|
KEYNOTE: Swordfish
Speaker: Doug Tidwell
As Web services take on a bigger role in the enterprise, the minor detail of security rears its ugly head once again. In this session, we'll look at products and technologies from IBM that simplify the tasks of authenticating and authorizing users, encrypting and signing information, and enabling single sign-on across the enterprise. IBM's commitment to standards plays a big role in this effort; we'll look at SAML, WS-Security, WS-Policy, and other open technologies. As you'd expect, we'll illustrate all of these points with real IBM products and working code. Finally, in case you're wondering, we'll feature the wisdom of the Marx Brothers throughout -- "Swordfish" was the password to a speakeasy in their 1932 classic "Horse Feathers." You'll laugh, you'll cry, and you'll become a better shuffleboard player before we're through.
PRESENTATIONS / LECTURES
Web Services Technologies
Speaker: TBA
This session will give attendees an understanding
of three of the key protocols used in Web services:
•
SOAP (for connectivity with Web services)
•
WSDL (for description of Web services)
• UDDI
(for discovery, using a registry, of Web services)
We will discuss the flow of a Web service
and will demonstrate a basic Web service.
Business Processes for Web Services
Speaker: TBA
Web services are the building blocks of business
applications that can be used for powerful and comprehensive integration,
internally and between business partners. Using Web services today
typically involves a lot of Java or other procedural code. Much of
this code applies generally to all business systems, yet it is being
rewritten for each one. BPEL (Business Process Execution Language for
Web Services) reconsiders a means of driving Web services by modeling
business processes at a high level, and defines a scripting language
focused on common business requirements. Together with graphical modeling
tools, BPEL stands to greatly simplify and speed the integration of
business functions exposed as Web services into executable business
processes. Designed as an XML language, BPEL is platform- and vendor-neutral;
now OASIS is driving standardization of BPEL. In this talk we'll look
at the requirements for creating business processes out of Web services,
and examine the language to understand how BPEL works. Prerequisite
skills: basic understanding of XML and SOAP.
Building Web Services with Rational and WebSphere Tools
Speaker: Doug Tidwell
This session will introduce IBM�s software development
environment as it applies to Web services. We will briefly discuss Rational XDE but
will focus primarily on WebSphere Studio Application Developer. We will discuss and
demonstrate how easy it is to create, deploy, and test a Web service using WebSphere
Studio Application Developer.
Web Services Customer Stories
Speaker: TBA
IBM has several hundred customers who are
using Web services today, some for improvements in internal infrastructure,
and others that improve efficiency in the exchange between business
partners. This talk explores a few from an architectural perspective,
showing how Web services solved critical problems in practical deployment
scenarios. In the early days of any new technologies, we find a "bumpy
road" effect as the specifications are refined. While we have
made considerable progress through the ws-i.org Basic Profile, and
even though products have been greatly improved using these and other
improvements, there are still lessons we can learn from problems in
the early deployments. This talk will discuss some of the problems
and lessons learned from a point of view of simple Best Practices aimed
at improving performance and interoperability between platforms.
Java Standards for Web Services
Speaker: Indran Naick
Web services technology is making its entry
into the world of Enterprise Java. Two specifications will become part
of the next Java 2 Enterprise Edition specification, J2EE 1.4, which
are describing standard ways of handling web services within a J2EE
environment. One of them is JSR101, or JAX-RPC. It defines the concept
of exposing an existing JavaBean as a web service and how the mapping
between Java and WSDL is done. Moreover, it defines a client invocation
API that allows you to invoke a web service in a way that is portable
across multiple vendors' implementations.
The second specification is called JSR109,
or "Enterprise Web Services". It defines rules for packaging
and deploying a web service in a J2EE application server, including
exposing stateless Session EJBs as web services. Combined, these specifications
will pave the way for standardized and portable web service applications.
Web Services' Best Practices:
Architecture and Design
Speaker: Indran Naick
Web Services' best practices are starting
to be identified drawing from experience with distributed systems,
messaging, and web service implementations. This session will cover
architectural best practices focused on where not to use web services;
where it to best to use web services; use of intermediaries and handlers;
use of invocation frameworks; where to locate state information; and
use of synchronous vs. asynchronous messaging. At the design level,
we focus on designing the message flows; the granularity of web services;
when to use RPC vs. Document style; designing WSDL and XML Schema;
and role of standards and WS-I.
Understanding Web Services Security:
Advanced Security Technologies
Speaker: TBA
When the WS-Security specification was published in April 2002, a roadmap for planned technologies to solve problems anticipated in large-scale Web services deployment was also published. It described six new planned specification families, of which four have been published so far. This talk presents the emerging technologies that have been published to date.
