Welcome!

SOA & WOA Authors: Peter Silva, Maureen O'Gara, Tony Bishop, Mark O'Neill, Yeshim Deniz

Related Topics: SOA & WOA

SOA & WOA: Article

Handling Attachment Payloads in SOA

Gearing up SOA for data-intensive operations
By Ujval Mysore, Deepti Parachuri
Article Rating:
February 8, 2008 01:00 PM EST
Reads:
 4,029

MTOM (SOAP Message Transmission Optimization Mechanism)
The MTOM specification is defined in three parts:

1.  The first part describes an abstract feature for optimizing the transmission and/or wire format of SOAP by selectively encoding portions of the message, while still presenting an XML Infoset to the SOAP application.
2.  The second part describes an optimized MIME multipart/related serialization of SOAP messages implementing the abstract SOAP transmission optimization feature in a binding independent way. This implementation relies on the XML-binary Optimized Packaging format.
3.  The third part (HTTP SOAP transmission optimization feature) uses optimized MIME multipart/related serialization of SOAP messages for describing an implementation of the abstract transmission optimization feature for the SOAP 1.2 HTTP binding.

According to the specification:

If the binary data is encoded as base64 then the original SOAP message is taken and the base64-encoded binary content is processed. Base64-encoded binary data is extracted and re-encoded (i.e., the data is decoded from base64) and put into the XOP package. This is overhead and MTOM-encoded messages might be larger than messages that use Base64 encoding for binary data.

  • If the data is available as binary then the application can directly copy that data into an XOP package, at the same time preparing suitable linking elements for use in the root part; when parsing a XOP package, the binary data can be made available directly to applications.

    Many products like JAXWS-RI use MTOM in an improvised manner. If the size of the attachment is less than a specific threshold (ideally 1KB) then the binary data is transmitted as base64-encoded due to the overhead mentioned above. But if the attachment is above the threshold size then it's transmitted as defined in the MTOM specification. Refer to Lising 3 for a sample SOAP message for MTOM.

    Fast Infoset
    Fast Infoset is a standard for specifying a representation of an instance of the XML Information Set using ASN.1 binary encodings. Fast Infoset specifies a binary format for XML documents and Fast Infoset documents are faster to serialize and parse and smaller in size than the equivalent XML documents.

    Fast Infoset can also be used to handle attachments efficiently. As said above, as Fast Infoset describes binary encoding of the XML Information Set it allows for the direct embedding of binary data. In a way, Fast Infoset does what MTOM/XOP can do and a lot more. The performance of a Web Service with Fast Infoset is better than MTOM. Though Fast Infoset is being support by various platforms and frameworks, it's not popular yet; it's still emerging. This is definitely a promising technology and should be explored more.

    Limitations: Not human-readable, not self-describing and tightly coupled since both the sender and receiver need to have the Fast Infoset processor. Once encoded as Fast Infoset, the XML can't be validated against the schema.

    Securing Attachments
    With the ever-increasing adoption of SOAP as the messaging protocol in organizations and the need to send sensitive data as attachments to the SOAP message has called for matured mechanisms for securing attachment payloads. The traditional WS-* specifications like plain WS-Security can work only for securing the XML content in the SOAP message but not the binary attachments that traverse outside the SOAP message. Hence, the binary data sent as base64-encoded can be secured using WS-Security, but as already seen, this comes with a heavy price tag in the form of overhead if the data is huge. One way of securing attachments can be the use of transport-level security like HTTPS. But HTTPS can't provide features like encrypting part of the SOAP message. Also, HTTPS is unsuitable for a multiple-hops scenario.

    There's been some amount of work done in this area. OASIS came out with a specification, Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1, an extension to WS-Security that describes how SOAP attachments can be secured for attachment integrity, confidentiality, and origin authentication, and how a receiver can process such a message.

    Conclusion
    With an ever-growing number of enterprises embracing Web Service technologies and with demand for sending binary data on the rise, many techniques for handling attachments came to the fore. This paper tried to identify various such techniques in use and evaluate them by detailing the pros and cons.

    References:
      •   SOAP Attachment State of the Art by Miko Matsumura
    www.infoq.com/news/SOAP-Attachment-State-of-the-Art

      •   Transferring Data securely using the MTOM Standard Part 1 by Digg, Reddit, Del.icio.us and DZone
    http://microsoft.apress.com/asptodayarchive/73639/ transferring-data-securely-using-the-mtom-standard-part-1

      •   Evolution of Web Services Attachments Technologies by Canyang Kevin Liu and Sanjay Patil
    www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/ uuid/3b28e590-0201-0010-968f-e10ed5328191

      •   Boost Web Service Performance in JAX-WS with Fast Infoset by Young Yang
    http://java.sun.com/developer/technicalArticles/xml/fastinfoset/

      •   Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1
    www.oasis-open.org/committees/download.php/16672/wss-v1.1-spec-os-SwAProfile.pdf

      •   W3C MTOM specification
    www.w3.org/TR/soap12-mtom/

    • Published February 8, 2008 – Reads 4,029
    Copyright © 2008 SYS-CON Media, Inc. — All Rights Reserved.
    Syndicated stories and blog feeds, all rights reserved by the author.

    More Stories By Ujval Mysore

    Ujval Mysore is a member of the Web Services COE (Center of Excellence) for Infosys Tehcnologies, a global IT consulting firm, and have substantial experience in publishing papers, presenting papers at conferences, and defining standards for SOA and Web services. The Web Services COE specializes in SOA, Web services, and other related technologies. Dr. Srinivas Padmanabhuni heads the Web Services COE.

    More Stories By Deepti Parachuri

    Deepti Parachuri is a junior research associate at SOA/Web Services Centre of Excellence at SETLabs, the research arm of Infosys Technologies Ltd., and holds an MS degree from IIT-Madras, India. She is experienced in the field of vision, especially recognition and video tracking, while she has been actively involved in various publications and conferences. Today, her major research area includes semantic Web scaling RDF, OWL, OWL-S and Agent technologies, in addition, analyzed XML schema compression methodologies for SOA-based application.

    Comments (0)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.