|
|
|
|||||||||||||||||||||||||
 |
||||||||||||||||||||||||||
|
||||||||||||||||||||||||||
|
A Web Services Primer by
Venu Vasudevan PAGE 3 XAML Transaction Authority Markup Language (XAML) provides a more traditional two-phase commit style transactional semantics over web services. A business-to-business web transaction to purchase benzene follows -- a working example from the XAML specification. XAML does not completely restrict itself to two-phase commits, and it leaves open the possibility that some action "undos" will be compensatory actions like XLang. While two-phase commit is clearly useful in enterprise integration, a number of web transactions (e.g business-to-consumer transactions) are well captured by the computationally cheaper compensatory action model. Until XAML makes compensatory actions a first class citizen of their model, it would seem that XLang has ample justification to exist. Scenario The following scenario demonstrates a business-level transaction involving a set of web services that would utilize XAML. Consider an industrial company that purchases benzene from a chemical manufacturer on the Web. In order for the buyer to purchase the benzene, she requires additional value-added services provided by third parties, such as shipping with specific delivery terms, payment financing, casualty insurance, and government compliance for safe transport. The buyer will not agree to the purchase of benzene until all of these services are available, and until all of them meet her requirements. She will purchase all of them or none of them. In other words, all of these related requirements need to be satisfied in order for the business transaction to be completed. The software providing the top-level business transaction needs to coordinate with each of the participating web services. These include (1) the chemical provider's inventory system; (2) an insurance policy service to insure the product being shipped; (3) a financing service to ensure payment according to vendor terms; (4) a transportation service to guarantee timely shipment and delivery of product; and (5) a regulatory service to ensure compliance with government safety requirements. XKMS (XML Key Management Specification) XKMS is an effort by Microsoft and Verisign to integrate PKI and digital certificates (which are used for securing Internet transactions) with XML applications. The key idea is to delegate the signature processing to a trust server on the Web, so that thin or mobile clients don't have to carry around the smarts to do all this themselves. XKMS relies on the XML Signature specification already being worked on by W3C and on anticipated work at W3C on an XML encryption specification. XKMS consists of two parts: the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). The X-KISS specification defines a protocol for a trust service that resolves public key information contained in XML-SIG elements. The X-KISS protocol allows a client of such a service to delegate part or all of the tasks required to process <ds:KeyInfo> elements (information about the key signer). A chief objective of the protocol design is to minimize the complexity of application implementations by allowing them to become clients, thereby shielded from the complexity and syntax of the underlying PKI used to establish trust relationships. These may be based upon a different specification such as X.509/PKIX, SPKI, or PGP. X-KRSS describes how public key information is registered. While there are no inviolable ties in these proposals to protocols and transports, the current XKMS specification relies on XML, SOAP, and WSDL. Other initiatives in this area include S2ML (Security Services Markup Language) and AuthXML, which are being unified under the auspices of OASIS's XML Security Services committee. Other useful initiatives The
web services platform is an evolving ecosystem in which Darwinian
processes are still at work. As with all things Darwinian, there
is constant evolution, bio-diversity, competition, and, yes,
even confusion. The list below is a small sample of such complementary
or competing initiatives. Given the existence of UDDI registries, ADS asks the question "how do I facilitate the building of a UDDI crawler that can pull UDDI advertisements off the Web, without people having to push ads to the registry?" Furthermore, while ADS accepts WSDL as the XML format for a service, it also wants to deal with discovering services that don't have the XML capabilities to build WSDL descriptions. For the XML world, it standardizes on a svcsadvt.xml file placed in the root of a web server, which then collectively advertises all the services available on that web site. This takes away the burden on each service to advertise itself, and it provides service crawlers a single place to look for advertisements. For the mom and pop e-shops of the world that want to advertise their services without the XML overhead, ADS proposes an augmented HTML META tag with name=<serviceDescriptionLocation >and content=<valid URL of document containing service advertisements>. In case of HTML based service crawling, the crawler makes some conclusions about the service properties based on the traversal context. XFS The
XMethods filesystem service enables you to post and read files
via a SOAP interface. This system enables developers to create
services that utilize centralized, persistent data. Ideally,
this type of filesystem can be used to centralize the storage
of information which can be accessed by multiple nodes. For
example, one could use this space to support automatic patch
updates. XFS provides a client tool that integrates the XFS
web service into a Windows Explorer shell. Windows Explorer
is then integrated with the XML-SOAP-based file system. XFS
is an open-source initiative by xmethods.com, the momentum of
which is unclear. However, the idea is technically attractive.
|