is the status of my business today?What is the status of my business today?””

on a on a global scaleglobal scale is next to impossible is next to impossible

11


Today’s challengesToday’s challenges Design applications so that they easily integrate Design applications so that they easily integrate

with otherswith others... but also be prepared to integrate applications that ... but also be prepared to integrate applications that were never meant to be integrated!were never meant to be integrated!

Design applications so that they perform to Design applications so that they perform to specificationsspecifications

... but also scale to the unexpected!... but also scale to the unexpected!

Monitor and manage many applicationsMonitor and manage many applications Provide consistent usability across applicationsProvide consistent usability across applications Be ready to make changes as soon as possibleBe ready to make changes as soon as possible Build and roll out new functionality quicklyBuild and roll out new functionality quickly

12


In other words: adapt or perishIn other words: adapt or perish

Be an Be an intimate service providerintimate service provider to your to your businessbusiness … … or get fired and outsourcedor get fired and outsourced

Automate and integrate to save timeAutomate and integrate to save time … … which you can spend on better servicewhich you can spend on better service … … which you can spend on more functionalitywhich you can spend on more functionality

Become a driver of optimizing work Become a driver of optimizing work organizationorganization … … instead of maintaining disks and patchesinstead of maintaining disks and patches ... instead of being driven... instead of being driven

Act, don't react!Act, don't react!

13

Integrating applications or ...Integrating applications or ...

... the Quest for the ... the Quest for the Holy GrailHoly Grail (nih?)(nih?)

14

The quest for the holy grail (1/8)The quest for the holy grail (1/8)

In the beginning there was...In the beginning there was...... Eden!... Eden!

My computer ...

Application A

Application B

Simple enough, Simple enough, uh?uh?

Remember “good old Remember “good old times”?times”?

DDEDDE OLE 2OLE 2 DLL hellDLL hell conflicting typelibsconflicting typelibs COM registration COM registration deployment deployment

nightmaresnightmares ......

And these are justAnd these are justtechnicalitiestechnicalities......

What aboutWhat about““semanticalities”semanticalities”??

15


TechnicalitiesTechnicalities Even within the Even within the same applicationsame application, there are problems when , there are problems when

“parts” or modules developed in different contexts are “parts” or modules developed in different contexts are mixed...mixed...

Calling conventions and stack clean up: Pascal, CCalling conventions and stack clean up: Pascal, C Name manglingName mangling Type representations: strings (VB, C, Pascal, MFC, OLESTR, bstr, Type representations: strings (VB, C, Pascal, MFC, OLESTR, bstr,

ATL, STL, WTL...), floats (IEEE 754 or not...), dates (ex.: VB and MFC), ATL, STL, WTL...), floats (IEEE 754 or not...), dates (ex.: VB and MFC), structure padding...structure padding...

Mixing Unicode and ANSIMixing Unicode and ANSI Binary compatibilitiesBinary compatibilities Memory handlingMemory handling Threading modelsThreading models Deployment, versioning and registrationDeployment, versioning and registration

Across applications running on the Across applications running on the same machinesame machine, many , many techniques available with pros and constechniques available with pros and cons

DDE (still supported by Office 2003!)DDE (still supported by Office 2003!) shared data segments, DLL injection, memory mapped files...shared data segments, DLL injection, memory mapped files... COM(+)COM(+) .NET Interop, P/Invoke.NET Interop, P/Invoke mail slots, named pipes, sockets, .NET remoting (CLR to CLR)mail slots, named pipes, sockets, .NET remoting (CLR to CLR)

16


”Semanticalities””Semanticalities”More “philosophical” questions:More “philosophical” questions:

How to expose application’s functionality in a consistent How to expose application’s functionality in a consistent way?way?

How to conciliate discrepancies in object models?How to conciliate discrepancies in object models? How to deal with changes in application’s “boundaries”?How to deal with changes in application’s “boundaries”? How to negotiate a “fallback” position when the How to negotiate a “fallback” position when the

available application isn’t the version we expect?available application isn’t the version we expect? How to support transaction handling across applications?How to support transaction handling across applications? How to federate security across applications?How to federate security across applications? What should happen if one of the applications crashes or What should happen if one of the applications crashes or

is temporarily unavailable?is temporarily unavailable? ......

