A Access Control, 11 Acquisitions, Growth Of, 20 Acrobat Reader, 5

A reference architecture (See Reference architecture) Access control, 11 role of, 149 Acquisitions, growth of, 20 security infrastructure, 166 Acrobat Reader, 5 App. C Web Services Deployment Advisor, 514 Platform, 165 Amazon model, 23 Web Services Development Amazon Web Services Toolkit, 483 Platform, 165 ANT Web Services Open Standards, 166 customizing, 465–466 ASP, 24 installation and configuration, 11 App. C ASP.NET server, 527 resources, 4 App. C Asynchronous mainframe web services running, 467–468 pattern, 266–268 Apache Axis, 2, 3, 4 App. C, 8, 9–10 App. Asynchronous messaging, 229 C, 11, 20–21 App. C, 42, 493, Asynchronous Web Services, 193 500–510 Auditing, 111 Apache Crimon, 75 Authentication, 7, 111, 365, 376 Apache HTTP Web Server, 25 Authentication design, 269 Apache Tomcat, 377, 379–381, 381 Authority, 111 Apache Xerces, 4 App. C, 75 Authorization, 7, 365 Apache Xindice, 381 Automation, growth of, 24 APPC adapter, 225 Availability, 1, 160, 366 Application layer, 296 Availability patterns, 172 Application partitioning, 184 Avinon, 515, 519 Application Platform Layer, 158, 159, 164, Axis. See Apache Axis 444, 445 Application Server Analyzer, 166 B Application Servers, 114, 156 Application Service Provider, 24, 52 Back-end implementation, 110 Application-to-application pattern, Back-end resources management, 282 309–312, 342 Banking intermediaries, new, Application tooling, 446 23, 28 Architecture. See also Reference Banking services, core, 27–28 architecture B2B Commerce, 30 advantages of, 150 B2B financial exchanges, 29 definition of, 149–150 B2Bi, 4 infrastructure tools, 165–166 BEA, 515, 520 principles, 161–164 Best practices, 47 product architecture, 167 Bind, 61 562 Index

bindStudio Collaborative Process C Modeling, 520 bindStudio Model-to-ebXML C#, 5, 15, 113, 123, 527 Generation, 521 C# Station, 515 bindStudio Model-to-WSDL Cache, 113 Generation, 521 Candidate characteristics, 33 bindsystems, 515, 520–521 Cape Clear 4 Manager, 522 BizTalk server, 528 Cape Clear 4 Server, 522 Bluetooth™, 26 Cape Clear 4 Studio, 522 Bottomline Technologies, 29 Cape Clear, 515, 522–523 Bouncy Castle JCE Provider, Capital markets, growth and development 4 App. C of, 29–30 Bouncy cryptography provider, 27 Case studies bowstreet, 515, 521–522 Dollar Rent-A-Car Case Study, 32 BPEL4WS, 8, 517 Foreign Exchange (FX) Spot Rate Quote BPWS4J, 524 Service Case Study (See Foreign Broadband Internet, growth of, 26 Exchange (FX) Spot Rate Quote Broker Integration Patterns, 335–341 Service Case Study) build.properties file, 466 Hewitt Associates Case Study, 32 build.xml file, writing the, 221, 356 Trans-Canada Pipeline Case Study, 31 Business case, establishing CCI, 300 advantages, 47 CDLC. See Connected, Limited Device application of, 32 Configuration benefits of implementing Web CE/FACT, 119 Services, 43 Certificate management, 166 candidate characteristics, 33 Certification Path (CertPath), 406 comparison of implementation CICS, 227 costs, 46 CICS-proprietary EXCI/MRO criteria for pilot project, 41–42 protocol, 230 disadvantages, 47 CICS APPC calls, 227 membership award example, CICS EJB server, 265 33–37 CICS Resource Adapter, 305 payment services example, 37–40 CICS screens, 225 prerequisites, 41 CICS SOAP technology, 499 return on investment model, 43–46 CICS Transaction Gateway (CTG) risk analysis, 42–43 3270 Web Bridge, 250–253 Business messages, 104 CICS Web Server Plug-in, 249–250 Business process automation, 20 client daemon, 230 Business Process Execution Language for components, 229–230 Web Services, 8, 292 configuration tool, 230 Business processes, 104 CTG Java Class Library, 230 Business requirements, 437 deployment configurations, 230, 246 Business service interface, 105 direct connection, 247–249 Business Tier, 155, 231, 232, 260–261, distributed platform configurations, 296, 444 231–232 Business-to-business integration, 4, 18–19, gateway daemon, 229 20, 21, 53, 288 interoperability and integration, and Business Web Factory, 5, 521 mainframe, 260 Buying tools versus building remote CTG, 245–246 tools, 409 same platform configuration, 230–231 Index 563

