Web Services and Service Oriented Architecture
CS 4720 – Web & Mobile Systems
CS 4720 The tradi�onal so�ware model • Organiza�ons build it all from scratch – “We can't trust anyone! Our compe�tors will sabotage us!” – “We must own everything! Hardware and so�ware!” • Companies that build so�ware need components that do X or Y… – … so they buy COTS components – Service contracts, new releases, regression tes�ng…
2 CS 4720 The tradi�onal so�ware model • How well does this work? • Some project data from the DOD: – 47% of so�ware delivered could not be used • Usually didn't meet requirements – 29% of funded so�ware never delivered • Usually canceled due to cost/schedule overruns – 19% of so�ware useful a�er extensive rework • Costs 36 �mes more to fix problems a�er release
3 CS 4720 A push to distribu�on • “We're really good at ______, how can we get our ______out for people to use?” • The idea of distributed compu�ng – “We're good at X, but not so good a Y…” – “What if we got someone to help us with Y… but in a way that we didn’t have to include any fancy libraries… – … and we could use them in web apps! And mobile devices! And even desktop apps!”
4 CS 4720 A Web Service • From W3C: “a so�ware system designed to support interoperable machine-to-machine interac�on over a network. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its descrip�on using SOAP-messages, typically conveyed using HTTP with an XML serializa�on in conjunc�on with other Web- related standards”
5 CS 4720 A Web Service? • Huh? • A bit more simply: A program, accessible via the Internet, that can do some func�on (either for free or a fee) and can be dynamically discovered and used. • So… I use web apps all the �me… are those web services?
6 CS 4720 Web Service as RPC • The earliest form of a true “web services” was an RPC – remote procedure call. • Exactly what it sounds like – there is an exposed func�on/method that is accessed via the web where you pass the parameters and the method name and you get back a return value. • No�ce how this is very different from the RESTful model (verbs vs. nouns)
7 CS 4720 Web Service as SOA • RPC was okay… but it turned out to be a bit more language specific than we'd like • What if we just a structured message (like an XML document) that described what we wanted, as opposed to knowing the exact func�on call? • This is the basis of the Service-Oriented Architecture
8 CS 4720 Word By Word • What is a service? • "A service is a discoverable resource that executes a repeatable task, and is described by an externalized service specifica�on.” • Business alignment – business requirements • Specifica�ons – self-contained, well specified • Reusability – general enough to be reused • Agreements – based on func�on, not pla�orm • Hos�ng and discoverability – available • Aggrega�on – can be combined to make bigger services
9 CS 4720 Word By Word • What is an architecture? • "A formal descrip�on of a system, or a detailed plan of the system at component level to guide its implementa�on.” • “The structure of components, their interrela�onships, and the principles and guidelines governing their design and evolu�on over �me."
10 CS 4720 Architecture • Architecture is: – A high-enough level of abstrac�on that the system can be viewed as a whole and yet s�ll provides enough informa�on to make decisions. – Supports the func�onality of the system. – All implementa�on details are hidden. • Service orienta�on is a way of integra�ng a business as a set of linked services.
