Web Servicesx

righteouschangeDéveloppement de logiciels

14 déc. 2013 (il y a 3 années et 6 mois)

67 vue(s)

LARRISHA ELLIS

SHAQUIL HUDSON

ARTHUR CRUTCHER


WHAT EXACTLY ARE WEB SEVERICES?


A web service is a method of communication
between two electronic devices over the
World Wide Web.


They describe a kind of standardized way of
integrating web
-
based application using XML,
SOAP, WSDL and UDDI open standards over an
internet protocol backbone.




CONNECTING THE DOTS


XML is used to tag the data


Then SOAP is used to transfer the data


Afterwards the WSDL is used for describing
the services available


Finally, the UDDI is used for listing what
services are actually available

HOW ARE THEY USEFUL?


They can convert your application into a web
application which publishes its function or
message to the world wide web.


The basic Web Service platforms are:


XML


HTTP


XML stands for Extensible
M
arkup Language.


It is designed especially for Web documents
and allows designers to create their own
customized tags, it then enables the
definition, transmission, validation, and
interpretation of data between applications
and between organizations.

XML CONTINUED…THE RULES!

1.
You must first declare XML to let the browser
know to “Watch for XML”. This can be done
by starting the document with




<?xml version=“1.0”>


2.

All XML docs must have at least one root
element that contains all the other elements.

WHAT IS XML AS A WEB SERVICE?


Fundamental building blocks to distribute
computing on the
internet.


Focuses on communication and collaboration
among people and applications.


Becoming the platform for application
integration.


Constructed by using multiple XML Web
Services from various sources regardless.

ADVANTAGES OF XML WEB
SERVICES


P
rograms
written in different languages on
different platforms to communicate with each
other in a standards
-
based
way.


C
ould
easily incorporate into applications

stock quotes, weather forecasts, sports
scores,
etc.


W
ill
allow users to build new, more powerful
applications that use XML Web services as
building
blocks.

3 SERVICES THAT XML WEB SERVICES
USE


Exposes useful functionality to Web users through a
standard Web protocol.


SOAP
-

defines the XML format for messages


Provides a way to describe its interface in detail to allow
the user to build a client application to communicate


WSDL
-

Web Service Description Language document


Describes a set of SOAP messages and how they are exchanged


Registered so that potential users can find them easily


UDDI
-

Univerasl Discovery Description


Can search a company that offers services you need


Can also read about the service offere and receive more
information

SOAP


stands for Simple Object Access Protocol


a simple XML
-
based protocol to let
applications exchange information over HTTP.


a format for sending messages


has an independent platform


is language independent


Simple and extensible


Allows you to get around firewalls

WHY SOAP

IS IMPORTANT


A better way to communicate between
applications is over HTTP


http is supported by all Internet browsers and
servers.


Provides a way to communicate between
applications running on different


Operating systems


Technologies


Programming langauges

SOAP
REQUEST AND RESPONSE
EXAMPLE

WSDL


Stands for Web Services Description Language


Written in XML


Is an XML document


Used to describe Web Services


Used to locate Web Services


Specifies operations (or methods) the service
exposes

WSDL DOCUMENT STRUCTURE


<types>


Defines the data types that are used by the web service


<messages>


Defines the data elements of an operation


<portType>


Most important WSDL element


Describes a web service, the operations performed and
messages involved


<binding>


Defines the data format and protocol for each port type


WSDL EXAMPLE

UDDI


Universal Description, Discovery and
Integration


A directory for storing information about web
services


A directory of web service interfaces
described by WSDL


Communicates via SOAP


Built into the Microsoft .NET platform

UDDI
BENEFITS


Any industry or businesses of all sizes can benefit


Makes it possible to discover the right business from
millions currently online


Enables commerce once preferred business is discovered


Reaching new customers and increase access to current
customers


Expands offers and extended market reach


Removes barriers to allow rapid participation in the global
Internet economy


Describes services and business processes in a single, open
and secure environment

UDDI
EXAMPLE USED IN A WEB SERVICE

HTTP


HTTP is short for HyperText Transfer Protocol
and it is used by the world wide web to define
how messages are formatted and transmitted
and what actions web servers and browsers
should take in in response to various
commands.


Its often called a stateless protocol because
each command is executed independently
without knowing the commands before it.

WHY IS HTTP IMPORTANT???


HTTP has become one of the most universally
utilized protocols for transferring electronic data.


Its utility in retrieving interlinked text files is what
ultimately gave rise to the World Wide Web in
1990.


HTTP offers benefits in the diagnosing of
malfunctioning web applications because if the
problem is http related then it can be quickly
determined by reviewing the http transactions
between the client request and server response.

SERVICE ORIENTED ARCHITECTURE

BY DEFINITION


SOA is
a style of information systems
architecture that enables
applications to be
created and built
by combining loosely
-
coupled and interoperable services.


It is a
set of components
in which
can be
invoked, and whose interface descriptions can
be published and
discovered.

THE BASICS OF SOA


What's important to recognize is that Web
services are part of the wider picture
which is
Service Oriented Architecture.


Web services are
actually not
a mandatory
component of a
SOA. However, they eventually
will.


Web services are purely the
implementation as to
where
SOA is the
approach. It is not
just the
service equivalent of a UML component
packaging diagram.

With SOA it is
very
critical

to implement
processes that ensure that there are at least
two different and separate processes

for
provider and
for consumer.

THE PRIMARY TOP
-
LEVEL PROCESSES


The process of delivering the service implementation.