sample CTG ECI call, 233–239 Coordination of enabling technologies, sample CTG EPI call, 239–245 122–124 terminal servlet, 230 CORBA, 168, 169, 253 Web Support (CWS), 247–253 Core J2EE Patterns, 232 CICS Web Server Plug-in, 249–250 Core security services, 111 CICS Web support, 260 Creating a New Web Service with JWSDP, CIF, 278 137–146 CLASSPATH set-up, 15–16 App. C Credit card processing, 28 Client daemon, 230 Cross-enterprise integration framework Client proxy for FX Web Services Call, application layer, 296 sample, 302–304 benefits of, 297 Client requester, 472–473 data integration, 295 Client responsible trust domain, 375 data transport integration, 294 Client-server interaction, 99 lower layer, 296 Client-side security, 111 middleware integration, 295 Client Tier, 156, 160, 161, 296, 444 process integration, 295 Closed Process Integration Pattern, role and application of, 293–294, 329–332, 342, 343 296–297 Cobol, 6 security integration, 294 COBOL-to-Java migration, 281 upper layer, 296 Code analysis, 459–462 virtual layer, 296 Code conversion methodology, 281–282 CTG ECI call, 233–239 Code customization and deployment, CTG EPI call, 239–245 464–480 CTG Java Class Library, 230 Collaboration Protocol Agreement CRM, 279 (CPAs), 105 Customer relationship banking, 28 Collaboration Protocol Profiles Customer relationship management, 20, (CPPs), 105 278–280 COMMAREA, 225, 232 Commercial implementation of resource D adapter, 304 Common client interface, 298, 300–304 Data encryption, 367 Compiling Data Exchange Pattern, 326–329, client requester, 472–473 342, 343 message provider, 470–471 Data integration, 295 source codes, 221–222, 356–357 Data integrity, 7, 111, 366 stub/skeleton into Java classes, 507–508 Data migration, 281 Confidentiality, 7, 111, 366 Data privacy, 7, 366 Configuration file for jSAMl Data sources, integration of demo, 464 different, 308 Config.xml Contents, 140 Data transformation, 291 Confirmation of receipt of message using Data transport integration, 294 ebXML with JAXM, 359 Data transport security, 368, 372 Confirming SOAP message sent, 224 Database Marketing, 28 Connected, Limited Device Databases, 157 Configuration, 27 DB2 (UDB) with XML Extender, 523 Connection management, 299 DCOM, 168, 169 Construction Phase, 153 DEBA, 208 Consumer-Service Provider DefaultContent.htm to Redirect to New Relationship, 10 Service URL, 425 564 Index

Defining the service description, 123 SOAP Logger, 192–196 Delegate Pattern, 260 Standard build pattern, 312 Demo program files, installation State Management, 188–192 of, 465 Synchronous Mainframe Web Services Denial of service, 366, 382 Pattern, 263 Deploying UDDI Deployment, 198–200 codes, 479–480 Version Management of tools, 116 Deployment and Service Registry, Web Services, 142–144, 145 202–204 Deployment architecture, 200, 454 Developer resources directory, 108 Deployment descriptor, 196 Developer tool log files, 420 Design patterns Development life cycle, 153–154, 282 Application-to-application Development platform pattern, 309 management, 282 Asynchronous Mainframe Web Services Development platforms, 514 Pattern, 266 Development technologies, availability patterns, 172 119–121 considerations and guidelines, 207–208 Development tool model, 64 Closed process integration Digital certificates, 366 pattern, 329 Digital signature client WSDD File, Data exchange pattern, 326 sample, 388 Federated replication pattern, 319 Digital signatures, 7, 366, 367, 407–409 High Availability of Service Registry, Direct connection, 247–249 196–198 Directory/policy server, 157 HTTP Load Balancer (SOAP Server Directory server, 166 Farm), 185–187 Directory structure, 13–14 App. C Hub-spoke replication pattern, 316 DISA, 119, 120 JMS Bridge, 178–182 Discover/find, 60 manageability patterns, 172 Disruptive technologies, 495–497 Messaging transport pattern, 416 Distributed platform configurations, Multiple Servlet Engines, 182–185 231–232 Multi-step application integration DMSConnect, 526 pattern, 322 Document-based Web Services, 193 Open process integration Document Object Model, 75, 81–83 pattern, 332 Document type definitions (DTDs), 70–71 Publish, Unpublish, and Discover Web Dollar Rent-A-Car Case Study, 32 Services, 200–202 DOM, 81–83, 176 Registry Content Management, 204–207 DOM/SAX versus JAXP, use of, 447 Registry pattern (service versioning Domain model, 401 pattern) alias “service Dot-com, demise of, 24, 29 versioning”, 173 Download centers for software reliability patterns, 172 tools, 11 Reverse auction-broker integration DSIG, 111 pattern, 338 DTD, XML to, 133–136 scalability patterns, 172 security patterns, 172 E Service consolidation-broker integration pattern, 335 E-Marketplace UDDI, 97 Single signon pattern, 410 EAI adapter for mainframe, 225 SOAP cache, 172–178 EAI and Web Services, 7 Index 565

EAI patterns, 315–326 Eclipse, 25, 514 EAI products, 6 Economic landscape, transformation eBay model, 23 of the, 19 EBCDIC conversion, 269 Edge products, 167 ebMS, 171 Edge server, 113 ebPML, 515 EDI, 127 ebXML Elaboration phase, 153 adoption of, 482 Electric Server Page, 528 application, 103–104 Electric XML 4.0, 528 architecture, 104–105, 170–171 Electronic banking, 28 business messages, 104 End-to-end security framework, 7 Business Process Specification Schema, Enterprise Application Integration 291 (EAI) business processes, 51, 104, 306 advantages, 288 business service interface, 105 disadvantages, 288 Collaboration Protocol Agreement risk factors, 288 (CPAs), 105 use of, 288 Collaboration Protocol Profiles Web Services, and, 290–293 (CPPs), 105 Enterprise Distributed Object Computing confirmation of receipt of message using (EDOC), 292 ebXML with JAXM, 359 Enterprise Java Bean (EJB), 261 demonstration, 106–107 CORBA server, 253 development technology, 119 design features, 253 ebXML Message Service, 105 EJB container, 253 ebXML Registry Information Model, 105 Jar files, deployed, 253 ebXML Registry Service Specification, 105 Java Connector for CICS, envelope and structure, 105 254–257 implications, 107 Java Virtual Machine, 253 Message Provider Sent Log, 360 object store (DFHEJOS), 253 message provider using JAXM to send request models, 253 XML message, demonstration of, request processor, 253 345–360 request receiver (DFHIRRS), 253 Message Service, 51, 105 request stream directory Message Specification, 55 (DFHEJDIR), 253 ebMS, 171 support, 253–254 registry, 107, 113 TCP/IP Listener, 253 Registry Information Model, 105 Enterprise Resource Planning Registry Service Specification, 105 (ERP), 288 Service Registry, 55, 108, 109, 110 Entitlement, 7, 111, 365 service registry/repository, 105, 108–111 Environment set-up for directories, SOAP, and, 120–121 464–465 trading partner agreement, 105 Environment variables setting, 14–15 transport and routing layer, 105 App. C use of, 54 Eontec, 28 user interface to send message using EPI, 230 ebXML with JAXM, 359 Escrow-based payment services, growth ebXML registry, 122 of, 29 ebXML service registry, 122 ESI, 230 Web Services, and, 103–108 Exchanges gateway, 157 ECI, 230 Exercises 566 Index

