Welcome!

Microservices Expo Authors: Todd Matters, Elizabeth White, Pat Romanski, Stackify Blog, Chris Schwarz

Related Topics: Microservices Expo, Machine Learning

Microservices Expo: Article

Web Services and SOA

Practical Interoperability Approaches, WS-Security and WS-Addressing Explained

People sometimes ask what a service-oriented architecture enables today that could not have been done with the older, proprietary integration stacks of the past 5 to 15 years, such as those from Tibco, IBM, or Vitria. One such ability is the greater degree of interoperability between heterogeneous technology stacks that is made possible by the standards SOA is built on, such as Web services and BPEL. Although interoperability is only one facet of the SOA value proposition, it is one that has become increasingly more important, due in large part to the evolving IT environment, merger and acquisition activity, and increased partner connectivity.

Building business solutions for SOA requires the ability to secure data exchanged over a network, and control access to services in an environment where long-running business processes and asynchronous services are increasingly common. To meet these key requirements, two WS-* standards have moved to the forefront: WS-Security for authentication and encryption of service data, and WS-Addressing for correlation of messages exchanged with asynchronous services.

As these standards have begun to take hold, many commercial technologies have been introduced that add support for them. Likewise, many developers are implementing them in custom applications or with open source frameworks. Furthermore, standards that are logically layers above core Web services and security are referencing them. For example, the WS-BPEL specification is a Web service orchestration language with rich support for both synchronous and asynchronous services. BPEL, as it is commonly known, is highly complementary with WS-Security and WS-Addressing.

This article focuses on interoperability with asynchronous messaging and on the security challenges of using BPEL processes to orchestrate Web services deployed onto various technology platforms. The specific example used is BPEL processes deployed on Oracle BPEL Process Manager, invoking services implemented with Microsoft .NET Windows Communication Foundation (WCF).

WS-BPEL and WS-Addressing Interoperability Challenges
For those readers who may not be versed in asynchronous service requirements, we will first provide some background on why a standard such as WS-Addressing is needed. The core Web services standards, including WSDL, SOAP, and XML schema are sufficient for synchronous service operations in which a client of a service sends a request and either gets no response at all (a "one-way" operation) or gets a result back as the output of the operation itself. In either case, the operation completes the interaction between the service client and the service itself.

However, for logical operations that may take a long time to complete, the concept of an asynchronous operation whereby the client initiates a service operation but does not wait for an immediate response makes sense. At some later time, the service will call the client back with the result of the operation - or with an error or exception message. In this case, the client must pass at least two pieces of information to the service: a location where the service can call the client back with the result, and an identifier of some sort that will allow the client to uniquely identify the operation with which the callback is associated. Early in the development of Web services standards, individual projects would include custom mechanisms for interacting with asynchronous services; however, this meant that developers had to explicitly code this support, and interoperability among toolkits was nonexistent.

WS-Addressing provides a standard for describing the mechanisms by which the information needed to interact reliably with asynchronous Web services can be exchanged. In the long term, this promises seamless interoperability, even for asynchronous services, between clients and services implemented on different technology stacks.

The main purpose of WS-Addressing is to incorporate message-addressing information into SOAP messages (for example, where the provider should send a response). SOAP is an envelope-encoding specification that represents Web service messages in a transport neutral format. However, SOAP itself does not provide any features that identify endpoints. The usual endpoints, such as message destination, fault destination, and message intermediary are delegated up to the transport layer. Combining WS-Addressing with SOAP creates a complete messaging specification. WS-Addressing specifies that address information be stored in SOAP headers in an independent manner, instead of embedding that information into the payload of the message itself. WS-Addressing is complemented by two other specifications, WS-Addressing SOAP Binding, and WS-Addressing WSDL Binding which specify how to represent the WS-Addressing properties into SOAP and WSDL respectively.

At a high level, WS-Addressing defines an EndpointReference construct to represent a Web service endpoint. It also defines a set of headers, ReplyTo, FaultTo, RelatesTo, and MessageId which are used to dynamically define an asynchronous message flow between endpoints.

