1.2 How This Book Is Different

Although there are a number of recent books on the topic of Web Services, much of the information currently available is purely marketing hype about what Web Services can do, with little practical information for developers and architects . To emphasize how this book differs from others, I have identified five distinctive features. I also expand on three key ideas, and finish this section by presenting an overview of its unique values.

1.2.1 Five Distinctive Features of This Book

In addition to the list of technical subjects covered in the table of contents, there are five distinctive features in this book. These features are designed to address different needs of the developer and architect audience. They also help differentiate this book from similar Web Services books.

The Frontiers of Web Services

The frontiers of Web Services technology that describe how to build a total business solution include mainframe and legacy systems interoperability and cross-enterprise integration (for example, SOAP-JMS binding). The book also introduces how to use some cool developer toolkits (such as the Java Web Services Developer Pack and Apache Axis) for building Web Services prototypes . This goes beyond a textbook on SOAP programming or a concept book on Web Services technology. These technology areas are helping to bring Web Services implementations closer to reality.

Real-Life Examples

Current, publicly available Web Services implementations are analyzed throughout the book. Real-life examples and business scenarios make the technology contextual and make it easier for developers and architects to reapply appropriate Web Services technology in their own business environment. They differentiate the book from others that focus primarily on the technology details. Different use cases or business scenarios applying Web Services, will be outlined to help establish a business case for implementing Web Services.

Design Patterns and Best Practices

Some Web Services design patterns and when-to-use architecture principles are discussed. The Web Services design patterns and best approaches address the different needs of infrastructure architects, J2EE developers, security architects, and integration architects. These best practices are accumulated and extracted from past customer engagement experience. The emphasis will be on building Quality of Services (the so-called "ilities") for reliable, available, and scalable Web Services. This can be the basis for customizing a Web Services development and deployment cookbook.

Web Services Technology Market Space

A sampler of major Web Services vendor architectures and products is supplied in Appendix B. It provides a quick overview and a handy guide to the Web Services technology market space. A list of URLs and other resources is also provided because these usually provide more up-to-date information on vendors and products. These resources can assist developers and architects who want to do a tool selection and vendor assessment.

Paper and Pencil Lab Exercise

Guided hands-on labs are offered to build complete examples incrementally. Developers and architects can start with basic skills in Web Services technologies such as SOAP, WSDL, and JAXM in earlier chapters, and then Web Services development tools and security add-on tools in later chapters. These exercises help build up the skills needed to develop a complete prototype in Chapter 8, Web Services in Action: Case Study.

1.2.2 Three Key Ideas

There are three key ideas conveyed in this book, and they are backed up by technical details of various Web Services technologies.

Technology With Business

Technology is an enabling tool to collaborate with business; it does not rule over business. What is the business case for Web Services? Web Services technology can tie business benefits and service level to a company's bottom-line goals. This book will provide ideas and examples on how to establish a business case for Web Services solutions. It helps developers and architects collaborate with business, ties the technology solutions to their business environment, and identifies the benefits to their bottom-line goals.

The Big Picture

SOAP and UDDI are only parts of the big picture of Web Services technology. Web Services applications do not begin and end with a SOAP program or a UDDI look-up. Web Services solutions using ebXML provide a richer set of messaging and workflow functionality for Business-to-Business integration (B2Bi), and they have become more visible in the industry recently. Quality of Services, or so-called "ilities" such as scalability and reliability, becomes a key challenge to developers and implementation managers. Thus, it is important to look at different components of Web Services technology solutions and at various aspects of designing and scaling the Web Services solutions. This book examines different aspects of Web Services technology. It intends to present a bigger picture of Web Services technology, instead of focusing on solely WSDL, UDDI, and SOAP.

What Makes Web Services a Killer Application

What makes a solution a killer application is dependent on whether it creates "stickiness" (good user experience), ease of use, and the flexibility to implement and integrate. There is much market hype about Web Services being killer applications. The underlying enabling technology of WSDL, UDDI, and SOAP is not new. Web Services applications may be relatively simple to implement and can address existing technology challenges. But there is a fine distinction between the Web Services phenomenon and the Web Services market hype. This book discusses business scenarios where Web Services solutions can become killer applications, and clarifies any market hype by exploring what can be done (the capabilities of Web Services technology based on its associated strengths) and cannot be done (the weaknesses of Web Services technology).

1.2.3 Inside the Big Ideas

This book is about what Web Services technology is and how different technology components can be assembled to build solutions. The following paragraphs summarize some key technology components and relate them to the big ideas in the book.