Creating a New Web Service with front page to accessing remote FX quote JWSDP, 137–146 web service, 458 Writing the First JAXM Program, Hardware Platform Layer, 444, 445 136–137 high-level design, 441–443 XML to DTD, 133–136 install the client requester, 473–474 eXtend Composer, 529 install the message provider, 471–472 eXtensible Markup Language. See XML; integration of components, 463–464 XML (eXtensible Markup Language) integration testing, 479 Integration Tier, 444 F interaction between components, 442 interoperability with external Factory Integrations, 522 systems, 447 Factory Options, 522 invoke the client, 474 Federated Replication Pattern, 319–322, Java classes used to support 342, 343 SAML, 459 Financial intermediaries, emergence of, 20 logical architecture, 443, 444 Fine-grained data access rights, 7 Lower Platform Layer, 444 Flamenco Networks, 518 main menu of the Demo system, 456 Flexibility, 161 modifying the remote FX quote engine, Foreign Exchange (FX) Spot Rate Quote 475–476 Service Case Study objective, 435 ANT scripts, customizing, 465–466 physical architecture, 453 ANT scripts, running, 467–468 platform layers, 444 Application Platform Layer, 444, 445 Presentation Tier, 444 application tooling, 446 private label customization, 447 assumptions, 436 program changes, management build.properties file, 466 of, 479 business requirements, 437 quality of service matrix, 444, 445 Business Tier, 444 quote response, 459 client invoking FX Spot Quote Service, quote service design, 450–452 460–462 quote web service page, 458 Client Tier, 444 request for quote, 437 code analysis, 459–462 request for quote use case, 440–441 code customization and deployment, Resource Tier, 444 464–480 SAML assertion request to remote FX compile FX quote provider, 467–468 quote Web Service, 457 compile the client requester, Secure Message Service, 462–463 472–473 security design considerations, 446 compile the message provider, service-level requirements, 437 470–471 set up FX quote service, 469–470 configuration file for jSAMl Single Sign-on design, 336, 437, 439, demo, 464 448–449, 455, 457 demo program files, installation system security, 437 of, 465 technology applied, 447 deploying codes, 479–480 unit testing, 479 deployment architecture, future, 454 Upper Platform Layer, 444, 445 design pattern applied, 447 use case scenario, 436 DOM/SAX versus JAXP, use of, 447 use cases, 438–440 environment set-up for directories, user experience, 455–459 464–465 verify the deployed services, 474 Index 567

verifying set-up and remote services, I 476–478 Virtual Platform Layer, 444, 445 IBM developerWorks LIVE! Web Services relationship, 442 Conference, 517 XKMS Trust Verifiers, 463 IBM products, 523–524 XML messaging standards, 446 IBM Web Services, 121, 514, 515 Forte Transaction Adapter for a remote IBM Web Services Architecture, 64–66, 68 CICS transaction, 258–260 IBM’s XML Security Suite, 407 Front Controller Pattern, 260 IBM z/OS mainframe, 226–227 FXProviderIF.java Program, 138 IDE/Development Environment, 114 FXProviderImpl.java Program, 138–139 Identity, 7, 63 IDL. See Interface Definition Language G ilities, 58 iMode, 26 GAIA, 528 Inception phase, 153 Gateway daemon, 229 Information model, 96, 109 GLUE 3.2/4.0, 528 InJoin’s BATCH, 275 GoXML Integration Workbench, 534 InJoin’s TRANS, 275 GoXML Messaging, 534 Installation of GoXML Registry, 534 client requester, 473–474 GoXML Repository, 534 message provider, 471–472 GoXML Transform, 534 Integration. See Interoperability and Green pages, 95, 96 integration, mainframe Grid computing, growth and development Integration design patterns of, 25, 497 application-to-application pattern, GSM technology, 26 309–312, 342 Broker Integration Patterns, 335–341 H Closed Process Integration Pattern, 329–332, 342, 343 Hacker attacks, 381–382 Data Exchange Pattern, 326–329, Hardware encryption, 166 342, 343 Hardware level, 197 EAI patterns, 315–326 Hardware Platform Layer, 158, 159, Federated Replication Pattern, 319–322, 444, 445 342, 343 Hardware requirements, 3 App. C Hub-Spoke Replication Pattern, HDCourier, 526 316–319, 342 Hewitt Associates Case Study, 32 Multi-Step Application Integration High Availability of Service Registry, Pattern, 322–325, 342, 343 196–198 Open Process Integration Pattern, High-level design, 441–443 332–335, 342, 343 High-speed computing, growth and Process Integration Patterns, 329–335 development of, 25 Reverse Auction-Broker Integration Host gateway, 157 Pattern, 338–341 Hosts, 377 Service Consolidation-Broker Integration HTTP binding, 98 Pattern, 335–338, 342, 343 HTTP Load Balancer (SOAP Server Farm), standard build pattern, 312–315, 342 185–187 Integration of components, 463–464 HTTPS, 7, 110 Integration points, 261–262 Hub-Spoke Replication Pattern, Integration technology for Legacy 316–319, 342 mainframe, 229 568 Index

