July 2003 - Posts
Today IBM and Microsoft released a new set of Web Services security specifications. The cornucopia of WS-Federation specs can be accessed from the MSDN Web Services WS-Security Specification Index Page.
Whitepaper "Federation of Identities in a Web Services World":
This document describes the issues around federated identity management and describes a comprehensive solution based on the Web services specifications outlined in the WS-Security roadmap and other related Web services specifications.
The approach described in this whitepaper, which will be further defined in the WS-Federation specification, introduces an identity provider as a class of security token service. As such, it uses the mechanisms of WS-Trust and WS-Federation to create and broker trust within and across federations. Additionally, mechanisms are defined for single sign-in and sign-out, sharing of attributes based on authorization and privacy policies, and integrated processing of pseudonyms (aliases used at different sites/federations).
Together, the specifications identified in this paper provide a comprehensive and integrated set of protocols for secure reliable transacted messages in and across federations by composing with other security and Web service specifications.
Specifications:
Some days ago I speculated about the contents of Simon Guest's upcoming book on J2EE and .NET interoperability. I was quite sure that it will be about Service Oriented Architectures with implementations in the Java and .NET world - but well, Simon puts it in the right light now:
This (unfortunately) isn't a book on SOA. Although there are some definite SOA-related topics and recommendations, I've really written this to show how to 'get to the metal' of each of the interoperability options. The SOA perspective on all this is definitely something that is being worked on though - watch this space.
Sorry for the confusion I might have caused with my post, but it seems I am dreaming of such a book. So it might have to write it on my own ... ;-)
UPDATE: The bits can be downloaded here.
I just released version 1.4 of DynWSLib (submitted it to gotdotnet.com - may take some time to show up). What is this? It stands for a .NET library which enables you to dynamically invoke XML Web Services at runtime. This version is much improved compared to the last public release last year. Be sure to check it out!
Did you ever think about invoking your XML Web Services dynamically without having to generate a client side proxy class at design/compile time with wsdl.exe or Visual Studio .NET? - No need to know the exact Web Service description and endpoint at compile/design time. Just get your WSDL from UDDI (or from wherever you want, e.g. XMethods), specify the type to instantiate and the methods to call ... voila! Can be used from any .NET application or even an unmanaged resource.
Features:
- No need to add WSDL descriptions during design time
- Point-and-run Web Services invocation functionality
- Ready-to-run user experience when using the library
- Resolves imports of external schemas
- Works with complex types
- Provides a better means to completely hide the Web Services bound functionality from client apps. Think client factory in Grid computing
- Caching mechanism to improve performance of already 'well known' Web Services (pre-compiled assemblies)
- Access the raw SOAP messages for request and response
- Sample client application for testing scenarios
- You get the complete source code to use at your own risk
Issues:
- performance could be better in general
- lots of testing still needed
- Documentation sucks
- Clear up init process: perhaps add explicit Init() method
- not (yet?) a 'good' .NET citizen: not FxCop 1.21 'compliant'
- Simple sample usage in C#, VB.NET, Managed C++
Credits:
- Alex De Jarnatt: the god of WSDL and Schemas in the Microsoft XML Web Services team. You rock!
- Nadia Romeo: thanks for testing the lib so much and such hard!
- Pierre Greborio: thanks for testing and providing a lot of valuable input.
DISCLAIMER:
The sample is provided as is. Be sure that it is actually only a sample and does not in any sense conform to any coding guidelines and has not been proven to be a stable product! The code has not been reviewed by third parties or even been refactored for optimization - be sure that it is still much improvable.
The author cannot be made responsible for any damage or inconveniencies but is willed to accept any questions and comments to this sample.
Please notice that this code is only a technology demo and should not be included unedited into any serious project.
The code is not documented.
You can now download a ZIP archive with all samples shown in my talk
"WEB390: Ouch! Common XML Web services headaches (and possible
solutions)" at TechEd Europe 2003 in Barcelona. This archive contains
nearly all samples I have been talking about and showed. However, it does not
yet contain the SQLCLR project with which you can dynamically invoke XML Web
Services from within SQL Server - this is due to ongoing article writing efforts
- sorry! Stay tuned for this ...
