The objective of an ebXML Message Service Handler (MSH)

clappingknaveSoftware and s/w Development

Dec 14, 2013 (7 years and 7 months ago)

250 views

An Architecture for an

ebXML Message Service Handler

Peter Stamps, Software AG, Darmstadt


peter.stamps@softwareag.com

2

Topics


Objective and Design Goals of an ebXML Message
Service Handler


The message layout


The architecture and functions


Benefits of using Tamino


a Native XML Server


Some security considerations



3

Objective
of ebXML Message Service Handler
(MSH)


The objective of an
ebXML Message Service
Handler (MSH)

is to provide:


1.
application interoperability and


2. integration services


3. based on XML standards


4. irrespective of the middleware solutions that are
already in place

4

Design goals for Message Service Handler


Based on standards: XML, XSLT, HTTP, SMTP, SOAP


Flexible and adaptable processing


Open framework for customer specific processing


Use native XML as much as possible


Allow integration of existing middleware

(MQ, Seebeyond, EntireX,…)


Support legacy integration


Provide encryption and signature support

(XML signature, XML encryption)


Provide easy security integration


Support access to repositories (UDDI, ebXML repos)


5

Fundamental
connectivity
aspects


3 fundamental aspects of any connectivity solution:
addressing, business information and security



Addressing allows applications that support the business
processes to exchange messages with each other



Business information is what applications act on in support of the
business processes



Security allows exchange of information in a save way

6

Message Layout:

email, SOAP, ebXML

SOAP envelope

SOAP header

eb:MessageHeader

eb:Via

SOAP body

eb:TraceHeaderList

eb:Acknowledgement

eb:Manifest

MIME envelope

Payload

MIME part

MIME part

Payload

MIME part

SOAP envelope

SOAP header

eb:MessageHeader

eb:Via

SOAP body

eb:TraceHeaderList

eb:Acknowledgement

eb:Manifest

7


<
SOAP
-
ENV:Envelope

xmlns:SOAP
-
ENV
="
http://schemas.xmlsoap.org/soap/envelope/
"

xmlns:xlink
="
http://www.w3.org/1999/xlink
"

xmlns:xsi
="
http://www.w3.org/2000/10/XMLSchema
-
instance
"

xsi:schemaLocation
="
http://schemas.xmlsoap.org/soap/envelope/
http://ebxml.org/project_teams/transport/envelope.xsd
"

xmlns:eb
="
http://www.ebxml.org/namespaces/messageHeader
"

xmlns:ino
="
http://namespaces.softwareag.com/tamino/response2
"

xmlns:xql
="
http://metalab.unc.edu/xql/
"

xmlns:ds
="
http://www.w3.org/2000/09/xmldsig#
">
-



<
SOAP
-
ENV:Header
>
-




<
eb:MessageHeader id
="
SAG
-
338661
"

eb:version
="
1.0
"

SOAP
-
ENV:mustUnderstand
="
1
">
-





<
eb:From
>

<
eb:PartyId eb:type
="
SAG_PartyID
">
ElectraCorp.Sales.Netherlands
</
eb:PartyId
>




</
eb:From
>
-





<
eb:To
>



<
eb:PartyId eb:type
="
SAG_PartyID
">
ElectraCorp.Sales.Netherlands
</
eb:PartyId
>




</
eb:To
>






<
eb:CPAId
>
http://www.ElectraCorp.SAG/cpa/inter_domain/d1_d2.xml
</
eb:CPAId
>







<
eb:Service eb:type
="
SAG_service
">
OrderProcessing
</
eb:Service
>







<
eb:Action
>
NewPurchaseOrder
</
eb:Action
>

-





<
eb:MessageData
>







<
eb:MessageId
>
mid:UUID
-
2
</
eb:MessageId
>








<
eb:Timestamp
>
2000
-
07
-
25T12:19:05Z
</
eb:Timestamp
>








<
eb:RefToMessageId
>
mid:UUID
-
1
</
eb:RefToMessageId
>







</
eb:MessageData
>




<<
eb:QualityOfServiceInfo

eb:deliverySemantics
="
OnceAndOnlyOnce
"

eb:messageOrderSemantics
="
Guaranteed
"

eb:deliveryReceiptRequested
="
Signed
" />


</
eb:MessageHeader
>
-




<
eb:TraceHeaderList eb:id
="
XMLSAG
"

eb:version
="
1.0
"

