Web services: Resources for learning

This topic provides relevant supplemental information about the following Web services-related topics:

• Web services overview

  Including the WebSphere V5 Web Services Handbook

• Developing Web services:

  Including developing Web services based on the J2EE and Java API for XML-based remote procedure call (JAX-RPC) specifications.

• Web services gateway

  Information about the WebSphere Application Server Edge components that are used for scaling the gateway, and about using a Web Services Gateway running inside WebSphere Studio Application Developer (Application Developer).

• Universal Description Discovery and Integration (UDDI)

  Including an overview about UDDI and information about the UDDI Java API.

• Web Services Invocation Framework (WSIF)

  A look into the Apache Software Foundation and its maintenance of WSIF.

• SOAP

  Including an overview about SOAP and information about the SOAP syntax and processing rules.

• Security

  Including a roadmap to security, the WS-Security specification, best practices, a profile of the OASIS Security Assertion Markup Language (SAML) and more.

• Samples

  Includes WebSphere Application Server Samples Gallery and Samples Central for Web services gateway, UDDI and WSIF.

• Other references

The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.

These links are provided for convenience. Often, the information is not specific to the IBM WebSphere Application Server product, but is useful all or in part for understanding the product. When possible, links are provided to technical papers and Redbooks that supplement the broad coverage of the release documentation with in-depth examinations of particular product areas.

Web services overview

•    WebSphere V5 Web Services Handbook
  http://w3.itso.ibm.com/itsoapps/Redbooks.nsf/RedbookAbstracts/sg246891.html?Open

  This IBM Redbook describes the new concept of Web services from various perspectives. It presents the major building blocks Web services rely on. Well-defined standards and new concepts are presented and discussed.

•    IBM Web Services architecture debuts
  http://www.ibm.com/developerworks/webservices/library/w-int.html?dwzone=webservices

  Introducing IBM Web services, a distributed software architecture of service components. This brief overview and in-depth interview on IBM DeveloperWorks cover the fundamental concepts of Web services architecture and what they mean for developers. The interview with IBM professional Rod Smith explores which types of developers Web services targets, how Web services reduces development time, what developers could be doing with Web services now, and takes a glance at the economics of dynamically discoverable services.

•    Web services (r)evolution, Part 1
  http://www-106.ibm.com/developerworks/library/ws-peer1.html

  This article focuses on the benefits and challenges of building Web services applications. Web services might be an evolutionary step in designing distributed applications, however, they are not without their problems. Outlined are the difficulties developers face in creating a truly workable distributed system of Web services. This article also outlines author Graham Glass' plan for building peer-to-peer Web applications.

Developing Web services

•    JSR 109: Implementing Enterprise Web services
  http://jcp.org/en/jsr/detail?id=109

  This document describes the J2EE specification.

•    Java API for XML-based RPC (JAX-RPC): Core Web services API in the Java platform
  http://java.sun.com/xml/jaxrpc/

  This document reviews the JAX-RPC specification which enables Java technology developers to develop SOAP-based interoperable and portable Web services.

• Getting Started with JAX-RPC. This article explains some of the basic JAX-RPC programming concepts. It describes the JAX-RPC client and server programming models and provides some simple examples to illustrate their use. The article is intended to give developers a good grasp of how to use JAX-RPC to develop or use Web services.

• A developer introduction to JAX-RPC, Part 1: Learn the ins and outs of the JAX-RPC type-mapping system. The Java API for XML-based Remote Procedure Calls (JAX-RPC) is an important step forward in the quest for Web services interoperability. This IBM developerWorks article explains the mapping between WSDL/XML types and Java types. It explains how the JAX-RPC standard defines this feature and some of the important points on designing an interoperable type system.

• A developer introduction to JAX-RPC, Part 2: Mine the JAX-RPC specification to improve Web service interoperability. This IBM developerWorks article explains how you can achieve the next level of Web service interoperability using the JAX-RPC standard client and server side interface definitions and message processing model. It includes information on developing JAX-RPC handlers and handler chains.

• Support for J2EE Web Services in WebSphere Studio Application Developer V5.1 -- Part 3: JAX-RPC Handlers. This IBM developerWorks three part article provides walkthroughs for creating JAX-RPC handlers with WebSphere Studio Application Developer. Part 3 (this part) is focused on handlers; parts 1 and 2 deal with J2EE Web services.

• References and specifications)" src="../../reference.gif">   Web Services Description Language
  http://www.w3.org/TR/wsdl

  This article is a detailed overview of Web Services Description Language (WSDL), which includes programming specifications.

