The Service-Oriented Architecture (SOA)
Web Services can be thought of as components that can be described, published, located, and invoked over the Internet (or in general, any network). The true power of Web Services, however, comes from the fact that all these activities can take place at runtime. In essence, Web Services can figure out how to work with each other, without having been designed to do so specifically.
In order for Web Services to be able to work well together, they must participate in a set of shared organizing principles we call a service-oriented architecture (SOA). The term service-oriented means that the architecture is described and organized to support Web Services’ dynamic, automated description, publication, discovery, and use.
The SOA organizes Web Services into three basic roles: the service provider, the service requester, and the service registry. The relationships among these three roles are shown in Figure 14.2.
Service providers publish (and unpublish) their services to a service registry. Then, ser-vice requesters can find the desired Web Services by searching for their descriptions at the service registry. Once the requester locates the desired service, its client binds with the service at the service provider and then invokes the service.
The SOA is responsible for describing and organizing the mechanisms and practices for each of these actions. In addition, the SOA is responsible for describing how Web Services can be combined into larger services.
Flexibility of E-Business Services
The ability of Web Services to discover, bind to, and invoke other services automatically at runtime—what we call Just In Time (JIT) integration—is actually a tall order for any component in a distributed system to fill. JIT integration presupposes that the SOA has reached critical mass across the globe, where there is a sufficient number of Web Services exposing their interfaces available for discovery and invocation. Furthermore, how are we ever going to get to that global SOA if we don’t already have a mature set of Web Services protocols that everyone agrees upon?
The fact of the matter is, there needs to be a way to bootstrap the SOA so that we can build it piece by piece, even though the underlying protocols are still maturing. Fortunately, this flexibility is built into the SOA, because although it would be really nice for Web Services to support discovery, binding, and invocation at runtime, these features are actually not required in order to use Web Services.
In fact, the SOA provides for a hierarchy of integration options, as shown in Figure 14.3.
At the lowest level, Web Services are “hardwired” at design time. This option essentially mimics a tightly coupled distributed architecture such as a client/server or n-tier archi-tecture. The developer handles the discovery manually and codes the interface to the desired service into the service requester.
At the next level, the desired Web Service is also identified beforehand, but the service requester is smart enough to bind to it dynamically at runtime. In this way, the service requester can vary its request to the service provider, depending on the particular situa-tion. In addition, the service provider can change its interface from time to time (say, as part of a functionality upgrade), and service requesters will be able to adjust to the change on-the-fly.
The third level indicates JIT integration to the service provider: The service requester can search a registry dynamically for a provider and then bind to the one it selects. This is the only level that requires the participation of a service registry.
Lessons Learned from Object Orientation
There are several features an architecture must have to be considered object oriented (OO). An OO architecture’s most important features are encapsulation, message sending, and hierarchical inheritance. Of these, the organizing power of class hierarchies has turned out to be the most useful feature of all, because class hierarchies allow the soft-ware-development process itself to scale.
Architectures that share encapsulation and message sending, but not inheritance, are referred to as object based. Object-based architectures are not nearly as powerful as object-oriented ones, for several reasons. First, encapsulation tends to make an applica-tion brittle, because an object’s internal functionality can be difficult to update without breaking the system. Second, sending messages by exposing methods for remote objects to call is inefficient: If a remote object has a number of requests for an object, it must make a number of method calls, as opposed to one call that marshals all the requests.
The important lesson that the SOA can learn from object-oriented architectures is that the organizing power of the SOA is the key to its success: The way that Web Services are published, located, invoked, and organized over the Internet is much more important than the internal structure of the Web Services themselves, or the specifics of the mes-sage protocols that enable the communication among services.
Architectures that focus on the details of how Web Services communicate, rather than what they say to each other, are called service-based architectures (corresponding to the distinc-tion between object-oriented and object-based architectures). Now, service-based archi-tectures are still useful, but not nearly as powerful as the SOA in a global e-business environment. Instead, service-based architectures are most useful within a single enterprise, where a single architecture team can define and manage the semantics behind the services.