11 CS 4720 What are we actually trying to do?
Fork Receive PO
Update Customer Profile Get Items from Inventory
Branch Compute Subtotal
Compute Export Tax [ship within US] [ship outside US]
Compute Shipping Cost
Merge Compute International Shipping
Compute Total
Ship Order Join
12 CS 4720 OSI Model
13 CS 4720 OSI Model
14 CS 4720 The Stack
15 CS 4720 The Stack
ebXML UDDI Registries Discovery ebXML Contracts and CPA agreements OWL-S Service Process and workflow BPEL4WS BPML Model orchestrations WS-AtomicTransaction and WS- BTP QoS: Transactions BusinessXALcAtiNviGty WS-Reliable OWL-WS SSCeLrvice WS-Coordination QoS: Choreography Messaging ebXML Profile WSCI BPSS OWL-S Service WS-Security WSCL QoS: Conversations Grounding ebXML WS-Policy WSDL QoS: Service OWL PSL CPP descriptions and bindings ebXML RDF SOAP messaging Messaging XML, DTD, and XML Schema Encoding HTTP, FTP, SMTP, SIP, etc. Transport
16 CS 4720 The Stack
17 CS 4720 SOA – The Quick Version • Right now, you probably think of a so�ware system as being a collec�on of classes / objects • But users don't think of systems like that… they think of systems as sets of func�onality that help them do something • So… why do we use objects? – Easier to model – Easier to program – Easier to explain to other programmers
18 CS 4720 Or is it actually easier? • Turn our idea of a system 90 degrees • Func�onality objects (procedural abstrac�on) is the key idea, not world objects (data abstrac�on) • This is the key in SOA – An SOA system has the func�onali�es as the main players, not the objects themselves – But more so, these services are provided by many different players
19 CS 4720 But what language do we speak? • SOAP - Simple Object Access Protocol – A communica�on protocol – A format for sending messages – Pla�orm independent – XML based – Follows the rules that allow for transmission easily over HTTP, SMTP, etc. • Not really much more than an HTTP request that follows XML/SOAP standards
20 CS 4720 SOAP Model
21 CS 4720 SOAP Model
22 CS 4720 SOAP Request
POST /InStock HTTP/1.1� Host: www.example.org� Content-Type: application/soap+xml; charset=utf-8� Content-Length: nnn
�
23 CS 4720 SOAP Response
• HTTP/1.1 200 OK Content-Type: application/soap+xml; charset=utf-8 Content-Length: nnn
�
24 CS 4720 Parts of SOAP • The Envelope – required root element defining the document as being a SOAP request • The Header – not required, but contains authen�ca�on and/or payment info for the request • The Body – the actual message being sent
25 CS 4720 But I like to be dirty! • …. • Bad �tle aside, some didn't like to be “�ed down” by such “conserva�ve talk” of having to follow the SOAP rules! • “It's just XML!” they said. “I don't need of this extra stuff! Just good Plain Old XML…!” • “And that's what we'll call it! POX!”
26 CS 4720 What's the difference? • Following the agreed upon rules… • Valida�ng POX can be hard; SOAP is comparably easy • SOAP services are be�er at being dynamically bound • How we do this is Thursday's lecture
27 CS 4720 A�er all this… What about REST? • REST is an architectural style that is independent, but compa�ble, with XML • POX/HTTP means exchanging plain old XML documents over HTTP; can be RESTful • SOAP is a standard document format for building high-level protocols. Anything that uses SOAP is (by defini�on) not just using plain old XML, and thus not POX; it can also be RESTful
28 CS 4720 So… • So there can be RESTful SOAP applica�ons, and RESTful POX applica�ons, and non-RESTful SOAP applica�ons, and non-RESTful POX applica�ons, but no POX/SOAP combina�on… sort of
29 CS 4720 Thoughts • If you want a great experience for .NET/Java devs, you'll typically publish schemas and support SOAP. • If you want a great experience for LAMP folks, you'll support POX messages (or JSON) and will provide a non-XSD descrip�on of your formats. • If you want to reach both audiences, you'll do both #1 and #2. • If you want to reach both audiences before your compe��on does, you'll avoid indulging in religious debates and ship something.
30 CS 4720 Using a Web Service • If you took the �me to create a service, then you probably want people to use it • In order to use a service, users need to know what informa�on they can send the service and what informa�on is going to be sent back • What would be even be�er is if the so�ware could do all this automa�cally…
31 CS 4720 Enter WSDL • WSDL: Web Services Descrip�on Language – An XML document used to give the specifics of a service • Loca�on • Methods • Allowed messages • Poten�al error messages
32 CS 4720 Enter WSDL
33 CS 4720 The HelloService Example • h�p://oreilly.com/catalog/webservess/ chapter/ch06.html
34 CS 4720 Quick Sidestep: UDDI • UDDI: Universal Descrip�on, Discovery and Integra�on • A solu�on in search of a problem • The idea is okay: a language and schema for allowing people to publish their WSDL schemas so that others can discover their services • IBM, Microso�, and SAP announced they were closing their public UDDI nodes in January 2006 • No one used it!
35 CS 4720 Quick Sidestep: UDDI • Where might it work decently? – Perhaps inside a single organiza�on for internal code • The public sides were either: – Empty – Overrun with junk • Whichever it was UDDI, isn't really used • Quote Marty Humphrey: “It was a good problem to solve, but a terrible solu�on.”