Integration testing, 479 with SOAP-Lite Client, 48–49 Integration Tier, 155, 160, 161, 231, IONA, 515, 524–525 260–261, 296, 444 IP port, 80, 362 Interbind (IBX), 527, 528 IPSec, 369, 370 Interface Definition Language, 291 Interfaces, synchronizing all, 280 J Intermediaries, new, 23–24 Internal EAI UDDI, 97 jar files, deployed, 253 Internal service directory, 108 Java™, 18, 76, 123 Internet, role of the, 20 Java 2 Platform Micro Edition (J2ME™), 27 Internet layer, 57 Java 2 Standard Edition (J2SE) Internet or network layer security, 368 installation and configuration, 6 App. C Interoperability and integration, verification of set-up, 16–17 App. C mainframe Java Authentication and Authorization alternative methods, 270–284 (See also Service (JAAS), 405, 409 specific methods) Java classes architectural perspectives, 260–262 on Legacy system, 273 architecture implications, 282 used to support SAML, 459 asynchronous mainframe web services Java Connector Architecture (JCA) pattern, 266–268 CICS, for, 254–257 asynchronous messaging, 229 CICS Resource Adapter, 305 authentication design, 269 client proxy for FX Web Services Call, business tier, 260–261 sample, 302–304 CICS Transaction Gateway (CTG) (See commercial implementation of resource CICS Transaction Gateway (CTG)) adapter, 304 CICS Web Support, and, 260 common client interface, 298, 300–304 design considerations, 283 connection management, 299 development life cycle, integration program except, CCI, 301–302 with, 282 resource adapter architecture, 298–299 EBCDIC conversion, 269 role and application of, 297–298 external systems, and, 226–227 SAP R/3 Resource Adapter, 305 functional perspectives, 262–263 transaction management, 299 IBM z/OS mainframe, 226–227 Java Cryptographic Architecture integration points, 261–262 (JCA), 406 integration tier, 260–261 Java Cryptographic Extension (JCE), Java technology, and, 253–257, 261 (See 406, 409 also Enterprise Java Bean) Java for Document Object Model, 75 Legacy systems, 3, 6–7, 21, 229 Java GSS, 405 Linux on mainframe, 228–229 Java Message Service, 57, 178, 295, 307 resource tier, 260–261 Java Secure Socket Extension (JSSE), risk factors, 283 405, 409 security considerations, 269 Java Specification Requests (JSRs), SOAP Proxy on mainframe, 488–490 257–260, 261 Java™ Technology and Web synchronous mainframe web services Services, 514 pattern, 263–266 Java Virtual Machine (JVM), 6, synchronous messaging, 229 253, 408 technology update, current, 226–227 Java Web Services Developer Pack™ Invoking a public Web Service (JWSDP), 2, 3, 4 App. C, 7–9 App. C, with JAVA™ Client, 47–48 Index 569

8, 11, 18–19 App. C, 117, 118, 277, J2EE Application Server, 108, 121, 482 152–153 config.xml Contents, 140 J2EE Application Server Platform, 167 creating new Web Service, J2EE Architecture, 276 142–146 J2EE RMI/IIOP, 158 demonstration of creating a new J2ME™, 27 web service, 137–146 J2ME™ Wireless Toolkit, 486 deploying Web Services, JMS, 57 142–144, 145 JMS binding, 120 FXProviderIF.java Program, 138 JMS Bridge, 113, 178–182, 307 FXProviderImpl.java Program, 138–139 JMS-enabled middleware, 113 jaxrpc-ri.xml Contents, 141 JMS Messaging Bridge, 520 publishing to registry, 145 JNDI, 207 verification of Web Services JNDI Look-up vs. UDDI, 207 deployment, 144 jSAML Toolkit, 5 App. C, 11 Web Services Description Language, demonstration of, 422–425 138–142 installation and configuration, web.xml Contents, 140 12–13 App. C wscompile in build.xml, use of, 142 verification of set-up, 22–25 App. C WSDL generated from JWSDP, 145 J2SE SDK, 4 App. C Java™ XML Pack, 76 jUnit, 4 App. C JAX, 110, 113, 277 JXTA, 27, 496 JAX Packs, 76–77, 118 JAX-RPC, 77, 93 K JAXB, 77, 89–91, 118 JAXM Kerberos ticket, 362, 406 application, 83 Key management, 367, 375–376 architecture, 83 Key registration, 7 confirmation of receipt of message using Key store, 436 ebXML with JAXM, 359 Kildara, 515, 525–526 demonstration, 84–89 Killer application, Web Services as, 4 ebXML message provider using JAXM to kSOAP, 27 send XML message, demonstration kSOAP jar files, 27 of, 345–360 kSOAP reference implementation, 486 message for the service request, KVM, 27 426–429 Program, writing the, 136–137 L Secure Message Provider Class, 43–432 LDAP, 376 SOAP local message provider with JAXM LDAP/390, 226 to send XML message, using, Legacy application migration, 282 209–224 Legacy systems, 6–7 user interface to send message using LegacyJ, 272–273 ebXML with JAXM, 359 LegacyJ PerCOBOL, 273 JAXP, 76, 77, 118 Liberty, 7. See Project Liberty JAXR, 77, 92, 109, 118, 201 Liberty Alliance, 7, 121. See Project Liberty jaxrpc-ri.xml Contents, 141 Liberty-compliant Identity Server, 367 JBroker, 531 Linux, 25 JDBC, 281 Linux 390/zOS, 225 JDOM, 75, 176 Linux on mainframe, 228–229 570 Index

