webservice3

observancecookieSecurity

Nov 5, 2013 (3 years and 9 months ago)

86 views

WEBSERVICES

Surma Mukhopadhyay

BUS 665

Paper presented


An Introduction to Oracle Web Services
Manager


An Oracle White Paper


May 2005


[
http://www.oracle.com/johnblade/pdf/oracle_webservices.pdf
]




WebServices Activity


[
http://www.w3.org/2002/ws/
]




Contents:

Topic 1: An introduction to ORACLE


Webservice Manager


Topic 2: Webservices Activity


What Is Webservices?


The World Wide Web is more and more used for
application to application communication. The
programmatic interfaces made available are
referred to as
Web services


Positive & Negative Sides of
Webservice


Positive side: Increase access to useful data


Cut time to market


Negative side: Increases compliance risk


Security holes

What Is ORACLE Web Service
Manager?

Oracle Web Services Manager (WSM) is a Web
Services security and management solution that
provides the visibility and control required to deploy
Web Services into production



The advantage of using WSM:


With Oracle WSM, organizations can enjoy a


common security infrastructure for all Web


service applications



This allows best practice security policies and
monitoring to be deployed across existing or new
services


How WSM Works


With Oracle WSM, an administrator creates security
and management policies using a browser
-
based tool


A typical Web Service security policy might be:


1. Decrypt the incoming XML message


2. Extract the user’s credentials


3. Perform an authentication for this user


4. Perform an authorization check for this


user and this Web Service


5. Write a log record of the above information


6. If all steps are successful, pass the


message to the intended Web


7. If not, return an error and write an


exception record



How WSM Works
cont.


The WSM product would then intercept every
incoming request to a Web Service and apply the
policy above



As the policy is executed, the WSM collects statistics
about its operations and sends these to a monitoring
server


The monitor displays errors, service availability data,
etc


As a result, each Web Service in an enterprise
network can automatically gain security and
management control



Key Features


Web Services access control and single sign
-
on




Centralized security policy management with


localized enforcement



Unified monitoring of cross
-
organization Web


Services application


Key benefits of WSM


Increased security



Lower development cost



Easier compliance reporting

Oracle WebServices Manager
Components


The WSM Platform consists of four components: Policy
Manager, Gateways, Agents, and Monitor. Gateways
and Agents are two policy enforcement points



The Oracle WSM provides significant architectural
flexibility via the combination of Gateways and Agents

Webservice Policy Manager


The WSM Policy Manager is a browser
-
based,
graphical tool for creating and versioning security and
management policies, using pre
-
built or custom policy


steps


Examples of policy steps are: decrypt the XML
payload, perform an LDAP authentication, log an audit
record, perform an authorization, etc


Policy steps are linked together into a policy pipeline


This pipeline can be executed at a single Web
Service, a subset, or all Web Services


Webservice Management
Gateway


The WSM Gateway operates independently of the Services it
protects, acting as a proxy to Service clients


The Gateway can virtualize an underlying Web Service, so that
clients do not learn the address details of the Service


Gateways can enforce most policy steps, but also have the
unique ability to route messages based on message or
attachment content


The Gateway can transform messages from one format or
protocol to another from XML
-
over
-
HTTP to JMS


Gateways are often deployed in an organization’s DMZ, to route
messages to specific Services and obscure Service details from
external clients


The Policy Manager periodically sends updates of the policy
pipelines to the Gateway


WebService Management Agent


WSM Agent is installed into the same process space
as the underlying Service it is protecting


It can support encryption of messages all the way to
the endpoint


Since it resides at an endpoint, it cannot route or
transform messages


The Policy Manager periodically sends updates to its
policy pipelines to the Agent.


WebServices Monitor


As the Gateways and Agents enforce policies on
incoming and outgoing messages, they collect
statistics about response times, exceptions, etc


These statistics are sent in real
-
time to the WSM
Monitor, a Web
-
based dashboard for monitoring
service level agreements, service availability, and
service responsiveness


The Monitor can alert administrators when boundary
conditions are met


It can also automatically communicate with the Policy
Manager to activate new policies

WSM

WebService Activity


The goal of the Web Services Activity is to develop a
set of technologies in order to lead Web services to
their full potential



Here we are going to discuss the W3C's work on
this topic in more detail




[Note
:
The World Wide Web Consortium (W3C) develops
interoperable technologies (specifications, guidelines,
software, and tools) to lead the Web to its full potential. W3C
is a forum for information, commerce, communication, and
collective understanding


www.w3.org
]

Activity Group


The Activity, coordinated by one coordination group
and one interest group


The coordination group works in six different
subroups as follows:


Semantic Annotations for Web Services Description Language
Working Group


Web Services Addressing Working Group


Web Services Choreography Working Group


Web Services Description Working Group


Web Services Policy Working Group


XML Protocol Working Group


XML Schema Patterns for Databinding Working Group

The interest group consists of Semantic Web Services
Interest Group

Semantic Annotations for Web
Services Description Language
Working Group



The objective of the Working Group is to develop a
mechanism to enable semantic annotation of Web
services



This mechanism will take advantage of the WSDL 2.0
extension mechanisms to build a simple and generic
support for adding semantic descriptions for Web
services


Semantic Annotations for WSDL and XML Schema
(SAWSDL) specification defines mechanisms using
which semantic annotations can be added to WSDL
components

The Key Design Points of SAWSDL



The specification enables semantic
annotations for Web services using and
building on the existing extensibility
framework of WSDL.


It is agnostic to semantic representation
languages.


It enables semantic annotations for Web
services not only for discovering Web
services but also for invoking them.

SAWSDL: Extensions in WSDL


ModelReference:


This is to specify the association between
a WSDL component and a concept in some
semantic model.




LiftingSchemaMapping

and
L
oweringSchemaMapping:


They add to XML Schema
element declarations, complex type definitions and
simple type definitions for specifying mappings
between semantic data and XML.


Webservice Addressing


Web Services Addressing provides transport
-
neutral
mechanisms to address Web services and messages


Here are some useful links to know much about
webservice addressing:


Web Services Addressing
-

Core

[
http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws
-
addr
-
core.html?content
-
type=text/html;%20charset=utf
-
8
]


Web Services Addressing
-

SOAP Binding

[
http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws
-
addr
-
soap.html?content
-
type=text/html;%20charset=utf
-
8
]


Web Services Addressing Metadata

[
http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws
-
addr
-
wsdl.html?content
-
type=text/html;%20charset=utf
-
8
]


Web Services Addressing XML Schema

[
http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws
-
addr.xsd
]


Web Services Addressing Metadata XML Schema

[
http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws
-
addr
-
wsdl.xsd
]






Web Services Choreography
Working Group



As the momentum around Web Services grows, the
need for effective mechanisms to co
-
ordinate the
interactions among Web Services and their users
becomes more pressing




The Web Services Choreography Working Group
has been tasked with the development of such a
mechanism in an interoperable way




[Link:
http://www.w3.org/2002/ws/chor/]


Web Services Description
Working Group


One of the requirements for the development of Web services is
the ability to describe the interface, the boundary across which
applications (Web services user agents and Web services)
communicate



The Web Services Description Working Group is chartered to
design the following components of the interface:



The message
: a definition for the types and structures of the
data being exchanged


The message exchange patterns
: the descriptions of the
sequence of operations supported by a Web service


The protocol binding
: a mechanism for binding a protocol used
by a Web service, independently of its message exchange
patterns and its messages



[http://www.w3.org/2002/ws/desc/]


Web Services Policy Working
Group


The
mission

of the Web Services Policy Working
Group is to produce W3C recommendations for Web
Services Policy


Web Services Policy defines a flexible policy data
model and an extensible grammar for expressing the
capabilities, requirements and general characteristics
of a Web service


It also presents the mechanisms for associating
policies with Web service constructs



[http://www.w3.org/2002/ws/policy/]

XML protocol working group


The Working Group is responsible for updating errata
documents and publishing new editions incorporating
published errata



In addition to the maintenance effort, the XML
Protocol Working Group is chartered to work on
SOAP Version 1.2 extensions




[http://www.w3.org/2000/xp/Group/]

XML Schema Patterns for
Databinding Working Group


The mission of this Working Group is to define a set of
XML Schema patterns that will be efficiently
implementable by the broad community who use XML
databindings



Agreeing on a set of XML Schema patterns for which
databinding optimizations can be made will facilitate
the ability of Web services and other toolkits to
expose a more comprehensible data model to the
developer



[http://www.w3.org/2002/ws/databinding/]

Semantic Web Services Interest
Group



The Semantic Web Services Interest Group is part of the
Web Services Activity. The purpose of the Semantic
Web Services Interest Group is to provide an open forum
for W3C Members and non
-
Members to discuss Web
Services topics essentially oriented towards integration
of Semantic Web technology into the ongoing Web
Services work at W3C.




[link: http://www.w3.org/2002/ws/swsig/]

Conclusion


In this way, an organization can
construct “best practice” security policies
and ensure that these are enforced no
matter how the Service is implemented
or designed