BPEL relies on WS-Addressing to enhance endpoint representation and asynchronous Web services invocations. However, because WS-Addressing has evolved through several versions, interoperability can be a challenge. Today up to four different WS-Addressing versions are commonly used-three versions of the specification are named by their release date: the March 2003 version, the March 2004 version, and the August 2004 version, developed before the specification moved to W3C. The 1.0 version, recently completed in May 2006, was developed after the specification went under the umbrella of W3C. After moving to W3C, the specification split into multiple parts: a core specification, and two specifications that describe bindings for SOAP and WSDL.

Explicit vs. Implicit Addressing Mechanisms
Ideally, all server platforms would support all possible versions of WS-Addressing, but we are forced to live (and code) in the real world. At this time, many servers support one or more active WS-Addressing versions, but it is still all too possible that a service and client will be built on platforms that support incompatible WS-Addressing versions. However, interoperability is possible with a minimal amount of developer effort.

When the same WS-Addressing version is supported by both the process (client) and service layers, it is called "implicit" addressing because the developer need only state at the metadata level which version of WS-Addressing should be used to correlate asynchronous messages. In this case, WS-Addressing manipulation is completely transparent to the BPEL process itself, and the SOAP layer simply adds the requested SOAP headers as needed.

However, in order to interoperate with WS-Addressing versions not implicitly supported, a server should provide an explicit mechanism by which developers can build and attach WS-Addressing to SOAP messages easily. The following section describes an explicit addressing mechanism used to achieve asynchronous service interoperability between Microsoft WCF using WS-Addressing 1.0 and Oracle BPEL Process Manager using WS-Addressing March 2003; however, the same principles should hold true for interoperability between any two BPEL and Web service toolkits.

WS-Addressing Interoperability Example: WCF and WS-Addressing Microsoft's Windows Communication Foundation (WCF) represents the next generation of distributed programming and service-oriented technologies built on top of the Microsoft .NET platform for the upcoming Windows Vista release. WCF unifies the existing set of distributed programming technologies such as ASP .NET Web services, .NET Remoting, COM+, and so on, under a common, simple, and service-oriented programming model. WCF implements a vast set of WS-* protocols, including WS-Addressing 1.0.

To demonstrate explicit interoperability with WCF, we use Oracle BPEL Process Manager. It has had rich support for WS-Addressing for several years and includes WS-Addressing of March 2003, March 2004, and August 2004. This example uses BPEL with WS-Addressing March 2003 and WCF with WS-Addressing 1.0 to demonstrate explicit addressing support. Consider the WS-Addressing interoperability scenario illustrated in Figure 1.

The following explains the occurrences in Figure 1:

  • A BPEL process exposes WS-Addressing headers on the process WSDL to expose a long-running process as an asynchronous service.
  • A WCF client invokes the BPEL process, and passes the ReplyTo the WS-Addressing v1.0 (www.w3.org/TR/2005/CR-ws-addr-core-20050817/) header representing the URL of a WCF service that is expecting the operation response message. The client also sends a MessageID WS-Addressing v1.0 header to uniquely identify the request (step 1).
  • The BPEL process receives the message, performs various operations, and uses the ReplyTo address to define a dynamic endpoint using the WS-Addressing 03/2003 (http://msdn.microsoft.com/webservices/webservices/ default.aspx?pull=/library/en-us/dnglobspec/html/ws-addressing0303.asp). (steps 2-4).
  • The BPEL process sends a reply message to the WCF service specified on the ReplyTo address, and passes the RelatesTo WS-Addressing v1.0 header to enable the WCF client to correlate the original request with the response (step 5).
  • The WCF service receives the response message and is able to correlate it back to the request (step 6).
In this example, WCF uses WS-Addressing v1.0; however, the BPEL service uses the March 2003 version of WS-Addressing. To make this work, explicit strategies for interoperability need to be applied, as described below.

As part of the process, the WSDL, which represents the interface of the BPEL process, imports the WS-Addressing v1.0 XSD and declares the ReplyTo and MessageID headers as part of the binding section. It also declares messages of type ReplyTo, MessageID, and RelatesTo as variable types in the BPEL process, as shown in Listing 1. Note: By using this technique, we're explicitly declaring that the BPEL process expects the WS-Addressing ReplyTo and MessageID headers as part of the incoming message.

