Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

 <  Day Day Up  >  

Two important initiatives can be considered competing with Web services: e-business XML (ebXML) and RosettaNet. We will describe them briefly in this section and then not cover them at all in the rest of the book.

The development of ebXML was driven out of a need to move EDI from being on expensive proprietary networks to leverage the benefits of XML and utilize the much cheaper public networks. The overriding goal for ebXML is to be a cheaper EDI on public networks and use the existing Web infrastructure.

ebXML is entirely document-centric as opposed to RPC-centric. It emphasizes B2B communications (like EDI does) as opposed to enterprise application integration. It assumes businesses can connect their IT systems over the Internet and then use ebXML standards and protocols to process orders, delivery schedules, receipts, invoices, and the like. ebXML tries to closely model business processes based on business documents being exchanged.

Because of its heritage in EDI and its B2B focus, ebXML has more built-in support for security and reliability than initial Web services had. It is based on SOAP with attachments but diverges from the de facto SOAP attachments standard for Web services. In addition to adding SOAP attachments, it also adds significant security and reliability capabilities. There is no analog to WSDL. There is also no endorsement from Microsoft and IBM. But OASIS ”the same organization heavily involved in Web services standards such as SAML and UDDI ”is the organization shepherding the ebXML standards.

RosettaNet was an early XML-based B2B integration approach. RosettaNet is a non-profit subsidiary of the Uniform Code Council. RosettaNet's origins are the semiconductor industry, where it was developed to support integrated supply chains. It has since been extended and adapted to support other industries.

RosettaNet's goal is to provide dynamic, flexible trading networks. It encompasses data dictionaries, an implementation framework, and XML-based business message schemas and process specifications to standardize e-business interactions. RosettaNet Partner Interface Processes (PIPs) are specialized system-to-system XML-based dialogs that define business processes between trading partners . Each PIP specification includes a business document with the vocabulary, and a business process with the choreography of the message dialog. RosettaNet and Web services are converging so that, over time, they will become indistinguishable.

 <  Day Day Up  >  

Категории