Locate a key demonstration, 391–392 MIME, 120 Locate client example, 395 MIME MIME structure, 105 Log Files, 420 mindElectric, 515, 528 Logger design, 195 Mobile Information Device Logical architecture, 443, 444 Profile, 26 Logistics intermediaries, new, 24 MOM. See Message-Oriented Middleware Lotus Domino, 524 MSXML, 67, 75 Lower layer, 296 Multi-Step Application Integration Pattern, Lower Platform Layer, 158, 159, 322–325, 342, 343 163, 444 Multiphase customer relationship management, 278–280 M Multiple Servlet Engines, 182–185 Multisourcing, role of, 24 Mainframe Batch Manager, 275 MVS, 226 Mainframe interoperability. See MyRemote Servlets, deployment Interoperability and integration, of, 358 Mainframe MyRemote source codes, compiling, Mainframe Transaction Processing 356–357 Architecture, 274 MySimple Servlets, deployment of, Maintainability, 43 221–221 Man-in-the-middle attack, 382 MySimple Source Codes, compiling, Manageability, 160 221–222 Manageability patterns, 172 Managed trust domain, 375 N Manifest, 105 Market Data Server, 157 NAICS (North American Industry Megamergers, 20 Classification System), 95, 109 Membership award example, 33–37 .NET, 15, 116, 121 Mergers and consolidations, 28, 29 Netbeans, 25 Message-Oriented Middleware, 7, 291 NetScenario Business Server, 519 Message provider, 470–471 NetScenario Business Service Message security, 111, 372 Templates, 519 Message to request password NetScenario Studio, 519 authentication, 402 Network connectivity security, 368 Messaging, 291 Network/data transport security, 111 Messaging servers, 156 Network identity management, 363 Messaging Transport Pattern, 416–419, Network level, 198 426–432 Next-generation SOAP engine, 498–499 Methodology and development life cycle, NMAP, 377 153–154 Nonrepudiation, 7, 111, 366 Microsoft Global XML Web Services Novell, 515, 531 Architecture, 66–67, 68 Microsoft PASSPORT, 7, 8, 366, 406 O Microsoft products, 527–528 Microsoft SOAP Toolkit, 528 OASIS, 26, 108, 119, 120, 406, 486, Microsoft Web Services, 514 491–493, 515, 516 Microsoft Windows, 113 Object store (DFHEJOS), 253 Middleware, 113, 115, 166, Open Applications Group, 482 290, 295 Open Process Integration Pattern, MIDP™, 26, 27, 486 332–335, 342, 343 Index 571

Open Source Web Services Software, Process management and 493–495 methodology, 115 Open Standards, 25–26, 54, 58, Product architecture, 167 121, 411 Product ROI, 43, 45 Open Travel Alliance, 482 Production Phase, 153 Operating system security, 368 Production platform Orbix2A XMLBus, 525 management, 282 OS/390 Unix Services, 226 Program changes, management OSF Apache, 120 of, 479 Out-sourcing, 52 Program except, CCI, 301–302 Out-tasking, 52 Programming model, 64 Progress eXcelon, 515 P Project Liberty, 7, 8, 363, 404–406 Proprietary interfaces, 289 Partner catalog UDDI, 97 Publish, 61, 124, 145 PASSPORT, 7, 8, 366, 406 Publish, Unpublish, and Discover Web Password authenticated, 403 Services, 200–202 Payment services example, 37–40 Q PDA, 26 PDP, 401 QSAM, 281 Peer-to-peer computing, 27 Quality of Service, 1, 21, 58, 160–161, Penetration testing, 368 444, 445 PEP, 401 ilities, 58 Performance, 160 Query, 60 Performance tuning, 166, 207 Perl, 5, 6 App. C R Personal Digital Assistants, use of, 26 RACF, 269 Physical architecture, 453 RDBMS, 369 Pilot, identification and selection Re-usability, 43, 161 of a, 130 Real-time information, growth of, 24 Pilot project, criteria for, 41–42 ReceivingServlet.java, 218–221, 354–356 Pitfalls, 47 Recompile, 272–273, 278 PKI, 384 Reference architecture Platform, 63 Application Servers, 156 Platform security, 368 characteristics, 150 Policy server, 166 components, 155, 156 Port 8080, 362 databases, 157 Portal Servers, 156 demonstration, 154–158 Portal UDDI, 97 directory/policy server, 157 Portals, Web Services exchanges gateway, 157 Presentation Tier, 156, 160, 161, 231, framework, 151–153 232, 296, 444 host gateway, 157 Private label customization, 447 Market Data Server, 157 Private labeling, 288 Messaging Servers, 156 Private service registry, 108, 156 methodology and development life Private UDDI service registry, 30 cycle, 153–154 Process Integration, 329–335 Portal Servers, 156 Process integration, 295 Private Service Registry, 156 572 Index

