You are on page 1of 23

Open source

,
WS-Standards and
Beyond
By
Kaushalye Kapuruge
Why open source?
 Open source Vs Source open?
 The community
 The quality
 The knowledge
 Experts,Novice, Students, Professors,
Businessmen, Developers and of course lots
of geeks

2
Opensource the Apache Way
 A community of developers and users
 Organizational, Financial and Legal
support
 Conferences
 Many web services projects
 Axis2, Rampart, Sandesha etc.

3
How can I get involved?
 Users
 Patches, Suggestions, Mailing lists
 Committers
 Project Management Committee
 Project Leaders

4
Web Services
 Lot’s of standards
 SOAP, XML, MTOM, XOP, WS-
Addressing, WS-Security, WS-RM, WS-
Policy(No-way), WS-Federation, WS-MEX
etc…
 Grrrr…

5
Introducing my friend, Mr Banda
 Mr. Banda is an enthusiastic chap
 He likes new techie stuff
 Banda knows HTTP
 Banda finds XML
 Banda thinks
 How to combine these two?
 XML-RPC

6
XML as the message format
 Banda is happy with it
 <Message>Im Happy</Message>
 But W3C accepts SOAP
 All others talk about SOAP
 Banda needs to try SOAP
 SOAP over HTTP and SOAP over SMTP
<Envelope>
<Header></Header>
<Body> <Message>Im Happy</Message> </Body>
<Envelope>

7
Banda needs to send a movie
 Use base64?
 Too large 
 Performance?
 Use MTOM + XOP
 MTOM = Message Transmission Optimization
Mechanism
 XOP = XML Optimized Packaging
 As a MIME attachment
 Banda is Happy!

8
Policy
 Banda needs to send a message to Sanda
 Sanda shows his policies
I need this… I need that…
 You can’t encrypt but you must sign

 Banda generates the message according to
Sanda’s policies
 Banda and Sanda both are
Happy !

9
Security?
 Banda needs to send a secret message to
Sanda. So that Panda can’t read it
 Banda knows HTTPS
 Banda is Happy !
 But Sanda needs to know it’s actually from
Banda
 Non-repudiation (what?)
 Banda needs to sign it
 ???

10
MLS vs TLS

11
More…
 Now Banda can do more security stuff
 Banda can encrypt a part of message so
that other intermediaries can view the rest
 Banda can sign a part of message so that
others can sign other parts
 Banda can add timestamps
 Banda can use username tokens

12
Needs to speedup
 Smart Banda use WS-Secure Conversation
 Secure conversation use symmetric encryption
in contrast to traditional asymmetric encryption
 Performance
 More Security
 Initial key (secret) exchange Asymmetric
 Then both Banda and Sanda can derive keys

13
Trust?
 Linda does NOT trust Banda but Linda Trusts
Sanda
 Banda gets a token from Sanda and Give it to
Linda (WS-Trust)
 Boar=? Flower=?

14
Federated Trust
 Banda is crazy. He starts a company
 Banda’s company collaborate with Linda’s
company
 Linda doesn’t know Kanda, who works for Banda
 Kanda needs to access Linda’s (Org) resources
 ???
 WS-Federation

15
Reliability?
 Banda needs to guarantee that there are
no losses in message while its on transit.
 WS-Reliable Messaging
 Protocols : how messages are delivered
reliably

16
Apache Ramaprt/C
 A pluggable module that works with
Axis2/C
 A quick example

17
Ramaprt/C not only in C

Ruby, Python, Perl, C++
18
WS-Standards
 Complex?
 What about business requirements? Complex?
 What about speed of development? Everything
from scratch? Gimme a break!!!
 Interoperability?
 Scalability?

19
Beyond
 Many web services standards
 Semantic SOA
 Adaptive services
 Web services ecosystem
 What’s the next BIG thing? Who knows?

20
Any burning questions?

21
Thank you 

22
References
 http://www.w3.org/
 http://www.apache.org/
 http://ws.apache.org/axis2/c/
 http://ws.apache.org/rampart/c/
 http://www.wso2.org/
 http://www.ibm.com/developerworks/

23