SOAP
-
ENV:mustUnderstand
="
1
">
-





<
eb:TraceHeader
>
-






<
eb:Sender
>








<
eb:PartyId
>
urn:SAGscheme.com:id:Sales
-
id
</
eb:PartyId
>









<
eb:Location
>
http://www.ElectraCorp.SAG/Sales/MessageServiceHub1
</
eb:Location
>








</
eb:Sender
>
-






<
eb:Receiver
>








<
eb:PartyId
>
urn:SAGscheme.com:id:Production
-
id
</
eb:PartyId
>









<
eb:Location
>
http://www.ElectraCorp.SAG/Production/MessageServiceHub4
</
eb:Location
>








</
eb:Receiver
>






<
eb:Timestamp
>
2000
-
12
-
16T21:19:35Z
</
eb:Timestamp
>







</
eb:TraceHeader
>





</
eb:TraceHeaderList
>


<
eb:Via

SOAP
-
ENV:mustUnderstand
="
1
"

eb:version
="
1.0
"

SOAP
-
ENV:actor
="
http://schemas.xmlsoap.org/soap/actor/next
"

eb:syncReply
="
false
"
/>





</
SOAP
-
ENV:Header
>
-



<
SOAP
-
ENV:Body
>
-




<
eb:Manifest

xmlns:eb
="
http://www.ebxml.org/namespaces/messageHeader
"

id
="
X0011
"

SOAP
-
ENV:mustUnderstand
="
1
"

eb:version
="
1.0
">
-





<
eb:Reference id
="
X0012
"

xlink:href
="
cid:ebxmlpayload@www.ElectraCorp.SAG
"

xlink:role
="
XLinkRole
"

xlink:type
="
simple
">






<
eb:Description

xml:lang
="
en
-
us
">
New Purchase Order
</
eb:Description
>







</
eb:Reference
>





</
eb:Manifest
>




</
SOAP
-
ENV:Body
>




</
SOAP
-
ENV:Envelope
>

Example Message: SOAP, ebXML


<
eb:MessageHeader id
="
SAG
-
338661
"

eb:version
="
1.0
"

SOAP
-
ENV:mustUnderstand
="
1
">
-





<
eb:From
>

<
eb:PartyId eb:type
="
SAG_PartyID
">
ElectraCorp.Sales.Netherlands
</
eb:PartyId
>




</
eb:From
>
-





<
eb:To
>



<
eb:PartyId eb:type
="
SAG_PartyID
">
ElectraCorp.Sales.Netherlands
</
eb:PartyId
>




</
eb:To
>






<
eb:CPAId
>
http://www.ElectraCorp.SAG/cpa/inter_domain/d1_d2.xml
</
eb:CPAId
>







<
eb:Service eb:type
="
SAG_service
">
OrderProcessing
</
eb:Service
>







<
eb:Action
>
NewPurchaseOrder
</
eb:Action
>

-





<
eb:MessageData
>







<
eb:MessageId
>
mid:UUID
-
2
</
eb:MessageId
>








<
eb:Timestamp
>
2000
-
07
-
25T12:19:05Z
</
eb:Timestamp
>








<
eb:RefToMessageId
>
mid:UUID
-
1
</
eb:RefToMessageId
>







</
eb:MessageData
>




<<
eb:QualityOfServiceInfo

eb:deliverySemantics
="
OnceAndOnlyOnce
"

eb:messageOrderSemantics
="
Guaranteed
"

eb:deliveryReceiptRequested
="
Signed
" />


</
eb:MessageHeader
>
-



8

From application to transport

HTTP

SMTP



IIOP

MSH Interface

ebXML Application

Authentication, authorization and
non
-
repudation services

Header Processing

Encryption, Digital
Signature

Message Packaging

Delivery, Send/Receive,

Transport mapping and Binding

Error Handling

MSH Services

Message Service Handler

9

Functions of a MSH
-

1

Within a MSH, the following functions are distinguished:


Header Processing

-

the creation of the SOAP
Header

elements for the
ebXML Message

uses input from the application, passed through the Message
Service Interface, information from the CPA that governs the message, and
generated information such as digital signature, timestamps and unique
identifiers.



Header Parsing

-

extracting or transforming information from a received
SOAP
Header

or
Body

element into a form that is suitable for processing by
the MSH implementation.



Security Services

-

digital signature creation and verification, authentication
and authorization. These services may be used by other components of the
MSH including the Header Processing and Header Parsing components.

10

Functions of a MSH
-

2


Reliable

Messaging

Services

-

handles

the

delivery

and

acknowledgment

of

ebXML

Messages

sent

with

a

delivery

requirement

of

once

and

only

once
.

The

service

includes

handling

for

persistence,

retry,

error

notification

and

acknowledgment

of

messages

requiring

reliable

delivery
.



Message

Packaging

-

the

final

enveloping

of

an

ebXML

Message

(SOAP

Header

or

Body

elements

and

payload)

into

its

SOAP

Messages

with

Attachments

container
.



Error

Handling

-

this

component

handles

the

reporting

of

errors

encountered

during

MSH

or

Application

processing

of

a

message
.


11

XML/

SOAP

Overview of environment

Application

Application

Application

Application

Authorization

System

Directory/

Trust Service




LDAP

OCSP

XKMS

SAML

XML

Applications

J2EE,.Net,

Other Web
Services

Legacy
Systems

Mainframe,

Unix, A
S
400

Windows, etc.

Mail

SMTP




XML
Wrapper




e
-
mail
Gateway




HTTP/SOAP
Gateway

Logging

XML Config

XSLT + CPA




HTTP Server

MQ

EntireX

….

various




EntiteX

Gateway



OCSP=Online Certificate Status Protocol

LDAP=Lightweight Directory Access Protocol

XKMS=XML Key Management Specification

SAML=Security Assertions Markup Language

12

Sequencing the processing components of
the Message Service Handler

component

Emerger
:

examines the contents based on rules and set
properties

Transfomer
:

uses stylesheets (XSLT) to transform the XML
stream

Aggregator
:

cut and paste portions of various XML
streams together based on your specifications

Validator
:

used to validate the XML document
-

i.e., the
payload of an XML message
-
against a
specified DTD or schema

Encryptor
:

allows the encryption/decryption of XML
documents

Logger
:

logs XML documents and properties in file
system or Tamino

Decrementer
:

allows you to decrement a counter in a
sequence document

Payload

Setter
:

allows you to completely
replace the XML document
portion of the current
message with some new
XML document

Gate
-

Way

Sequence

document

(flow control)




Other Gateways

emerger

transformer

aggregator

validator

logger

encryptor

HTTP Gateway

decrementer

payloadsetter


HTTP Gateway


EntireX XML Wrapper Gateway


EntireX Broker Gateway


SOAP Gateway


E
-
mail Gateway

13

Flexible and adaptable processing


A XML sequence or emerger document is assigned to an ebXML
input document


The sequence document describes the flow of (conditional)
processing steps


In case of errors another sequence can be executed to handle the
error properly


Each processing step activates a component (e.g. servlet)


Each component has (optional) properties for input and control of
the process


(New) properties can be set and checked to control the flow of
following processing steps


Standard components are available for various tasks


Customer can develop and use its own components

14

Example of a sequence document




<
SOAP
-
ENV:Envelope


…..


