Web Services Business Definition v 1.2 - DRAFT
Technical Architecture Advisory Group
Web Services Subcommittee
October 14, 2002
Overview
This document is a response to the Technical Architecture Advisory Group’s (TAAG)
request to explore Web services to identify any policies, standards or potential
infrastructure that would benefit or impact the state.
The purpose of this draft document is to provide a description for Web services,
describe a typical architecture, and identify their business value.
Definition
Web services are commonly defined as XML-based interfaces aimed at eliminating
communication barriers between devices and systems and to promote interoperability
between various application platforms and data sets.
According to Gartner, Web services are software components that employ one or more
of the following technologies — SOAP, WSDL and UDDI — to perform distributed
computing. Use of any of these three basic technologies constitutes a Web service. Use
of all of them is not required.
The Business Value
The business value for emerging Web services technology is in its ability to provide a
modular, packaged collection of functions or applications that can be published, shared
or invoked across an enterprise and to expose business logic beyond firewalls. As such,
Web services will create efficiencies for government to government (G2G), government
to business (G2B), and government to citizen (G2C) based transactions.
The following benefits and examples demonstrate potential use cases for Web services
within the state’s enterprise:



Share Code The Justice Information Network (JIN) community is working on
building XML based data exchanges at the state level that will be available to
local jurisdictions for reuse.
Dynamically Exchange Data The Department of Licensing is considering a
system to system function that will allow car rental companies to automatically
check on a driver’s status.
Publish The Department of Transportation is analyzing the ability to create a
UDDI server to act as an index or catalog of agency-centric Web services that
includes a catalog of data elements.
A Definition of Web Services
DRAFT
Components and Emerging Standards
Web services are based on four open, nonproprietary standards-based components
that communicate over Internet-standard technologies, mainly XML over HTTP. They
include emerging software components such as UDDI, WSDL, and SOAP.
Acronym Name
XML
Extensible Markup Language
UDDI
Universal Description,
Discovery, and Integration
WSDL
Web Service Description
Language
SOAP
Simple Object Access Protocol
Description
A universal format for structured
Web-based data and documents.
Enables interoperability and data
sharing.
Web-based registries that expose
information and technical interfaces
(APIs). Allows others to discover
what is available.
The XML-based language used to
describe the services exposed via
the UDDI registries.
SOAP defines the XML information
within the function or application.
Enables communications between
applications running on dissimilar
operating systems.
Although Web services are more commonly known as the suite of components they can
also categorized as platforms.
The Four Platforms
According to the Gartner Group, there are four platform categories within Web services:
Provider, Consumer, Production, and Management. They are intended to provide a
framework to support the specific needs of Web services. The categories are neither
hierarchical nor mutually exclusive and may overlap with dependencies on related
functions.
1. Provider – hosts a Web service; the place where it runs
Examples include:
 application server
 integration server
 mainframe computer hosting a wrapped service
2
A Definition of Web Services
DRAFT
2. Consumer – the software that connects a service to an end-user or directly to an
application client.
An end-user example might be where information is delivered or input is retrieved
to/from an end-user. An example might be text-based information or highway map to an
end-user via a PDA or cell phone. This service
doesn’t depend on a complete Web services
architecture. May include a portal product,
portal server, Web browser, or PDA.
An application client can be used to automate
a service such as a portal to client or system to
system program without the need for a user
interface.
3. Production – automates production of Web
services, reduces need for developer to write
code
Includes an engine that maps the XML, UML,
rules, scripting languages, etc to the underlying
components such as .NET or Enterprise
JavaBean components.
Accelerates the abilities of lesser-skilled
developers. Enables more-skilled developers
to modify the underlying code.
4. Management – set of software services that
help coordinate the activities of services
Two industry leaders are Sun Microsystems’s
Java 2 Enterprise Edition (J2EE) and
Microsoft’s .NET. In order for a service to
manage the activities of another it must share
the same provider platform. For example a
J2EE-based Web service can’t manage a
.NET-based service.
Source: Gartner Group
Security Risks
Web services are designed to allow data to be shared by remote systems. As such,
security is important to protect back-end systems, applications, data, and to insure
privacy and confidentiality of information. When exposing part of a business application
3
A Definition of Web Services
DRAFT
as a Web Service, it is necessary to ensure that the business data is not compromised.
A comprehensive Web Service security architecture must provide end-to-end security.
Wide-scale deployment of Web services has been slow due to security concerns.
Because Web services use standard HTTP communications via port 80, some believe it
may be difficult to protect against unwanted attacks or intrusions.1
According to Microsoft, SOAP messages can be sent over a Secure Socket Layer (SSL)
when the need is greater to protect sensitive data. If the overhead is too great,
individual elements within the SOAP body can be encrypted using the latest emerging
technologies such as SAML.
A number of industry leaders are working on new security specifications. The
Organization for the Advancement of Structured Information Standards (OASIS) is a
consortium that produces standards for Web services, security, and XML based
exchanges. OASIS is working on the Security Assertion and Markup Language (SAML)
that is intended to address security and privacy concerns for Web services.
Observations

Web services are in the early phases of the technology adoption cycle. According
to Gartner, most deployments of Web services have been for internal use.

