Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

SOAPMismoWS

advertisement 
SOAP based WS* Standards
and MISMO
Agenda



Review standards & technologies
relating to SOAP, XML, Web Services,
and the WS* standards
Roadmap for moving MISMO towards a
SOAP based solution
Industry’s challenges, advantages,
disadvantages of moving to a SOAP
based communications framework
What is SOAP?





A standardized message structure based on
the XML Infoset
A processing model that describes how a
service should process the messages
A mechanism to bind SOAP messages to
different network transport protocols
A way to attach non-XML encoded
information to SOAP messages
Current version 1.2
What is SOAP?

3 aspects of SOAP Message



Envelope
Header
Body
SOAP is




XML Based
Protocol Independent
Standards based
Extendable


Robust





Supports an extension model
similar to MISMO today.
High adoption rate
Cross industry buy in
Seasoned Standard since
(2000)
Strong 3rd party support
Independent of Web Services

Web services have an
implementation as SOAP based
extensions.
SOAP is not

Protocol Dependant


SOAP over MQ
HTTP
What are Web Services?

W3C Definition

A software system designed to support
interoperable machine-to-machine
interaction over a network. It has an
interface described in a machineprocessable format (specifically WSDL).
Other systems interact with the Web
service in a manner prescribed by its
description using SOAP messages, typically
conveyed using HTTP with XML
serialization in conjunction with other Webrelated standards.
What are the WS*
Specifications/Standards?



A set of requirements that codify typical
problem areas trading partners face
when communicating over the internet.
XML based specifications and standards
SOAP based extensions
WS* SOAP Based
Standards/Extensions Stack
Extensions
Emerging Core
Core Standards
WS-BPEL
WS-MetaDataExchange
WS-Transaction
WS-Coordination
WS-Events
WS-Policy
WS-Security
WS-Reliable
Messaging
WS-Addressing
UDDI
WSDL
SOAP HTTP SSL
Discovery
Description
Delivery
Can MISMO use SOAP without
Web Services?

Yes


A complete Web Service-based solution is out of scope



SOAP is an independent specification
Discovery
Description
SOAP and Web Services are two independent adoptions




There are SOAP extensions that have nothing to do with Web
Services
SOAP allows MISMO to create their own extensions if we desire
Some WS Standards do not deal with the concepts of Web Services
Other WS Standards require the core concepts of Web Services and
are designed to support these services
Current MISMO challenges that
SOAP can help solve.

Security



Routing


Flexibility to identify multiple intermediaries via pass through
headers
Messaging




XML encryption
Authentication (Digital signatures)
Unique message identification
Large attachments/Messages
Preferred Response(s)
Compression
Mapping MISMO to SOAP and
WS*


Can be implemented in several different
ways, all that are within the SOAP spec
are “right”.
Standards/Specifications allow us to
leverage multi-industry experts
experience and knowledge.
What else can SOAP provide
MISMO?



Allow MISMO to concentrate on the business
of real estate transactions properties,
borrowers, products .
Increased adoption/speed of integration by
using open standards, tools, and 3rd party
products.
Flexibility to allow MISMO workgroups to
continue to push forward on pressing issues
Roadmap to SOAP, WS*




Evolution not revolution
Decide what can be placed in SOAP headers
and what can stay in body
Decide whether to use current standards or
leverage SOAP extensibility (e.g. with an
oversight body & approval)
Complete proof of concept

Begin with basic SOAP headers



WS-Addressing
WS-Security
WS-Reliable Messaging
Which WS* Standards make
sense for MISMO?