Web Services 101

The first few chapters provide a refresher course on Web Services technology basics, including WSDL, UDDI, SOAP, and ebXML technology. It also explains what makes the WSDL-UDDI-SOAP technology more popular than CORBA ”it is easier to understand and implement. WSDL-UDDI-SOAP technology was heavily marketed by Microsoft in the early days (before it became open ). Today, WSDL-UDDI-SOAP technology is not the only Web Services technology; ebXML is one alternative. C# and Java are not the only programming languages for Web Services; we also have Perl (for example, SOAP-Lite is a package on top of Perl to implement Web Services) and some others. The paper and pencil exercises at the end of the first few chapters provide building blocks to build simple synchronous and asynchronous Web Services clients using Java or SOAP-Lite. Chapter 8, Web Services in Action: Case Study, brings these building blocks together as a solution and reinforces the big picture of Web Services technology discussed in the previous sections.

The Big Picture

Many Web Services books discuss WSDL, UDDI, and SOAP technology. Nevertheless, they have limited coverage on implementing Web Services, especially about how Web Services handles end-to-end security, mainframe or legacy systems interoperability, and cross-enterprise integration. There are Quality of Services design patterns available for enhancing performance and scalability of Web Services. Chapter 2, The Web Services Phenomenon and Emerging Trends, provides examples and business scenarios about partnering technology and business to produce end-to-end solutions using Web Services technology. Chapter 3, Web Services Technology Overview, introduces different technology components such as SOAP and ebXML (the parts), and discusses how these components can be integrated and interoperated to become a solution (the big picture) in the subsequent chapters on Web Services architecture, mainframe interoperability, cross-enterprise integration, and security. This book emphasizes a vendor-independent architecture framework and reusable Web Services patterns, which can help create end-to-end solutions based on past experience and best practices easily.

Web Services Architecture

There are many published Web Services architectures available today. Yet most of them are vendor product architectures, rather than a generic Web Services reference architecture (such as W3C's Web Services architecture). It is important to differentiate vendor product architectures from a Web Services architecture framework and methodology. A generic Web Services architecture provides a repeatable and consistent way to design and deploy scalable, reliable Web Services, independent of the underlying vendor products. Chapter 4, Web Services Architecture and Best Practices, introduces a vendor-independent architecture framework to design Web Services and to bring different technology pieces together in a big, complete picture. It also discusses some best practices of delivering Web Services solutions with Quality of Services. Appendix B summarizes various Web Services architectures based on different vendor products, which can be good reference materials for the vendor-independent Web Services architecture framework depicted in Chapter 4.

Mainframe Interoperability

Many business functions or killer applications today are still provided by mainframe or legacy systems, which can be wrapped as a business service (using EJB or XML-RPC) for reuse by Open Systems (such as Java front-ends ) and interoperability with other systems (such as Business-to-Business integration). This will require the use of some Java classes (such as CICS or VSAM connectivity jar files provided by Java Connector Architecture products) on the mainframe. This book introduces new underlying integration technology concepts using Web Services and discusses different alternatives on how to expose business functionality provided by mainframe or legacy systems. On an IBM z/OS mainframe, legacy systems running on an MVS or a VSE operating system can be invoked and interoperated from the Unix services of the same machine. It opens up new opportunities to integrate with legacy systems, as opposed to the traditional integration approach using proprietary middleware.

For customers who have less flexibility in maintaining legacy systems, legacy Cobol applications on MVS or VSE can be also cross-compiled as Java byte codes running under the Java Virtual Machine (JVM) of the same mainframe. EAI products can be used as the underlying adapter to interoperate with the mainframe as Web Services. This book also introduces other interoperability options, such as transcoding Cobol codes to Java components. It discusses the rationale and benefits of each interoperability option, as well as the constraints that are essential during the design stage.

Web Services technologies enable the reuse of business functionality provided by mainframes and legacy systems. They help protect past investments of business functionality developed on legacy and proprietary platforms and ease building killer applications based on existing customer and account data kept by these legacy systems. Killer applications create user stickiness by aggregating useful and timely customer and account information from different data sources that may run on legacy systems using Web Services as the technology enabler .

Web Services and EAI

EAI, B2Bi, and Web Services are technologies for integrating business corporations. EAI are traditional middleware products (for example, Message Oriented Middleware). B2Bi is specific for integrating business corporations with workflow. Some people generalize that Web Services technology is another EAI and can replace traditional EAI middleware. This is a misconception . There is a close synergy between Web Services and EAI technology. This book clarifies the relationship. It confirms that Web Services can be used for lightweight integration, but it cannot replace EAI. In addition, it discusses various patterns showing how Web Services technology is used for B2Bi, and how it would differentiate from EAI technology.

