This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Web Services and the fly likes [To Authors] State of the webservices world Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "[To Authors] State of the webservices world" Watch "[To Authors] State of the webservices world" New topic
Author

[To Authors] State of the webservices world

Gavin Bong
Ranch Hand

Joined: Apr 25, 2003
Posts: 56
Ramesh, Robert, Rima,
Could you provide a snapshot analysis on the ever-changing state of the Web Services world ? For examples:
1) Will Apache Axis co-exist with SUN's Web services developer pack ? or will SUN's framework subsume Axis ? I asking this because I want to know what APIs will gain market acceptance before spending time learning the APIs.
2) Don Box, a Microsoft evangelist complained about the proliferation of standards especially those from the WS-I organization. What is SUN's role in WS-I ?
3) What is the current situation with the licensing of these WebServices standards like WSDL, SOAP, UDDI etc... ? If I remember correctly; 6 months to a year ago - there was a lot of uncertainty on this.
4) On the amazon.com website; it says that you cover web services security i.e. XML Encryption and Signature. Any mentioned on other security protocols (which were also in a flux) like SAML, WS-Security and identity management ?
5) Does the JAX* apis use XML-Schema extensively ?
6) What's been happening in the web services choreagraphy space ? A short summary in this area would be much appreciated.
Thanks all.
Gavin
6)
Thanks
Gavin
Ramesh Nagappan
Author
Ranch Hand

Joined: May 06, 2003
Posts: 159
My answers inline:
1) Will Apache Axis co-exist with SUN's Web services developer pack ? or will SUN's framework subsume Axis ? I asking this because I want to know what APIs will gain market acceptance before spending time learning the APIs.

Apache Axis will never be part of Sun JWSDP. Because Axis has it own implementation in addition to supporting JAX-RPC and SAAJ.
But Apache Tomcat will be part of Sun JWSDP to serve as a Servlet container.
In regards with API acceptance, Sun JWSDP will be part of J2EE 1.4 which is partcipated by almost all J2EE vendors.
2) Don Box, a Microsoft evangelist complained about the proliferation of standards especially those from the WS-I organization. What is SUN's role in WS-I ?

Sun is the newly joined board member of WS-I.
3) What is the current situation with the licensing of these WebServices standards like WSDL, SOAP, UDDI etc... ? If I remember correctly; 6 months to a year ago - there was a lot of uncertainty on this.
Currently SOAP 1.1, WSDL 1.1 and UDDI 2.0 are accepted as standards by the standard orgs. And SOAP 1.2, WSDL 1.2 and UDDI 3.x is currently under review stages.
4) On the amazon.com website; it says that you cover web services security i.e. XML Encryption and Signature. Any mentioned on other security protocols (which were also in a flux) like SAML, WS-Security and identity management ?

Security is covered in Chapter 12, with quick examples of how to's for XML Encryption and Digital signature.
You will find overview of SAML and WS-Security.

5) Does the JAX* apis use XML-Schema extensively ?
Ofcourse, we have covered them in the Data binding chapters.
Take a look at free chapters posted at java.sun.com
http://developer.java.sun.com/developer/Books/j2ee/devjws/

6) What's been happening in the web services choreagraphy space ? A short summary in this area would be much appreciated.
WSCI and BPEL4WS is on the works...not many implementations available.
/Ramesh


Ramesh Nagappan CISSP<br />Co-Author of "Core Security Patterns"<br />nramesh@post.harvard.edu<br /><a href="http://www.coresecuritypatterns.com" target="_blank" rel="nofollow">www.coresecuritypatterns.com</a>
Gavin Bong
Ranch Hand

Joined: Apr 25, 2003
Posts: 56
Ramesh,

Security is covered in Chapter 12, with quick examples of how to's for XML Encryption and Digital signature.

To achieve reasonable security; one will need the 5 pillars: authentication, data privacy, data integrity, non-repudiation and authorization.
XML Encryption provides data privacy and XML DigSig provides data integrity. Without the other three, we only have a 3-legged horse.
Regards,
Gavin
Ramesh Nagappan
Author
Ranch Hand

Joined: May 06, 2003
Posts: 159
Originally posted by Gavin Bong:
Ramesh,

To achieve reasonable security; one will need the 5 pillars: authentication, data privacy, data integrity, non-repudiation and authorization.
XML Encryption provides data privacy and XML DigSig provides data integrity. Without the other three, we only have a 3-legged horse.
Regards,
Gavin

Here is some information...from top of my head :-)
I fully agree XML-ENC (Encryption) and XML-DSIG (Didgital signature) solves those 2 pieces of the puzzle. There are other important specs, which you may need to take a closer look:
XKMS: XML Key Management Services protocol for a trust service for resolving (validating) public keys used in XML Signature and Encryption.
XACML: eXtensible Access Control Markup Language which define core schema and namespace for
authorization policies in XML
SAML: Security Assertion Markup Language
Defines an XML framework for exchanging
authentication and authorization information
like Various XML security assertions: credentials,
authentication, attribute, authorization, etc...
WS-Security - Set of SOAP extensions for end-to-end SOAP messaging security
Liberty Project - Another open standard based solution for identity, authentication and authorization addressing Single sign-on, Cross domain Singlesign-on, Federated Single sign-on etc.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: [To Authors] State of the webservices world