Web Services

XML
Short for Extensible Markup Language, a specification developed by the W3C. XML is a pared-down version of SGML, designed especially for Web documents. It allows designers to create their own customized tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.

SOAP
Short for Simple Object Access Protocol, a lightweight XML-based messaging protocol used to encode the information in Web service request and response messages before sending them over a network. SOAP messages are independent of any operating system or protocol and may be transported using a variety of Internet protocols, including SMTP, MIME, and HTTP.

WSDL
Short for Web Services Description Language, an XML-formatted language used to describe a Web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is an integral part of UDDI, an XML-based worldwide business registry. WSDL is the language that UDDI uses. WSDL was developed jointly by Microsoft and IBM.

UDDI
Short for Universal Description, Discovery and Integration. It is a Web-based distributed directory that enables businesses to list themselves on the Internet and discover each other, similar to a traditional phone book's yellow and white pages.

XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services available and UDDI is used for listing what services are available. Used primarily as a means for businesses to communicate with each other and with clients, Web services allow organizations to communicate data without intimate knowledge of each other's IT systems behind the firewall.

Security
Security has become a hot topic for Web services. Because it is based on program-to-program interactions as opposed to human-to-program interaction, it is important for Web service security to address topics such as access control, authentication, data integrity and privacy. Today the most common security scheme is SSL (Secure Sockets Layer), but when it comes to Web services there are limitations with SSL. The Web service technology has been moving towards different XML-based security schemes for Web services. Some of the XML-based securities include the following:

XML digital signature
The XML Signature specification is a joint effort of W3C and IETF. XML Signatures provide integrity, message authentication and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.

XML Encryption
W3C's XML Encryption specification addresses the issue of data confidentiality using encryption techniques. Encrypted data is wrapped inside XML tags defined by the XML Encryption specification.

XKMS (XML Key Management Specification)
The XML Key Management Specification (XKMS) comprises two parts ׫ the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). The X-KISS specification defines a protocol for a Trust service that resolves public key information contained in XML-SIGelements. The X-KISS protocol allows a client of such a service to delegate part or all of the tasks required to process elements. The X-KRSS specification defines a protocol for a web service that accepts registration of public key information. Once registered, the public key may be used in conjunction with other web services including X-KISS.

SAML (Secure Assertion Markup Language)
SAML is an XML-based framework for communicating user authentication, entitlement and attribute information. As its name suggests, SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application. The OASIS Security Services Technical Committee is in charge of defining, enhancing, and maintaining the specifications that define SAML.

WS-Security (Web Services Security)
Security Assertion Markup Language (SAML) from OASIS provides a means for partner applications to share user authentication and authorization information. This is essentially the single sign-on (SSO) feature being offered by all major vendors in their e-commerce products. In the absence of any standard protocol on sharing authentication information, vendors normally use cookies in HTTP communication to implement SSO. With the advent of SAML, this same data can be wrapped inside XML in a standard way, so that cookies are not needed and interoperable SSO can be achieved.

ebXML Message Service
The OASIS ebXML Message Service defines the message enveloping and header document schema used to transfer ebXML messages over a communications protocol such as HTTP or SMTP and the behavior of software sending and receiving ebXML messages.

You can read more about the standards for XML-based security for Web services in our related links section.

Who Is Using Web Services? (adapted from InternetNews.com)
Perhaps the best example of the growth of Web services is eBay. The online auction king has been aggressively developing its Web services platform by extending application programming interfaces that essentially turn its Web site into a platform.

The auction site's developer section gives soup-to-nuts information about deploying its eBay API. "With the eBay API, you communicate directly with the eBay database in XML format. By using the API, your application can provide a custom interface, functionality and specialized operations not otherwise afforded by the eBay interface." Since 1999, eBay has offered APIs and now offers more than 100 Web services calls available to developers to build applications that can connect to those services. They include pricing information, buy-it-now features, and payment options through its PayPal subsidiary. The growth and use of APIs across the Web illustrate how rapidly Web services are spreading, even as technical issues such as security and authentication are worked out by standards bodies.

Online retailing giant Amazon.com is another example. Companies such as Microsoft and Sun Microsystems have been helping developers build and deploy Web Services and clients for close to four years now. Sun's J2EE platform, for example, is where developers build on the building blocks in order to access Amazon.com's selling platform.

For more examples of Web services being used today, be sure to read the InternetNews Developer's story, "Web Services Now and When".

Emerging Trends in Web Services — Mash-ups and Web 2.0
New in 2005 is a breed of Web-based applications called mash-ups. Mash-ups mix at least two different services from disparate, and even competing, Web sites. A mash-up, for example, could overlay traffic data from one source on the Internet over maps from Yahoo, Microsoft, Google or any content provider. This capability to mix and match data and applications from multiple sources into one dynamic entity is considered by many to represent the promise of the Web service standard.

WikiMap is just one of many examples of a mash-up. This "Find Cheap Gas" Web sites uses a Google Maps powered interface, to offer information tailored to suit specific needs of a consumer. WikiMap is just one of many examples of a mash-up. This "Find Cheap Gas" Web sites uses a Google Maps powered interface to offer information tailored to suit specific needs of a consumer. With so many businesses and software companies building services on top of platforms, many expect to see the World Wide Web of today (called Web 1.0) transform into a full-fledged computing platform serving Web applications. The term being used to refer to the World Wide Web as a platform is Web 2.0, where the term refers to the "next version" of the World Wide Web. The difference between Web 1.0 and Web 2.0 can really be defined by Web application services.

Did You Know...
Where Web 1.0 offers Doubleclick and personal Web sites, Web 2.0 provides us with Google AdSense and blogs.