Web services: Resources for learning

• Web services overview

• Developing Web services:

  Includes developing Web services based on the Java 2 Platform, Enterprise Edition (J2EE) and Java API for XML-based remote procedure call (JAX-RPC) specifications.

• Performance

  Includes key Web sites that discuss performance best practices.

• Universal Description Discovery and Integration (UDDI)

  Includes an overview about UDDI and information about the UDDI Java API.

• The Web Services Invocation Framework (WSIF)

  Includes a look into the Apache Software Foundation and its maintenance of WSIF.

• Web Services-Interoperability (WS-I) Basic Profile

  Includes an overview about the WS-I Basic Profile.

• SOAP

  Includes an overview about SOAP, information about the SOAP syntax and processing rules.

• Security

  Includes a roadmap to security, the WS-Security specification, best practices, a profile of the OASIS Security Assertion Markup Language (SAML) and more.

• Samples

  Includes the Samples Gallery for WebSphere Application Server and Samples Central for UDDI and WSIF.

The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.

These links are provided for convenience. Often, the information is not specific to an IBM WebSphere Application Server product, but is useful all or in part for understanding the product. When possible, links are provided to technical papers and Redbooks that supplement the broad coverage of the release documentation with in-depth examinations of particular product areas.

Web services overview

• WebSphere Version 5.1.1 Web Services Handbook

  This IBM Redbook describes the new concept of Web services from various perspectives. It presents the major building blocks on which Web services rely. Well-defined standards and new concepts are presented and discussed.

• Web services (r)evolution, Part 1

  This article focuses on the benefits and challenges of building Web services applications. Web services might be an evolutionary step in designing distributed applications, however, the technology is not without problems. Outlined are the difficulties developers face in creating a truly workable distributed system of Web services. This article also outlines author Graham Glass's plan for building peer-to-peer Web applications.

Developing Web services

• Java Web Services: SOAP with Attachments API for Java (SAAJ)

  This document describes the SOAP with Attachments API for Java (SAAJ) and how this API provides a standard way to send XML documents over the Internet from the Java platform.

• JSR 109: Implementing Enterprise Web services

  This document describes the Java 2 Platform, Enterprise Edition (J2EE) specification.

• JAX-RPC: Core Web services API in the Java platform

  This document reviews the JAX-RPC specification which enables Java technology developers to develop SOAP-based interoperable and portable Web services.

• A developer introduction to the JAX-RPC specification, Part 1: Learn the ins and outs of the JAX-RPC type-mapping system. The JAX-RPC specification is an important step forward in the quest for Web services interoperability. This DeveloperWorks WebSphere article explains the mapping between WSDL and XML types and Java types. It explains how the JAX-RPC standard defines this feature and some of the important points on designing an interoperable type system.

• A developer introduction to JAX-RPC, Part 2: Mine the JAX-RPC specification to improve Web service interoperability. This DeveloperWorks WebSphere article explains how you can achieve the next level of Web service interoperability using the JAX-RPC standard client and server side interface definitions and message processing model. It includes information on developing JAX-RPC handlers and handler chains.

• Getting Started with JAX-RPC. This article explains some of the basic JAX-RPC programming concepts. It describes the JAX-RPC client and server programming models and provides some simple examples for illustration. The article is intended to give developers a good grasp of how to use the JAX-RPC specification to develop or use Web services.

• Web Services Description Language

  This article is a detailed overview of Web Services Description Language (WSDL), which includes programming specifications.

PerformanceThe following Web sites offer tips and best practices to get the best performance from your Web services applications:

• Best practices for Web services: Part 1, Back to the basics

• SOA and Web services: Articles

• IBM WebSphere Developer Technical Journal: Web Services Architectures and Best Practices

• Web services programming tips and tricks: How to create a simple JAX-RPC handler

• Web services programming tips and tricks: Using SOAP headers with JAX-RPC

• Web services programming tips and tricks: Extend JAX-RPC Web services using SOAP headers

• Web services programming tips and tricks: Roundtrip issues in Java coding conventions

UDDI

• Universal Description, Discovery and Integration

  This article is a detailed overview of Universal Description, Discovery, and Integration (UDDI).

• A new approach to UDDI and WSDL: Introduction to the new OASIS UDDI WSDL Technical Note

  This article is about using WSDL with UDDI. Although it is based on the UDDI Registry in WebSphere Application Server Version 5, it remains a useful description of the recommended approach for use of WSDL with UDDI.

• UDDI Version 3 Features List

  This article is an introduction to the new features in UDDI Version 3.

WSIF

• The Apache Software Foundation. The Apache Software Foundation provides support for the Apache community of open-source software projects. Of particular interest is the Apache Web services project. The WSIF source code is donated by IBM to the Apache Software Foundation, and is maintained here as an Apache project.

