Synopses & Reviews
Build Web services with enterprise-class reliability, performance, and value
Web services are transforming IT, and represent a powerful new way to reduce cost and drive top-line growth throughout the enterprise. This book takes a no-nonsense view of architecting and constructing enterprise-class Web services and applications. The authors expertly assess the current state of the Web services platform, offering best practices and new architectural patterns for leveraging the advantages of Web services--and mitigating the risks.
- Build Web services and applications that meet enterprise requirements for security, mobility, transactions, QoS, workflow, portlets, management, and more
- Avoid the "bottomless pit" of application rewriting and maintenance overhead
- Architect applications to stay reliable even if some Web services go off-line
- Scale applications to support the inclusion of Web services from multiple partners
- Secure private information within Web services environments
- Develop high-value mobile Web service applications
- Includes a detailed case study
Whether you're an architect, developer, project leader, or manager, this book will help you deliver on the promise of Web services in your real-world enterprise environment.
This book describes the key issues and technologies driving Web Services. It provides thorough coverage of concepts, issues, common problems and their solutions, technologies, and best practices necessary to build production-quality Web services-based applications.
About the Author
DR. SANDEEP CHATTERJEE is a seasoned technology expert and business professional with over a decade of hands-on contributions as a technologist, consultant, entrepreneur, and author. He is Chief Technology Officer of a startup focused on Web services delivery and management, and also serves as a Chief Technology Consultant for Fortune-100 and major not-for-profit organizations including Hewlett-Packard and ACCION International. Sandeep served on the Expert Group that specified the worldwide standard for mobile Web services, and was the lead of Hewlett-Packard's Web Services Mediation Platform. He was also Entrepreneur-in-Residence at FidelityCAPITAL, the VC arm of Fidelity Investments. Sandeep holds a Ph.D. in Computer Science from the Massachusetts Institute of Technology, where his research in mobile systems was selected as one of the top 35 inventions in the 35-year history of MIT's Laboratory for Computer Science.
DR. JAMES WEBBER is an architect and Web Services fanatic at Arjuna Technologies where he works on Web services transaction and Grid computing technology. Prior to joining Arjuna Technologies, he was the lead developer with Hewlett-Packard working on their BTP-based Web Services Transactions product--the industry's first Web Services Transaction solution. An active speaker and Web Services proponent, Jim is a co-author of the WS-CAF suite of specifications. Jim holds a B.Sc. in Computing Science and Ph.D. in Parallel Computing both from the University of Newcastle upon Tyne.
Table of Contents
Foreword by David Bunnell.
What Are Web Services? SOAP. WSDL. UDDI. Why Web Services are Important. The Evolution of Web Applications. Not Just Another Distributed Computing Platform. Web Services and Enterprises. Moving Forward. Summary. Architect's Note.
I. BASIC WEB SERVICES STANDARDS, TECHNOLOGIES, AND CONCEPTS. 2. XML Fundamentals.
XML: The Lingua Franca of Web Services. XML Documents. XML Namespaces. Explicit and Default Namespaces. Inheriting Namespaces? ? and Not Inheriting Namespaces. Attributes and Namespaces. XML Schema. XML Schema and Namespaces. A First Schema. Implementing XML Schema Types. The any Element. Inheritance. Substitution Groups. Global and Local Type Declarations. Managing Schemas. Schemas and Instance Documents. XML Schema Best Practices. Processing XML. SAX: Simple API for XML. DOM: Document Object Model. Extensible Stylesheet Transformation (XSLT) and XML Path Language (XPATH). Summary. Architect's Note. 3. SOAP and WSDL.
The SOAP Model. SOAP. SOAP Messages. SOAP Envelope. SOAP Header. SOAP Body. SOAP Faults. SOAP Encoding. SOAP RPC. Using Alternative SOAP Encodings. Document, RPC, Literal, Encoded. Document. RPC. Literal. Encoded. SOAP RPC and SOAP Document-Literal. SOAP, Web Services, and the REST Architecture. Looking Back to SOAP 1.1. Syntactic Differences between SOAP 1.2 and SOAP 1.1. Changes to SOAP-RPC. SOAP encoding. WSDL. WSDL Structure. The Stock Quote WSDL Interface. Definitions. The Types Element. Bindings. Services. Managing WSDL Descriptions. Extending WSDL8. Using SOAP and WSDL. Service Implementation and Deployment. Binding to, and Invoking Web Services. Where's the Hard Work? Summary. Architect's Note. 4. UDDI-Universal Description, Discovery, and Integration.
UDDI at a Glance. Analogies with Telephone Directories. The UDDI Business Registry. UDDI Under the Covers. The UDDI Specification. UDDI Core Data Structures. Accessing UDDI. How UDDI Is Playing Out. UDDI and Lifecycle Management. UDDI and Dynamic Access Point Management. Summary. Architect's Note.
II. ADVANCED WEB SERVICES TECHNOLOGIES AND STANDARDS. 5. Conversations.
Conversations Overview. Conversational Requirements for B2B Interactions. Web Services Conversation Language. Consuming WSCL Interfaces. WSCL Interface Components. Interactions. Transitions. Conversations. The Bar Scenario Conversation. Relationship Between WSCL and WSDL. What WSCL Doesn't Do. Summary. Architect's Note. 6. Workflow.
