Subtitle: Connecting People, Data and Diverse Systems
Author: Jorgen Thelin
Abstract:
This presentation shows how Microsoft's Web services platform products can be used to create an integration solution for a real-world business interoperability scenario in the insurance industry. We show how standard WS-* web services protocols combined with vertical industry payload standards such as the ACORD Life schemas can deliver true multi-vendor business solutions - based on interoperability principles that can be applied across any industry.
Subtitle: The Importance of Interoperable Security Credentials
Author: Jorgen Thelin
Abstract:
The use of security credentials and the concepts of single-sign-on and "identity" will play a big part in Web Service products as the technology matures and developers start writing true enterprise-grade line-of-business applications. The emerging XML security standards such as SAML are reviewed, along with the various "identity" standards such as Passport and Liberty, to provide an overview of the evolution of Web Service platform products to support these. This paper examines just how "identity aware" Web Service implementations need to be, and the value a Web Services platform can add in masking developers from the complexity in this area. Lessons are drawn from the experience of using EJB security technology for real-world security scenarios.
Subtitle: A Web Services Security Overview and Implementation Tutorial
Author: Jorgen Thelin
Abstract:
This tutorial provides an assessment of the various security concerns and implications for XML Web Services, and the different means to address them. A framework is presented outlining the variety of measures and approaches for achieving end-to-end security for Web Services, leveraging any pre-existing security environments where possible. The various technical security aspects of authentication, authorization, confidentiality and integrity are explored, along with how they affect Web Services and how they relate to the business-driven security concepts of identity, single-sign-on, privacy, trust and non-repudiation. An overview is provided of the emerging XML security standards such as XML Digital Signatures (XML-DSIG), XML Encryption, Security Assertions Markup Language (SAML) and WS-Security, including how they combine to address the fundamental security requirements of line-of-business Web Services. Examples are shown of a common technique for implementing the security requirements for a Web Service application through the use of custom or pre-built client-side and server-side interceptor plugins, in a manner similar to existing Aspect-oriented programming concepts. Finally, some lessons from the initial experiences implementing and using Web Services security are provided, along with advice and guidance for future projects.
Modules:
Author: Jorgen Thelin
Abstract:
There are two major shifts underway in industry at the moment - from object-oriented middleware to a service-oriented architecture approach, and from a concentration on remote procedure calls (RPC) to more message-passing interactions. The presentation outlines the technical characteristics of the different distributed system types, and the common software architecture styles commonly used in distributed systems and XML Web Services. We examine how Web Services technology allows an evolutionary approach to tacking this industry shift, and how 2003 marks the switch from stage 1 to stage 2 of this evolution.
Author: Jorgen Thelin
Abstract:
The three common software architecture styles commonly used in distributed systems and XML Web Services are compared and contrasted. In particular, the key differences between traditional SOAP and REST styles are explored. Guidelines are presented on which style is most applicable for certain application scenarios, and when a combination of styles is necessary.
Author: Jorgen Thelin, PJ Murray and Richard Watson
Abstract:
What aspects must a developer be aware of when a Web Services will be run in clustered environment such as a server farm? Do Web Services implementations need to be "cluster aware", or can this be handled transparently by the runtime platform? We revisit the subject of why keeping Web Services implementations as stateless as possible really helps in these circumstances, and the effect of using session-based facilities on scalability.
Author: Jorgen Thelin and PJ Murray
Subtitle: The Importance of Interoperable Security Credentials
Author: Jorgen Thelin
Abstract:
The use of security credentials and the concepts of single-sign-on and "identity" will play a big part in Web Service products as the technology matures and developers start writing true enterprise-grade line-of-business applications. The emerging XML security standards such as SAML are reviewed, along with the various "identity" standards such as Passport and Liberty, to provide an overview of the evolution of Web Service platform products to support these. This paper examines just how "identity aware" Web Service implementations need to be, and the value a Web Services platform can add in masking developers from the complexity in this area. Lessons are drawn from the experience of using EJB security technology for real-world security scenarios.