Based on the messages types in Listing 1, the BPEL process also defines variables of message type ReplyTo, MessageID, and RelatesTo:

<variable name="wcfServiceAddr" messageType="ns1:wsaReplyTo"/>
<variable name="wcfRequestId" messageType="ns1:wsaMessageId"/>
<variable name="wcfResponseId" messageType="ns1:wsaRelatesTo"/>

With this in place, we can assign the SOAP header information to them later on and vice versa. The next step is to populate these variables from incoming SOAP message:

<receive name="receiveInput" partnerLink="client"
      portType="client:WCFAddr" operation="initiate"
      variable="inputVariable" createInstance="yes"
      bpelx:headerVariable="wcfServiceAddr wcfRequestId"
/>

By using bpelx:headerVariable (an extension of the WS-BPEL standard), the process code has access to the MessageID sent from the client as well as to its callback location.

Let's define a variable of type EndpointReference, which will provide the dynamic endpoint reference, needed for initiating the partnerLink later:

<variable name="wcfEndpoint" element="ns3:EndpointReference"/>

Note that the ns3 prefix is associated with the WS-Addressing 03/2003 namespace (xmlns:ns3=http://schemas.xmlsoap.org/ws/2003/03/addressing).

The next step is to populate the wcfEndpoint variable (defined in the previous step) using the ReplyTo header from wcfServiceAddr (Note the <copy> sections, marked yellow).

By using standard BPEL activities, these values are assigned by using a series of copy rules in an <assign> construct, as shown in Listing 2.

Assign the wcfEndpoint variable to the wcfService partnerLink, which represents an outgoing reference to a Web service. With this in place, the partnerLink knows which location to call:

<assign name="PartnerlinkWSAAssign">
   <copy>
     <from variable="wcfEndpoint"/>
     <to partnerLink="wcfService"/>
   </copy>
</assign>

In order to allow the client to correlate the request and response messages, we have to copy the value of the wcfRequestId (the unique MessageID) to wcfResponseId (RelatesTo):

<copy>
   <from variable="wcfRequestId" part="parameters" query="/ns2:MessageID"/>
   <to variable="wcfResponseId" part="parameters" query="/ns2:RelatesTo"/>
</copy>

The last step on the BPEL server-side is to use an invoke activity, which will call the WCF service (defined through the wcfService partnerLink), and to pass the RelatesTo header, available within the wcfResponseId variable. Make sure to use bpelx:inputHeaderVariable for this.

    <invoke name="Invoke_ExternalWCFService" partnerLink="wcfService"
       portType="ns1:IOperationCallback" operation="SendResult"
       inputVariable="wcfRequest"
       bpelx:inputHeaderVariable="wcfResponseId"/>

After the server side, create a WCF client, which invokes the BPEL process through SOAP. Then create a WCF BindingElement that allows the use of WS-Addressing v1.0, and wrap the call to the BPEL process within an OperationContextScope to populate the WS-Addressing headers, as shown in Listing 3.

Testing the code in Listing 3 produces a SOAP message that follows. Note the <a:Address> field containing the service address:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:a="http://www.w3.org/2005/08/addressing">
    <s:Header>
      <a:Action s:mustUnderstand="1">http://tempuri.org/IOperationCallback/SendResult</a:Action>
      <a:ReplyTo>
        <a:Address>WCF Service Address...</a:Address>
      </a:ReplyTo>
      <a:To s:mustUnderstand="1">Oracle BPEL Process Address...</a:To>
      <a:MessageID>urn:uuid:847b546e-16e5-4ea9-8267-b6fe559f0c1f</a:MessageID>
    </s:Header>
    <s:Body>Body</s:Body>
</s:Envelope>


More Stories By Jesus Rodriguez

Jesus Rodriguez is a co-founder and CEO of KidoZen, an enterprise mobile-first platform as a service redefining the future of enterprise mobile solutions. He is also the co-founder to Tellago, an award-winning professional services firm focused on big enterprise software trends. Under his leadership, KidoZen and Tellago have been recognized as an innovator in the areas of enterprise software and solutions achieving important awards like the Inc 500, Stevie Awards’ American and International Business Awards.

