Project Stonehenge for .NET

splattersquadSecurity

Nov 16, 2013 (3 years and 7 months ago)

65 views

Project Stonehenge for .NET

Ben Dewey

twentysix

New York

Apache Stonehenge Committer

http://bendewey.wordpress.com


What is Project Stonehenge?


Stonehenge is sponsored by the Apache
Software Foundation, a leader in the Open
Source community, and was created to build
reference applications that demonstrate the
use of WS
-
* Standards in real
-
world project
implementations

Goals


Illustrate and develop best practices for
interoperable applications that communicate via
distributed protocols


Demonstrate interoperability between platforms


Provide sample code upon which SOA developers can
build their own applications


Potentially identify interoperability issues and their
solutions


Build confidence in cross
-
platform deployment of
SOA technologies.

My Role
(since April 2009)


Created .NET Install Documentation


Redesigned .NET
StockTrader

Client


Create
Interop

Guide


Provided various other code and wiki updates


Release Manager for M2

Terms


SOA


Service
-
Oriented Architecture


WS
-
*


Web Service Standards


W3C
-

World Wide Web Consortium


OASIS
-

Organization for the Advancement of Structured
Information Standards


WCF


Windows Communication Foundation


AXIS2
-
Java/Metro


Java Web Services Frameworks


AXIS2
-
C (PHP)


C Web Services Framework


.NET Web Services(WS) Background


Past


ASP.NET Web Services (ASMX)


WSE (Web Service Extensions)


Present


WCF (“Indigo”)


Future


Distributed Application Server (“Dublin”)


MSE (Managed Services Engine)

Example SOAP Message

<s:Envelope
xmlns:s
="http://schemas.xmlsoap.org/soap/envelope/"
>


<
s:Header
>



<a:Action>
SubmitOrder
</a:Action>



<a:To>http://26ny
-
stoneh
-
r2:8001/tradeorderprocessor</a:To>


</
s:Header
>


<
s:Body
>



<SubmitOrder
xmlns
="http://Trade.TraderOrderHost"
>




<order>


<a:orderID>100000108</a:orderID>


<a:orderType>buy</a:orderType>


<a:orderStatus>open</a:orderStatus>


<a:openDate>2009
-
07
-
14T23:07:13.3740234
-
04:00</a:openDate>


<a:completionDate>0001
-
01
-
01T00:00:00</a:completionDate>


<a:quantity>100</a:quantity>


<a:price>1</a:price>


<a:orderFee>15.95</a:orderFee>


<a:symbol>s:3</a:symbol>




</order>



</
SubmitOrder
>


</
s:Body
>

</s:Envelope>

WS
-
* Specifications


WS
-
Messaging


SOAP (Packet, Envelope with a Header and a Body)


WS
-
Addressing (To, From, Action)


WS
-
MetaData

Exchange


WS
-
Policy


(Envelope Requirements)


WSDL


Web Services Definition Language (Policies, Types,
Binding, Service)


WS
-
Security


WS
-
Signature


(Prevents Tampering)


WS
-
Encryption


(Prevents Snooping)


WS
-
Trust/Federation


(Authenticates and Provides Roles)


WS
-
ReliableMessaging



Transactions

http://en.wikipedia.org/wiki/WS
-
*

Example SOAP Message (WS
-
Sec Header)

<s:Header>


<
a:Action

s:mustUnderstand="1"
u:Id="_5">
SubmitOrder
</a:Action>


<
a:To

s:mustUnderstand="1"
u:Id="_6“>http://localhost:8001/sec</a:To>


<
o:Security

s:mustUnderstand="1"
xmlns:o
=

“http://docs.oasis
-
open.org/wss/2004/01/oasis
-
200401
-
wss
-
wssecurity
-
secext
-
1.0.xsd” />


</s:Header>

Example SOAP Message (WS
-
Sec Element)

<o:Security s:mustUnderstand="1"
xmlns:o
="http://docs.oasis
-
open.org/wss/2004/01/oasis
-
200401
-
wss
-
wssecurity
-
secext
-
1.0.xsd">



<
u:Timestamp

u:Id="uuid
-
1c239684
-
8f70
-
4b89
-
8d0d
-
32ee15465120
-
2">…</u:Timestamp>



<
e:EncryptedKey

Id="uuid
-
1c239684
-
8f70
-
4b89
-
8d0d
-
32ee15465120
-
1“>



<e:CipherValue>gH27sFs3Ay…
fyHIuFEZg
=</e:CipherValue>


</
e:EncryptedKey
>



<
e:EncryptedData

Id="_7" Type=“http://www.w3.org/2001/04/xmlenc#Element”>



<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128
-
cbc"/>



<
KeyInfo

xmlns
="http://www.w3.org/2000/09/xmldsig#">…</
KeyInfo
>



<e:CipherData>




<e:CipherValue>Ct2hjN…Np7qpZLXYL5</e:CipherValue>



</e:CipherData>


</
e:EncryptedData
>


</o:Security>

Example SOAP Message (WS
-
Sec Body)

