Welcome!

Microservices Expo Authors: Elizabeth White, Roger Strukhoff, Pat Romanski, Dana Gardner, Ruxit Blog

Related Topics: Microservices Expo

Microservices Expo: Article

WS-I Basic Profile - Not just another Web service specification

WS-I Basic Profile - Not just another Web service specification

On August 12, 2003, the Web Services Interoperability Organization (WS-I), released the Final Material version of the WS-I Basic Profile 1.0 specification. This publication represents an important milestone for WS-I and the Web services community as a whole. It specifies the standards and technologies required for interoperability between Web services implementations running on different software and operating system platforms.

The Promise of Interoperability
The promise of interoperability is possibly the most important aspect of Web services technologies. That promise stems from the fact that Web services has its foundations in XML, which itself is interoperable across all platforms and programming languages. However, because Web services leverages heavily on the extensible nature of XML, the interoperability aspect of Web services is significantly challenged.

While most, if not all, vendors provide support for the established Web services standards, they are still motivated to provide added value to their customers in the form of advanced feature support for things such as security, reliability, transactions, and business process orchestration. Because many of the advanced Web services features are still in the early stages of development and adoption, developers and IT managers need more than just a checklist of (emerging) standards when making project implementation or product purchasing decisions. They need help in being able to determine when they are "coloring outside the lines" so that they can weigh the merits of incorporating these advanced features against the importance of ensuring broad interoperability of the deployed solution.

WS-I was founded with a mission to provide users of Web services technology with the guidance and tools that help them better understand where the boundary lies between the interoperable and not-necessarily-interoperable solution spaces so that they can make well-informed decisions.

About WS-I
The Web Services Interoperability Organization is an open industry effort chartered to promote Web services interoperability across platforms, applications, and programming languages. The organization brings together a diverse community of Web services leaders to respond to customer needs by providing guidance, recommended practices, and supporting resources, such as testing tools and sample applications, that enable the development of interoperable Web services.

WS-I Deliverables
The Basic Profile 1.0 is the first of a set of deliverables being produced by WS-I related to the Basic Profile. When complete, the package of deliverables produced in conjunction with all WS-I Profiles will be as follows:

  • Use cases and usage scenarios: Use cases and usage scenarios capture (respectively) business and technical requirements for the use of Web services. These requirements reflect the classes of real-world requirements supporting Web services solutions, and provide a framework to demonstrate the guidelines described in WS-I Profiles.
  • Profiles: A set of named Web services specifications at specific revision levels, together with a set of implementation and interoperability guidelines recommending how the specifications may be used to develop interoperable Web services.
  • Sample applications: Demonstrate the implementation of applications that are built from Web services usage scenarios and use cases, and that conform to a given set of profiles. Implementations of the same sample application on multiple platforms, languages, and development tools demonstrate interoperability in action, and provide readily usable resources for the Web services practitioner.
  • Testing tools: Used to monitor and analyze interactions with a Web service to determine whether or not the Web service instance or its artifacts (such as messages, WSDL, and UDDI registration components) conform to WS-I Profile guidelines.
At the time of this writing, each of the WS-I deliverables related to the Basic Profile 1.0 has been either formally approved as Final Material, or has been made public in the form of a Working Group Approval Draft.

Philosophy of the Profile
The WS-I Basic Profile was developed by the Basic Profile Working Group with a set of guiding principles that have been outlined in the Profile. These guiding principles form the "philosophy of the Profile."

Possibly the most important of these guiding principles is that there can be no guarantee of interoperability. The best that we could hope to achieve would be to improve the potential for interoperability since we were only dealing with the very basics of Web services technologies and we did not intend to address application-level semantics. Another key guiding principle is that the Profile never relaxes requirements of an underlying specification. That is to say that the Profile never changes a MUST to a SHOULD. However, the Profile often seeks to improve interoperability by reducing the optional features of an underlying specification by changing SHOULDs and SHOULD NOTs to MUSTs and MUST NOTs.

The Profile also focuses on interoperability, not functionality. While the underlying specifications may contain design flaws and inconsistencies, the Profile focuses only on those that directly affect interoperability. WS-I leaves the work of addressing any inadequacies of a specification to the standards body that is assigned stewardship of the standard.

