Using WSE attachments to get Ink from a TabletPC to a Web service

One of the most attended Hands-On-Labs last week at TechEd was the one by the TabletPC group. It was probably because they were giving away cute-sy, little USB memory keys, but anything that gets people to look more at tablets is good.

I thought a cute-sy, little USB memory key would just be the perfect souvenir to bring home to my wife, I sat down and worked through the Tablet PC lab as well.  Since I also proctored the WSE labs, I started thinking about how I can combine WSE and tablet PCs.

One scenario is to leverage WSE’s attachment feature to send ink to a Web service. Imagine you are capturing a customer’s signature on a tablet as part of a purchase. To execute the sale you call a web service, but you also want to archive the signature for auditing purposes. Before WSE, you had to convert the serialized to the XML-compatible base 64 encoding. With WSE, you can send the ink collected by a tablet application to the web service using WSE’s support for WS-Attachments. The attchment is transmitted in its original binary format. Therefore you avoid the costly base 64 encoding and decoding steps you would have to perform if you were to put the ink into the SOAP body.

Take the prescription application from the TabletPC lab for example. If you were to hook up the application to a Web service of an online pharmacy to have the prescription filled, you could attach the doctor’s (typically unreadable) prescription scribbles to the SOAP message and send it to the service with the following four lines of code.

byte[] presData = inkOverlay1.Ink.Save(PersistenceFormat.InkSerializedFormat, CompressionMode.Maximum);

MemoryStream ms = new MemoryStream( presData );
svc.RequestSoapContext.Attachments.Add( new Attachment( "PrescriptionData", "application/octect-stream", ms ) );

svc.FillPrescription( mailingAddress );

As you can see, the TabletPC SDK makes it incredibly easy to work with ink on a form. The first line in the sample above serializes the ink, lines 2 and 3 attach the serialized blob to the Web service call and line 4 sends the SOAP message and the attachment to the Web service.

What the TabletPC SDK doesn’t do yet, is to provide a special handwriting recognizer pack to decipher the doctors’ prescription scribbles. Therefore the online pharmacy has to deserialize the ink attachment and present it to a real pharmacist who’s specially trained to read prescriptions. Doing that is just another three lines of code(without trying to guess the prescribed medication):

Ink prescriptionInk = new Ink();
byte[] buffer = new byte[ prescriptionStream.Length ];
ctx.Attachments["PrescriptionData"].Stream.Read( buffer, 0, (int)prescriptionStream.Length );
prescriptionInk.Load( buffer );

Now the pharmacy web service wants to make sure that only authorized doctors can submit prescriptions. Again, WSE provides a perfect solution for this problem. You can sign SOAP messages with digital signatures based on X.509 certificates (or Kerberos tickets). These signatures guarantee the sender’s identity to the receiver. The best thing about it is that you can attach the signatures completely declaratively, i.e. without writing any code, by adding a policy configuration file to the client application. Again, you can find lots of good examples on signing messages and defining policies in the WSE labs from TechEd.

There is one thing to keep in mind though. For SOAP messages without attachments, the signature also guarantees authenticity of the message. This is not the case for messages with attachments, because the attachments are transmitted outside of the SOAP envelope. However, as the proprietor of the pharmacy you would like to be sure that the prescription you received is really what the doctor prescribed. You wouldn’t want to ship Vicodin when the prescription was for Viagra, because somebody changed the ink attachment, would you? To ensure authenticity of the ink attachment, you have to generate a signature for the serialized ink (or its hash) as outlined in the Framework SDK docs and attach the signature as another attachment to the SOAP message. The Web service still has to verify the signature to make sure the attachment is what the sender attached.

Now that’s just one way to combine WSE and tablet based solutions. WSE 2.0 and tablets will actually make a great platform for secure web services and mobile devices. Imagine what else you could do with 3rd party Web services like MapPoint (free for MSDN subscribers), a full .NET Framework, a decent sized screen you can work with, literally speaking, and the ability to connect to your own web services securely.
 
Now I just hope that my wife likes cute-sy, little USB memory keys that I got from doing the TabletPC lab. Somehow I always have a hard time finding the right present.