WS-I Basic Profile

• Web Services Interoperability Organization This Web site offers resources and guidelines for Web services interoperability. You can also view the latest specification documents for WS-I Basic Profile from the documentation link on the home page.

• UTF and BOM Frequently Asked Questions. This Web site offers general information about UTF-8, UTF-16, UTF-32, along with Byte Order Mark (BOM) in a question and answer format.

SOAP

• SOAP

  This article is a detailed overview of SOAP, which includes programming specifications.

• SOAP Security Extensions: Digital Signature

  This document specifies the syntax and processing rules of a SOAP header entry to carry digital signature information within a SOAP 1.1 Envelope

Security

• Security in a Web Services World: A Proposed Architecture and Roadmap

  This document describes a proposed model for addressing security within a Web service environment. It defines a comprehensive Web Services Security model that supports, integrates, and unifies several popular security models, mechanisms, and technologies, including both symmetric and public key technologies. Enable a variety of systems to securely interoperate in a platform and language-neutral manner. It also describes a set of specifications and scenarios that show how these specifications can be used together.

• Web Services Security (WS-Security)

  The Web Services security specifications describe enhancements to SOAP messaging to provide the quality of protection through message integrity, message confidentiality, and single message authentication. Use these mechanisms to accommodate a wide variety of security models and encryption technologies. Web Services security also provides a general-purpose mechanism for associating security tokens with messages. Additionally, Web Services Security describes how to encode binary security tokens. Specifically, the specification describes how to encode
  X.509 certificates and Kerberos tickets, as well as how to include opaque encrypted keys. It also includes extensibility mechanisms that can be used to further describe the characteristics of the credentials that are included with a message.

• SOAP Security Extensions: Digital Signature

  This document specifies the syntax and processing rules of a SOAP header entry to carry digital signature information within a SOAP 1.1 envelope

• Web Services Security Addendum

  This document describes clarifications, enhancements, best practices, and errata of the Web Services Security specification.

• WS-Security Profile of the OASIS Security Assertion Markup Language (SAML) Working Draft 04, 10 September 2002

  This document proposes a set of standards for SOAP extensions used to increase message confidentiality.

• Web Services Security: SOAP Message Security Working Draft 12, Monday 21 April 2003

  This document describes the support for multiple token formats, trust domains, signature formats, and encyrption technologies.

• JSR 55:Certification Path API

  This document provides a short description of the certification path API.

• XML-Signature Syntax and Processing

  This document specifies XML digital signature processing rules and syntax. XML signatures provide integrity, message authentication, or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.

• Canonical XML Version 1.0

  This specification describes a method for generating a physical representation, the canonical form, of an XML document that accounts for the permissible changes.

• Exclusive XML Canonicalization Version 1.0

  Canonical XML [XML-C14N] specifies a standard serialization of XML that, when applied to a subdocument, includes the subdocument ancestor context including all of the namespace declarations and attributes in the "xml:"namespace.

• XML Encryption Syntax and Processing

  This document specifies a process for encrypting data and representing the result in XML.

• Decryption Transform for XML Signature

  This document specifies an XML Signature decryption transform that enables XML Signature applications to distinguish between those XML encryption structures that are encrypted before signing, and must not be decrypted, and those that are encrypted after signing, and must be decrypted, for the signature to validate.

• WS-SecurityThis document specifies resources for the April 2002 Web Services Security Specification. The following addenda and drafts are available:

  • http://schemas.xmlsoap.org/ws/2002/07/secext/

  • http://schemas.xmlsoap.org/ws/2002/07/utility/

  • OASIS draft 12 for secext

  • OASIS draft 12 for utility

• Specification: Web Services Security (WS-Security) Version 1.0 05 April 2002

• XML Encryption Syntax and Processing W3C Recommendation 10 December 2002

• XML-Signature Syntax and Processing W3C Recommendation 12 February 2002

• Web Services Security Addendum

• Web Services Security Core Specification Working Draft 01, 20 September 2002

• Web Services Security: SOAP Message Security Working Draft 13, Thursday, 01 May 2003

• Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC3280, April 2002

• OASIS Web Services Security Technical Committee

Samples

• Samples Gallery

• Samples Central. Samples and associated documentation for the following Web services components are available through the Samples Central page of the DeveloperWorks WebSphere Web site:

  • The IBM WebSphere UDDI Registry.

  • The Web Services Invocation Framework (WSIF).

Related concepts
Web services

Related tasks
Developing Web services applications
Securing Web services for version 5.x applications based on WS-Security
Web Services Invocation Framework (WSIF): Enabling Web services
Using the UDDI Registry