Web Services Security

Web Services security is probably the most fast-changing aspect in Web Services technology. There are a few challenges in this technology. Much of today's Web Services literature has covered SOAP message level security and the general security requirements addressed by SOAP security only. The infrastructure level security for a Web Services infrastructure or appliance is not well covered. Another challenge is that there is no cohesive coverage to bring the technology pieces of authentication (such as Liberty Alliance), authorization (such as SAML, XACML), traceability (such as tracking a SOAP message), data privacy/confidentiality/data integrity (such as XML encryption), availability (such as making SOAP server resilient), and non- repudiation (such as XKMS, digital signature) together under an end-to-end security framework.

This book clarifies the roles of different Web Services security technologies; HTTPS and digital signatures are the building blocks to providing authentication and non-repudiation. The recent WS-Security specification does not specify how network transport, infrastructural, or application security should be handled. The notion of XML Trust Service attempts to provide a broader perspective of different aspects of XML Web Services security, such as key registration and authentication (XKMS), entitlement and identity (SAML), and fine-grained data access rights (XACML).

This book also discusses the outlook of recent Web Services security initiatives led by major vendors, and their underlying technology. WS-Security used to be Microsoft-proprietary. IBM has recently partnered with Microsoft and VeriSign to support it under the "Web Services Security Roadmap" ( http://www-106.ibm.com/developerworks/ webservices /library/ws-secmap/ ). This initiative supersedes previous IBM and Microsoft XML Security specifications. Sun and many other vendors now also support WS-Security. Security continues to be a problem area for Microsoft platforms, despite their commitment to address it. Microsoft PASSPORT has been criticized by Microsoft opponents for its design objectives and implementation, which will lock in customers and intrude on their privacy.

Project Liberty ( http://www.projectliberty.org/ ) is a market response to PASSPORT and provides a choice of network identity solutions. It provides a platform-independent architecture for Single Sign-on and network identity management to support authentication and authorization with SAML. There is a misconception that Liberty Alliance is competing with WS-Security. This book clarifies that misconception and discusses the role of Liberty in identity management, which complements the message-level and application-level security provided by the WS-Security specification.

Finally, this book proposes a security framework to design end-to-end Web Services security. It addresses security at different levels, from network level, infrastructure level, message level, to application level. It reinforces the idea of the big picture, bringing different security technologies together.

The Frontiers of Web Services Technology

Web Services technology initiatives are fast-changing. The frontiers of Web Services technology also extend to wireless Web Services (such as enabling the mobile device to support SOAP messaging via kSOAP and J2ME). There are generally one or more events every week. The challenge to many developers and architects is how to manage these fast-changing technologies. We have seen the convergence of Web Services Security from SOAP-SEC, WS-Security, and various security specifications, followed by the convergence of XLANG and WSFL into BPEL4WS (Business Process Execution Language for Web Services, or http://www.106.ibm.com/developerworks/library/ ws-bpel / ). We also see the recent Web Services Choreography Interface (or WSCI) specification, which defines business process orchestration for Web Services similar to BPEL4WS. This book suggests some strategies to manage these new emerging technologies by reviewing the forthcoming standards specification and partnering with technology thought leaders to reduce implementation risks.

There are "no new things under the sun." New technology and tools emerge from time to time. This book identifies and analyzes several factors that foster the fast-changing Web Services technologies. It is important to understand the basics, the limitations, and the future direction of Web Services to prepare for the next frontiers. Apache Axis is a next -generation SOAP engine. It is based on IBM's Web Services Toolkit and has included utilities to generate WSDL. It is a good penetration strategy for vendors to incorporate their technology into Open Sources. It is also a good tactic for developers and architects to keep track of some leading Open Source tools for Web Services because they may be embedded into commercial Web Services products soon.

The developer dictates the market. Web Services products that can win developer support and dominate the developer desktop may become the next dominant Web Services technologies. The success of Windows-based product has led the .NET marketing strategy. Sun's Java Web Services Developer Pack (JWSDP) is an all-in-one developer kit, a response to Web Services market. All-in-one will become a key element for future developer kits.

Apart from watching new products and tools, a list of forthcoming Web Services specifications (such as JSRs) are identified and may be the next frontiers of Web Services technology.

1.2.4 Values of the Book

This book focuses on Sun's Web Services technology (for example, JWSDP and JAX) with a Sun ONE architecture and J2EE flavor. The majority of Web Services books available today introduce WSDL-UDDI-SOAP programming exercises and concepts. This book introduces the frontiers of Web Services technology and the steps for designing the entire application with scalability and availability. Experience says that putting the technology to use in real-life examples can make learning more effective, so this book focuses on doing that.

It provides some program codes and small hands-on labs for illustration, but it does not replicate other beginner's Web Services books or SOAP programming-level books. Thus, it is a good accompaniment for other Web Services books. This book also includes extensive pointers to URLs and to other Web Services resources.