Interoperability and Web Services

What are Web Services?

In the last decade the world wide web has changed beyond recognition. What was once an academic tool allowing the display of mostly static and often poorly designed websites, with little quality content has been revolutionized by the development of new technologies for dynamic content, the establishment of high quality data sources and the advent of e-Commerce. As individuals, the means by which we run our lives; the way we bank, book our holidays, buy birthday and Christmas presents, and communicate with our friends have all been altered radically over the last decade. Businesses now trade with their suppliers and customers and manage their inventories and logistics over the web. As these applications and needs have developed, so have the technologies with which they are constructed. In particular, the advent of web services has provided a standardised, simple way to access an application remotely.

The World Wide Web Consortium (W3C) defines web services as follows:

“A Web service is a software application identified by a URI, whose interface and bindings are capable of being identified, described and discovered by XML artefacts and supports direct interactions with other software applications using XML based messages via Internet-based protocols.”

URIs (Uniform Resource Identifiers) are a system of uniquely identifying resources, the most common example being the "web address", or URL (Uniform Resource Locator) of a web page.

Web services extend the infrastructure of the World Wide Web to enable software to connect to other software applications remotely, using the same protocol for data transfer, HTTP (Hyper-Text Transfer Protocol), as standard web pages. Web services allow applications to span different languages, operating systems and locations, transferring data and messages seamlessly to and fro.

Interoperability

Wikipedia defines interoperability as

“Interoperability is the ability of products, systems, or business processes to work together to accomplish a common task. The term can be defined in a technical way or in a broad way, taking into account social, political and organizational factors.”

Web services are accessed using ubiquitous protocols and standards such as XML, SOAP and HTTP. The extensive abstraction between the implementation and consumption of the service allows a web service to be implemented in any language, on any operating system, in any location, yet from the consumer's point of view behave in an identical manner to any other web service. This enables applications developed by different companies to communicate with each other in a simple fashion, providing they know what the web services exposed by the other application looks like, allowing them to "interoperate". Interoperability relies on technological standards, published by organisations such as W3C and OASIS, being followed so that disparate systems have enough commonality to communicate with each other.

1. XML (eXtensible Mark-up Language), is a text-based language similar to HTML (Hyper-Text Mark-up Language), which can be extended easily to represent arbitrary data structures. Most other standards in web services are based on this.
2. SOAP (Simple Object Access Protocol) is an XML format for sending messages, and is used for sending and receiving data from web services.
3. WSDL (Web Services Description Language) is an XML format for providing a rigorous description of a web service so that a remote user can deduce how to query it (using SOAP)

Interoperability allows individuals and organisations access to a wide base of published information, allowing data to be easily integrated from multiple sources.

As an example, one can download an API (Application Programming Interface) for Google's web service that will allow you to do Google searches from within your application, whatever the language you are writing your application in.

Much effort has been put into allowing the rapid development of web services as an integral part of application development. Many new development platforms such as Microsoft's .Net Framework, BEA Web Logic and Sun ONE offer this facility, making web services a simple and cost-effective means of integrating heterogeneous applications.

E-Commerce and Orchestration

The advent of e-Commerce was the driving force in the development of web services, and web services lie behind many of the online shopping, banking and searching applications that we take for granted today. Booking a holiday, for example, can involve the use of many web-services; you check with various airlines for the flight prices and availabilities for your chosen days of travel, select and book the seats online, you then find and book a hotel at your destination, online, and then go through the same process for hiring a car.

It is common for all these functions to be offered at one website; generally behind this will be an engine which orchestrates the calls to the various web services offered by the airline, the hoteliers and the car-hire company which are necessary to provide a seamless service to the user. This can include complex business logic (for example, cancelling the holiday will imply initiating actions to cancel the hotel, airline tickets and hire car, each of these actions being with a different company), and a range of software to build processes with this logic has been developed, such as BPEL4WS and Microsoft Biztalk Server. This technology is known as service orchestration or service choreography. This topic is still in evolution, and in the process of being standardised.