Key Functional Components
The SOA has four key functional components: service implementation, publication, dis-covery, and invocation. This section introduces the architectural issues involved in each of these functional components. In essence, we’ll provide a conceptual framework for the various protocols and technologies detailed in Chapters 15, “Web Services Building Blocks: SOAP,” and 16, “Web Services Building Blocks: WSDL and UDDI.”
There are two basic approaches to building a Web Service: Build one from scratch, or provide a wrapper to an existing application or service so that it exposes a Web Service interface. As Web Services become more prevalent, developers will also have another set of options: Creating a new service interface for an existing Web Service, or taking advan-tage of an existing service interface to act as a skeleton for building or modifying a Web Service. Combining the choice of service interface with the two basic approaches to building a Web Service gives developers four methods for building Web Services:
Develop a new Web Service and a new service interface. This “green field” method gives the developer the most leeway and is the most straightforward of the different methods. The best approach is simply to develop the Web Service as specified by the business requirements, define its interface, and then publish the interface and deploy the Web Service. This approach may be the most practical today, given the lack of existing Web Services. However, it will be the most expensive option.
Develop a new Web Service when there is an existing service interface. The best method to use in this situation is a “top-down” approach. First, locate the existing service interface by searching a registry of Web Services. Next, generate a service implementation template, or skeleton, that contains all the methods and parameters that the Web Service must support to be in compliance with the interface. Then, develop the Web Service as before. This approach will become increasingly practi-cal as useful Web Services become more prevalent in existing registries.
Develop a new service interface for an existing application. You must develop a Web Service wrapper for your existing application in this “bottom-up” method. The wrapper then exposes the service interface. This approach will likely be the least expensive but also the least flexible.
Create a Web Service that wraps an existing application when you have an existing service interface. This method is the most complex of the four, because you must first find the service interface and then use it to generate the service implementa-tion template (skeleton). You must then use this template to develop the wrapper for the existing application.
Once your Web Service is complete and has a well-defined service interface, the next step is to publish your Web Service.
There are three steps to publishing a Web Service:
Author the Web Service description document. Written in the Web Services Description Language (WSDL), this document describes what the Web Service will do, where it can be found, and how to invoke it. (See Chapter 16 for a com-plete discussion of WSDL.)
Publish the Web Service description document on a Web server so that it is accessi-ble to your desired audience (typically the Internet or one company’s intranet, but it might also be published to a private e-marketplace). It is also possible to “direct-publish” the Web Service description to the service requester via e-mail, FTP, or even sneakernet. Direct publication is only possible when the access to the Web Service will be hardwired.
Publish the existence of your document in a Web Services registry using the Universal Description, Discovery, and Integration (UDDI) specification, which describes how Web Service registries are organized and how to work with them. A key aspect to UDDI is the UDDI registry, which acts as a repository for informa-tion about published Web Services (more about UDDI in Chapter 16). UDDI reg-istries can be global, public registries, or they can be restricted to an individual enterprise (for a single application or department or for an enterprise portal) or to a closed group of companies (say, an e-marketplace or a partner catalog). WSDL and UDDI will be covered in Chapter 16.
Once your Web Service appears in a registry, any application can discover your service and therefore locate the Web Service description document you published. UDDI reg-istries support pattern queries for automated lookups and return the location of the WSDL file for the desired service. Once you have obtained the location of this file in the form of a Uniform Resource Indicator (URI), which is a generalization of the familiar Uniform Resource Locator (URL), you are able to download the WSDL file itself.
There are two steps to invoking a Web Service:
Author a client using the Simple Object Access Protocol (SOAP). The WSDL file you downloaded contains the information you need to create a client using SOAP.
Because you are authoring clients on-the-fly based on information you found in the Web Service description document, you are able to invoke the Web Service dynam-ically at runtime. For more information on SOAP, see Chapter 15.
Make a SOAP call. Your client then creates a SOAP message describing what it wants the remote Web Service to do and then sends it to the URI specified in the WSDL document. Typically, the Web Service returns a SOAP message in the format detailed in the Web Service description document.
Just In Time Integration
Just as early object-oriented programming attempts looked a lot like the structural pro-gramming that preceded it, much of the early work with Web Services and the SOA can be expected to look like objects in OO architectures. However, just as programmers learned the true power of OO architectures and went beyond the capabilities of structured programming, so too will programmers learn the power of the SOA and go beyond what was practical with the techniques that came before.