Keywords: XML, SOAP, security, credentials, identity, standards, SAML, identity services, Passport, Liberty Alliance, Web Services, WS-Security, WS-Trust
Author: Jorgen Thelin
Article
summary available online.
Full article available for
purchase online from Amazon
Abstract:
What are "remote references", and how do they relate to distributed object technology? Are the concepts of a remote object reference still applicable for Web Services technology? This article describes briefly the software architecture concept of remote references, and shows why they are best avoided when using XML Web Services due to the fundamental mismatch between the service oriented middleware approach of Web Services and the object oriented middleware required to support a remote reference architecture.
Keywords: Web Services, XML, Security, Authentication, Authorization, Encryption.
Authors: Jorgen Thelin and PJ Murray
Abstract:
This paper discusses the security implications of Web Services and proposes a framework for providing security based on current and future requirements. The framework provides a basis for achieving end-to-end security for Web Services within the pre-existing security environment. Finally, lessons from initial experiences with Web Services security and advice for the future are provided.http://www.capescience.com/articles/security/ws-security-framework.htm
Authors:
Kapil Apshankar, Mark Waterhouse, Liang-Jie Zhang, David O'Riordan, Dimple Sadhwani,
Bilal Siddiqui, Jorgen Thelin, J. Jeffrey Hanson, Kunal Mittal, Romin Irani,
Judith M. Myerson, Gunjan Samtani, Mike Clark, Whitney Hankinson Chanoch Wiggers
Gunjan Samtani David O'Riordan Romin Irani Judith M. Myerson Judith M. Myerson
Publisher: Expert
Pub Date: August 2002
ISBN: 1904284132
Book Description:
Adopting Web Services will affect many processes within any organization. To throw light on the most important issues, we have commissioned experts in the industry to share their insights. The resultant papers cover a broad spectrum from architecture to business strategies without diverting into deep technological fashions. Each study in the collection will answer specific business challenges thrown up by Web Service architectures. Before changing, commissioning, or evaluating a Web Service initiative, all IT Managers, System Architects, Lead Developers, and Business Visionaries should study and reference this book.
Topics covered in this book include:
- Return on Investment
- EAI, business integration, and ebXML
- Key Web Services architectures
- Comparison of J2EE and .NET platforms
- Security
Author: Jorgen Thelin
Publisher: Tect Ltd
Pub Date: July 2002
ISBN: B00006FCPZ
Book Description:
What are "remote references", and how do they relate to distributed object technology? Are the concepts of a remote object reference still applicable for Web Services technology? This article describes briefly the software architecture concept of remote references, and shows why they are best avoided when using XML Web Services due to the fundamental mismatch between the service oriented middleware approach of Web Services and the object oriented middleware required to support a remote reference architecture.
Date: December 2006
Location: Orlando, FL
Presentation Title:
Real-world Business Interoperability
Date: June 2003
Location: London, UK
Presentation Title: Identity, Security and XML Web Services
Date: May 2003
Location: London, UK
Presentation Title: Identity, Security and XML Web Services
Date: April 2003
Location: Santa Clara, CA, USA
Presentation Title: Identity, Security and XML Web Services
Date: April 2003
Location: Philadelphia, PA, USA
Presentation Title: Identity, Security and XML Web Services
Presentation Title: A Comparison of Service-oriented, Resource-oriented, and Object-oriented Architecture Styles
Date: April 2003
Location: Baltimore, MD, USA
Presentation Title: A Web Services Security Overview and Implementation Tutorial
Date: February 2003
Location: Munich, Germany
Presentation Title: Identity, Security and XML Web Services
Presentation Title: A Comparison of Service-oriented, Resource-oriented, and Object-oriented Architecture Styles
Date: October 2002
Location: Sydney, Australia
Presentation Title: Security and XML Web Services
Date: August 2002
Location: San Francisco, CA, USA
Presentation Title: Server Farms and XML Web Service
Date: June 2002
Location: Las Vegas, NV, USA
Presentation Title: A Web Services Security Framework Based on Current and Emerging Usage Scenarios