Quality of Service Analysis Matrix, SAML Message to Request Password 160–161 Authorization, sample, 402 SOAP Server, 156 SAML response-Password tiers versus platform layers architecture Authenticated, 403 analysis, 158–159 SAP R/3 Resource Adapter, 305 Web Servers, 156 SAX, 75, 78–81, 176 Refront, 275–277 Scalability, 1, 160, 172 Registration and authentication, 7 Screen scraping, 41 Registry Content Management, 204–207 SDK, 113 Registry properties, sample, 201 Secure Message Service, 462–463 Regression testing, 165 Secure Messaging Provider Class, 418 Rehost, 273–275, 278 Security, 7–8, 58, 111–112, 160, 363–368 Relativity’s RescueWare, 270–272 Security Assertion Markup Language Release control, 165 (SAML), 410 Reliability, 160, 172 Security design considerations, 446 Request models, 253 Security file, sample, 384–386 Request processor, 253 Security infrastructure, 166 Request receiver (DFHIRRS), 253 Security integration, 294 Request stream directory Security patterns, 172 (DFHEJDIR), 253 SendingServlet.java, writing the, 210–218, Research and development costs, 346–356 reduction of Sent log, verification of, 60 Resource adapter architecture, 298–299 Server components, 99 Resource Tier, 156, 160, 161, 231, Server Configuration File, 420 260–261, 296, 444 Server-side signing model, 408 Retirement Phase, 153 Service broker, 59, 60 Retrieval of cached data, 176–177 Service Consolidation-Broker Integration Return on Investment, 44 Pattern, 335–338, Return on investment model, 43–46 342, 343 Reverse Auction-Broker Integration Service container, 63 Pattern, 338–341 Service creation and assembly, 63 Risk analysis, 42–43 Service definition, 291 RMI-IIOP, 153, 265 Service delivery, 63 ROI, 44 Service description, defining the, 123 RPC-based Web Services, 189 Service Description Language, 51, 57 RPC call, 153 Service dimension, 58 RPC router servlet, 153 Service discovery, 58, 369 RSA, 516 Service integration, 63 RSA Conference, 517 Service-level requirements, 437 Runtime model, 64 Service negotiation, 51, 58, 369–371 Service provider, 59, 60, 95 S Service registries, 59, 60, 61, 94, 108–111, 115 S/MIME, 119 Service registry/repository, 105, 108–111 Same platform configuration, 230–231 Service requester, 59, 60, 94 SAML, 7, 111, 112, 113, 121, 166, 376, Service Requester-Service Provider 401–404, 406 Relationship, 9–10 SAML-based Single Sign-on environment, Service versioning, 173 adding a new service provider in, Servlet engines, configuring, 184 421–425 Shallow model, 65 Index 573

Signing server, 407–409 SOAP Client proxy, 123 Silverstream, 515, 529 SOAP-FTP, 294 Simple Object Access Protocol (SOAP) SOAP/HTTP binding, 110 adaptations, 98 SOAP-JMS binding, 2, 295 architecture, 167–168 SOAP-JMS Integration, 307 CICS, on, 499 SOAP-Lite, 5, 6 App. C client proxy, 152 client code, sample, 48 client-server interaction, 99 download links, 11 constraints, 168 installation and configuration, debugger, 165 13 App. C development technology, 119 verification of set-up, 25 App. C ebXML, and, 120–121 SOAP local message provider with JAXM, enabling technology of, 4 using, 209–224 HTTP, over, 51, 294 SOAP Logger, 192–196 message security, 111 SOAP Messaging over JMS, 263 messaging capabilities, 2, 224 SOAP Messaging over MQ, 263 monitor, 498 SOAP Proxy, 123 protocol, 158 SOAP-RPC, 168 proxy from the Service Registry, 10 SOAP over CICS, 499 proxy on mainframe, 257–260, 261 SOAP RPC layer, 98 resources, 516 SOAP-SEC, 8, 113, 166, 362 server, 152, 156 SOAP Server Farm. See HTTP Load server components, 99 Balancer (SOAP Server Farm) server infrastructure tools, 2 SOAP-SMTP, 294 TCP/IP, over, 294 SOAP/UDDI, 120 technological history, 56 SOAP-WRC, 517 testing/performance testing, 165 SOAP4J, 524 Single Sign-on technology (SSO), 294, Soft ROI, 43, 44–45 336, 363, 367, 370, 410–416, Software level, 198 421–425, 437, 439, 448–449, Software requirements, 3–6 App. C 455, 457 Software tools, 11 SML Parsers, 75 Solaris OE, 158 SNA LU 6.2 verbs, 225, 231 Solutions Sampler, 125–127 SOAP, 1, 98–100. See also Web Services Source codes, 221–222, 356–357 and SOAP Sphere™ source codes, 25 SOAP Cache SQL mapping, 116 benefits of, 177 SQL Server, 528 context, 172–173 Stack complexity scale, 58 example, 178 Standard build pattern, 312–315, 342 force, 173 State Management, 188–192 implementation, 177 Stickiness, 4 problem, 173 Straight-Through Processing, 24, resources, 518 29, 307 retrieval of cached data, 176–177 Stress/load testing, 165 risk factors, 177 Structural framework, 57–58 sequence diagram, 176 Stub/skeleton into Java classes, compile, solution, 174–176 507–508 transaction cache creation, 176 Sun Microsystems Java™ Technology and use cases, 175 Web Services, 514 SOAP Client and state management, 191 Sun ONE™, 121, 151 574 Index