The JIT integration capabilities of the SOA provide new organizing principles for the world of IT. Imagine an Internet full of Web Services: some globally available, and oth-ers available on intranets or other closed networks. This global set of Web Services grows and changes organically; the owner of each one determines what functionality the service will have and what interface it exposes, as well as which registries to submit the service to. In this global picture there is no master architect or executive committee who is responsible for maintaining the system. Instead, there’s a set of simple, widely accepted open protocols that everybody is welcome to share.
So, if you were wondering why Web Services are named as they are, here is the answer. Sure, they run on HTTP, which means they drive on the same roads as the World
Wide Web. However, that’s not why they are “Web” Services. No, it’s the global self-organizing power of technology based on simple, open protocols that puts the “Web” into Web Services.
Semantic Issues and Taxonomies
Semantics refers to the meaning, in human and business terms, of a Web Service’s actions and parameters. Semantics have always been a sticking point for any distributed system. For example, EDI’s rigid approach to its document formats led to semantic ambi-guities. Business partners who use EDI must have an ad hoc agreement on the semantics of the fields in each document.
Object-oriented (OO) systems address the problem of semantics when the systems are small, but ambiguity creeps in when OO systems are scaled up. In a small OO imple-mentation, the naming conventions of the methods as well as their signatures (the para-meters the methods take in different situations) often connote to the developer the meaning of the methods and arguments. In a large-scale system, however, the semantics of a given class cannot typically be deduced by its interface alone. The problem only gets worse when many companies (possibly in different countries) attempt to participate in a distributed e-business system.
The advent of XML did little to cut through the morass of semantic issues because of XML’s inherent extensibility. Due to the fact that the meaning of given XML tags were specified in an XML document’s DTD or schema, developers were welcome to create their own sets of definitions, leading to a Tower of Babel situation.
While the work on semantic issues is ongoing, some of the developments have been incorporated into the Web Services arena in the form of taxonomies. A taxonomy is a hierarchical representation of a set of concepts: Think of an area of interest (say, a verti-cal market) organized like a Yahoo! directory. UDDI registries take advantage of tax-onomies, which can either be based on standard classifications of businesses or custom built to serve special purposes. The simplest taxonomy used in UDDI registries is geographical: country followed by political division—for example, United States, Massachusetts or United Kingdom, Wales.
Because XML is self-describing, a Web Services description can refer to any available schema as the basis for the services it describes. If the description takes advantage of the taxonomies that are available in the service registries that the service provider wishes to use, however, then service requesters will be able to discover such services by looking up terms that have meaning to the requester. Today, however, the use of taxonomies in UDDI registries is still quite rudimentary.
Security and Quality of Service Issues
Up to this point, we have covered building, publishing, finding, and invoking Web Services. Much of the nuts and bolts of the SOA is now in place. However, in order to conduct e-business in the real world, a few features are missing. Most notably, there must be a security infrastructure available for Web Services. Equally important is the need for some way to guarantee different levels of quality of service for messages sent to and from Web Services.
Because Web Services typically run over HTTP and TCP/IP, many of the security requirements for Web Services can be satisfied with the well-established Secure Sockets Layer (SSL) protocol as well as the newer Internet Protocol Security (IPSec) protocol. SSL applies specifically to point-to-point messages sent over HTTP, whereas IPSec allows for the encryption of messages on the network layer. Are these two standards suf-ficient for securing Web Services, or is there a need for a more sophisticated or complete Web Services security layer?
There are four basic requirements that a Web Services security layer must provide:
Confidentiality. The contents of the messages must not be available to unautho-rized parties.
Authentication. The sender of a message must be authorized to send a message, and the recipient of the message must be able to confirm the identity of the sender of the message.
Data integrity. The recipient of a message must be able to guarantee that the message hasn’t been tampered with in transit.
Nonrepudiation. The recipient of a message must be able to guarantee the circum-stances surrounding the sending of the message (for example, the time the message was sent and the fact that the sender sent only one copy of the message).
