Web services resources

Use the following links to find relevant supplemental information about getting started with Web services. The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.

These links are provided for convenience. Often, the information is not specific to the IBM WAS product, but is useful all or in part for understanding the product. When possible, links are provided to technical papers and Redbooks that supplement the broad coverage of the release documentation with in-depth examinations of particular product areas. The following sections are covered in this reference:

• Web services overview: Purpose, planning and designing to use Web services
• Developing Web services Java API for XML-based remote procedure call (JAX-RPC) and the J2EE programming model
• Security
• Administration
• Other references

Web services overview: Purpose, planning and designing to use Web services

• IBM Web Services architecture debuts
  (http://www.ibm.com/developerworks/webservices/library/w-int.html?dwzone=webservices)

  Introducing IBM Web services, a distributed software architecture of service components. This brief overview and in-depth interview on IBM DeveloperWorks cover the fundamental concepts of Web services architecture and what they mean for developers. The interview with IBM professional Rod Smith explores which types of developers Web services targets, how Web services reduces development time, what developers could be doing with Web services now, and takes a glance at the economics of dynamically discoverable services.

• Web services (r)evolution, Part 1
  (http://www-106.ibm.com/developerworks/library/ws-peer1.html)

  This article focuses on the benefits and challenges of building Web services applications. Web services might be an evolutionary step in designing distributed applications, however, they are not without their problems. Outlined are the difficulties developers face in creating a truly workable distributed system of Web services. This article also outlines author Grahm Glass' plan for building peer-to-peer Web applications.

Developing Web services

• JSR 109: Implementing Enterprise Web Services
  (http://jcp.org/en/jsr/detail?id=109)

  This document describes the J2EE specification model.

• Java API for XML-based RPC (JAX-RPC): Core Web Services API in the Java platform
  (http://java.sun.com/xml/jaxrpc/)

  This document reviews the JAX-RPC which enables Java technology developers to develop SOAP based interoperable and portable Web services.

• SOAP
  (http://www.w3.org/TR/SOAP)

  This article is a detailed overview of SOAP, which includes programming specifications.

• Web Services Description Language
  (http://www.w3.org/TR/wsdl)

  This article is a detailed overview of WSDL, which includes programming specifications.

• Universal Description, Discovery and Integration
  (http://www.uddi.org/about.html)

  This article is a detailed overview of Universal Description, Discovery and Integration (UDDI).

• UDDI4J: Matchmaking for Web services
  (http://www-106.ibm.com/developerworks/library/ws-uddi4j)

  Reviewed in this article are the basics of UDDI, the Java API to UDDI, and how you can use this technology to start building, testing, and deploying your own Web services.

Security

• Security in a Web Services World: A Proposed Architecture and Roadmap
  (http://www-106.ibm.com/developerworks/webservices/library/ws-secmap/)

  This document describes a proposed model for addressing security within a Web service environment. It defines a comprehensive Web Services Security model that supports, integrates, and unifies several popular security models, mechanisms, and technologies, including both symmetric and public key technologies, in a way that enables a variety of systems to securely interoperate in a platform and language-neutral manner. It also describes a set of specifications and scenarios that show how these specifications can be used together.

• Web Services Security (WS-Security)
  (http://www-106.ibm.com/developerworks/library/ws-secure/)

  The Web Services Security specifications describe enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies. Web Services Security also provides a general-purpose mechanism for associating security tokens with messages. Additionally, Web Services Security describes how to encode binary security tokens. Specifically, the specification describes how to encode X.509 certificates and Kerberos tickets, as well as how to include opaque encrypted keys. It also includes extensibility mechanisms that can be used to further describe the characteristics of the credentials that are included with a message.

• Web Services Security Addendum
  (http://www-106.ibm.com/developerworks/library/ws-secureadd.html)

  This document describes clarifications, enhancements, best practices, and errata of the Web Services Security specification.

• WS-Security Profile of the OASIS Security Assertion Markup Language (SAML) Working Draft 04, 10 September 2002
  (http://www.oasis-open.org/committees/security/docs/draft-sstc-ws-sec-profile-04.pdf)

  This document proposes a set of standards for SOAP extentions used to increase message confidentiality.

• Web Services Security: Soap Message Security Working Draft 12, Monday 21 April 2003
  (http://www.oasis-open.org/committees/download.php/1686/WSS-SOAPMessageSecurity-12-04021.pdf)

  This document describes the support for multiple token formats, trust domains, signature formats, and encyrption technologies.

• JSR 55:Certification Path API
  (http://jcp.org/en/jsr/detail?id=55)

  This document provides a short description of the certification path API.

• XML-Signature Syntax and Processing
  (http://www.w3.org/TR/xmldsig-core/)

  This document specifies XML digital signature processing rules and syntax. XML signatures provide integrity, message authentication, or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.

• Canonical XML Version 1.0
  (http://www.w3.org/TR/xml-c14n)

  This specification describes a method for generating a physical representation, the canonical form, of an XML document that accounts for the permissible changes.

• Exclusive XML Canonicalization Version 1.0
  (http://www.w3.org/TR/xml-exc-c14n/)

  Canonical XML [XML-C14N] specifies a standard serialization of XML that, when applied to a subdocument, includes the subdocument's ancestor context including all of the namespace declarations and attributes in the "xml:"namespace.

• XML Encryption Syntax and Processing
  (http://www.w3.org/TR/xmlenc-core/)

  This document specifies a process for encrypting data and representing the result in XML.

• Decryption Transform for XML Signature
  (http://www.w3.org/TR/xmlenc-decrypt)

  This document specifies an XML Signature "decryption transform" that enables XML Signature applications to distinguish between those XML Encryption structures that were encrypted before signing, and must not be decrypted, and those that were encrypted after signing, and must be decrypted, for the signature to validate.

• WS-Security
  (http://schemas.xmlsoap.org/ws/2002/04/secext/)

  This document specifies resources for the April 2002 Web Services Security Specification. The following addendums and drafts are available:

  • http://schemas.xmlsoap.org/ws/2002/07/secext/
    (http://schemas.xmlsoap.org/ws/2002/07/secext/)
    (http://schemas.xmlsoap.org/ws/2002/07/utility/)
  • OASIS draft 12 for secext
    (http://schemas.xmlsoap.org/ws/2003/06/secext/)
  • OASIS draft 12 for utility
    (http://schemas.xmlsoap.org/ws/2003/06/utility/)

Administration

• SOAP Security Extensions: Digital Signature
  (http://www.w3.org/TR/SOAP-dsig)

  This document specifies the syntax and processing rules of a SOAP header entry to carry digital signature information within a SOAP 1.1 Envelope

• Apache Software Foundation
  (http://www.apache.org)

Other references

• Web services insider, Part 1: Reflections on SOAP
  (http://www-106.ibm.com/developerworks/webservices/library/ws-ref1)

  What is the current state of the Web services revolution? Find out at this Web site that features the column Web services insider, Part 1. The author answers this question by reviewing the tools and technologies that have emerged over the past year, highlighting their differences and similarities.

• The Web services insider, Part 2: A summary of the W3C Web Services Workshop
  (http://www-106.ibm.com/developerworks/webservices/library/ws-ref2)

  This is a brief summary of a W3C Web services workshop.