17


Things become a little bit more Things become a little bit more challengingchallenging

My Computer... Your Computer...

NetworkApplication

AApplication

B

One order of magnitude increase in complexity!One order of magnitude increase in complexity!

Network unreliabilityNetwork unreliability Call latencyCall latency Limited bandwidthLimited bandwidth Network is insecureNetwork is insecure Topology changesTopology changes Where is the administrator?Where is the administrator? Transport costTransport cost

Still more challenges...Still more challenges...

Little endian/big endian, word Little endian/big endian, word size...size...

Marshalling strategiesMarshalling strategies Shared states managementShared states management Concurrent access, resources Concurrent access, resources

pooling, load balancing...pooling, load balancing... Routing and NAT traversalRouting and NAT traversal Protocol must be “firewall Protocol must be “firewall

friendly”friendly”

18


First attempt to make the network First attempt to make the network “transparent”“transparent”: : DCE/RPC DCE/RPC (circa 1991)(circa 1991)

My Computer... Your Computer...

x = foo(42)

ApplicationA

int foo(int bar)

ApplicationB

int foo(int bar)

Application Application B.IDLB.IDL

IDL compilerIDL compiler

ProxyProxyint foo(int bar)int foo(int bar)

DCE runtimeDCE runtime

StubStubint foo(int bar)int foo(int bar)

DCE runtimeDCE runtime

19


Distributed ComputingDistributed Computing DCE was the first attempt to provide a complete distributed DCE was the first attempt to provide a complete distributed

computing environmentcomputing environment

Remote Procedure CallRemote Procedure Call Distributed securityDistributed security Distributed filesDistributed files Directory serviceDirectory service ......

But, when introduced by OSF...But, when introduced by OSF...

rejected by Sun (ONC)rejected by Sun (ONC) rejected by Novell (Netware RPC)rejected by Novell (Netware RPC) only partially supported by IBM (DSOM)only partially supported by IBM (DSOM) only partially implemented by Microsoft (MS/RPC)only partially implemented by Microsoft (MS/RPC)

Biggest problem with DCE:Biggest problem with DCE: “impedance mismatch” “impedance mismatch”

Nevertheless, RPC variants have been used as a base Nevertheless, RPC variants have been used as a base for implementing “distributed objects” technologies andfor implementing “distributed objects” technologies andso-called ORBs (object request brokers):so-called ORBs (object request brokers):

DCOMDCOM, , CORBACORBA, , DSOMDSOM, , Java RMIJava RMI

20


The promises of DCOM and CORBAThe promises of DCOM and CORBA Applications can be seen as a set of distributed Applications can be seen as a set of distributed

objects or “components”objects or “components”

Pluggable architectures provides malleability:Pluggable architectures provides malleability:assemble and extend applications at your will by assemble and extend applications at your will by picking/replacing appropriate componentspicking/replacing appropriate components

Components can be used in unpredictable Components can be used in unpredictable combinationscombinations

Location transparencyLocation transparency

COM+ and CORBA Services: COM+ and CORBA Services: provide a global infrastructure for concurrency, provide a global infrastructure for concurrency, security and transaction handlingsecurity and transaction handling

Language neutralityLanguage neutrality

21


Were those promises kept?Were those promises kept? Network transparency is a lure Network transparency is a lure Synchronous modelsSynchronous models Heavy runtime dependenciesHeavy runtime dependencies Deployment nightmares Deployment nightmares No cross platform interoperabilityNo cross platform interoperability Tight couplingTight coupling Deep binding Deep binding No real contract exchange (typelibs aren't contracts)No real contract exchange (typelibs aren't contracts) Other “oddities” (routability, firewalls...)Other “oddities” (routability, firewalls...)

More importantlyMore importantly::

The focus has always been on solving The focus has always been on solving technical technical integrationintegration

problems, but not on solving problems, but not on solving business integrationbusiness integration problemsproblems

Fundamentally flawed because of

Install two runtimes on each side?If they are available for both platforms...

Also a "collateral damage" of huge runtimesand the infrastructure they provide

22

Service Oriented ArchitecturesService Oriented Architecturesto the rescueto the rescue

"Rien ne se perd, rien ne se crée, tout se transforme"

Antoine Laurent de Lavoisier

"There is nothing special about web services. [...]