Scope of the Profile
Each Profile has a scope that is defined by the set of referenced specifications. A Profile attempts to improve interoperability within its own scope by placing constraints on optional features of the referenced specifications, clarifications of ambiguities in the referenced specifications, and guidelines for use of the referenced specifications. A Profile does not impose constraints on that which is out of the scope of the Profile.

A key aspect of Web services is the composable nature of the specifications. WS-I Profiles are also intended to exhibit this same composable nature. They do so by defining the set of extensibility points, the extension mechanisms and parameters defined in the underlying specifications that may require out-of-band negotiation and/or agreement explicitly outside the scope of a Profile. While their use may impair interoperability, it is not subject to claims of conformance.

A Profile may place constraints on the use of extensibility points without constraining their range, so that specific uses of extensibility points may be further constrained by other Profiles to improve their interoperability when used in conjunction with the Profile.

The WS-I Basic Profile specification defines conformance of a Web service instance and its artifacts such as the messages it sends, its WSDL description and UDDI registration. The profile consists of the following set of nonproprietary Web services specifications:

  • SOAP 1.1
  • WSDL 1.1
  • UDDI 2.0
  • XML 1.0 (Second Edition)
  • XML Schema Part 1: Structures
  • XML Schema Part 2: Datatypes
  • RFC2246: The Transport Layer Security Protocol version 1.0
  • RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile
  • RFC2616: HyperText Transfer Protocol 1.1
  • RFC2818: HTTP over TLS
  • RFC2965: HTTP State Management Mechanism
  • The Secure Sockets Layer Protocol version 3.0
The Profile adds constraints and clarifications to those base specifications with the intent to promote interoperability. Where the Profile is silent (i.e., imposes no clarification or constraint), the base specifications are normative. If the Profile prescribes a requirement in the form of a clarification or constraint, the Profile supersedes the underlying base specification. Some of the constraints imposed by the Profile are intended to restrict, or require, optional behavior and functionality so as to reduce the potential for interoperability problems resulting from impedance mismatch between implementations that have made different choices with regard to implementation of the optional functionality. Other Profile requirements are intended to clarify language in the base specifications that have been the source of frequent misinterpretation, resulting in interoperability problems. Where possible, the Basic Profile WG has tried to ensure that the Profile clarifications are aligned with the thinking and direction of the Working Group responsible for the stewardship of the underlying specification to which the clarification applies. For example, clarifications to the SOAP1.1 specification were often aligned with issue resolutions made by the W3C XML Protocol WG responsible for the development of the SOAP1.2 specification.

Profile Highlights
The following list highlights some of the key constraints imposed by the Profile:

  • Precludes the use of SOAP encoding
  • Requires the use of HTTP binding for SOAP
  • Requires the use of HTTP 500 status response for SOAP Fault messages
  • Requires the use of HTTP POST method
  • Requires the use of WSDL1.1 to describe the interface of a Web service
  • Requires the use of RPC-literal or document-literal forms of WSDL
  • Precludes the use of RPC-encoded–style WSDL
  • Precludes the use of solicit-response and notification style operations
  • Requires the use of WSDL SOAP binding extension with HTTP as the required transport
  • Requires the use of WSDL1.1 descriptions for UDDI tModel elements representing a Web service
What's Relevant to the Developer?
The WS-I Basic Profile 1.0 specification is a rather complex document. A majority of the specification is targeted at the audience of runtime platform and development tool vendors working on vendor-specific implementations of SOAP processors, WSDL parsers, code generators, and the like. You could reasonably consider the Profile to be a concerted effort by those tools and platform vendors to ensure that their respective products will either generate or host interoperable Web services instances.

However, it isn't enough that each of the major vendors adopt the Profile for their product offerings since each will likely retain support for certain features that the Profile does not sanction (such as RPC-encoded Web services) and most will offer support for features that are outside the scope of the Profile. A Web services developer or IT manager should be familiar with all of the profile specification's contents. However, certain sections of the Profile are specifically relevant to the implementation of interoperable Web services.

The following lists each substantive section of the profile specification and its relevance to a Web service practitioner.