Sun ONE™ Application Server, Throughput, 160 276, 530 Tiered models, 390 Sun ONE™ Architecture Framework, 63, Tiers versus platform layers architecture 64, 68 analysis, 158–159 Sun ONE™ Directory Server, 26 Titan, 377, 407 Sun ONE™ Directory Server 6.0, 531 tModel, 96, 109 Sun ONE™ Identity Server 6.0, 530 tModelInstance objects, 96 Sun ONE™ Integration Manager, 121 Tool selection criteria, 118–119 Sun ONE™ Integration Server, 530 Total cost of ownership, 20, 46 Sun ONE™ Message Queue 3.0, 530 Traceability, 7, 365–366 Sun ONE™ Smart Web Services, 121 Trading partner agreement, 105 Sun ONE™ Studio, 5 App. C, 121, 276, Trans-Canada Pipeline Case 488, 514, 530 Study, 31 Sun ONE™ Unified Development Server Transaction cache creation, 176 5.0, 532 Transaction integrity, 111 Sun ONE™ XML Adapter 1.0, 530 Transaction management, 299 Sunk cost, 43 Transaction routing, 51, 57, 369 SunNetwork Conference, 517 Transaction security, 111, 376–377 Sun’s Mainframe Batch Manager (MBM), Transcode, 270–272, 277 275 Transition Phase, 153 Sun’s Mainframe Transaction Processing Transport and routing layer, 51, 57, 105, Software, 274–275 368–369 Sun’s N1, 495–496 Troubleshooting approach, Web Services, N1, 495 26 App. C, 207 SunTone, 155 Trust, 373–374 SunTone Architecture Methodology, 155 Trust domains, 375–377 Synchronization of all interfaces, 280 Trust Services Integration Kit (TSIK), Synchronous mainframe web services 4 App. C, 11–12 App. C, pattern, 263–266 21–22 App. C Synchronous messaging, 229 Tutorials, 514 Synchronous Web Services, 189 Systems Management Tools, 166 U Systinet, 515, 531–532 UDDI, 1 T UDDI4J, 524 UDDI registry, 118 Talking Blocks, 518 UDDI service registry, 118 TCO. See Total Cost of Ownership UN/CEFACT, 120 TCP/IP Listener, 253 UN/SPSC (United Nation Standard TCPTunnel, 165 Products and Services Classification), TechMetrix, 517 95 Technical articles, 514 Unified Messaging, 26 Technological challenges, 21 Unified Process-based Technology stack, 57–59 methodology, 153 Terminal servlet, 230 Uniform model, 65 Test bed UDDI, 97 Unit testing, 165, 479 Test run, 224, 359 Universal Discovery, Discovery, and Testing platform management, 282 Integration (UDDI) Textpad, 5 App. C access design, 169 Threat profiling, 374, 377–382 application, 94 Index 575

architecture, 169–170 Virtual Private Network, 26, 111 browser, 111 Virtual Sequential Access Method, 227 deployment, 198–200 Visual.NET studio, 527 development technology, 119 Vitrius Web Services Engine, 525 differentiator, 170 VPN. See Virtual Private Network e-Marketplace UDDI, 97 VSAM, 6, 227 enabling technology of, 4 entities and relationships, 96–97 W explorer, 524 Host Scan, 377–378 WAP, 26 Host Security Healthcheck, 379–381 War files, deployment as, 221–222, implementation, 98 357–358 implementation challenges, 94 WASP Developer, 532 information model, 96, 169 WASP Server, 532 information types, 95–96 WASP UDDI, 532 internal EAI UDDI, 97 W3C, 120, 490–491, 516 operator node, 97 Wealth management, 29 Partner catalog UDDI, 97 Web Container, 420 Portal UDDI, 97 Web Container/Application Server, 381 registries, 54, 94, 108–109, 108–111, Web Container Log files, 420 111, 113, 523 Web servers, 156 resources, 516 Web Services roles and operations, 94–95 advantages of, 127, 290 service provider, 95 application servers, 114 service requester, 94 application tools, 115 technological history, 56 architecture, 6, 63–68 (See also test bed UDDI, 97 Architecture) types, 97 benefits of, 69 Web Services, 94–98 bind, 61 Universal Resource Identifier, 10 conferences, 517 Upper Platform Layer, 158, 159, 163–164, coordination of enabling technologies, 296, 444, 445 122–124 URL configuration file, sample entry in, defining the service description, 123 424 definition of, 52–53 User interface to send message using demonstration, 128–130, 500–508 ebXML with JAXM, 359 development platforms, 514 development technologies, V 119–121 disadvantages, 290 Vendor products, 113–116, 116, 515, discover/find, 60 518–534 DOM, and, 81–83 Verification of Web Service deployment, EAI, and, 7 144, 508–509 ebXML, and, 103–108 Verifying set-up and remote services, Enterprise Application Integration, and, 476–478 290–293 Verisign’s Trust Services Integration Kit evolution of, 2 (XKMS), 395, 407, 436, 462 features of, 53–54 Version management, 165, 202–204 frontiers of, 8 Virtual Platform Layer, 158, 159, 164, growth and development of, 1–2, 18, 296, 444 22–23, 46, 53 576 Index

IBM Web Services Architecture, 64–66, success factors, 131 68 technical articles, 514 IDE/Development Environment, 114 technological history, 54–56 implementation, 1–2, 123–124, technology stack, 57–59 130–131 tool selection criteria, 118–119 Internet layer, 57 transaction routing, 57 invoke Web Services, 124 Transport layer, 57 Java™, and (See Java™) tutorials, 514 JAX-RPC, and, 93 UDDI, and, 94–98 JAXB, and, 89–91 use case, 61–63 JAXM, and, 83–89 Web Services Appliances, 418 JAXP, and, 77 Web Services Choreography Interface JAXR, and, 91 (WCSI), 8, 291–292 limitations of, 127–128 Web Services Conference, 517 management, 58, 114, 116 Web Services Consumer, 441 Microsoft Global XML Web Services Web Services Deployment Descriptor Architecture, 66–67, 68 (WSDD), 506 middleware, 115 Web Services Deployment .NET to Java porting, 116 Platform, 165 news and product updates, 514 Web Services Description Language Open Standards, 58 (WSDL), 9–10, 51, 54, 69–75, pilot, identification and selection 100–103, 111, 123–124, 138–142, of a, 130 291, 369 portals, 513 Web Services design patterns, 148 process management and methodology, Web Services DevCon, 517 115 Web Services Developer Pack 1.1., 530 products, 113–116 Web Services Development publish, 61, 124 Platform, 165 Quality of Service, 58 Web Services Edge, 517 query, 60 Web Services Enhancements (WSE) 1.0, risk factors, 290 527 role and application of, 124–125 Web Services Gateway, 498, 524 SAX, and, 78–81 Web Services Invocation scenario, sample, 60 Framework, 524 security, 7–8, 58, 111–112 Web Services Management, 497–498 sequence diagram, 62 Web Services Management/Network service broker, 59, 60 Services, 165 Service Description Language, 57 Web Services Open Standards, 166 service dimension, 58 Web Services portals, 513 service discovery, 58 Web Services Security service negotiation, 58 Apache Tomcat/UDDI Host Security service provider, 59, 60 Healthcheck, 379–381 service registries, 59, 60, 61, 115 authentication, 376 service requester, 59, 60 buying tools versus building SOAP, and, 98–100 tools, 409 Solutions Sampler, 125–127 client responsible trust domain, 375 stack complexity scale, 58 denial of service, 382 standards bodies and communities, digital signatures, 407–409 515–516 framework, 371–373 structural framework, 57–58 hacker attacks, 381–382 Index 577