Web services will change the world."Steve Benfield, SilverStream Software

23

Service Oriented Architectures to the rescue (1/?)Service Oriented Architectures to the rescue (1/?)

"Applications" vs "Systems" "Applications" vs "Systems" ApplicationApplication Functionality for a scoped set of requirementsFunctionality for a scoped set of requirements Customizable within scopeCustomizable within scope Runs on a defined platform, best suited for itRuns on a defined platform, best suited for it

SystemSystem Assembly of functions from multiple Assembly of functions from multiple

applicationsapplications Covers requirements beyond single app's Covers requirements beyond single app's

scopescope Runs on and across multiple platformsRuns on and across multiple platforms

24


The applications worldThe applications world

App C

PlanExaminations

App C

PlanExaminations

App B

Reserve a bed

App B

Reserve a bed

App A

Register Patient

App A

Register Patient

NursesNurses

Logon to PC

Logon to terminal

A patient is admitted

First application to registerthe patient

Second application toreserve a bed

Third application to plan examinations

Two logons,three applications,with the obligation to encodethe same information multiple times...whenever a patient is admitted

25


The system worldThe system world

App C

PlanExaminations

App C

PlanExaminations

App B

Reserve a bed

App B

Reserve a bed

App A

Register Patient

App A

Register Patient

NursesNurses

A patient is admitted

Patientregistrationservice

Bedreservati

on

service

Examinationsplanningservice

Patientadmissionservice

Facadesto

legacy applicatio

ns

Aggregator/Orchestrator

LogonSmart

Client

Web Form

Process (services domain)

built on top offunctionality

(applicationsdomain)

26


What is a service?What is a service? If you ask it to five people in the field, you'll If you ask it to five people in the field, you'll

probably get at least six different answersprobably get at least six different answers

Definition from the W3C (*):

A service is a software application or component identified by a URI, whose interfaces and binding are capable of being described by standard formats and supports direct interactions with other software applications or components via Internet-based protocols

(*) after two weeks of intense negotiations and 400 e-mails exchanged between the 75 members of the working group

27


What is a service?What is a service? Other definitions:Other definitions:

“Services are loosely coupled software components delivered over standard Internet technologies.” (Daryl Plummer, Gartner)

"Services are loosely coupled, reusable software components that semantically encapsulate discrete functionality and are distributed and programmatically accessible over standard Internet protocols.” (Brent Sleeper and Bill Robins, Stencil Group)

“A service is any piece of software that makes itself available over the Internet and uses a standardized XML messaging system.” (Ethan Cerami, author of Web Services Essentials)

28


What is a service?What is a service? The "pornography" definitionThe "pornography" definition

"I can't define it, but I know it when I see it""I can't define it, but I know it when I see it"

Business "invariants"Business "invariants"

Exposes capabilities of one or more applicationsExposes capabilities of one or more applications Used to build systems that span applicationsUsed to build systems that span applications

Technical "invariants"Technical "invariants"

The four tenets of service orientationThe four tenets of service orientation (next slide) (next slide) Support for asynchronous communicationSupport for asynchronous communication

29


The four tenets of service The four tenets of service orientationorientation P P olicy negotiated behaviorsolicy negotiated behaviors E E xplicitness of boundariesxplicitness of boundaries A A utonomyutonomy C C ontracts ontracts E E xchange of schemasxchange of schemas

What the heck does that mean?What the heck does that mean?

30


AutonomyAutonomy Services are Services are software agentssoftware agents. They are . They are "alive" "alive" and in control and in control

of their own activation/deactivation. They are free to spin of their own activation/deactivation. They are free to spin their own threads, they may wake up periodically to do work their own threads, they may wake up periodically to do work on their own...on their own...

