last couple of years, Web services have expanded to become
more popular with application developers and for good reason.
Web services technology represents an important way for businesses to
communicate with each other and with clients as well.
client/server models, such as a Web
server or Web
page system, Web services do not provide the user with a
GUI. Instead, Web
services share business logic, data and processes through a
programmatic interface across a network. The applications interface with each other,
not with the users. Developers can then add the Web service to a GUI
(such as a Web page or an executable program) to offer specific
functionality to users.
distributed computing model allows
application-to-application communication. For example, one purchase-and-ordering application could communicate to an inventory application that specific items need to be reordered. Because of this level of application integration, Web services have grown in popularity and are beginning to improve business processes. In fact, some even call Web services the next evolution
of the Web.
Web Services Technology
Web services are built on several technologies that work in conjunction with emerging standards to ensure
security and manageability, and to make certain that Web services can be
combined to work independent of a vendor. The term Web service describes
a standardized way of integrating Web-based applications using the XML,
SOAP, WSDL and UDDI open standards over an Internet
Key Terms To
Understanding Web Services
The term Web services describes a standardized way of integrating
Often referred to as simply e-commerce, business that is conducted
over the Internet using any of the applications that rely on the
More Web Services
Short for Extensible Markup
Language, a specification developed by the
W3C. XML is a
pared-down version of
designed especially for
documents. It allows designers to create their own customized
enabling the definition, transmission, validation, and
interpretation of data between applications and between
Short for Simple Object Access
Protocol, a lightweight
protocol used to encode the information in Web service request
and response messages before sending them over a
SOAP messages are independent of any
operating system or protocol and may be transported using a
variety of Internet protocols, including
Short for Web Services Description
Language, an XML-formatted language used to describe a
Web service's capabilities as collections of communication endpoints
capable of exchanging messages. WSDL is an integral part of UDDI, an
XML-based worldwide business registry. WSDL is the language that
UDDI uses. WSDL was developed jointly by Microsoft and IBM.
Short for Universal Description,
Discovery and Integration. It is a Web-based distributed
directory that enables businesses to list themselves on the Internet
and discover each other, similar to a traditional phone book's
yellow and white pages.
XML is used to tag the data,
SOAP is used to transfer the data, WSDL is used for describing the
services available and UDDI is used for listing what services are
available. Used primarily as a means for businesses to communicate with
each other and with clients, Web services allow organizations to
communicate data without intimate knowledge of each other's IT systems
behind the firewall.
Security has become a hot topic for Web services. Because it is
based on program-to-program interactions as opposed to human-to-program
interaction, it is important for Web service security to address topics
such as access control, authentication, data integrity and privacy.
Today the most common security scheme is
Sockets Layer), but when it comes to Web
services there are limitations with SSL. The Web service technology has been moving towards
different XML-based security schemes for Web services. Some of the
XML-based securities include the following:
The XML Signature specification is a joint effort of W3C and IETF.
XML Signatures provide integrity, message authentication and/or
signer authentication services for data of any type, whether located
within the XML that includes the signature or elsewhere.
W3C's XML Encryption specification addresses the issue of data
confidentiality using encryption techniques. Encrypted data is
wrapped inside XML tags defined by the XML Encryption specification.
XKMS (XML Key
The XML Key Management Specification (XKMS) comprises two parts
the XML Key Information Service Specification (X-KISS) and the XML
Key Registration Service Specification (X-KRSS). The X-KISS
specification defines a protocol for a Trust service that resolves
public key information contained in XML-SIGelements. The X-KISS
protocol allows a client of such a service to delegate part or all
of the tasks required to process elements. The X-KRSS specification
defines a protocol for a web service that accepts registration of
public key information. Once registered, the public key may be used
in conjunction with other web services including X-KISS.
SAML (Secure Assertion Markup Language)
SAML is an XML-based framework for communicating user
authentication, entitlement and attribute information. As its name
suggests, SAML allows business entities to make assertions regarding
the identity, attributes, and entitlements of a subject (an entity
that is often a human user) to other entities, such as a partner
company or another enterprise application. The OASIS Security
Services Technical Committee is in charge of defining, enhancing,
and maintaining the specifications that define SAML.
Security Assertion Markup Language (SAML) from OASIS provides a
means for partner applications to share user authentication and
authorization information. This is essentially the single sign-on (SSO)
feature being offered by all major vendors in their e-commerce
products. In the absence of any standard protocol on sharing
communication to implement SSO. With the advent of SAML, this same
data can be wrapped inside XML in a standard way, so that cookies
are not needed and interoperable SSO can be achieved.
The OASIS ebXML Message Service defines the message enveloping and
header document schema used to transfer ebXML messages over a
communications protocol such as HTTP or SMTP and the behavior of
software sending and receiving ebXML messages.
You can read more about the
standards for XML-based security for Web services in our related links
Who Is Using Web
Perhaps the best example of the growth of Web services is eBay. The
online auction king has been aggressively developing its Web services
platform by extending application programming interfaces that
essentially turn its Web site into a platform.