hosts, 377 WebSphere Studio Application Developer, Internet or network layer security, 368 523 key management, 375–376 web.xml Contents, 140 man-in-the-middle attack, 382 WestBridge, 515 managed trust domain, 375 “White labeling,” 20, 24 Messaging Transport Pattern, 416–419, White pages, 95, 96 426–432 Wholesale banking, 28 platform security, 368 Windows, 113 resources, 516 Winzip, 5 App. C Server-side signing model, 408 Wireless technology, growth of, 26 service discovery, 369 Wireless web services, 26–27, 486–488 service negotiation, 369–371 WML services, 26 signing server, 407–409 Writing the First JAXM Program, 136–137 Single Sign-on Pattern, 410–416, WS-Addressing, 527 421–425 WS-I test, 486, 516 threat profiling, 374, 377–382 WS-license, 362 tools, 407 WS-Policy, 367 transaction routing, 369 WS-Referral, 527 transaction security, 376–377 WS-Routing, 527 transport layer security, 368–369 WS-Secure, 367 trust, 373–374 WS-Security, 8, 67, 111, 112, 121, 362, trust domains, 375–377 367, 384–388, 462, 527 UDDI Host Scan, 377–378 WS Security specification, 7, 372 UDDI Service Registry, 381 WSCI, 8 Web Container/Application Wscompile in build.xml, use of, 142 Server, 381 WSDL, 96, 145, 503–505 Web Services Security Stack WSDl, 4 Process, 370 WSDL-UDDI-SOAP, 5, 55 XML encryption and XML WSFL, 8 signature, 409 WSTK, 113 Web Services Security Forum, 516, 517 X Web Services Security Roadmap, 7 XACML, 7, 166 Web Services Security Stack, Xalan, 4 App. C 367–368, 370 XAML, 113 Web Services Service Provider, 441 Xerces. See Apache Xerces Web Services Service Registry, 441 Xjc, 89 Web Services Standards, convergence XJS, 89 of, 484–486 X-KISS, 399 Web Services Toolkit, 8, 523 XKMS, 7 Web Support (CWS), 247–253 XLANG, 8 Weblogic Integration, 520 XML Access Control Markup Language, Weblogic Server 7.0, 520 412 Weblogic Workshop, 520 XML Business Integrator, 534 WebSphere/390, 225 XML-ENC, 372 WebSphere Application Server™, XML (eXtensible Markup Language) 26, 523 applications, 76 WebSphere MQ, 227, 263, 523 components of an XML document, WebSphere Studio, 523 69–70 578 Index

definition and validation of, 69 XML Key registration Service document type definitions (DTDs), Specifications (X-KRSS), 391 70–71 XML message DTD, to, 133–136 confirmation of receipt of encryption, 7, 367, 369, 371, message, 359 372, 417 ebXML message provider using JAXM to encryption and XML send XML message, demonstration signature, 409 of, 345–360 firewall products, 518 SOAP local message provider with limitations, 76 JAXM, using, 209–224 messaging standards, 446 user interface to send message using namespace, 71–72 ebXML with JAXM, 359 parsing, 75, 77 XML Message Server, 498 proliferation of, 18 XML Processing Description Language schema, 72–75, 279 (XPDL), 292 security, 4 App. C XML Query Language (XQL), 295 signature, 367, 371, 373, XML-RPC, 6, 123, 207, 229 386–387, 417 XML Security Suite (XSS), 407, 524 style sheet processor, 295 XML-to-Java binding schema XML Namespace, 71–72 (XJS), 89 XML Global, 515, 532–533 XML-to-Schema Compiler (xjc), 89 XML Key Management Service, 462 XML Trust Center, 516, 517 XML Key Management Specification XML Trust Service, 7, 406 (XKMS) XML Web Services One, 517 benefits, 400 XML Web Services technology, 21–22 design features, 390–391 XMLBus, 525 implications, 399–400 XMLSpy, 117, 135–136 locate a key demonstration, 391–392 XOption XML, 134 locate client example, 395 Xpath, 176 overview, 389–390 XSLT, 14 result of validating key information from X.509v3, 362, 365, 383, 494 XKMS client, 397–399 XWS, 30 return the locate key result example, 392–393 Y return the validate key result example, 394–395 Yellow pages, 95, 96 running sample XKMS client to locate key information, 396 Z running sample XKMS client to validate key information, 396 Zefer’s Web Services architecture, tiered models, 390 151, 152 Trust Verifiers, 463 z/OS, 226–227 validate a key example, 393–394