Phase 1: Direct mappings to MISMO Envelope today




Phase 2: Possible in the near future






WS-Addressing
WS-Security MISMO Security Workgroup
WS-Reliable Messaging
WS-Coordination- Multi-Services Workgroup
WS-Eventing
WS-Transaction
WS-Coordination- Multi-Services Workgroup
WS-BEPL- BREW
Phase 3: Potential Long Term Options


WS-Metadata Exchange
WS-Policy
Conceptual Sample SOAP based
Envelope MISMO structure
SOAP Envelope
SOAP Header
WS-Security
WS-Addressing
Security Header Block
Addressing Header Block
XML
SOAP Body
MISMO
XML Payload
Sample WS-Addressing SOAP
Header with MISMO Payload
Headers
Body
Current WS* Overview
Extensions
Emerging Core
Core Standards
WS-BPEL
WS-MetaDataExchange
WS-Transaction
WS-Coordination
WS-Events
WS-Policy
WS-Security
WS-Reliable
Messaging
WS-Addressing
UDDI
WSDL
SOAP HTTP SSL
Discovery
Description
Delivery
For initial MISMO enveloping strategy concentrate on
SOAP and message related standards first then
evaluate other soap based standards as the need arises
How can SOAP and MISMO be
Used Together


Headers are used for protocol/messaging
specific items. (Headers are optional)
MISMO may be passed in the body of the
SOAP message with little or no change to
structure
MISMO XML
Body goes here
What functionality do the MISMO
headers provide today?

Trading Partner information via MISMO
XML

Submitting Party



Preferred Response
Requesting Party
Receiving Party
SOAP Node (Party), Roles, and
Targeted Headers


SOAP embraces the concepts of multiple
Nodes communicating together.
SOAP defines 3 roles which can be put in the
header(s) to target the SOAP headers to
specific Nodes along the service chain.


(Insert roles here)
SOAP can be extended to support more roles
as the need arises.
Client Server Integration
Client Boundary
Provider Boundary
Service
Requestor
Service Provider
Xml
MISMO
Scenario 1
SOAP Client, SOAP Intermediary,
and SOAP Ultimate Receiver
Client Boundary
Service
Requestor
(SOAP Node)
SOAP Intermediary
Service Provider
Service Provider
(SOAP Node)
SOAP Sender
(SOAP Node)
Xml
SOAP/MISMO
Message contains information
for the original request and
information intended to be
passed through the intermediary
and destine for the end SOAP
node.
Scenario 2
Xml
SOAP/MISMO
Certain XML headers in the
SOAP header are passed
through the intermediary to
the SOAP server based on
their defined role.
SOAP Client, Intermediary, Server
MISMO Use Case
Client Boundary
Service
Requestor
LOS
Xml
SOAP/MISMO
SOAP Intermediary
Service Provider
Service Provider
SOAP Sender
Portal
Xml
SOAP/MISMO
Product
Company
Securing SOAP
•SOAP is the Foundation
•WS-Security is the Baseline
MISMO Security Requirements

Requirements





Multiple security tokens for authentication
or authorization
Multiple encryption technologies
Payload integrity
Multiple trust domains
End-to-end message-level security
Security Issues w/ existing
MISMO Envelope specification





Clear text password is a security risk
Clear text passwords transmitted
through intermediaries exposes all
parties to unauthorized access
No embedded confidentiality of payload
No embedded integrity of payload
Authentication multiple end point
support
WS-Security (SOAP Message)

Design Goals

“… flexible set of mechanisms that can be
used to construct a range of security
protocols; in other words this specification
intentionally does not describe explicit fixed
security protocols.”
WS-Security Support

Authentication




Message Signing / Integrity


Username/Password (Clear/HASH Security token)
PKI through X.509 Certificates (Security token)
Kerberos (Security token)
All, part or external message (XML Signature)
Message Encryption

All, part or external message (XML Encryption)
WS-Sec – Authentication
Compatible
support for
UserId/Passwd
exchange
Username to be
authenticated
Password to
be used
Problem: Password is still in
clear text and therefore
problematic for the intermediary
situation.
WS-Sec – Authentication/Hash
Password now sent
as a SHA1 digest
instead of clear text
Advantages:
1. No clear text
2. Anti-reply attack
3. Intermediate
confidentiality
WS-Security Auth Summary