Services Services control and hide their own statescontrol and hide their own states

ServicesServices OWN their data OWN their data

Services Services never share their states with othersnever share their states with others Don't depend on, or assume their is a common data Don't depend on, or assume their is a common data

storestore Don't depend on shared "in-memory" statesDon't depend on shared "in-memory" states Don't share states among instancesDon't share states among instances

No sideline communications between services and opaque No sideline communications between services and opaque side-effects: side-effects: all communications are always explicitall communications are always explicit

31


Breaking the autonomy Breaking the autonomy principleprinciple

TTTT

DataDataDataData

TTTT TTTT

DataDataDataData

Store data, retrieve data token ("primary key")

Store data, retrieve data token ("primary key")

Pass tokenPass token

Pass token, retrieve data

Pass token, retrieve data

Can't switch data store without Siamese twin surgery

Can't switch data store without Siamese twin surgery

S1 S2

32


Autonomous servicesAutonomous services

DataDataDataData

Pass data, not references

Pass data, not references

S1 S2

No assumption about shared data storeNo assumption about shared data storeNo assumption about shared data storeNo assumption about shared data store

33


ContractsContracts Earlier ORPC systems (DCOM, CORBA) attemptedEarlier ORPC systems (DCOM, CORBA) attempted

to hide all the wire-level details from the developerto hide all the wire-level details from the developer

OK when systems use the same ORPC infrastructure, OK when systems use the same ORPC infrastructure, but fails in a heterogeneous worldbut fails in a heterogeneous world

Solution: explicitly define what goes on the wire using open Solution: explicitly define what goes on the wire using open standards based on XMLstandards based on XML

In order for two entities to communicate they have to agree In order for two entities to communicate they have to agree on what, and how they do iton what, and how they do it

[Webster] Definitions of the word [Webster] Definitions of the word contractcontract A A binding agreementbinding agreement between two or more persons or between two or more persons or

partiesparties A document describing the terms of a contractA document describing the terms of a contract

34


Contracts and interfacesContracts and interfaces A contract defines the complete interaction between two A contract defines the complete interaction between two

servicesservices

A contract is the A contract is the business protocolbusiness protocol

You send me a requestYou send me a request I send you back an estimation for priceI send you back an estimation for price You confirm you accept that priceYou confirm you accept that price I send you the results as soon as they are availableI send you the results as soon as they are available

Defines all Defines all messagesmessages and their format and their format Defines all possible Defines all possible message sequencesmessage sequences Defines protocols, authentication mechanisms…Defines protocols, authentication mechanisms…

THESE ARE THE ONLY THINGS EVER SHARED BETWEEN PARTIESTHESE ARE THE ONLY THINGS EVER SHARED BETWEEN PARTIES

A service interface specifies a role in a contractA service interface specifies a role in a contract

A contract establishes links between matching service interfacesA contract establishes links between matching service interfaces Think of a plug and a socketThink of a plug and a socket

Design timeaspects

35


Contracts illustratedContracts illustrated

ContractContract

ServiceService

ServiceService

ProcessProcess

DocumentDocumentAA

DocumentDocumentCC11

DocumentDocumentCC22

DocumentDocumentBB

EitherEitherCC11 or C or C22

ProcessProcess

ContractContractService InterfaceService Interface

Service InterfaceService Interface



36


Contracts enable loose couplingContracts enable loose coupling Tightly Coupled (the "ORPCs" world)Tightly Coupled (the "ORPCs" world)

Common trust domain, synchronous execution, Common trust domain, synchronous execution, shared transaction, shared life cycleshared transaction, shared life cycle

Loosely Coupled (the "services" world)Loosely Coupled (the "services" world)Different trust domains, asynchronous execution, separate Different trust domains, asynchronous execution, separate transactions, administered by different organizationstransactions, administered by different organizations

Component Component

Execution context

Service

Execution contextTrust Boundary

Communication Channel

Service(not running)

37


PoliciesPolicies Metadata defining the "runtime" part of contractsMetadata defining the "runtime" part of contracts

Regulate every aspects of service interactions and Regulate every aspects of service interactions and behaviorsbehaviors What are the credentials needed to access specific What are the credentials needed to access specific

service access points?service access points? Should messages be encrypted internally and/or Should messages be encrypted internally and/or

externally?externally? What messages should be signed?What messages should be signed? What about delivery guarantee and reliability?What about delivery guarantee and reliability? How to handle transactions?How to handle transactions? How to gracefully deal with situations where the service How to gracefully deal with situations where the service

on the other side is not the expected version?on the other side is not the expected version? How to dynamically route messages depending on some How to dynamically route messages depending on some

conditions?conditions?

