SECURED INFORMATION INTEGRATION WITH A SEMANTIC-WEB BASED FRAMEWORKWhat is a web service?SOAP,WSDL and UDDISOAP-based web servicesRESTSlide 6Example of a REST Weather ServiceContrast with SOAP Weather serviceReinventing ProtocolsMore differences between SOAP and RESTREST in PracticeREST’s popularity – a famous data pointWhen to use SOAP instead of RESTRESTful Interface in BlackbookWorkflowWorkspaceBlackbookTechnologies usedIntegrating Blackbook with Amazon S3Amazon Simple Storage Service (S3)Benefits of Amazon S3Blackbook with S3Our ApproachOur Approach (Contd)Lamport One Time Password SchemeSlide 26Slide 27XACML requestXACML PolicyXACML Policy(Contd)System OverviewStepsSteps (Contd)AdvantagesUpload - statisticsDownload - statisticsSlide 37Thank you !!UT DALLASUT DALLASErik Jonsson School of Engineering & Computer ScienceFEARLESS engineeringSECURED INFORMATION INTEGRATION WITH A SEMANTIC-WEB BASED FRAMEWORKFEARLESS engineeringWhat is a web service?•Everyone would agree with a general definition like this:“A Web service is a software system designed to support interoperable machine-to-machine interaction over a network.” (Source: W3C)FEARLESS engineeringSOAP,WSDL and UDDI3•Most people understand Web Services to be the “triumvirate” of SOAP, WSDL, and UDDISOAPClientPayloadSOAP Envelope SecurityTokenWebServiceApplicationAApplicationBWSDL (Web Services Description Language)UDDI Web Services DirectorySSLPlatform BPlatform AFEARLESS engineeringSOAP-based web servicesWeb services and SOAP are often considered the sameFEARLESS engineeringREST4•But, SOAP is not the only kind of Web Service communication•REST stands for REpresentational State Transfer •Described in a thesis by Roy Fielding (Day Software, co-founder of the Apache Software Foundation, co-author of HTTP and URI RFCs)•REST applies the architecture of the Web to Web Services- Each URI is a distinct resource, as in the browser-based Web- URIs be bookmarked and cached- Don’t reinvent the “wheel”•Used by Amazon, Google, Flickr, and many othersFEARLESS engineeringREST5•In REST, everything is a resource•“Resource Modelling” is required at the outset. Model each document, and each process, as a “resource” with a distinct URI•Then use the standard HTTP “verbs” to interact with the resource:•- GET: Retrieve a representation of a resource. Does not modify the server state. A GET must have no side effects on the server side•- POST: Create or update a representation of a resource•- PUT: Update a representation of a resource•- DELETE: Remove a representation of a resourceFEARLESS engineering Example of a REST Weather Service6•GET /weatherforecast/02110 HTTP/1.1 -Get the weather forecast for Boston•POST /weatherforecast HTTP/1.1 - Upload a new weather forecast for San Jose by sending up an XML document which conforms to the appropriate Schema- Response is a “201 Created” and a new URI201 CreatedContent-Location: /weatherforecast/95101•PUT /weatherforecast/95101 HTTP/1.1-Update an existing resource representation•DELETE /weatherforecast/02110 HTTP/1.1 - Delete the resource representationFEARLESS engineeringContrast with SOAP Weather service7•POST /weatherforecast.asmx HTTP/1.1 -Send a SOAP message to get the weather in Boston•POST /weatherforecast.asmx HTTP/1.1 - Send a different SOAP message to create a forecast for San Jose-Response is a custom SOAP response message•POST /weatherforecast.asmx HTTP/1.1-Send another SOAP message to update the San Jose weather forecast•POST /weatherforecast.asmx HTTP/1.1 - Send another SOAP message to delete the Boston weather forecast•Notice anything?- Everything is a POST. All the details are in the SOAP messagesFEARLESS engineeringReinventing Protocols8•In REST, HTTP is the protocol-Well known, simple, and established-Only four methods: GET, POST, PUT, DELETE-A network admin can look at something like “GET /weatherforecast/02110” and understand what it is doing-Requests can be bookmarked-Responses can be cached•By contrast, in SOAP, developers effectively create their own protocols-Everything is a POST -Rather than using “GET, POST, PUT, and DELETE”, the methods and operations are in the SOAP messages themselves-A network admin just sees POSTs and cannot understand the purpose of the traffic without looking into the SOAP messages themselvesFEARLESS engineeringMore differences between SOAP and REST91. SOAP is transport neutral- SOAP can be used across FTP, SMTP, Message Queues- But REST is tied to HTTP only2. SOAP includes a whole stack of “composable” WS-* specifications- WS-Security for inserting security tokens into SOAP headers, WS-ReliableMessaging, WS-Transactions, etc etc etc- But since WS-* builds on top of SOAP, it does not apply to REST-Proponents of REST would argue “use HTTP infrastructure for reliable messaging and security. Don’t reinvent the wheel”-Experts argue that REST is “as safe as HTTP”FEARLESS engineeringREST in Practice10•REST is seen as “more simple to develop than SOAP” because you can create a QueryString just by concatenating strings together•Most developers find it easier to concatenate strings together and then do a “GET” to a URI like Google’s “doGoogleSearch”, rather than to create a SOAP request-SOAP products are getting easier to use though, the gap is closing…•This simplicity is the main reason for REST’s popularityFEARLESS engineeringREST’s popularity – a famous data pointSource: Jeff Barr, Web Services Evangelist at Amazon.com11FEARLESS engineeringWhen to use SOAP instead of REST•WS-Security defines how to encrypt just part of an XML message- e.g. to encrypt search strings into a search engine- Rather than reinventing the wheel, use SOAP for this•WS-* includes reliable messaging and transaction support•SOAP can be applied to FTP traffic and MQ, REST can’t - So, use SOAP for these applications•SOAP supports attachments, although there are three different specifications for how to do attachments right now (MIME, DIME, MTOM).- Nevertheless, use SOAP when you need to send around binary data or large attachments12FEARLESS engineeringRESTful Interface in Blackbook•Blackbook is a semantic web-based framework which provides analysts an easy-to-use tool which federates queries across local and remote data sources to access valuable dataWhy REST in Blackbook?Semantic data is a collection of different vocabularies
View Full Document
Unlocking...