Here is a sneek preview of the contents:
- Leverage existing XML Schemas
This sample solution
shows you how to use existing XML Schemas in an ASMX Web Services project (it
uses Scott Short most excellent library introduced in a MSDN Magazine
article). Additionally it enables you to validate the incoming SOAP request
against either an external schema or the internal and automatically generated
Schemas reflected in the WSDL description.
- Accessing the SOAP message
This sample solution shows
you how to access the SOAP Envelope messages both on the client and on the
service side.
- Dynamically call services
This sample solution shows
you how to dynamically invoke XML Web Services without the need of adding a
WSDL web reference to a client at design time. Just give the DynWSLib a WSDL
at runtime, set some properties and off you go!
There are two testing
application for the lib:
- SimpleDynWSClient:
This is a
very simple test app which shows you the basic steps involved in using the
DynWSLib to dynamically invoke Web Services.
-
WSLibTester:
This is a much more sophisticated testing
application which enables you to test XML Web Services in a more professional
way. It compeletely visualizes a generic client app where you simply have to
provide the WSDL to your Web Service.
- Common types and 'Type Fidelity?'
This sample solution
shows you how to make it possible to use a common types library (assembly DLL)
which holds the types/classes for your tiered applications in a Web Services
world. It uses a small helper library which has essentially one method to
'safely' convert the original Web Service proxy's type to your targeted common
type.
- Asynchronous programming
This sample solution shows
you how to asynchronously call XML Web Services from a Windows Forms
app.
DISCLAIMER:
The sample is provided as is. Be sure that it is actually
only a sample and does not in any sense conform to any coding guidelines and has
not been proven to be a stable product! The code has not been reviewed by third
parties or even been refactored for optimization - be sure that it is still much
improvable.
The author cannot be made responsible for any damage or
inconveniencies but is willed to accept any questions and comments to this
sample.
Please notice that this code is only a technology demo and should not
be included unedited into any serious project.
The code is not
documented.
While chasing for Moby Dick during the German ASP-Konferenz on the river Salzach in the beautiful city of Burghausen, an unbelievably good photographer took this picture:
This is me, Captian Ahab, with my left wooden leg left at home ... ;-) And Ralf Westphal did not notice anything!
Hiho, hiho, nanananana, ...
Well, that's it for now. And you know what? I did not manage to post even one
single piece of informtation about TechEd 2003. And I feel bad about it
...
My session on Thursday night (WEB 390: Ouch! Common XML Web
Services headaches (and possible solutions)) went quite good, I am very
happy with the talk and the scores :-) There were a lot of very well known speakers and experts in the
speaker lounge and I am actually proud to being part of them. Just to add to
this: they are are all just human beings and it is a pleasure to talk to a lot
of them ;-)
Nevertheless, the most important factor in a conference such
as TechEd is of course the attendee - and I guess they were able to gather a lot
of information and bits to take home. TechEd 2003 was really filled with superb
technical know how. The people I have been talking to at the Ask-The-Expert
booth, e.g., were really excited about the show and the sessions - and
especially about meeting other developers and geeks.
BTW, next TechEd Europe in 2004 will move from Barcelona to Amsterdam.
Looking forward to it!
The samples for my talk will be released next week on this
weblog.
Simon Guest reports that he is currently working on a book (or has he already finished?) about .NET and J2EE interoperability. It is called 'Microsoft .NET and J2EE Interoperability Toolkit' and you can at least have a sneak preview here. This book should be most interesting as Simon primarily is talking about building services - i.e. Service Oriented Architectures - to integrate diverse platforms. Without having seen any single line of it I hope that this book is starting to talk about what SOAs' real strengths are: integrating applications exposed as services no matter which technology or platform they are implemented in ... looking forward to it.
BTW, Simon has been publishing these articles on MSDN talking about Web Services security between Java and .NET:
More Posts
« Previous page