The auction site's
gives soup-to-nuts information about deploying its eBay API. "With the
eBay API, you communicate directly with the eBay database in XML format.
By using the API, your application can provide a custom interface,
functionality and specialized operations not otherwise afforded by the
eBay interface." Since 1999, eBay has offered APIs and now offers more
than 100 Web services calls available to developers to build
applications that can connect to those services. They include pricing
information, buy-it-now features, and payment options through its PayPal
subsidiary. The growth and use of APIs across the Web illustrate
how rapidly Web services are spreading, even as technical issues such as
security and authentication are worked out by standards bodies.
Online retailing giant
Amazon.com is another example. Companies such as Microsoft and Sun
Microsystems have been helping developers build and deploy Web Services
and clients for close to four years now. Sun's J2EE platform, for
example, is where developers build on the building blocks in order to
access Amazon.com's selling platform.
For more examples of Web
services being used today, be sure to read the InternetNews Developer's
Services Now and When".
Emerging Trends in Web
Services Mash-ups and Web 2.0
New in 2005 is a breed of Web-based applications called
Mash-ups mix at least two different services from disparate, and even
competing, Web sites. A mash-up, for example, could overlay traffic data
from one source on the
over maps from Yahoo, Microsoft, Google or any content provider. This
capability to mix and match data and applications from multiple sources
into one dynamic entity is considered by many to represent the promise
of the Web service standard.
WikiMap is just one of many
examples of a mash-up. This "Find Cheap Gas" Web sites uses a Google
Maps powered interface, to offer information tailored to suit specific
needs of a consumer. WikiMap is just one of many examples of a mash-up.
This "Find Cheap Gas" Web sites uses a Google Maps powered interface to
offer information tailored to suit specific needs of a consumer. With so
many businesses and software companies building services on top of
platforms, many expect to see the World Wide Web of today (called Web
1.0) transform into a full-fledged computing platform serving Web
applications. The term being used to refer to the World Wide Web as a
platform is Web 2.0, where the term refers to the "next version"
of the World Wide Web. The difference between Web 1.0 and Web 2.0 can
really be defined by Web application services.
Did You Know...
Where Web 1.0 offers Doubleclick and personal Web sites, Web 2.0
provides us with Google AdSense and blogs.
Vangie 'Aurora' Beal
Last updated: October 07, 2005
Article - Web Services Now and When
One of the most significant changes in the software industry has been the
arrival of Web services, a truly distributed computing model in which
applications "talk" to one another.
Services Without Warranties
Embedding web services from the likes of Amazon and eBay into enterprise
applications is a leap of faith. But despite a lack of service guarantees and a
raft of inconsistencies between different providers, growing numbers of
enterprise developers are taking the plunge.
the Web Services Identity Crisis
What is the real issue in web services security? When techies talk about it,
they're typically talking about intruders intercepting trusted XML messages and
substituting malicious code. Business people, who take this kind of wire-level
security for granted, are more concerned about tracking the identities and
activities of users who log on legitimately.
Key to E-commerce Security
The e-commerce business is all about making money and then finding ways to make
more money. Of course, it's hard to make (more) money, when consumers don't feel
safe executing a transaction on your Web site. That's where SSL (Secure Socket
Layer) comes into play. Understanding how SSL affects e-commerce business can
also potentially help you to unlock (more) money from your customers.
Sun Developer network -
Learn more about service-oriented architecture (SOA) and web services. Sun
Developer Network has put together a wide variety of content about SOA and web
services, including articles, tips, white papers, code samples, and more to help
you easily find what you need.
XML-Signature Syntax and Processing
This document specifies XML digital signature processing rules and syntax. XML
Signatures provide integrity, message authentication, and/or signer
authentication services for data of any type, whether located within the XML
that includes the signature or elsewhere.
Encryption Syntax and Processing
This document specifies a process for encrypting data and representing the
result in XML. The data may be arbitrary data, including an XML document, an
XML element, or XML element content. The result of encrypting data is an XML
Encryption element which contains or references the cipher data.
Management Specification (XKMS)
This document specifies protocols for distributing and registering public keys,
suitable for use in conjunction with the proposed standard for XML Signature
[XML-SIG] developed by the World Wide Web Consortium (W3C) and the Internet
Engineering Task Force (IETF) and an anticipated companion standard for XML
OASIS Security Services (SAML) TC
Defining and maintaining a standard, XML-based framework for creating and
exchanging security information between online partners.
Message Service Specification - Version 2.0 (PDF)
This document specifies an ebXML Message Specification for the eBusiness
Webservices Mashup Resources
O'Reilly Etech has a listing of some APIs (official and otherwise) with
What Is Web 2.0
The concept of "Web 2.0" began with a conference brainstorming session between
O'Reilly and MediaLive International. Dale Dougherty, web pioneer and O'Reilly
VP, noted that far from having "crashed", the web was more important than ever,
with exciting new applications and sites popping up with surprising regularity.
What's more, the companies that had survived the collapse seemed to have some
things in common. Could it be that the dot-com collapse marked some kind of
turning point for the web, such that a call to action such as "Web 2.0" might