  • Section 4: Relates to SOAP and the use of HTTP binding for SOAP. As such, it is mostly of interest to those developers writing SOAP processor implementations rather than Web services developers.
  • Section 5: Pertains to conformant use of WSDL, and as such should be of interest to Web services practitioners, especially those who handcraft their WSDL descriptions.
  • Section 6: Pertains to Web service discovery using UDDI. This, too, should be of interest to Web services practitioners. It describes conformant approaches to registration and categorization of a Web service in a UDDI registry.
  • Section 7: Relates to security of Web services using HTTP/S and should also be of interest to Web services practitioners who require security for the Web services they develop.
Many of the Profile requirements are often accompanied by examples of SOAP messages or WSDL descriptions that demonstrate both conformant and nonconformant adherence to the constraints and clarifications provided. The requirements associated with examples are likely to be of specific interest to Web services practitioners. However, the other WS-I deliverables related to the Profile may be more appropriate and relevant to the IT manager and Web service developer.

Scenarios, Sample Applications, and Testing Tools
The WS-I Sample Applications Working Group has developed deliverables based on the Basic Profile that a Web services practitioner will find useful.

  • A mock supply-chain sample application that demonstrates most of the key features of the WS-I Basic Profile
  • A Usage Scenarios specification that defines the most common design patterns for Web services and maps those scenarios to the Profile requirements that apply
The sample application serves a dual purpose. For vendors, it provides a means by which they can demonstrate and test their product's support for the requirements set forth by the Profile. To date, 10 vendors have produced independently developed implementations of the sample application, typically based on their respective runtime platform and/or development tooling. Each vendor has provided the source of their implementation so that Web services developers can better understand what they need to do to develop their own interoperable Web services.

The Testing Tools Working Group has delivered approval drafts of their reference testing tools for each of the major runtime platforms (Java and C#). They have also translated the constraints and requirements defined in WS-I Basic Profile 1.0 into formal test assertions that are used to configure the WS-I Testing Tools.

Web services practitioners can use the published reference testing tools to test their Web service instances, WSDL descriptions, and UDDI registrations for conformance to the Profile's requirements. IT managers can use the reports produced by the WS-I Testing Tools as a means of determining whether the Web services their developers have developed conform to the requirements of the Profile.

Future versions of the WS-I Testing Tools reports will be augmented to identify the extensibility points that are used in a Web service instance so that IT managers (and developers) can make informed decisions as to whether the solutions they develop and deploy meet the specific interoperability requirements of a given situation. If a Web service requires broad interoperability, such as might be the case with an Internet deployment of a service, they might wish to constrain the use of extensibility points to those covered by a WS-I Profile(s). Conversely, if a Web service is being deployed for use within an intranet, interoperability may not be considered as high a priority as the advanced features provided through the use of an extensibility point. IT managers can leverage the information provided by the testing tools to make an appropriate, well-informed decision based on the requirements of the given situation.

Looking Beyond WS-I Basic Profile 1.0
The WS-I Basic Profile 1.0 is, of course, just the tip of the iceberg. WS-I has already begun work on a number of follow-on profiles for Web services, including Attachments and Basic Security. Work will begin on future profiles, tackling some of the more advanced Web services features as the various specifications upon which they are based mature and stabilize and as the interoperability requirements associated with these advanced features are better understood by the community.

As WS-I releases these future profiles and their associated testing tools and sample applications deliverables, the Web services community benefits by reducing the tension induced by having to choose between the need for broad interoperability and the need for advanced functionality that is not yet broadly adopted.

References

  • WS-I: http://ws-i.org
  • WS-I Basic Profile 1.0: http://ws-i.org/Profiles/Basic/2003-08/BasicProfile-1.0a.htm
  • WS-I Testing Tools: http://ws-i.org/implementation.aspx
  • More Stories By Christopher Ferris

    Chris Ferris is an IBM Distinguished Engineer and CTO of Industry Standards in the Software Group Standards Strategy organization. He has been actively engaged in open standards development for XML and Web services since 1999. Ferris is former chair of the WS-I Basic Profile Working Group. He co-chairs the W3C Web Services Policy Working Group and serves as chair of the W3C XML Protocols Working Group. He represents IBM on the OASIS WS-RX Technical Committee. He is a former elected member of the OASIS Technical Advisory Board (TAB).

