In the previous 11 chapters, we looked at Web services from the perspective of what is available in version 1.1 of the .NET runtime. You learned that we can use SOAP, WSDL, and UDDI to implement Web services and use them in the real world, but we’re still limited in what we can do with the basic facilities provided by the .NET runtime. We don’t have a standardized security model, we have no concept of timely delivery of requests, and using attachments is fraught with difficulties—among other problems.
We could produce our own solutions to such problems, but this would tie us to those solutions—if we wanted any of our customers to use our Web services, they would be forced to implement solutions that follow the arbitrary design decisions we’ve made. In most cases, our solutions would be proprietary and would provide no interoperability with solutions to the same problems written by other developers.
What we need is a series of specifications that build on SOAP, WSDL, and UDDI and provide standardized solutions to all of the problems we’re likely to encounter.
To this end, Microsoft and IBM introduced a plan, available at http: // www.w3.org/2001/03/WSWS-popa/paper51, for the evolution of Web services at the W3C Workshop on Web Services in April 2001. After this workshop, the work was formalized and expanded into the Global XML Web Services Architecture (GXA).
The Microsoft site devoted to GXA, at http://msdn.microsoft.com/webservices/understanding/gxa/default.aspx, is quite comprehensive. It not only provides details of all of the specifications released so far, but it also provides links to articles that expand on the specifications. The complete list of specifications and their revisions is shown in Table 12-1.
Release Date | Specification | Namespace |
---|---|---|
October 2001 | WS-Referral | /2001/10/referral |
October 2001 | WS-Routing | /rp |
November 2001 | WS-Inspection | /2001/10/inspection |
April 2002 | WS-Security | /2002/04/secext |
June 2002 | WS-Attachments | |
August 2002 | WS-Security (with Addendum) | /2002/07/secext |
August 2002 | WS-Timestamp | /2002/07/utility |
August 2002 | WS-Coordination | /2002/08/wscoor |
August 2002 | WS-Transaction | /2002/08/wsba /2002/08/wstx |
December 2002 | WS-Policy | /2002/12/policy |
December 2002 | WS-Security (with Addendum and WS-SecurityPolicy Addendum) | /2002/12/secext |
March 2003 | WS-Addressing | /2003/03/addressing |
March 2003 | WS-ReliableMessaging | /2002/03/rm |
WS-Timestamp, defined as part of the April 2002 release of the WS-Security specification, isn’t strictly a specification in its own right. It is however used in most of the subsequent specifications and is referred to as WS-Timestamp so it makes more sense to use its common name.
You can see from the table that there have been two revisions of the WS-Security specification. The Addendum clarifies some of the ambiguous parts of the original WS- Security specification; the WS-SecurityPolicy Addendum adds various policies (using the WS-Policy specification) that apply to Web services.