SOAP, Web Services, and E-Commerce

Team-Fly    

 
XML, Web Services, and the Data Revolution
By Frank  P.  Coyle
Table of Contents
Chapter 6.   .NET, J2EE, and Beyond


SOAP opens up new options for distributed computing.

The widespread use of SOAP as a distributed protocol for communicating across the Web and the emergence of Web services as a technology that adds structure to the open space of the Web have added a new dimension to the traditional enterprise computing model, based on middleware and application servers tied to tightly coupled networks. As Figure 6.1 shows, the opening up of the Web frontier to server-to-server SOAP-based interactions has fundamentally changed the computing landscape through the addition of loosely coupled message-based architectures.

Figure 6.1. SOAP and Web services open up new possibilities for interaction.

graphics/06fig01.jpg

Web-based e-commerce needs transaction capability.

However, making this loosely coupled Web space commercially viable for service-based interaction requires transactional capabilities to ensure consistency across networks, security to protect transactions, and some way to manage identity in open networks. What makes the scramble to get aboard the SOAP and Web services train interesting is that much of the capability for insuring a secure, transaction-aware Web comes from middleware that has its roots in tightly coupled object systems.

To help understand the forces at play in the emerging world of SOAP and Web services it's important to explain why transactions, security, and identity are critical to the success of the new Web environment where we now find ourselves .

Transactions

The ACID properties of transactions.

Transactions are a key aspect of any electronic commerce endeavor. A transaction is a set of software operations that share what is known as the ACID properties of transactions: atomicity, consistency, isolation, and durability.

  • Atomicity requires that all operations of a transaction be performed successfully in order for the transaction to be considered complete. If all of a transaction's operations cannot be performed, then none of them may be performed.

  • Consistency refers to data consistency: a transaction must transition the data from one consistent state to another while preserving the data's semantic and physical integrity.

  • Isolation requires that each transaction appear to be the only transaction currently manipulating the data. Other transactions may run concurrently, but other transactions should not see the intermediate data resulting from other concurrent transactions until they have successfully completed and committed their work. Isolation protects a transaction from working with changes to data that can be rolled back.

  • Durability means that updates made by committed transactions persist in the database regardless of failures that occur after the commit operation. Thus, if a system crashes after a transaction has committed, the data changes associated with that transaction are always recoverable.

Because transactions are essential for any Web-based e-commerce infrastructure, all the major software vendors are lining up behind transaction monitors , the software that provides runtime services such as thread and connection pooling, object creation and storage services, state management, and standard interfaces to a variety of back-end databases.

Security

The Internet relies on several security protocols.

Secure communication is another essential aspect of any Web-based enterprise computing architecture. For Web-based e-commerce, the Secure Sockets Layer and Transport Layer Security protocols have been successful in verifying the authentication of Web sites, encrypting the transfer of data, and ensuring the integrity of information exchange.

XML has specialized security requirements.

However, transporting XML over SOAP creates new challenges for managing secure communication over loosely coupled networks, particularly when only parts of an XML message need to be encrypted or verified . Such is the case, for example, when multiple SOAP agents must interact with a document in different ways on its path from sender to receiver. Since neither SOAP nor Web services protocols address security issues, it falls to implementations relying on .NET or J2EE to add security. Chapter 7 deals with security in more detail, so we'll defer our treatment of security discussion until then.

Identity

Web-based networks need a way to validate users.

The shift from a tightly coupled application model to distributed Web-based computing means a change in focus away from the computer and toward the user . When the machine is the central focus, software licenses that allow a certain piece of software to run legally on a certain machine are the keys to commerce. Without such licenses, the software may not be installed, or if installed, would run illegally.

However, when dealing with users connecting via the Web, it is now the user and not the hardware that needs to be validated . In this new model user authentication becomes a key issue. Thus there is a shift from asking whether a particular software package is licensed to run to asking whether the software is licensed to run for a particular user. To do this requires that the system validate the user based on permissions stored in some database to determine what the user can and can't do.

Currently there are two alternatives for managing user identity: Microsoft's Passport technology and the Sun- backed Liberty Alliance.

Passport

Microsoft's Passport maintains identity across a variety of applications.

Passport is Microsoft's single-sign-on authentication service that allows users access to participating Web sites. Passport has been integrated with Microsoft's Hotmail email service and is the entry point for Microsoft's .NET My Services (formerly HailStorm), an initiative that targets Web services to consumer applications. Passport also can store credit card and address information as part of a user's account. With access to Passport, users can participate in express purchasing over the Web without having to manually enter their addresses and payment information.

However, the central control of user information via Passport has many privacy advocates alarmed and has triggered reaction from other industry players concerned about Microsoft's possible misuse of the potential power wielded by Passport. In response to these concerns, Microsoft has agreed to consider handing over management of Passport to a federated group made up of rivals and corporate partners ; details are being worked out as of this writing. The battles shaping up are indicative of the challenges now faced by players in the new Web space.

The Liberty Alliance Project

The Liberty Alliance: an alternative to Passport.

The Liberty Alliance Project is an initiative to provide an alternative to Passport. The goal is to create a single-sign-on, decentralized authentication system for online services, accessible from any Internet-enabled device. With Liberty, the objective is to create a universal digital identity service based on open standards. Users will be able to log in once on a given Web site and be authenticated for all online services supporting the Liberty standard. The plan is for customer data, such as phone numbers , addresses, credit records, and payment information, to be secure.


Team-Fly    
Top


XML, Web Services, and the Data Revolution
XML, Web Services, and the Data Revolution
ISBN: 0201776413
EAN: 2147483647
Year: 2002
Pages: 106
Authors: Frank Coyle

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net