Web services gateway

• Information center for WebSphere Application Server Edge components. This information center contains a library of PDF online books covering all aspects of the WebSphere Application Server Edge components. Scaling the Web services gateway builds upon the load-balancing capabilities of these components.

• Ease your Web services testing woes: Integrate Web Services Gateway with WebSphere Studio Application Developer. This article describes how to shorten the development cycle for Web services, and make testing more straightforward, by using a Web Services Gateway running inside WebSphere Studio Application Developer (Application Developer).

UDDI

• References and specifications)" src="../../reference.gif">   Universal Description, Discovery and Integration
  http://www.uddi.org/about.html

  This article is a detailed overview of Universal Description, Discovery and Integration (UDDI).

• References and specifications)" src="../../reference.gif">   UDDI4J: Matchmaking for Web services
  http://www-106.ibm.com/developerworks/library/ws-uddi4j

  Reviewed in this article are the basics of UDDI, the Java API to UDDI, and how you can use this technology to start building, testing, and deploying your own Web services.

WSIF

• The Apache Software Foundation. The Apache Software Foundation provides support for the Apache community of open-source software projects. Of particular interest is the Apache Web services project. The WSIF source code has been donated by IBM to the Apache Software Foundation, and is maintained here as an Apache project.

SOAP

• References and specifications)" src="../../reference.gif">   SOAP
  http://www.w3.org/TR/SOAP

  This article is a detailed overview of SOAP, which includes programming specifications.

•    SOAP Security Extensions: Digital Signature
  http://www.w3.org/TR/SOAP-dsig

  This document specifies the syntax and processing rules of a SOAP header entry to carry digital signature information within a SOAP 1.1 Envelope

Security

• References and specifications)" src="../../reference.gif">   Security in a Web Services World: A Proposed Architecture and Roadmap
  http://www-106.ibm.com/developerworks/webservices/library/ws-secmap/

  This document describes a proposed model for addressing security within a Web service environment. It defines a comprehensive Web Services Security model that supports, integrates, and unifies several popular security models, mechanisms, and technologies, including both symmetric and public key technologies, in a way that enables a variety of systems to securely interoperate in a platform and language-neutral manner. It also describes a set of specifications and scenarios that show how these specifications can be used together.

• References and specifications)" src="../../reference.gif">   Web Services Security (WS-Security)
  http://www-106.ibm.com/developerworks/library/ws-secure/

  The Web Services Security specifications describe enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies. Web Services Security also provides a general-purpose mechanism for associating security tokens with messages. Additionally, Web Services Security describes how to encode binary security tokens. Specifically, the specification describes how to encode X.509 certificates and Kerberos tickets, as well as how to include opaque encrypted keys. It also includes extensibility mechanisms that can be used to further describe the characteristics of the credentials that are included with a message.

•    SOAP Security Extensions: Digital Signature
  http://www.w3.org/TR/SOAP-dsig

  This document specifies the syntax and processing rules of a SOAP header entry to carry digital signature information within a SOAP 1.1 Envelope

• References and specifications)" src="../../reference.gif">   Web Services Security Addendum
  http://www-106.ibm.com/developerworks/library/ws-secureadd.html

  This document describes clarifications, enhancements, best practices, and errata of the Web Services Security specification.

• References and specifications)" src="../../reference.gif">   WS-Security Profile of the OASIS Security Assertion Markup Language (SAML) Working Draft 04, 10 September 2002
  http://www.oasis-open.org/committees/security/docs/draft-sstc-ws-sec-profile-04.pdf

  This document proposes a set of standards for SOAP extensions used to increase message confidentiality.

• References and specifications)" src="../../reference.gif">   Web Services Security: SOAP Message Security Working Draft 12, Monday 21 April 2003
  http://www.oasis-open.org/committees/download.html/1686/WSS-SOAPMessageSecurity-12-04021.pdf

  This document describes the support for multiple token formats, trust domains, signature formats, and encyrption technologies.

• References and specifications)" src="../../reference.gif">   JSR 55:Certification Path API
  http://jcp.org/en/jsr/detail?id=55

  This document provides a short description of the certification path API.

• References and specifications)" src="../../reference.gif">   XML-Signature Syntax and Processing
  http://www.w3.org/TR/xmldsig-core/

  This document specifies XML digital signature processing rules and syntax. XML signatures provide integrity, message authentication, or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.

• References and specifications)" src="../../reference.gif">   Canonical XML V1.0
  http://www.w3.org/TR/xml-c14n

  This specification describes a method for generating a physical representation, the canonical form, of an XML document that accounts for the permissible changes.

