Web Services and

Service Oriented Architectures

Thomas Soddemann, RZG

Delaman Workshop 2004

Web Services and Service Oriented Architecture

Overview

The Garching Supercomputing Center - RZG

Diving into the world of Web Services
Service Oriented Architectures
And beyond

Thomas Soddemann

Delaman Workshop 2004

Web Services and Service Oriented Architecture

RZG Rechen-Zentrum Garching

Supercomputing Center for the

Max Planck Society (MPG)
Services and involvements:
Supercomputing facility with a 5 TFlop
IBM Regatta system
Linux compute farms
Data Storage
DEISA
MiGenAS
D-Grid German Grid initiative
Data Acquisition for ASDEX Upgrade and
Wendelstein 7X (Plasma Physics)

Thomas Soddemann

Delaman Workshop 2004

Web Services and Service Oriented Architecture

Machine Room

Thomas Soddemann

Delaman Workshop 2004

Web Services and Service Oriented Architecture

DEISA Distributed European Infrastructure for

Supercomputing Applications

Consortium of leading national

supercomputing centers
focuses in deploying an Grid
empowered infrastructure
to build a distributed terascale
supercomputing facility

Thomas Soddemann

Delaman Workshop 2004

Web Services and Service Oriented Architecture

Web Services and more

Thomas Soddemann

Delaman Workshop 2004

Web Services and Service Oriented Architecture

Client Server Architectures

2-Server Side Tier Applications

e.g. Web Server

PHP app.

e.g. Web Browser

Rich Client

Internet
Thomas Soddemann

Legacy

Client

Server

integrated Controller/View/Business logic,

legacy applications and databases

e.g. Databases
Batch systems

Intranet
Delaman Workshop 2004

Web Services and Service Oriented Architecture

Client Server Architectures

e.g. Web Browser

Rich Client

Internet

Thomas Soddemann

e.g. Web Server

and Web App.

Legacy

Enterprise

Frontend

3-Server Side Tier Applications

Client

Enterprise
application

Intranet

Delaman Workshop 2004

Web Services and Service Oriented Architecture

Client Server Architectures

Internet

Thomas Soddemann

Legacy

Proxy
Service Client

Enterprise

Frontend

3-Server Side Tier Applications with explicit services

Client

Enterprise
application

Intranet

Delaman Workshop 2004

Web Services and Service Oriented Architecture

Service
A service ...

... can be discovered & dynamically bound.

... is self-contained & modular.

... exhibits a coarse grained service interface.

... is based on a loose coupling between provider & consumer.

... is interoperable.

... is addressable and locatable via a network.

... can be composed out of other services.

Thomas Soddemann

Delaman Workshop 2004

10

Web Services and Service Oriented Architecture

Web Service Definition

W3C, Web Services Architecture, http://www.w3.org/TR/ws-arch
A Web Service is a software system designed to support interoperable machineto-machine interaction over a network. It has an interface described in a
machine-processable format (specifically WSDL). Other systems interact with the
Web service in a manner prescribed by its description using SOAP messages,
typically conveyed using HTTP with an XML serialization in conjunction with other
Web-related standards.

Thomas Soddemann

Delaman Workshop 2004

11

Web Services and Service Oriented Architecture

Message Oriented Model View

agent

originates

processes

message
header(s)

delivers

Message transport

body

Thomas Soddemann

Delaman Workshop 2004

12

Web Services and Service Oriented Architecture

Service Oriented View

agent
owns/controls
realizes
Service
describes
signals
meta-data
message

Thomas Soddemann

Delaman Workshop 2004

13

Web Services and Service Oriented Architecture

Resource Oriented View

URI

has

owns

resource
may have

representation

Thomas Soddemann

Delaman Workshop 2004

14

Web Services and Service Oriented Architecture

Policy Model View

agent
establishes
subject to
policy
applies to
resource

Thomas Soddemann

constraints

action

Delaman Workshop 2004

15

Web Services and Service Oriented Architecture

Web Services Examples

Web service
http://live.capescience.com/ccx/GlobalWeather

Provides airport and flight weather information

Amazon Web Services (AWS & ECS)

http://www.amazon.com/webservices

Provide e-commerce services such as lookup of books

Google Web API

http://www.google.com/apis/

Guess ...

Thomas Soddemann

Delaman Workshop 2004

16

Web Services and Service Oriented Architecture

Services: Roles and Interaction

Implementations:

Service Broker
(Registry)

find

publish

Service Consumer

Thomas Soddemann

UDDI
JNDI
CORBA naming

bind

Delaman Workshop 2004

Service Provider

17

Web Services and Service Oriented Architecture

Services: (Dynamic) Proxy

find
e.g.