Policies are assertions about services

Capabilities: "I can"Preferences: "I prefer"Requirements: "You must"

38


Contracts and policies Contracts and policies illustratedillustrated

My organizationMy organization Your organizationYour organization

PolicyPolicy PolicyPolicy

My ServiceMy Service

ServiceService ServiceService

Your ServiceYour ServiceRuntime contractRuntime contract

Runtime ContractRuntime Contract

1. We’ll use SOAP over HTTPS1. We’ll use SOAP over HTTPS2. We'll sign confirmation messages2. We'll sign confirmation messages

Design time ContractDesign time Contract

1. I’ll send a request1. I’ll send a request2. You’ll send price proposal2. You’ll send price proposal3. I'll send confirmation3. I'll send confirmation4. You'll send results4. You'll send results

"My organization" policy"My organization" policy

1. Internally we’ll use binary SOAP over MSMQ1. Internally we’ll use binary SOAP over MSMQ2. Externally we’ll only allow SOAP over HTTPS2. Externally we’ll only allow SOAP over HTTPS3. Confirmation messages must be signed3. Confirmation messages must be signed

39


Writing contractsWriting contracts Contracts (both for design time and run time) are Contracts (both for design time and run time) are

written following XML based standards defined by written following XML based standards defined by the W3C the W3C

WSDLWSDL/XML Schema used to define the messages /XML Schema used to define the messages exchangedexchanged

XML SchemaXML Schema used to define used to define data typesdata types ("message ("message parameters")parameters")

WS-*WS-* (or the so called "WS-Soup") (or the so called "WS-Soup")WS-Policy, WS-Trust, WS-Federation, WS-Security, WS-Policy, WS-Trust, WS-Federation, WS-Security, WS-Addressing and many, many others...WS-Addressing and many, many others...

40


XML Schemas for defining data XML Schemas for defining data typestypes<xsd:simpleType name=“Probability”> <xsd:restriction base="xsd:double"> <xsd:minInclusive value="0"/> <xsd:maxInclusive value="100"/> </xsd:restriction></xsd:simpleType>

<xsd:simpleType name=“Probability”> <xsd:restriction base="xsd:double"> <xsd:minInclusive value="0"/> <xsd:maxInclusive value="100"/> </xsd:restriction></xsd:simpleType>

<xsd:complexType name="PurchaseOrder"> <xsd:sequence> <xsd:element name="CompanyName" type="xsd:string"/> <xsd:element name="Items"> <xsd:complexType> <xsd:sequence> <xsd:element name="Item" maxOccurs="unbounded"> <xsd:complexType> <xsd:sequence> <xsd:element name="Quantity" type="xsd:int"/> <xsd:element name="UnitPrice" type="xsd:double"/> <xsd:element name="ExtendedPrice" type="xsd:double"/> </xsd:sequence> <xsd:attribute name="sku" type="xsd:string"/> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:sequence> <xsd:attribute name="id" type="xsd:string"/></xsd:complexType>

<xsd:complexType name="PurchaseOrder"> <xsd:sequence> <xsd:element name="CompanyName" type="xsd:string"/> <xsd:element name="Items"> <xsd:complexType> <xsd:sequence> <xsd:element name="Item" maxOccurs="unbounded"> <xsd:complexType> <xsd:sequence> <xsd:element name="Quantity" type="xsd:int"/> <xsd:element name="UnitPrice" type="xsd:double"/> <xsd:element name="ExtendedPrice" type="xsd:double"/> </xsd:sequence> <xsd:attribute name="sku" type="xsd:string"/> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:sequence> <xsd:attribute name="id" type="xsd:string"/></xsd:complexType>

41


Explicitness of boundariesExplicitness of boundaries Services are always built according to a Services are always built according to a layered layered

architecturearchitecture

The outermost layer (i.e., the The outermost layer (i.e., the edgeedge) provides one or ) provides one or more access points (or "interfaces" or "APIs") to the more access points (or "interfaces" or "APIs") to the functionality offered by the servicefunctionality offered by the service

The code in that layer does only one thing:The code in that layer does only one thing: routeroute the the calls to the entities/resources capable of fulfilling calls to the entities/resources capable of fulfilling the corresponding requestthe corresponding request

The edge layer code never/ever contains any logicThe edge layer code never/ever contains any logic beside routing callsbeside routing calls

42


Explicitness of boundariesExplicitness of boundaries

Service edgesMy Computer Your Computer

Service access points(URIs)

Admit ("Brabant", http://PatientAdmitted)

Service workers

Admit access point

PatientAdmittedaccess point

43


Explicitness of boundariesExplicitness of boundaries

Crossing boundaries must always be explicitly visible in the codeCrossing boundaries must always be explicitly visible in the code

Remoting and RPC trick the programmer into thinking that there is no substantial difference between calling a local or a remote object. This is a damn lie, which always leads to disaster.