WS-Policy is a framework for stating general capabilities and requirements for a deployed Web service. WS-SecurityPolicy defines a set of these statements oriented to security.
WS-Trust defines an architecture for implementing trust in middleware systems, complementing legal trust agreements between business partners. WS-Federated Identity Language extends WS-Trust to define mechanisms for single-signon and other requirements for Web services.
The forthcoming WS-Privacy will define policies for describing privacy requirements and capabilities for Web Services.
WS-Secure Conversation describes a plan for efficient authentication between business partners.
An In-Depth Introduction to WSDL
Speaker: TBA
The Web Services Description Language, WSDL, tells us the expected content of request and response messages for exchange using SOAP and other protocols. Because WSDL is written in XML, it is easy for programs to use this content. For example, development tools like WebSphere Studio can generate WSDL automatically to provide access to Java-defined application objects as Web services, and it can generate local classes that make integrating a remote service into a requester (client) application as easy as using any other local Java class.
But WSDL can do much more than this. It is the key technology for supporting the Service Oriented Architecture (SOA). WSDL can describe protocols other than SOAP for message-driven communication, and a common API driven by WSDL descriptions allows protocol-neutral programming where the best protocol can be chosen at runtime according to quality of service needs. The Web Services Invocation Framework and Java's JAX-RPC take advantage of these capabilities.
The emerging W3C standard for WSDL 2.0 brings new capabilities to WSDL. This talk presents both WSDL 1.1 and WSDL 2.0 along with how today's products use it.
WSAD and IE Web Services:
Tooling Presentation and Demo
Speaker: TBA
In this session we will learn how to build Web Services using IBM's latest tooling. We'll build a service starting from a java class and an EJB and then build one starting from WSDL. All the way along we'll be using the wizards to build sample clients to test our services. Once we have built a couple of web services we'll look at choreographing them together and exposing the aggregated functionality as a service. We'll talk about the kinds of back end systems that can be connected to using the advanced WSADIE tooling. Some WSAD experience is assumed and attendees will know how to create web services.
Web Services Interoperability
Speaker: TBA
Making Web Services work together that are developed using multiple programming languages and deploying across multiple platforms. The Web Services Interoperability Organization (WS-I), with the cooperation of the major software vendors, is developing Profiles to support the development of Interoperable Web services. Learn the value of developing Web services that conform to the WS-I Basic Profile and how you will be able to develop and deploy interoperable Web services faster and with fewer errors. The discussion will cover the WS-I Basic Profile, usage scenarios, sample applications and WS-I testing tools. More information on WS-I can be found at www.ws-i.org.
|
|
Understanding Web Services Security: The Basics
Speaker: TBA
XML and SOAP need to have platform-neutral standards for security as they evolve. But what exactly is a secure Web service? Can there be any such thing as 100% security?
This talk introduces an approach to security based on seven common risks and their countermeasures. HTTPS gives good point-to-point security at the protocol level; we'll also look at the limitations of this approach.
Message-level security gets past limitations of protocol-level security. WS-Security defines standards for including three general types of security tokens that can be used for containing things like username and password, signatures, and SAML tokens. We'll survey existing and emerging standards like Kerberos, XML Signature and Encryption, SAML, XKMS and others, and look at the Oasis Web Services Security approach to unifying these and others for supporting secure Web services applications.
Last, we'll see how WebSphere Studio development tools make it easy to support both service requesters and service providers to support security technologies and provide flexibility for making changes to security requirements without changing the code.
Learning Objectives
Learn an approach to managing security for your e-business applications. Understand the role of available and emerging standards and which ones you should use.
An Introduction to Services Oriented Architecture
Speaker: TBA
This talk introduces the Services Oriented Architecture (SOA) and show how its power and capabilities are actually a superset of the Web Services interface technologies. SOA has the goal of maximizing code re-use by exposing any kind of application module as a highly-reusable service described in WSDL. While this includes SOAP-accessible Web services, IBM's approach is to allow common access to any kind of application module through a WSDL interface, not just SOAP access.
While SOAP is appropriate for communication between partners with it's loosely-coupled architecture, greater efficiency can be realized by connecting directly to other kinds of modules, when possible. EJBs, Message Driven Bean's, Java classes, and JCA-accessed resources such as CICS or IMS programs all may be described with WSDL and accessed through a common interface, rather than protocol-specific APIs like RMI, JMS, JCA, or SOAP. Business Process Models can also be used to compose services out of other services, again regardless of the protocol, and accessible through a common interface. This talk introduces the Service Oriented Architecture as a superset of Web Services, and compares the two technology groups.
