Web services: Resources for learning

This topic provides relevant supplemental information about the following Web services-related topics:

• Web services overview

  Including the WebSphere Version 5 Web Services Handbook

• Developing Web services:

  Including developing Web services based on the J2EE and Java API for XML-based remote procedure call (JAX-RPC) specifications.

• Web Services Invocation Framework (WSIF)

  A look into the Apache Software Foundation and its maintenance of WSIF.

• SOAP

  Including an overview about SOAP and information about the SOAP syntax and processing rules.

• Security

  Including a roadmap to security, the WS-Security specification, best practices, a profile of the OASIS Security Assertion Markup Language (SAML) and more.

• Samples

  Includes WebSphere Application Server Samples Gallery and Samples Central for Web services gateway, UDDI and WSIF.

• Other references

The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.

These links are provided for convenience. Often, the information is not specific to the IBM WAS product, but is useful all or in part for understanding the product. When possible, links are provided to technical papers and Redbooks that supplement the broad coverage of the release documentation with in-depth examinations of particular product areas.

 

Web services overview

• WebSphere Version 5 Web Services Handbook
  http://w3.itso.ibm.com/itsoapps/Redbooks.nsf/RedbookAbstracts/sg246891.html?Open

  This IBM Redbook describes the new concept of Web services from various perspectives. It presents the major building blocks Web services rely on. Well-defined standards and new concepts are presented and discussed.

• IBM Web Services architecture debuts
  http://www.ibm.com/developerworks/webservices/library/w-int.html?dwzone=webservices

  Introducing IBM Web services, a distributed software architecture of service components. This brief overview and in-depth interview on IBM DeveloperWorks cover the fundamental concepts of Web services architecture and what they mean for developers. The interview with IBM professional Rod Smith explores which types of developers Web services targets, how Web services reduces development time, what developers could be doing with Web services now, and takes a glance at the economics of dynamically discoverable services.

• Web services (r)evolution, Part 1
  http://www-106.ibm.com/developerworks/library/ws-peer1.html

  This article focuses on the benefits and challenges of building Web services applications. Web services might be an evolutionary step in designing distributed applications, however, they are not without their problems. Outlined are the difficulties developers face in creating a truly workable distributed system of Web services. This article also outlines author Graham Glass' plan for building peer-to-peer Webapplications.

 

Developing Web services

• JSR 109: Implementing Enterprise Web services
  http://jcp.org/en/jsr/detail?id=109

  This document describes the J2EE specification.

• Java API for XML-based RPC (JAX-RPC): Core Web services API in the Java platform
  http://java.sun.com/xml/jaxrpc/

  This document reviews the JAX-RPC specification which enables Java technology developers to develop SOAP-based interoperable and portable Web services.

• A developer introduction to JAX-RPC, Part 1: Learn the ins and outs of the JAX-RPC type-mapping system. The Java API for XML-based Remote Procedure Calls (JAX-RPC) is an important step forward in the quest for Web services interoperability. This IBM developerWorks article explains the mapping between WSDL/XML types and Java types. It explains how the JAX-RPC standard defines this feature and some of the important points on designing an interoperable type system.

• A developer introduction to JAX-RPC, Part 2: Mine the JAX-RPC specification to improve Web service interoperability. This IBM developerWorks article explains how you can achieve the next level of Web service interoperability using the JAX-RPC standard client and server side interface definitions and message processing model. It includes information on developing JAX-RPC handlers and handler chains.

• Getting Started with JAX-RPC. This article explains some of the basic JAX-RPC programming concepts. It describes the JAX-RPC client and server programming models and provides some simple examples to illustrate their use. The article is intended to give developers a good grasp of how to use JAX-RPC to develop or use Web services.

• Web Services Description Language
  http://www.w3.org/TR/wsdl

  This article is a detailed overview of Web Services Description Language (WSDL), which includes programming specifications.

 

WSIF

• The Apache Software Foundation. The Apache Software Foundation provides support for the Apache community of open-source software projects. Of particular interest is the Apache Web services project. The WSIF source code has been donated by IBM to the Apache Software Foundation, and is maintained here as an Apache project.

 

SOAP

• SOAP
  http://www.w3.org/TR/SOAP

  This article is a detailed overview of SOAP, which includes programming specifications.

• SOAP Security Extensions: Digital Signature
  http://www.w3.org/TR/SOAP-dsig

  This document specifies the syntax and processing rules of a SOAP header entry to carry digital signature information within a SOAP 1.1 Envelope

 

Security

• Security in a Web Services World: A Proposed Architecture and Roadmap
  http://www-106.ibm.com/developerworks/webservices/library/ws-secmap/

  This document describes a proposed model for addressing security within a Web service environment. It defines a comprehensive Web Services Security model that supports, integrates, and unifies several popular security models, mechanisms, and technologies, including both symmetric and public key technologies, in a way that enables a variety of systems to securely interoperate in a platform and language-neutral manner. It also describes a set of specifications and scenarios that show how these specifications can be used together.

• Web Services Security (WS-Security)
  http://www-106.ibm.com/developerworks/library/ws-secure/

  The Web Services Security specifications describe enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies. Web Services Security also provides a general-purpose mechanism for associating security tokens with messages. Additionally, Web Services Security describes how to encode binary security tokens. Specifically, the specification describes how to encode X.509 certificates and Kerberos tickets, as well as how to include opaque encrypted keys. It also includes extensibility mechanisms that can be used to further describe the characteristics of the credentials that are included with a message.