When done correctly, a digest will
prevent replay attacks
Digest provides confidentiality
WS-Security also supports field level
encryption of the username and
password, but only secure when done
correctly. (Encryption vulnerable to
replay/offline dictionary attack.)
WS-Addressing

Design Goals

…provide a transport-neutral mechanisms
to address Web services and messages.
Provide a specification that enables
messaging systems to support message
transmission through networks that include
processing nodes such as endpoint
managers, firewalls, and gateways in a
transport-neutral manner.
WS-Addressing

Requirements



Ability to provide service endpoint
reference information within SOAP headers
Ability to uniquely identify message that is
sent to endpoint
Ability to define attributes for the return
endpoint location.
Sample MISMO XML utilizing WSURL this
Addressing
message
is being
sent to
URL this
message
is being
sent from
URL the
response
should be
sent back
to
Sample WS-Addressing SOAP
Header with MISMO Payload
Maps to MISMO Preferred Response
WS-Reliable Messaging
Defined

Design Goals

Provide a SOAP based mechanism to for two
services that wish to communicate to do so
reliably in the presence of software component,
system, or network failures. The primary goal of
this specification is to create a modular
mechanism for reliable message delivery. It
defines a messaging protocol to identify, track,
and manage the reliable delivery of messages
between exactly two parties, a source and a
destination. [spec 2004 Introduction]
WS-Reliable Messaging
Supports

Four messaging delivery assurances models


Concentrate
on these
aspects of
RM


AtMostOnce-Message will be delivered at most once or an
error will be raised
AtLeastOnce-Every message sent will be delivered or an
error will be raised on at least one endpoint. Some messages
may be delivered more than once.
ExactlyOnce-Every message sent will be delivered without
duplication or an error will be raised on at least one endpoint.
This delivery assurance is the logical "and" of the two prior
delivery assurances.
InOrder -Messages will be delivered in the order that they
were sent. This delivery assurance may be combined with any
of the above delivery assurances. It requires that the
sequence observed by the ultimate receiver be nondecreasing. It says nothing about duplications or omissions.
WS-Reliable Messaging

Requirements


Support
Works well with other SOAP based
standards that solve MISMO Issues.


WS-Security
WS-Addressing
WS-Reliable Messaging Benefits
for MISMO

Advantages

eMortgage



Guaranteed delivery
Acknowledgement of message receipt and
order of message receipt
Others
WS-Reliable Messaging
Sample
WS-Addressing
Header
WS-Reliable
Messaging
Header
Enveloping
SOAP POC
Milestone
1/25/2006
2/1/2006
Mismo Milestones
3/1/2006
4/1/2006
5/1/2006
6/1/2006
7/5/2006
Determine SOAP based envelope
Structure (Header vs Body)
7/25/2006
Review if what is in the envelope
Makes sense and if it should stay or be moved
9/5/2006
Review structure POC
With Enveloping Group
10/15/2006
Begin POC coding
With Java and .NET clients
11/14/2006
Complete SOAP based
POC
7/1/2006
8/1/2006
9/1/2006
10/1/2006
11/1/2006
12/1/2006
1/1/2007
1/25/2007
9/12/2006
Mismo Face to Face
New Challenges SOAP brings



“The XML looks harder to understand”
Expectations- It does not solve all
problems! (Provides framework to
address the issues)
Competing / changing specifications
and standards from various industry
groups.
Related documents
SOAP and WSDL
SOAP and WSDL
ppt - Beyond Benign
ppt - Beyond Benign
Business of OMT: The Osteopathic SOAP note
Business of OMT: The Osteopathic SOAP note
Using the Scientific Method Power Point
Using the Scientific Method Power Point
Flyer_1DayOrganicSoapAdults_2015
Flyer_1DayOrganicSoapAdults_2015
4.食品廢用油的使用
4.食品廢用油的使用
Why REST?
Why REST?
Download
advertisement