<s:Body u:Id="_3">



<e:EncryptedData Id="_4"



Type="http://www.w3.org/2001/04/xmlenc#Content"

xmlns:e
="http://www.w3.org/2001/04/xmlenc#">






<
e:CipherData
>




<e:CipherValue>





FvifwljMEc
…NUs4RvaG++
Ww
==




</e:CipherValue>



</
e:CipherData
>





</e:EncryptedData>


</s:Body>

Example SOAP Message (WS
-
Sec)

<s:Envelope
xmlns:s
="http://www.w3.org/2003/05/soap
-
envelope"
xmlns:a
="http://www.w3.org/2005/08/addressing"
xmlns:u
="http://docs.oasis
-
open.org/wss/2004/01/oasis
-
200401
-
wss
-
wssecurity
-
utility
-
1.0.xsd">

<s:Header>



<a:Action u:Id="_5">
SubmitOrder
</a:Action>


<a:To u:Id="_6">http://26ny
-
stoneh
-
r2:8001/tradeorderprocessor/sec</a:To>


<
o:Security

xmlns:o
="http://docs.oasis
-
open.org/wss/2004/01/oasis
-
200401
-
wss
-
wssecurity
-
secext
-
1.0.xsd">


<u:Timestamp u:Id="uuid
-
1c239684
-
8f70
-
4b89
-
8d0d
-
32ee15465120
-
2">…</u:Timestamp>



<e:EncryptedKey Id="uuid
-
1c239684
-
8f70
-
4b89
-
8d0d
-
32ee15465120
-
1“>



<e:CipherValue>gH27sFs3Ay…
fyHIuFEZg
=</e:CipherValue>


</e:EncryptedKey>



<e:EncryptedData Id="_7" Type=http://www.w3.org/2001/04/xmlenc#Element>



<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128
-
cbc"/>



<KeyInfo
xmlns
="http://www.w3.org/2000/09/xmldsig#">…</
KeyInfo
>



<e:CipherData><e:CipherValue>Ct2hjN…Np7qpZLXYL5</e:CipherValue></e:CipherData>


</e:EncryptedData>


</
o:Security
>


</s:Header>

<s:Body u:Id="_3">



<e:EncryptedData Id="_4" Type="http://www.w3.org/2001/04/xmlenc#Content">



<e:CipherData><e:CipherValue>
FvifwljMEc
…NUs4RvaG++
Ww
==</e:CipherValue></e:CipherData>


</e:EncryptedData>


</s:Body>

</s:Envelope>

Apache Stonehenge Project

Apache Software Foundation


Apache Group “Web Server”


Meritocracy


Committer Status


Legal protection


Mailing list correspondence


Individualism


Nobody has any affiliations within Apache

Stonehenge Timeline


Initial phase


Proposal submitted by WSO2, announced at
ApacheCon

US 2008


Microsoft joined as a contributor with other vendors IONA,
RedHat
/
Jboss


Stonehenge was accepted as a new
Apache Incubator

project on Nov 18, 2008


WSO2 contributed two
StockTrader

implementations with AXIS2


A
StockTrader

c
lient application in
WSF(Axis2/C)/PHP
,


Two service implementations running on
WSF/PHP
, and
WSAS

(
Axis2/Java
).


Microsoft contributed the
StockTrader

implementation in WCF for .NET


First “
interop
” lab published on May 2009


http://cwiki.apache.org/confluence/display/STONEHENGE/



Sun joined with Microsoft for a keynote at
JavaOne

to announce their
contribution to the project on June 2009


Sun contributes service implementations to the
StockTrader

application in
Metro(Java) running on Glassfish.