Autonomic computing builds on both of these technologies to make management of systems easier. Systems can be designed to be self-monitoring and self-correcting. The goal is to reduce the frequency of human intervention through adaptive learning techniques.
This talk introduces IBM's vision of e-business On Demand from a technical perspective, and introduces the architecture for these technologies.
A Technical Introduction to On Demand Computing
Speaker: TBA
Web Services technologies offer interoperability between applications on any platform, essentially virtualizing application service access. Together with the Service Oriented Architecture, we have a solution for general machine-to-machine (M2M) communication. While this is exceptionally useful for EAI and B2B solutions, it enables other system technologies such as Grid Computing and Autonomic Computing.
Grid computing is based on the concept of virtualizing hardware resources, making it far easier to manage systems by providing more resources on demand. Better efficiency of hardware owned by a company is possible, and it is also possible to harness external resources to handle peak demands. The grid computing architecture is built on top of Web services for coordination.
Autonomic computing builds on both of these technologies to make management of systems easier. Systems can be designed to be self-monitoring and self-correcting. The goal is to reduce the frequency of human intervention through adaptive learning techniques.
This talk introduces IBM's vision of e-business On Demand from a technical perspective, and introduces the architecture for these technologies.
HANDS-ON SESSIONS
Enterprise Integration @ the Glass:
Remote Portal Web Services
Session Moderators:
IBM e-Business Architect Team
Web Services technology allows accessing
existing functionality regardless of platform or programming language.
Developers can integrate this functionality into their applications
simply by taking advantage of standards-based interfaces and protocols.
At the same time, applications' user interfaces are typically built
to run within an existing portal environment, like the WebSphere Portal
Server. This gives a user personalized access to heterogeneous backend
resources in one common view. Individual pieces of the user interface
are built as "portlets".
Automating Business Processes with BPEL
Session Moderators:
IBM e-Business Architect Team
The Business Process Execution Language for Web Services (BPEL4WS) is a powerful tool for describing and automating workflow. In this session, we'll look at the basics of the language, then build a sample workflow application. We'll use BPEL to integrate Web services and other technologies, and we'll talk about BPEL can automatically compensate for errors and make decisions. Business process integration is one of the most important new technologies for 2004; at the end of this class, you'll be ready to use BPEL to automate your own processes.
Building a Web Service: Top Down and Bottoms Up
Session Moderators:
IBM e-Business Architect Team
This lab describes the many mechanisms available in WebSphere Studio to accomodate the building of Web Services. It will specifically cover the new WSDL Editor that allows you to design and build from the top down. This lab will also It will also cover the various wizards available that allow you to generate web services from existing application components and the many options that are available within each of them.
Building Interoperable Web Services
Session Moderators:
IBM e-Business Architect Team
Since C-based thick client applications are
a natural fit for Windows-centric applications, accessing a web-based
application from a .NET Windows Form might be a possible future user
requirement. We will not focus too heavily on how to develop a C# application
but rather use a .NET-based client to demonstrate how Web Services
can effectively open up one application to clients of drastically different
types. For demonstration purposes, we will also run TCPMon, which monitors
calls back and forth from a client to a server on a given port. It
displays the request as well as the response back form the server.
We will use this to see how the client requests information from the
Web Service and the message that it delivers back.
Accessing Your DB2 Database Using Web Services
Session Moderators:
IBM e-Business Architect Team
DB2 UDB has the ability to coordinate XML
data with its own internal services. This ability has the main benefit
of utilizing the power of a relational database to search, store, and
index information that an XML-based application uses. DAD (Document
Access Definition) files are primarily used to map XML elements to
locations in DB2. By doing so, DB2 can create an index within the database
of data maintained by XML documents. DB2 can then subsequently search,
retrieve, and update as if the data was directly held within the database
itself.
DAD files require an additional component
shipped with DB2 called DB2 XML Extender, which provides a series of
tools and commands for indexing, searching, etc. DADX (Document Access
Definition Extender) files do not require XML Extender and include
the necessary elements to process XML data - particularly because SQL
commands included. WebSphere Studio can use these DADX files to generate
Web Service proxy classes. By doing so, Web Services can effectively
be wrapped around storage and retrieval procedures of your data directly.
This lab will take you through the steps of doing that.
Adding Security to your Web Services
Session Moderators:
IBM e-Business Architect Team
In this session we walk through several scenarios
involving web services and discuss how they might be made secure. We
look at the web services security "vision" and talk in detail
about all aspects of web services security including some coming out
in the IBM Tivoli Access Manager Federated Identities product due out
this year. We'll then introduce a lab wherein we add security to an
existing web service using all the tooling available in WebSphere Studio
5.1.
|