'Traditional' Development


Programming


Web Services automated by tools


The provisioning of the service

the life cycle of the service as a reusable
aritfact
.


Commercial Orientation


Internal and External View


Service Level Management


The consumption process.



Business Process Driven


Service Consumer could be internal or external


Solution assembly from Services, not code


Increasingly graphical, declarative development approach


Could be undertaken by business analyst or knowledge worker


TWO MAJOR CLASSES OF WEB
SERVICES

1.
REST
-
Compliant
Web
S
ervices


The primary purpose of the service is to
manipulate XML representations of Web
representations of Web Resources using a uniform
set of “stateless” operations
.

2.
Arbitrary Web services


The service may expose an arbitrary set of
operations.

REST


(REST)
-

Representation State Transfer is a
reliable Web application


Proposed by Roy Fielding


It is the subset of the WWW in which agents
provide uniform interface semantics


Essentially create


Retrieve


Update and delete

ABITRARY

WEB SERVICES


T
he
application and its constituent components
can be written without concern for its distribution


Software running in different address spaces, on
different machines, can perform operations on the
remotely ccessible components.


This extension permits application components to
be invoked using either the traditional pass
-
by
-
value semanticssupported by Web Services or
pass
-
by
-
reference semantics.

WEB API


An application programming interface and a set of code that set
standards for accessing Web
-

based applications or services.


It h
as
two main interpretations:


Server
-

Side


programmatic interface to a defined request
-
response
message system, typically expressed in JSON or XML, which
is exposed via the web

most commonly by means of an
HTTP
-
based web server.


Mashups
-
a web application that combines and uses
functionality and content from multiple sources to create a
new service.


Client
-

Side


targeting standardized JavaScript bindings to functionality within
a web browser

DIAGRAM OF WEB APIs


EXAMPLES OF APIs


The New York Times API

read only based APIs


Includes financial information, move and book
reviews


FlickR API
-
popular with providing methods like
fetching list of albums or photos, replacing existing
photos or user comments


Amazon Simple Storage Service API
-



not limited to just content or transactions


Allows you to write, read and delete files from their
cloud based hosting facility.

WHY OFF APIs?


Increase brand awareness


Offers a quick and easy way for you to promote and
market your brand


EX: Facebook


Capture new revenue


Several ways to charge developers to use your API


Charging per each API or per number of bandwidth used


Extend your product into new channels


Will work with whatever language your API developer
uses.

AUTOMATED DESIGN METHODS


Automated tools can aid in the creation of a web
service


Two design methods with services using WSDL

Bottom
-
Up


Generate
WSDL for existing
classes.


A developer using a bottom up method writes
implementing classes first and then uses a WSDL
generating tool to expose methods from these
classes as a web service.

TOP

DOWN


G
enerate
a class skeleton given existing WSDL


A developer using a top down method writes
the WSDL document first and then uses a code
generating tool to produce the class skeleton,
to be completed as necessary. This way is
generally considered more difficult but can
produce cleaner designs and is generally more
resistant to change.

EXAMPLES THAT USE MARKUP
LANGUAGE


JSON
-
RPC


Remote procedure call protocol encoded in JSON


Very simple'


Useful for defining only a handful of data types
and commands


Allows for notifications and multiple calls to be
sent to the server that may be answer out of
order

EXAMPLES THAT USE MARKUP
LANGUAGE


Web Template


Used to separate content form presentation in
web design


Good for mass
-

production of web documents


Basically a form letter for use for setting up a
website


used by any individual or organization to set up
their website

EXAMPLES THAT USE MARKUP
LANGUAGE


Web Services Conversation Language (WSCL)


defines the overall input and output message
sequences for one web service using a finite state
automaton FSA over the alphabet of message
types

EXAMPLES THAT USE MARKUP
LANGUAGE


Business Process Execution Language (BPEL)



OASIS[1] standard executable language for
specifying actions within business processes



export and import information


Executable business process and Abstract
business process

TOP 10 WEB SERVICES SECURITY
ISSUES

1. Spend more money/time/ and focus on app
security.

2.Know your security
standards.

3. Use Message Level
Security.

4.Use Longer
Keys.

5.Validate Input & Encode
Output.



CONT...

6.Avoid Naive Sign & Encrypt

7.Scan Your Stuff Before Someone Else Does


8.XDos


9.Implement a XML Security Gateway


10.Identify
Enablement
in Web Services

SECURITY RISKS!!!


Authentication prevents


Masquerade attacks: Users must prove their identity,
so it is more difficult to masquerade as another.


Replay attacks: When using timestamps, it is difficult
to reuse stolen authentication information.


Identity interception: When exchanges are
additionally encrypted, intercepted identities are
useless.

SECURITY RISKS!!


Integrity


Message integrity ensures the recipient that the
data he receives has not been altered during
transit. WS
-
Security tries to ensure integrity using
the XML Signature specification, which defines a
methodology for cryptographically signing XML.
The signatures are defined using a <Signature>
element and accompanying sub
-
elements as part
of a security header.

SECURITY RISKS!


Confidentiality


Message confidentiality is to make the user sure that
the data can't be read during transit, by means of
message encryption. Here, the XML Encryption
specification is the basis to encrypt portions of the
SOAP messages. Any portions of SOAP messages,
including headers, body blocks, and substructures,
may be encrypted
.


The encryption is realized using either symmetric
keys shared by the sender and the receiver of the
message or a key carried in the message in an
encrypted form.

EXAMPLE OF SECURITY CODE

Web Services Video