Security

The communication protocol, SOAP, used by web services does not define security protocols as it can be sent to its destination by many modes of transport, and so security was not originally fully integrated into the development environments of web services. This has since been rectified with efforts such as WS-Security, which provides a number of extensions to SOAP to deal with these issues. The objective of security technologies is to provide a trusted and convenient environment where transactions, communication and other business can be carried out safely. Security falls into several categories, below:

1. Authentication is proving to the web service that the user is who he claims to be. This is usually done by the user providing some credentials. This is commonly a user name and password, but other schemes including certificate-based authentication using public-key cryptography and authentication integrated with Windows log-on exist.
2. Authorisation is establishing whether the user, once authenticated, has the rights to access a certain piece of data or service. Windows uses Access Control Lists (ACLs) to protect resources such as files from un-authorised access.
3. Confidentiality is ensured by encryption of data transmitted, received or stored by the web service.
4. Integrity is ensuring that messages sent and received by the web service have not been tampered with in any way.

Discovery of Web Services

There are a vast number of web services available, but how does one discover the existence of web services, their URI and their interface? There are two complementary methods.

UDDI
UDDI (Universal Description, Discovery and Integration) is analogous to a "Yellow Pages" for web services. A UDDI Server can itself be exposed as a web service, and offers facilities for web services to publish all the information necessary for potential users to work out how to use them, in addition to the description of what the service does, who operates it and its interface in the form of a WSDL.

DISCO
DISCO (Discovery of Web Services) provides a means to discover and retrieve WSDL descriptions of web services on remote machines. A discovery document is sent to the remote server and if any web services exist, a WSDL document will be retrieved. This method relies on knowing the location of the remote server, so is less versatile than UDDI.

Other Applications of Web Services

Legacy Systems
The advent of web services provides us with opportunities to prolong the life of legacy systems. Perhaps there is a key database or business application that contains critical information which needs to be made available to another application, to an intranet or even to the internet in general? Rather than having to re-engineer the entire application, providing a web service interface to the legacy application enables it to be seamlessly used by applications in any language, and on any machine that has the appropriate permissions to access the appropriate URI.

UI / Business Logic Separation
A common use for web services is to provide a level of abstraction between the user interface and the underlying business logic. A common application configuration is to have a data store (for example a database) being operated on by some code representing a higher level business logic. This in turn is then accessed by a user interface. By containing the business logic within a web service we can be certain that we can re-use this code for both thick-client and thin-client development. Again, this is because we know that web services can be accessed remotely, web applications can call them in exactly the same way as thick Windows clients.

OCC Case Studies

OCC has been involved in web services development since their first appearance with a coherent SDK(Software Development Kit) in the .Net Framework 1.0 in 2002. Since then we have written a number of web services for tasks as diverse as a distributed calculation system, web access to local authority databases, and research into future web technologies.

Replacing Spreadsheets
In5D is an Enterprise Decision Management system designed to replace the spreadsheet in the modelling of the future revenues and profits of large corporations. The database that stores the model is exposed to the user interface via a web service, to fulfil a requirement that the database can be accessed remotely, and by many concurrent users. The application also allows the calculation of the values of large models to be distributed onto many machines, with the machines communicating using web-services.

Web Services Enable e-Government
OCC is writing a database for use by organisations that provide services to vulnerable people. Typical services are women's refuges, counselling services for alcoholics and homeless shelters. These organisations are typically run on a tight budget, and the application is designed so that it can be accessed over an internet browser without installation of any software on the client machine. These organisations, "Providers", have to report statistics on use, budget and performance to their local authority. PSOCC, Supporting People software for Providers, uses a web services interface on the local authority database, PSOCC, to transmit this information.

Exchanging Information With Legacy Systems
The TERREGOV Project is a European Union funded project devoted to enabling e-Government services, including legacy systems, to interoperate using web-services. Above and beyond web-services this project focuses on providing a common semantic description of e-Government services across the European Union and across language barriers to enable requests for services to be made in a natural way, creating frameworks in which privacy laws (for example medical confidentiality and the UK Data Protection Act) can be enforced easily, and providing building blocks which other web services can use. This is written in an open-source environment using Java-based technologies.