• SOAP Security Extensions: Digital Signature
  http://www.w3.org/TR/SOAP-dsig

  This document specifies the syntax and processing rules of a SOAP header entry to carry digital signature information within a SOAP 1.1 Envelope

• Web Services Security Addendum
  http://www-106.ibm.com/developerworks/library/ws-secureadd.html

  This document describes clarifications, enhancements, best practices, and errata of the Web Services Security specification.

• WS-Security Profile of the OASIS Security Assertion Markup Language (SAML) Working Draft 04, 10 September 2002
  http://www.oasis-open.org/committees/security/docs/draft-sstc-ws-sec-profile-04.pdf

  This document proposes a set of standards for SOAP extensions used to increase message confidentiality.

• Web Services Security: SOAP Message Security Working Draft 12, Monday 21 April 2003
  http://www.oasis-open.org/committees/download.html/1686/WSS-SOAPMessageSecurity-12-04021.pdf

  This document describes the support for multiple token formats, trust domains, signature formats, and encyrption technologies.

• JSR 55:Certification Path API
  http://jcp.org/en/jsr/detail?id=55

  This document provides a short description of the certification path API.

• XML-Signature Syntax and Processing
  http://www.w3.org/TR/xmldsig-core/

  This document specifies XML digital signature processing rules and syntax. XML signatures provide integrity, message authentication, or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.

• Canonical XML Version 1.0
  http://www.w3.org/TR/xml-c14n

  This specification describes a method for generating a physical representation, the canonical form, of an XML document that accounts for the permissible changes.

• Exclusive XML Canonicalization Version 1.0
  http://www.w3.org/TR/xml-exc-c14n/

  Canonical XML [XML-C14N] specifies a standard serialization of XML that, when applied to a subdocument, includes the subdocument's ancestor context including all of the namespace declarations and attributes in the "xml:"namespace.

• XML Encryption Syntax and Processing
  http://www.w3.org/TR/xmlenc-core/

  This document specifies a process for encrypting data and representing the result in XML.

• Decryption Transform for XML Signature
  http://www.w3.org/TR/xmlenc-decrypt

  This document specifies an XML Signature "decryption transform" that enables XML Signature applications to distinguish between those XML Encryption structures that were encrypted before signing, and must not be decrypted, and those that were encrypted after signing, and must be decrypted, for the signature to validate.

• WS-Security
  http://schemas.xmlsoap.org/ws/2002/04/secext/

  This document specifies resources for the April 2002 Web Services Security Specification. The following addenda and drafts are available...

  • http://schemas.xmlsoap.org/ws/2002/07/secext/
    http://schemas.xmlsoap.org/ws/2002/07/secext/

  • http://schemas.xmlsoap.org/ws/2002/07/utility/
    http://schemas.xmlsoap.org/ws/2002/07/utility/

  • OASIS draft 12 for secext
    http://schemas.xmlsoap.org/ws/2003/06/secext/

  • OASIS draft 12 for utility
    http://schemas.xmlsoap.org/ws/2003/06/utility/

• XML Encryption Syntax and Processing W3C Recommendation 10 December 2002
  http://www.w3.org/TR/2002/REC-xmlenc-core-20021210

• XML-Signature Syntax and Processing W3C Recommendation 12 February 2002
  http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/

• Web Services Security Addendum
  http://www.ibm.com/developerworks/library/secureadd.html

• Web Services Security Core Specification Working Draft 01, 20 September 2002
  http://www.oasis-open.org/committees/wss/documents/WSS-Core-01-0920.pdf

• Web Services Security: SOAP Message Security Working Draft 13, Thursday, 01 May 2003
  http://www.oasis-open.org/committees/download.html/2314/WSS-SOAPMessageSecurity-13-050103-merged.pdf

• Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC3280, April 2002
  http://www.ietf.org/rfc/rfc3280.txt

• OASIS Web Services Security Technical Committee
  http://www.oasis-open.org/committees/tc_home.html?wg_abbrev=wss

 

Samples

• Samples Gallery
  http://www7b.software.ibm.com/wsdd/library/samples/AppServer.html

• Samples Central. Samples and associated documentation for the following Web services components are available through the Samples Central page of the IBM WebSphere Developer Domain Web site...

  • The Web Services Invocation Framework (WSIF).

 

Other references

• The Apache Software Foundation. The Apache Software Foundation provides support for the Apache community of open-source software projects. Of particular interest is the Apache Web services project.

• Web services insider, Part 1: Reflections on SOAP
  http://www-106.ibm.com/developerworks/webservices/library/ws-ref1

  What is the current state of the Web services revolution? Find out at this Web site that features the column Web services insider, Part 1. The author answers this question by reviewing the tools and technologies that have emerged over the past year, highlighting their differences and similarities.

• The Web services insider, Part 2: A summary of the W3C Web Services Workshop
  http://www-106.ibm.com/developerworks/webservices/library/ws-ref2

  This is a brief summary of a W3C Web services workshop.

 

See Also

Web services
Developing Web services based on Web Services for J2EE
Securing Web services based on WS-Security
Web Services Invocation Framework (WSIF): Enabling Web services

 

---