A software scientist by background, Jesus is an internationally recognized speaker and author with contributions that include hundreds of articles and sessions at industry conferences. He serves as an advisor to several software companies such as Microsoft and Oracle, sits at the board of different technology companies. Jesus is a prolific blogger on all subjects related to software technology and entrepreneurship. You can gain valuable insight on business and software technology through his blogs at http://jrodthoughts.com and http://weblogs.asp.net/gsusx .

More Stories By Clemens Utschig

Clemens Utschig works within the Oracle SOA Product Management Team responsible for security aspects and cross product integration. Aside from technology, Clemens' focus is on project management and consulting aspects coming along with SOA implementations. As a native Austrian, Clemens' Oracle career started in Europe at the local consulting services branch—working with customers on J2EE and SOA projects, and founded the local Java community. He is a frequent speaker at conferences evangelizing either on technology or the human factor—two key aspects when introducing new concepts and shifts in corporate IT strategy.

More Stories By Heidi Buelow

Heidi Buelow is a product manager for the Oracle SOA Suite. She spent the last 10 years building business process management systems with a focus on service integration and interoperability of diverse systems. Heidi’s career developing service-oriented architecture started with the early services- and object-oriented transport and messaging stacks of Xerox PARC’s XNS networking protocols. Her recent experience includes the development of the BPMS platform and tools for very large SOA-based solutions, an example of which is the managed care system of one the largest managed healthcare companies in the United States.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
For most organizations, the move to hybrid cloud is now a question of when, not if. Fully 82% of enterprises plan to have a hybrid cloud strategy this year, according to Infoholic Research. The worldwide hybrid cloud computing market is expected to grow about 34% annually over the next five years, reaching $241.13 billion by 2022. Companies are embracing hybrid cloud because of the many advantages it offers compared to relying on a single provider for all of their cloud needs. Hybrid offers bala...
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Microservices are increasingly used in the development world as developers work to create larger, more complex applications that are better developed and managed as a combination of smaller services that work cohesively together for larger, application-wide functionality. Tools such as Service Fabric are rising to meet the need to think about and build apps using a piece-by-piece methodology that is, frankly, less mind-boggling than considering the whole of the application at once. Today, we'll ...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
Colocation is a central pillar of modern enterprise infrastructure planning because it provides greater control, insight, and performance than managed platforms. In spite of the inexorable rise of the cloud, most businesses with extensive IT hardware requirements choose to host their infrastructure in colocation data centers. According to a recent IDC survey, more than half of the businesses questioned use colocation services, and the number is even higher among established businesses and busine...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to ma...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
There's a lot to gain from cloud computing, but success requires a thoughtful and enterprise focused approach. Cloud computing decouples data and information from the infrastructure on which it lies. A process that is a LOT more involved than dragging some folders from your desktop to a shared drive. Cloud computing as a mission transformation activity, not a technological one. As an organization moves from local information hosting to the cloud, one of the most important challenges is addressi...
In the decade following his article, cloud computing further cemented Carr’s perspective. Compute, storage, and network resources have become simple utilities, available at the proverbial turn of the faucet. The value they provide is immense, but the cloud playing field is amazingly level. Carr’s quote above presaged the cloud to a T. Today, however, we’re in the digital era. Mark Andreesen’s ‘software is eating the world’ prognostication is coming to pass, as enterprises realize they must be...
Hybrid IT is today’s reality, and while its implementation may seem daunting at times, more and more organizations are migrating to the cloud. In fact, according to SolarWinds 2017 IT Trends Index: Portrait of a Hybrid IT Organization 95 percent of organizations have migrated crucial applications to the cloud in the past year. As such, it’s in every IT professional’s best interest to know what to expect.
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
A common misconception about the cloud is that one size fits all. Companies expecting to run all of their operations using one cloud solution or service must realize that doing so is akin to forcing the totality of their business functionality into a straightjacket. Unlocking the full potential of the cloud means embracing the multi-cloud future where businesses use their own cloud, and/or clouds from different vendors, to support separate functions or product groups. There is no single cloud so...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...
Companies have always been concerned that traditional enterprise software is slow and complex to install, often disrupting critical and time-sensitive operations during roll-out. With the growing need to integrate new digital technologies into the enterprise to transform business processes, this concern has become even more pressing. A 2016 Panorama Consulting Solutions study revealed that enterprise resource planning (ERP) projects took an average of 21 months to install, with 57 percent of th...