MyType obj = new MyType();obj.SomeOp();

MyType obj = new MyType();obj.SomeOp();

MyType obj = MyType.CreateProxy();obj.SomeOp();

MyType obj = MyType.CreateProxy();obj.SomeOp();

Console.Write(obj.SomeOp(1,2,3));Console.Write(obj.SomeOp(1,2,3));MyMessage msg = new MyMessage(1,2,3);MyReply reply = obj.SomeOp(msg);Console.Write(reply.Result);

MyMessage msg = new MyMessage(1,2,3);MyReply reply = obj.SomeOp(msg);Console.Write(reply.Result);

obj.CallMeBack(new MyByRefObj());obj.CallMeBack(new MyByRefObj());obj.CallMeBack( new EndpointReference("http:…"));

obj.CallMeBack( new EndpointReference("http:…"));

44


A (very) short introduction to A (very) short introduction to WSDLWSDL WWeb eb SService ervice DDescription escription LLanguageanguage

XML grammar for specifying the design time contract of a service

Allows to fully describe a service in term ofAllows to fully describe a service in term of

OperationsOperations what functionality the service provideswhat functionality the service provides InterfacesInterfaces how the functionality is exposed how the functionality is exposed MessagesMessages what travels on the wirewhat travels on the wire BindingsBindings what protocol to use (SOAP usually)what protocol to use (SOAP usually) EndpointsEndpoints what URIs must be used to access the what URIs must be used to access the

serviceservice

A single WSDL document can describe several versions of A single WSDL document can describe several versions of the same interfacethe same interface

A single WSDL document can describe several related A single WSDL document can describe several related servicesservices

45


WSDL skeletonWSDL skeleton<definitions name="MathService" targetNamespace="http://example.org/math/" <definitions name="MathService" targetNamespace="http://example.org/math/" xmlns="http://schemas.xmlsoap.org/wsdl/" >xmlns="http://schemas.xmlsoap.org/wsdl/" >

<types> ... </types><types> ... </types><message> ... </message><message> ... </message><portType> ... </portType><portType> ... </portType>

<binding> ... </binding><binding> ... </binding><service> ... </service><service> ... </service>

</definitions> </definitions>

Extremely verbose and not very human readable ButBut precise and complete precise and complete enough to allow enough to allow

unambiguous unambiguous

code generation from the contract description ...code generation from the contract description ... ... or to ... or to generate WSDL from code and meta datagenerate WSDL from code and meta data To "contract first" or not to "contract first", is a hotTo "contract first" or not to "contract first", is a hot

debate in the services worlddebate in the services world

46


A (very) short introduction to A (very) short introduction to SOAPSOAP SSimple imple OObject bject AAccess ccess PProtocolrotocol

XML grammarXML grammar for specifying for specifying how to exchange structured, how to exchange structured, typed data between servicestyped data between services

In other words: it provides a serialization format for In other words: it provides a serialization format for exchanging XML documents over a networkexchanging XML documents over a network

SOAP is often seen as a protocol for doing RPC over HTTP, SOAP is often seen as a protocol for doing RPC over HTTP, but this is much more than thatbut this is much more than that

It may be used for RPC like calls in client-server It may be used for RPC like calls in client-server applications, but it is also suitable for applications, but it is also suitable for multicast multicast (one-to-(one-to-many), and many), and publish-subscribepublish-subscribe models (i.e., it support models (i.e., it support asynchronous calls)asynchronous calls)

SOAP is not a transport protocolSOAP is not a transport protocol. You must attach your . You must attach your message to a transport mechanism like HTTP, SMTP, homing message to a transport mechanism like HTTP, SMTP, homing pigeons... (see RFC2459: IP over Avian Carriers with Quality pigeons... (see RFC2459: IP over Avian Carriers with Quality of Service)of Service)