<
eb:CPAId
>
http://www.ElectraCorp.SAG/cpa/inter_domain/d1_d2.xml
</
eb:CPAId
>



…..


</
SOAP
-
ENV:Envelope
>




<
sequence
>



<
block on_error
="
http://saghost
/
error01sequence.xml
">






<
step component
="
SagTaminoLogger
"

logmessage
="
Original SOAP Envelope with ebXML payload
"




xbd.taminoLogger.database
="
http://saghost/tamino/ebXML/LogMessage
" />







<
step component
="
SagEmerger
"

xbd.emerger.modelName
="
CheckCPAId
"






xbd.emerger.modelSourceURL
="
http://saghost/CPAIdemerger.xml
" />








<
if property
="
CPAId.present
"

relation
="
exists
">





<
block on_error
="
http://saghost/error02sequence.xml

">





<
step component
="
SagLogger
"

logmessage
="
before gateway to CPA Server
" />






<
replicate xbd.aggregator.collection.model
="
ebXMLmodel
"







xbd.aggregator.modelSourceURL
="
http://saghost/CPAIdaggregator.xml
">





<
replicant ID
="
original
">






<
step component
="
SagHttpGateway
"

xbd.http.method
="
GET
"







xbd.http.target.url
="
http://saghost/tamino/xml/ebxml?_xql





=/CollaborationProtocolAgreement[@tp:cpaid='
http://www.ElectraCorp.pais/cpa/inter_domain/d1_d2.xml
']
" />




……



</
block
>




……



</
sequence
>

Mediator

15



The MSH architecture



explained with example



Application

Server

W

E

B




S

E

R

V

E

R

logging

yes

yes

Web

Services

log?

no

decrypt

yes

decrypt?

no

XML keyinfo & certificate

SOAP
-
ebXML message

yes

collaboration protocol

agreement

XQUERY

no

CPA
-
id

exists?

get CPA

yes

XML signature

OK?

error

handling

authen
-

ticate?

no

yes

trans
-

formation?

transform

XML doc

stylesheet

no

no

yes

OK?

error

handling

no

final

destination?

yes

verify

signature

application

gateway

no

HTTP

gateway

Various

gateways

OUT

response

error

handling

XML

16



The MSH architecture



benefits Tamino as MSH repository


Native XML storage


Validated against XML Schema or DTD


Well
-
formed


Non
-
XML Storage (binary)


XQUERY retrieval incl Full text access


Transactional node
-
level update


Support for UDDI


Xtentions

(remote function integration)


Xnode

(remote data access: rdbms, Adabas)


WebDAV & WebServices support


Security


Replication & Clustering support

XML keyinfo & certificate

SOAP
-
ebXML message

collaboration protocol

agreement

XQUERY

XML signature

stylesheet

17

MSH Message processing

Transport, routing and packaging

World Wide Web

Authentication/Authorize

Build ebXML SOAP blocks

Encrypt

Encrypt?

Create ebXML SOAP message

Get ebXML SOAP blocks

Add header info

Receive ebXML SOAP message

Decrypt

Process ebXML information

Call application

Encrypt?

Pass on to the
next MSH

Final?

Decrypt?

ebXML message

Application

Application

18

Security Requirements


Confidentiality


Only intended recipient should be able to read messages


Authentication


Service provider must verify identity of requestor


Authorization


Service provider must verify that requestor is allowed to access the service
requested


Integrity


Service provider must check messages were not modified by some third
party


Non
-
repudiation/Accountability


Service provider must track usage of services to ensure accountability for
transactions processed


Data validation


Service provider must ensure that content of message is not damaging to
the Service


19

Requirements

The following technologies
satisfy

the various security
principles



Confidentiality


SSL, XML Encryption








Authentication


X.509 certificates (LDAP directories, XKMS services)


Authorization


SAML, X.509 certificates (Authorization Servers)


Integrity


XML Signature



Non
-
repudiation/Accountability


XML Signature + X.509 certificates





Data validation


XML Signature, XML Schema and XPath

20







Thank You