SSL and IPSec guarantee data integrity and confidentiality for messages that go from the sender directly to the recipient, but they aren’t able to provide authentication or nonrepu-diation. They are also unable to guarantee either data integrity or confidentiality if there is a third-party intermediary in between the sender and the recipient. Because SOAP messages are typically processed by intermediaries, SSL and IPSec are most useful if there is a preexisting trust relationship among sender, recipient, and intermediary. In the world of Web Services, however, this is unlikely to happen very often.
It is also possible to secure the messages to and from Web Services at the application layer or via a secure network. These two approaches may work inside single enterprises but will not work when multiple companies exchange Web Services messages. Instead, it makes more sense to include security information as meta-information in the SOAP header. The SOAP specification allows for such information but doesn’t actually specify it. (More about SOAP headers in Chapter 15.) The security information to be sent in the SOAP headers is some kind of asymmetric key message digest, as provided for by authentication systems such as Kerberos and the Public Key Infrastructure (PKI).
The problem with all asymmetric key systems is that they require the services of a trusted third party. This third party must provide the ultimate authority to generate the keys as well as provide a list of revoked key-generation authorities. All parties involved in secure inter-actions among Web Services must agree upon this trusted third party beforehand.
An adequate Web Services security layer, therefore, should contain both IPSec or SSL (in particular, HTTP over SSL, which is abbreviated HTTPS) for network security as well as some kind of asymmetric key technology for XML message security. Until such time as the asymmetric key technology issues have been resolved, SSL may be the best security available, even though it does not provide authentication or nonrepudiation and only works “point to point.”
In addition to the security concerns that apply to the XML messages that go between Web Services, there is also the question of how service registries should secure their sys-tems. Depending on the situation, there are three access control models that Web Service registries might follow:
A promiscuous registry doesn’t authenticate the publishers or the requesters. Such registries don’t make any claims about the correctness of the data in the registry or the integrity of the participants. Although a promiscuous registry is the simplest form of registry to set up, its usefulness is limited by its lack of access control.
An authenticated registry authenticates both service requesters and service pub-lishers. Because it knows the identities of the parties involved in the registry, it can set up coarse-grained access control for specific categories of data within the reg-istry. Typically, such a registry would require communication via SSL and might also include support for XML Digital Signatures so that it can validate the XML messages it receives.
A fully authorized registry goes beyond the security offered by authenticated registries by implementing a fine-grained authorization paradigm, allowing it to secure individual data entries by storing access information for each one. Such a registry would have to support a more complex management and administration infrastructure in order to enforce such complex security. A fully authorized registry might also act as a public key authority, providing the individual authority (often called certificates) to both Web Services publishers and requesters necessary to generate the asymmetric keys.
Quality of Service and Reliable Messaging
Quality of service (QoS) means different things at different layers. At the network layer, QoS refers to the ability of the network to transmit information with the desired accuracy and promptness. On the messaging layer, however, QoS refers to the reliability of the messaging—that is, the ability of the infrastructure to deliver a message exactly once to its intended recipient or to deliver a particular error message (typically to the sender) if the message cannot be sent.
The sending of messages to and from Web Services will fall into three basic modes:
Best effort. The service requester sends the request message, and neither the requester nor the message infrastructure attempts a retransmission in the case of a failure to deliver the message.
At least once. The service requester continues to attempt to send the request until it receives acknowledgment from the service provider that the message was received. As a result, the service provider might receive more than one copy of the message. If the request is a simple query, this duplication isn’t a major problem (although it will contribute to network overhead). However, in other cases, each message may need to carry a unique ID so that the service provider can recognize a duplicate message. Along with its acknowledgment, the service provider either sends the requested response or a “cannot process message” exception.
Exactly once. The service requester makes its request, and the service provider guarantees in its reply that the request has been executed (or it sends an error message, if necessary). The “exactly once” mode of messaging requires an endpoint manager at either end of the message to relay messages and guarantee responses (which may simply be a timeout exception should the service provider fail to respond). Endpoint managers also frequently support the queuing of messages or more complex behaviors such as forwarding messages to other ervice providers. The exactly once mode is only applicable when both endpoints participate in the appropriate messaging infrastructure—for example, within an enterprise or between two companies who have configured their joint messaging infrastructure beforehand.