47


Structure of SOAP messagesStructure of SOAP messages A SOAP message is an XML document containing A SOAP message is an XML document containing

several parts:several parts: Envelope:Envelope: defines the start and the end of the message defines the start and the end of the message Header:Header: contains optional attributes (meta data) for the contains optional attributes (meta data) for the

message, used in processing the message, either at an message, used in processing the message, either at an intermediary point or at the ultimate end pointintermediary point or at the ultimate end point

Body:Body: contains the actual data being sent, serialized as contains the actual data being sent, serialized as an XML documentan XML document

Attachments:Attachments: one or more XML documents attached to one or more XML documents attached to the main messagethe main message

RPC interaction:RPC interaction: defines how to model RPC-style defines how to model RPC-style interactions with SOAPinteractions with SOAP

Encoding:Encoding: defines how to represent simple and complex defines how to represent simple and complex data being transmitted in the messagedata being transmitted in the message

48


Contracts and policies in a SOAP Contracts and policies in a SOAP messagemessage

<soap:Envelope> <soap:Header> … </soap:Header> <soap:Body> … </soap:Body></soap:Envelope>

<soap:Envelope> <soap:Header> … </soap:Header> <soap:Body> … </soap:Body></soap:Envelope>

SchemaSchema

WSDLWSDL

PolicyPolicy

Service ContractService Contract

Message ContractMessage Contract

WS-PolicyWS-PolicyAssertionsWS-PolicyAttachment

WS-PolicyWS-PolicyAssertionsWS-PolicyAttachment

W3C XML SchemaWSDL 1.1 / 1.2W3C XML SchemaWSDL 1.1 / 1.2

SOAP message

49


A (very) short introduction to UDDIA (very) short introduction to UDDI

UUniversal niversal DDistribution, istribution, DDiscovery, and iscovery, and IInteroperabilitynteroperability

Defines XML data models and SOAP APIs for Defines XML data models and SOAP APIs for registering and discovering services to/from a registering and discovering services to/from a service brokerservice broker

Service brokers are (public or private) Service brokers are (public or private) central central repositoriesrepositories replicated in a way similar to DNS replicated in a way similar to DNS (see, for example, http://www.uddi.org) (see, for example, http://www.uddi.org)

UDDI uses SOAP for registering and discovering UDDI uses SOAP for registering and discovering informationinformation

Doesn't seem to be very much in use until now, Doesn't seem to be very much in use until now, except for "toy" servicesexcept for "toy" services

50


UDDI principleUDDI principle

Service ProviderService Consumer

Service broker(central repository

of contracts)

Client Service

BindSOAP, XML

RegisterUDDI publish

XXX

FindUDDI find

XXXServiceContract

WSDL

Provides location

transparency

51


ConclusionsConclusions If you think about it, there isn't really much new in If you think about it, there isn't really much new in

all what we just saw. All aspects, principles, and all what we just saw. All aspects, principles, and techniques were already present, in one form or techniques were already present, in one form or another, in DCOM and CORBAanother, in DCOM and CORBA

We have reinvented the wheel once moreWe have reinvented the wheel once more

So, what do we gain fundamentally by using So, what do we gain fundamentally by using services?services?

What makes them more flexible and powerful What makes them more flexible and powerful than traditional ORPCs?than traditional ORPCs?

What was deeply buried and hidden in theWhat was deeply buried and hidden in theORPCs runtimes is now explicitly expressed ORPCs runtimes is now explicitly expressed

inin

XMLXMLand can easily be manipulated, transformed,and can easily be manipulated, transformed,

mapped, translated, whatever ... at every placemapped, translated, whatever ... at every placethe information traverses using standard XML the information traverses using standard XML

technologiestechnologiesWell, that's a

fiveseconds

summary,

of course

52

ResourcesResources Lots of articles / presentations available from meLots of articles / presentations available from me

Microsoft’s “Connected Systems” DVDMicrosoft’s “Connected Systems” DVD

http://msdn.microsoft.com/webservices/http://msdn.microsoft.com/webservices/

If you want to read only one book:If you want to read only one book:

"Web Services: a Technical Introduction""Web Services: a Technical Introduction"Deitel Developer SeriesDeitel Developer Series

platform neutral; platform neutral; contains both .NET and Java examples;contains both .NET and Java examples;covers pretty much all the shebangcovers pretty much all the shebang

53

Questions?Questions?Questions?Questions?

??

Webservices

Documents

Transcript of Webservices