• References and specifications)" src="../../reference.gif">   Exclusive XML Canonicalization V1.0
  http://www.w3.org/TR/xml-exc-c14n/

  Canonical XML [XML-C14N] specifies a standard serialization of XML that, when applied to a subdocument, includes the subdocument's ancestor context including all of the namespace declarations and attributes in the "xml:"namespace.

• References and specifications)" src="../../reference.gif">   XML Encryption Syntax and Processing
  http://www.w3.org/TR/xmlenc-core/

  This document specifies a process for encrypting data and representing the result in XML.

• References and specifications)" src="../../reference.gif">   Decryption Transform for XML Signature
  http://www.w3.org/TR/xmlenc-decrypt

  This document specifies an XML Signature "decryption transform" that enables XML Signature applications to distinguish between those XML Encryption structures that were encrypted before signing, and must not be decrypted, and those that were encrypted after signing, and must be decrypted, for the signature to validate.

• References and specifications)" src="../../reference.gif">   WS-Security
  http://schemas.xmlsoap.org/ws/2002/04/secext/

  This document specifies resources for the April 2002 Web Services Security Specification. The following addenda and drafts are available:

  • References and specifications)" src="../../reference.gif">   http://schemas.xmlsoap.org/ws/2002/07/secext/
    http://schemas.xmlsoap.org/ws/2002/07/secext/

  • References and specifications)" src="../../reference.gif">   http://schemas.xmlsoap.org/ws/2002/07/utility/
    http://schemas.xmlsoap.org/ws/2002/07/utility/

  • References and specifications)" src="../../reference.gif">   OASIS draft 12 for secext
    http://schemas.xmlsoap.org/ws/2003/06/secext/

  • References and specifications)" src="../../reference.gif">   OASIS draft 12 for utility
    http://schemas.xmlsoap.org/ws/2003/06/utility/

• References and specifications)" src="../../reference.gif">   Specification: Web Services Security (WS-Security) V1.0 05 April 2002
  http://www-106.ibm.com/developerworks/webservices/library/ws-secure/

  A major area of gateway security is based upon this emerging standard.

• References and specifications)" src="../../reference.gif">   XML Encryption Syntax and Processing W3C Recommendation 10 December 2002
  http://www.w3.org/TR/2002/REC-xmlenc-core-20021210

• References and specifications)" src="../../reference.gif">   XML-Signature Syntax and Processing W3C Recommendation 12 February 2002
  http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/

• References and specifications)" src="../../reference.gif">   Web Services Security Addendum
  http://www.ibm.com/developerworks/library/secureadd.html

• References and specifications)" src="../../reference.gif">   Web Services Security Core Specification Working Draft 01, 20 September 2002
  http://www.oasis-open.org/committees/wss/documents/WSS-Core-01-0920.pdf

• References and specifications)" src="../../reference.gif">   Web Services Security: SOAP Message Security Working Draft 13, Thursday, 01 May 2003
  http://www.oasis-open.org/committees/download.html/2314/WSS-SOAPMessageSecurity-13-050103-merged.pdf

• References and specifications)" src="../../reference.gif">   Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC3280, April 2002
  http://www.ietf.org/rfc/rfc3280.txt

• References and specifications)" src="../../reference.gif">   OASIS Web Services Security Technical Committee
  http://www.oasis-open.org/committees/tc_home.html?wg_abbrev=wss

Samples

• References and specifications)" src="../../reference.gif">   Samples Gallery
  http://www7b.software.ibm.com/wsdd/library/samples/AppServer.html

• Samples Central. Samples and associated documentation for the following Web services components are available through the Samples Central page of the IBM WebSphere Developer Domain Web site:

  • The Web services gateway.

  • The IBM private UDDI registry.

  • The Web Services Invocation Framework (WSIF).

Other references

• The Apache Software Foundation. The Apache Software Foundation provides support for the Apache community of open-source software projects. Of particular interest is the Apache Web services project.

• References and specifications)" src="../../reference.gif">   Web services insider, Part 1: Reflections on SOAP
  http://www-106.ibm.com/developerworks/webservices/library/ws-ref1

  What is the current state of the Web services revolution? Find out at this Web site that features the column Web services insider, Part 1. The author answers this question by reviewing the tools and technologies that have emerged over the past year, highlighting their differences and similarities.

• References and specifications)" src="../../reference.gif">   The Web services insider, Part 2: A summary of the W3C Web Services Workshop
  http://www-106.ibm.com/developerworks/webservices/library/ws-ref2

  This is a brief summary of a W3C Web services workshop.

---

Web services

Developing Web services based on Web Services for J2EE
Securing Web services based on WS-Security
Web Services Invocation Framework (WSIF): Enabling Web services
Enabling Web services through the Web services gateway
    

 

---