Apache Stonehenge

StockTrader

Application

“The flagship application”

StockTrader

Application Overview


Stock trading scenario application


Trader Client


Business Service
-

login/list/quote/buy/sell operations


Order Processing Service
-

buy/sell operations

.NET Client

PHP Client

StockTrader

Interop

Lab .NET, Java, PHP


Interoperability scenarios using the contributions from
WSO2 and Microsoft:



Java



PHP


.NET


Interoperating different layers and formats:


Basic Web Services standards (SOAP)


SOAP with WS
-
Security (Encryption and Signing)


Installation/configuration guides published on the
Stonehenge wiki:


http://cwiki.apache.org/confluence/display/STONEHENGE/



Blog post:


http://blogs.msdn.com/interoperability/


StockTrader

Interop

Lab
-

Diagram

StockTrader

.NET

ASP.NET
-
WCF

StockTrader

PHP

PHP
-
WSF(Axis2/C)

StockTrader

Java

WSAS
-
Axis2/Java

Web UI

Data Access

Web UI

Business Services

Order Processing

Data Access

Database

Business Services

Order Processing

Data Access

Business Services

.NET

PHP

WSAS

Web Service calls:

Order Processing

Apache Stonehenge

StockTrader

Application

Interoperability Demonstration

Scenario 1

StockTrader

.NET

ASP.NET
-
WCF

StockTrader

PHP

PHP
-
WSF(Axis2/C)

StockTrader

Java

WSAS
-
Axis2/Java

Web UI

Web UI

Business Services

Order Processing

Business Services

Order Processing

Business Services

Order Processing

Scenario 2

StockTrader

.NET

ASP.NET
-
WCF

StockTrader

PHP

PHP
-
WSF(Axis2/C)

StockTrader

Java

WSAS
-
Axis2/Java

Web UI

Web UI

Business Services

Order Processing

Business Services

Order Processing

Business Services

Order Processing

Scenario 3

StockTrader

.NET

ASP.NET
-
WCF

StockTrader

PHP

PHP
-
WSF(Axis2/C)

StockTrader

Java

WSAS
-
Axis2/Java

Web UI

Web UI

Business Services

Order Processing

Business Services

Order Processing

Business Services

Order Processing

Scenario 4

StockTrader

.NET

ASP.NET
-
WCF

StockTrader

PHP

PHP
-
WSF(Axis2/C)

StockTrader

Java

WSAS
-
Axis2/Java

Web UI

Web UI

Business Services

Order Processing

Business Services

Order Processing

Business Services

Order Processing

Scenario 5

StockTrader

.NET

ASP.NET
-
WCF

StockTrader

PHP

PHP
-
WSF(Axis2/C)

StockTrader

Java

WSAS
-
Axis2/Java

Web UI

Web UI

Business Services

Order Processing

Business Services

Order Processing

Business Services

Order Processing

Scenario 6

StockTrader

.NET

ASP.NET
-
WCF

StockTrader

PHP

PHP
-
WSF(Axis2/C)

StockTrader

Java

WSAS
-
Axis2/Java

Web UI

Web UI

Order Processing

Business Services

Order Processing

Business Services

Order Processing

Business Services

Scenario 7

StockTrader

.NET

ASP.NET
-
WCF

StockTrader

PHP

PHP
-
WSF(Axis2/C)

StockTrader

Java

WSAS
-
Axis2/Java

Web UI

Web UI

Business Services

Order Processing

Business Services

Order Processing

Business Services

Order Processing

Future of
Stonehenge


StockTrader


Metro


Federated Identity


REST


AMQP (Advanced Message Queuing Protocol)


Whatever the community decides

Call to Action


Visit the Apache Stonehenge Website


http://incubator.apache.org/stonehenge


Join the Mailing List


Follow along, join the discussion


Download the code


Run the interoperability labs


Give us feedback

Videos


WSO2 and Microsoft
demonstrate interoperability at
TechEd

IT Pro 2008


http://video.msn.com/video.aspx?mkt=en
-
us&vid=7019fbb8
-
4d12
-
4f56
-
93a1
-
a39b9d2ccb00



Sun and Microsoft Demonstrate
Metro contribution to Project
Stonehenge at
JavaOne

in 2009


http://java.sun.com/javaone/2009/playlist.jsp?pid=24
744799001&autoStart=on

Links


Apache Stonehenge Homepage


Bug Tracking, Wiki, Source Code, etc


http://incubator.apache.org/stonehenge


Stonehenge Wiki, Installation Guides, Labs


http://cwiki.apache.org/confluence/display/STONEHENGE


Ben Dewey’s Blog Getting Started Guide


http://bendewey.wordpress.com


Kamaljit

Bath’s Blog
(Principal Program Manager, Microsoft)


http://blogs.msdn.com/interoperability


ConnectedShow

Podcast
(
Dimitry

Lyalin

& Peter
Laudati
)


http://connectedshow.com/?Episode=8


Apache Foundation: Getting Involved


http://apache.org/foundation/getinvolved.html

Questions