Communication between agencies, entities, and communities of interest will play
an important role in establishing web services.

.NET and J2EE are both major platforms for Web services development.
Depending on business needs, existing infrastructure, and programming
resource skills, both platforms may co-exist within an enterprise architecture.

Security issues, risks, and emerging industry standards should be closely
monitored.

Further research is needed to identify high-value opportunities and strategies for
the implementation of Web services enterprise-wide or within communities of
interest.

State guidelines are needed as Web services technology matures.
1
Rash, Wayne, (2002). Web services are insecure. ZDNet. [Online]. Available:
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2854496,00.html
4
A Definition of Web Services
DRAFT
Glossary
XML
The Extensible Markup Language (XML) is designed to share both format and data via
the Web. XML 1.0 is a formal recommendation by the W3C. Information on the XML
family of technologies is available at: http://www.w3.org/XML
HTTP
The Hypertext Transfer Protocol (HTTP) is an application protocol that is the set of rules
for exchanging files (text, graphic images, sound, video, and other multimedia files) on
the Web.
UDDI
Universal Description, Discovery, and Integration (UDDI) is an XML-based registry for
business worldwide to list themselves on the Internet. UDDI is often compared to a
telephone book that allows businesses to list themselves by name, product, location, or
the Web Services they offer. Another potential usage could be to host an internal UDDI
server to act as an index or catalog of agency-centric Web services that includes a
catalog for data elements, and Web-based program elements. Information about UDDI
is available at: http://www.uddi.org
WSDL
Web Service Description Language (WSDL) is an XML format for describing network
services as a set of endpoints operating on messages containing either documentoriented or procedure-oriented information. WSDL complements UDDI by providing and
XML vocabulary for Web services. WSDL 1.1 was submitted to the World Wide Web
Consortium (W3C) by Microsoft and IBM and is not yet a W3C Recommendation. In
addition, the W3C has published a Web Service Description Usage Scenarios working
draft available at: http://www.w3.org/TR/2002/WD-ws-desc-usecases-20020604/
SOAP
Simple Object Access Protocol (SOAP) is a lightweight protocol for exchange of
information in a decentralized, distributed environment. It is an XML-based protocol that
consists of three parts: an envelope that defines a framework for describing what is in a
message and how to process it, a set of encoding rules for expressing instances of
application–defined data types, and a convention for representing remote procedure
calls and responses. SOAP 1.2 was submitted to the W3C by vendors such as
Microsoft, IBM, and Lotus. It is not yet a W3C Recommendation. The SOAP 1.2 working
draft is available at: http://www.w3.org/TR/2001/WD-soap12-part1-20011217/
5
A Definition of Web Services
DRAFT
Emerging Security Specifications
XKMS
The XML Key Management Specification (XKMS) is an emerging protocol for
distributing and registering public keys. XKMS comprises two parts -- the XML Key
Information Service Specification (X-KISS) and the XML Key Registration Service
Specification (X-KRSS). XKMS is not yet a W3C recommendation. The working note is
a available at: http://www.w3.org/TR/xkms/#_Toc505753123
SAML
The Security Assertion Markup Language (SAML) is an emerging XML-based security
standard for exchanging authentication and authorization information. SAML
specifications are set by the Organization for the Advancement of Structured
Information Standards (OASIS) organization. More information is available at:
http://www.oasis-open.org/committees/security/#documents
XML Signature
XML Signature defines the schema that enables data associated with digital signatures
to be modeled in XML. XML Signature is managed by the W3C and the Internet
Engineering Task Force (IETF). More information is available at:
http://www.w3.org/Signature/
Additional Resources
Site
uddi.org
webservices.org
Description
Specifications and information on UDDI .
Information on Web services architecture, platforms,
applications, security, and more.
www.w3.org
Web services framework, XML, SOAP, and WSDL
www.xmltrustcenter.org Aggregates security related information for XML and
public key infrastructure technologies,
www.oasis-open.org/
Organization for the Advancement of Structured
Information Standards (OASIS). Security and other ebusiness specifications for Web services.
Contact Information
Rick Cook
Deputy Director ISSD
Department of Social and Health Services
(360) 902-7714
Cookre@dshs.wa.gov
Paul Piper
Sr. Policy Advisor
Department of Information Services
(360) 902-3471
paulp@dis.wa.gov
6