Business Process Management. Workflows and Workflow Management Systems. Workflows. Workflow Management Systems Drawbacks. Web Services and Workflow. Business Process Execution Language for Web Services (BPEL). The BPEL Stack. Activities. Service Linking, Partners, and Service References. Message Properties and Property Aliases. Correlating Messages. Containers and Data Handling. Workflow Example: On-line Shop. BPEL 1.1 and OASIS WSBPEL. BPEL and its Relation to BPML, WSCI, WSFL, and Xlang and Others. Summary. Architect's Note. 7. Transactions.
ACID Transactions. Distributed Transactions and Two-Phase Commit. The Two Phase Commit Approach. Dealing with Heuristic Outcomes. Advanced Topics: Nesting and Interposition. Scaling Transactions to Web Services. OASIS Business Transaction Protocol. The BTP Model. Implementing with BTP. Consuming Transactional Web Services. Client API. Under the Covers: BTP's Two-Pipe Model. Transactionalizing Web Services. Supporting Infrastructure. Participants. Compensating Actions: A Strategy for Participant Implementation. Integrating Participants and Services. The Transaction Manager. Bringing it all Together: A Cohesive Example. BTP: In a Nutshell. Other Web Services Transaction Protocols. Microsoft .Net. J2EE and Enterprise Java Beans. WS-Coordination and WS-Transaction. Summary. Architect's Note. 8. Security.
Everyday Security Basics. Security Is an End-to-End Process. Data Handling and Forwarding. Data Storage. Errors in Identity. Web Service Security Issues. Data Protection and Encryption. Authentication and Authorization. Non-repudiation and Signatures. Types of Security Attacks and Threats. Malicious Attacks. Denial of Service Attacks. Dictionary Attacks. Internal Threats. Web Services Security Roadmap. WS-Security. The Security Header Element. The UsernameToken Element. The BinarySecurityToken Element. The SecurityTokenReference Element. The KeyInfo Element. The Signature Element. The ReferenceList Element. The EncryptedKey Element. The EncryptedData Element. Putting It All Together. Preventing Replay Attacks. Summary. Architect's Notes. 9. Quality-of-Service.
What is QoS? Why is QoS Important for Web Services? Full Control versus Predictable Worst-Case Performance. QoS Metrics for Web Services. Where are the Holes? XML. HTTP. Communication Networks. Server-side Infrastructure. Design Patterns and Best Practices. Use Coarse-Grained Web Services. Build the Right Client Application. Cache Web Service Results. Use Resources Efficiently. Building QoS into Web Services and Applications. QoS-Enabled Web Services. Communicating QoS to Client Applications. Lifecycle Management. QoS-enabled Applications. Monitoring QoS Performance. Discovering the Right Service. Recovering from Service Failures. Summary. Architect's Note. 10. Mobile and Wireless.
Mobile Web Services. Challenges With Mobile. The Wireless Network. Limited Computing Resources. User Interfaces. Proxy-based Mobile Systems. Mobile Messaging Platform. Flash ActionScript Mobile Application User Interface. Invoking Web Services Directly Through a Proxy Server. Direct Mobile Web Service Access. J2ME Web Services. Supported APIs. Programming Model. Summary. Architect's Notes. 11. Portals and Services Management.
Portals. Programmatic and Interactive Web Service Interfaces. The WSRP and WSIA Specifications. Building Portlets and Portals with WSRP. Restrictions. Deploying and Locating Services. Putting It All Together. Summary. Web Services Management. The Objectives of Web Services Management. Web Services Management Modules. Web Services Distributed Management. Summary. Architect's Notes.
III. PUTTING IT ALL TOGETHER-BUILDING REAL WORLD ENTERPRISE WEB SERVICES AND APPLICATIONS. 12. Real World Web Service Application Development-Foundations.
Enterprise Procurement. System Functionality and Architecture. Running the EPS Application. System Implementation. VendorAOrdering.java. VendorAProcurement.wsdl. EPS.html. EPSCatalog.html. ServiceServlet.java. Client-side Binding Stubs. OutputServlet.java. Deploying the Application. Running the Application. Direct Web Service Invocations (without Binding Stubs). Where Are the Holes? Summary. Architect's Notes. 13. Real World Web Service Application Development — Advanced Technologies.
Introduction. Building Evolvable and Composable Workflows. Automating the Procurement Process. Augmenting Remote WSDL Interfaces. Implementing the BPEL Workflow Script. Deploying and Executing BPEL Workflows. Adding Transaction Support. Changes to the Backend Systems. Transaction-Aware Service Implementation. Implementing Participants. Consuming Transactional Web Services. Programming for Mobility. Securing the Application. HTTP Security. Summary. Architect's Notes. 14. Epilogue.
Current Standards and Future Trends. XML. SOAP and WSDL. UDDI. Transactions. Security. Conversations. Workflow. Quality of Service. Mobile and Wireless. Standards Organizations. W3C. OASIS. WS-I. Vendor Specifications. Platforms. Microsoft.Net. J2EE. A Single Web Services Platform? Summary. Index.