Although sophisticated messaging infrastructures are a possibility in such controlled situ-ations, on the open Internet we must work within the constraints of HTTP. HTTP man-dates a simple request/response mechanism with a set of standard error messages, but it lacks most of the features of reliable messaging. This is an area where more work must be done before business will be able to use Web Services over the Internet reliably.
Composition and Conversations
So far, we have been looking at Web Services as individual components: how to create, find, publish and implement single services. However, for Web Services to be truly use-ful in a global e-business environment, there must be a way to combine and coordinate collections of Web Services so they can be used to support complex, real-world business processes. The ability to use collections of Web Services falls into two general cate-gories: composition of Web Services and conversations among Web Services.
Composition of Web Services
Composition essentially means combining multiple individual Web Services into larger components that are themselves Web Services. Composition of Web Services falls into two broad categories:
Web Services can be combined within an enterprise in order to describe a business process. In this case, the composition of the Web Services follows a particular usage pattern.
Web Services from multiple companies can be coordinated in order to describe partner interactions. In this case, the composition of the Web Services follows a particular interaction pattern.
In addition, Web Services can be composed recursively. A Web Service that is recur-sively composed of other Web Services can itself be used as a component in further com-positions of Web Services.
Naturally, it makes sense to describe the composition of Web Services with an open, XML-based description language. This avenue of research is still very new, but the most progress has been made by IBM with its Web Services Flow Language (WSFL). The WSFL is an XML-based description language that describes both categories of Web Services in the preceding list.
In order to apply the WSFL, an enterprise would first identify a business process that it wishes to implement with Web Services. Then it would take that business process and identify the following:
The component business processes (typically implemented in the form of existing Web Services) that make up the larger process.
The business rules that determine the sequence of steps that form the business process.
The flow of information that joins the individual process steps.
From these elements, the enterprise would create the WSFL flow model that defines the overall structure of the business process.
Conversations Among Web Services
A conversation between two collaborating Web Services is a sequence of requests and responses that is correlated into a particular group or unit of work. Conversations become important when there is a need for transactional properties to apply to the sequence of requests and responses.
The concept of a transaction is fundamental to the application of distributed computing. Although database transaction models and transaction-processing (TP) monitor program-ming models are typically sufficient in existing heterogeneous enterprise IT environ-ments, the Web Services model requires a more flexible mechanism for handling transactional capabilities such as atomicity, phased commits, and rollbacks. (See Chapter 15 for an in-depth discussion of transactional capabilities.) Some differences between the two environments are as follows:
Within enterprises, applications that support asynchronous messaging typically assume a chained, multiple-transaction model when crossing different messaging systems. Web Service collaborations, however, typically rely on asynchronous mes-sages across enterprise boundaries and must support transactional capabilities in the absence of a single messaging system.
The TP monitor infrastructure that manages transactions in heterogeneous enter-prise environments typically provides a single span of control for executing trans-actions. Such systems must have sophisticated management and monitoring tools to avoid problems with failures. Web Service collaborations across different enter-prises, however, have multiple spans of control.
The ability of Web Service requests to combine multiple method calls into a single request, combined with the ability of Web Services to send and receive both syn-chronous and asynchronous messages, means that multiple-company Web Service collaborations will typically take much more time than the individual requests and responses in traditional transactional environments.
Because of these fundamental differences between traditional environments and the Web Services model, transactions must be handled differently. We require a more incremental approach to transactional capabilities, as follows:
First, we need an activity service that specifies the operational context of a series of requests. Included in this operational context are the duration of the activity, the participants involved, and a description of the possible outcomes of the activity.
Next, there is a need for a conversation service that provides request atomicity. Request atomicity guarantees that a particular set of Web Service operations either happen completely or not at all. The endpoint manager publishes the atomicity capability to the participants.
The conversation service must also correlate sequences of requests into a single unit of work, by providing a structure for conversations that includes indications of the beginning and end of the conversations as well as success and failure outcomes. The conversation service must be able to accept a rollback command from either participant, and then it must provide the semantics of the rollback command to each participant.