36 CS 4720 The Original Idea
37 CS 4720 Back to WSDL • We DO use WSDL though • It is how a web service is bound to an applica�on • It's more XML… which kinda sucks… • But… the best part is…
38 CS 4720 The Best Part about WSDL • No one ever writes the stuff themselves! • It's auto-generated!
39 CS 4720 BPEL • Business Process Execu�on Language – Standard executable language for specifying interac�ons with Web Services • Basic goal: an “execu�on language” to write “systems” by tying available web services together
40 CS 4720 The Basic Idea
41 CS 4720 Video • h�p://www.youtube.com/watch?v=XRzTySj- aak
42 CS 4720 Okay… so… • In a SOA… – Every func�on is a service – Every service is independent – Each service can talk to other services through a specified protocol (SOAP) – Each service defines what messages it can deal with through a specified protocol (WSDL) – Services can announce themselves to everyone else (UDDI or some other publishing scheme) – And services can be bundled into processes (BPEL)
43 CS 4720 That was exhaus�ng… • Oh, it gets be�er. Look at all the QoS stuff…
ebXML UDDI Registries Discovery ebXML Contracts and CPA agreements OWL-S Service Process and workflow BPEL4WS BPML Model orchestrations WS-AtomicTransaction and WS- BTP QoS: Transactions BusinessXALcAtiNviGty WS-Reliable OWL-WS SSCeLrvice WS-Coordination QoS: Choreography Messaging ebXML Profile WSCI BPSS OWL-S Service WS-Security WSCL QoS: Conversations Grounding ebXML WS-Policy WSDL QoS: Service OWL PSL CPP descriptions and bindings ebXML RDF SOAP messaging Messaging XML, DTD, and XML Schema Encoding HTTP, FTP, SMTP, SIP, etc. Transport
44 CS 4720 What could possibly go wrong? • QoS: Quality of Service – Availability (MTTR): is it up? – Accessibility: if it's up, can I get to it? – Conformance to Standards: play by the rules? – Integrity: actually does what the WSDL says? – Performance: how fast does it come back? – Reliability: how does it handle failures? – Scalability: how does it handle lots of requests? – Security: what about all my data flying around? – Transac�ons: if one part fails, does it all fail?
45 CS 4720 Bring in the lawyers • Service Level Agreements – Web services can come with contracts between the provider and the consumer that specify the requirements of the previous slide – Basically will boil down to how it will handle: • Performance and capacity • Availability • Security/Privacy • There are protocols for this too!
46 CS 4720 BAH! Is it worth it? • Verizon thinks so: • Rebuilt fraud detec�on system into BPEL from J2EE • Used Oracle's BPEL Process Manager system • Original system: – Three large DBs consis�ng of 2.5 billion records – Team of 100
47 CS 4720 BPEL-arific • Tossed all the Java • Now it's one Shockwave (Flash) and one JSP page on top of the BPEL • Flash makes web services calls into the BPEL processes • All business rules wri�en into the BPEL language • Web 2.0 UI
48 CS 4720 BPEL-arific • New code base is 0.5% of original size • 192 processor cores down to a single 8-core server • Energy consump�on down 99% • 20 terabytes of DB to 64 gigabytes
49 CS 4720 According to Verizon
• Based on event-driven architecture, data on cell phone usage coming from the Verizon switches is analyzed and checked for business excep�ons, Chappell explains. He site examples of possible fraud including business excep�ons such as the detec�on of excessive data thresholds. This might indicate that someone is doing "phone cloning" to make calls by stealing a customer's account informa�on. When this sort of excep�on is detected, an event starts a BPEL process. • With the SOA implementa�on, Chappell explains "the BPEL process invokes a number of services, which includes going out directly to the source of the call detail records to get the informa�on necessary to enrich the event data. It is then fed into a rules engine to check for viola�ons, make decisions based on policy, and then on to generate more detailed reports." • Using this services approach rather than data warehousing to retrieve and process the required informa�on reduces the storage requirements.
50 CS 4720 Thanks • Many thanks to Ken Anderson @ Colorodo for some of this informa�on • Some info also from the fine folks at Wikipedia • h�p://www.pluralsight.com/community/blogs/ dbox/archive/2006/02/17/18869.aspx • This slide deck brought to you by the le�er “∫” and the number “awesome.”
51 CS 4720