WSDL

Service Broker
(Registry)

Service Consumer
Implementation
Code

Thomas Soddemann

Proxy

bind

Delaman Workshop 2004

Service Provider

18

Web Services and Service Oriented Architecture

Objects

Reference
identifier to reference an object during its lifetime

State
state of the object represented by its attributes

Interface
collection of methods which are necessary to interact
with the object

Thomas Soddemann

Delaman Workshop 2004

19

Web Services and Service Oriented Architecture

Is a Service an Object in general?

A service ...

... can be referenced during its lifetime

RQ

... does not necessarily have a state

... does have an interface

[ A service is not an Object in general.

Thomas Soddemann

Delaman Workshop 2004

20

Web Services and Service Oriented Architecture

Service Oriented Architectures (SOA)

An architecture of software which is composed of services.

Service Oriented Architecture

Web Services

CORBA

Jini

EJB

No Objects

Objects

Objects

Objects

Simple WS: No session, no state [ e.g. Shopping Cart realization?

Desirable: Object like Web services

Thomas Soddemann

Delaman Workshop 2004

21

Web Services and Service Oriented Architecture

Example: Shopping Cart in J2EE

R
Request

Servlet containter

EJB containter

Controller

EJB

Response
View

Thomas Soddemann

Delaman Workshop 2004

Database

22

Web Services and Service Oriented Architecture

Problem: Shopping Cart in a Web Service world

R
Request

Servlet containter

EJB containter

Response
Database

Problem: No State, no session

[ no shopping cart service
Note: HTTP(S) session is not enough
Thomas Soddemann

Delaman Workshop 2004

23

Web Services and Service Oriented Architecture

Services Architectures
Web service
Is not an object in general
Rather XML documents are exchanged
Are the interface to a part of the Business Logic

Enterprise Java Beans

Are Objects by definition
Encapsulate the Business Logic of J2EE applications

CORBA Common Object Resource Broker Architecture

CORBA Objects are Objects by definition
Encapsulate the Business Logic of Enterprise Applications

Further: Jini, ...

Thomas Soddemann

Delaman Workshop 2004

24

Web Services and Service Oriented Architecture

From a simple Web Services to an (quasi) Object

The Web Services Resource Framework WS-RF
A Web Service Resource (WS-Resource)

... can be destroyed (explicit destroy or expiration) and its lifetime may be monitored
WS-ResourceLifetime
... contains a state through attributes/properties
WS-ResourceProperties
... references can be renewed
WS-Addressing
WS-RenewableReferences
... employs a (more) standardized fault reporting mechanism
WS-BaseFault

Further: By-reference collections of Web Services can be defined.

WS-ServiceGroup

Thomas Soddemann

Delaman Workshop 2004

25

Web Services and Service Oriented Architecture

Web Services Architecture Stack

XML, XSD

Security

Processes
Discovery, Aggregation, Choreography, ...
Descriptions (WSDL)
Messages
SOAP Extensions
SOAP

Communication Layer (HTTP, SMTP, ...)

Thomas Soddemann

Delaman Workshop 2004

26

Web Services and Service Oriented Architecture

Data Services
Data querying and access to mutitple data sources
Component Services
Atomic services potentially acting on single ERs
Enterprise Resources
DB

Code

Legacy

Delaman Workshop 2004

Partners

Policies
Security

Complex Services composed of component services

Interceptrors

SMTP

Thomas Soddemann

HTTP

Transport

Portals

Consumers

Rich Clients

Code

Message Broker

Business Services

Core Services

Partners

k
Business processes, services with external interaction

Brokers

Workflow Services

Management

Software Architecture for the Access Infrastructure

27

Web Services and Service Oriented Architecture

WS-Security

Original Requester
End to end security
SOAP with security context

Security Intermediary
SOAP with security context

Ultimate Receiver

Thomas Soddemann

Delaman Workshop 2004

28

Web Services and Service Oriented Architecture

WS-Security
Threats:

Message Alteration modififying the message content

Confidentiality accessing message parts such as credit card info

Man-in-the-middle establishing complete access to messages

Spoofing exploting trusted relationships

Denial of Service preventing a legitimate user from accessing a

service

Replay Attacks interception of messages and playing to back to

the service

Thomas Soddemann

Delaman Workshop 2004

29

Web Services and Service Oriented Architecture

WS-Security
WS-Security has to insure/provide

Authentication mechanisms (PKI)

Authorization

Data integrity and confidentiality

Integrity of transactions and communications

Non-repudiation (detection of transaction initiated/altered by a 3rd party)

End-to-end integrity and confidentiality of messages

Audit trails (trace user's behavior)

Thomas Soddemann

Delaman Workshop 2004

30

Web Services and Service Oriented Architecture

Implementation and deployment: J2EE

Network

Web Server

EJB Container

Client
Servlet
Container

Thomas Soddemann

Delaman Workshop 2004

Database

31

Web Services and Service Oriented Architecture

Distributed Service Centers

Web Server

Network

Servlet
Container

EJB Container

Database

Network

Client

Web Server

Servlet
Container

Thomas Soddemann

EJB Container

Database

Delaman Workshop 2004

32