    Comments (0)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


    @MicroservicesExpo Stories
    Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
    Cloud Expo 2016 New York at the Javits Center New York was characterized by increased attendance and a new focus on operations. These were both encouraging signs for all involved in Cloud Computing and all that it touches. As Conference Chair, I work with the Cloud Expo team to structure three keynotes, numerous general sessions, and more than 150 breakout sessions along 10 tracks. Our job is to balance the state of enterprise IT today with the trends that will be commonplace tomorrow. Mobile...
    Akana has announced the availability of version 8 of its API Management solution. The Akana Platform provides an end-to-end API Management solution for designing, implementing, securing, managing, monitoring, and publishing APIs. It is available as a SaaS platform, on-premises, and as a hybrid deployment. Version 8 introduces a lot of new functionality, all aimed at offering customers the richest API Management capabilities in a way that is easier than ever for API and app developers to use.
    SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
    DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
    SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
    The burgeoning trends around DevOps are translating into new types of IT infrastructure that both developers and operators can take advantage of. The next BriefingsDirect Voice of the Customer thought leadership discussion focuses on the burgeoning trends around DevOps and how that’s translating into new types of IT infrastructure that both developers and operators can take advantage of.
    With so much going on in this space you could be forgiven for thinking you were always working with yesterday’s technologies. So much change, so quickly. What do you do if you have to build a solution from the ground up that is expected to live in the field for at least 5-10 years? This is the challenge we faced when we looked to refresh our existing 10-year-old custom hardware stack to measure the fullness of trash cans and compactors.
    This digest provides an overview of good resources that are well worth reading. We’ll be updating this page as new content becomes available, so I suggest you bookmark it. Also, expect more digests to come on different topics that make all of our IT-hearts go boom!
    The emerging Internet of Everything creates tremendous new opportunities for customer engagement and business model innovation. However, enterprises must overcome a number of critical challenges to bring these new solutions to market. In his session at @ThingsExpo, Michael Martin, CTO/CIO at nfrastructure, outlined these key challenges and recommended approaches for overcoming them to achieve speed and agility in the design, development and implementation of Internet of Everything solutions wi...
    19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
    Sharding has become a popular means of achieving scalability in application architectures in which read/write data separation is not only possible, but desirable to achieve new heights of concurrency. The premise is that by splitting up read and write duties, it is possible to get better overall performance at the cost of a slight delay in consistency. That is, it takes a bit of time to replicate changes initiated by a "write" to the read-only master database. It's eventually consistent, and it'...
    To leverage Continuous Delivery, enterprises must consider impacts that span functional silos, as well as applications that touch older, slower moving components. Managing the many dependencies can cause slowdowns. See how to achieve continuous delivery in the enterprise.
    Node.js and io.js are increasingly being used to run JavaScript on the server side for many types of applications, such as websites, real-time messaging and controllers for small devices with limited resources. For DevOps it is crucial to monitor the whole application stack and Node.js is rapidly becoming an important part of the stack in many organizations. Sematext has historically had a strong support for monitoring big data applications such as Elastic (aka Elasticsearch), Cassandra, Solr, S...
    Thomas Bitman of Gartner wrote a blog post last year about why OpenStack projects fail. In that article, he outlined three particular metrics which together cause 60% of OpenStack projects to fall short of expectations: Wrong people (31% of failures): a successful cloud needs commitment both from the operations team as well as from "anchor" tenants. Wrong processes (19% of failures): a successful cloud automates across silos in the software development lifecycle, not just within silos.
    There's a lot of things we do to improve the performance of web and mobile applications. We use caching. We use compression. We offload security (SSL and TLS) to a proxy with greater compute capacity. We apply image optimization and minification to content. We do all that because performance is king. Failure to perform can be, for many businesses, equivalent to an outage with increased abandonment rates and angry customers taking to the Internet to express their extreme displeasure.
    Right off the bat, Newman advises that we should "think of microservices as a specific approach for SOA in the same way that XP or Scrum are specific approaches for Agile Software development". These analogies are very interesting because my expectation was that microservices is a pattern. So I might infer that microservices is a set of process techniques as opposed to an architectural approach. Yet in the book, Newman clearly includes some elements of concept model and architecture as well as p...
    A company’s collection of online systems is like a delicate ecosystem – all components must integrate with and complement each other, and one single malfunction in any of them can bring the entire system to a screeching halt. That’s why, when monitoring and analyzing the health of your online systems, you need a broad arsenal of different tools for your different needs. In addition to a wide-angle lens that provides a snapshot of the overall health of your system, you must also have precise, ...
    SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
    Monitoring of Docker environments is challenging. Why? Because each container typically runs a single process, has its own environment, utilizes virtual networks, or has various methods of managing storage. Traditional monitoring solutions take metrics from each server and applications they run. These servers and applications running on them are typically very static, with very long uptimes. Docker deployments are different: a set of containers may run many applications, all sharing the resource...