Databases Reference
In-Depth Information
A service provider describes its service using WSDL. This definition is
published on a directory of services. The directory could use Universal
Description, Discovery, and Integration (UDDI). Other forms of directories
can also be used.
•
A service consumer issues one or more queries to the directory to locate a
service and determines how to communicate with that service.
•
Part of the WSDL provided by the service provider is passed to the service
consumer. This tells the service consumer what the requests and responses
are for the service provider.
•
The service consumer uses the WSDL to send a request to the service
provider.
•
The service provider provides the expected response to the service con-
sumer.
•
The UDDI registry is intended to eventually serve as a means of “discover-
ing” Web Services described using WSDL . The idea is that the UDDI registry
can be searched in various ways to obtain contact information and the web
services available for various organizations. UDDI registry is a way to keep
up-to-date on the web services your organization currently uses. An alterna-
tive to UDDI is ebXML Directory. All the messages are sent using SOAP.
(SOAP at one time stood for Simple Object Access Protocol; Now, the letters
in the acronym have no particular meaning.) SOAP essentially provides the
envelope for sending the web services messages. SOAP generally uses HTTP,
but other means of connection may be used. Security and authorization is an
important topic with web services.
2.3 Secure Web Services
Security and authorization specifications for web services are based on XML
and can be found in [7, 8, 9]. Various types of control have been proposed
including access control, rights, assertions, and protection [10]. We describe
some of them in the next section. The list of specifications includes the fol-
lowing:
eXtensible Access Control Markup Language (XACML)
•
eXtensible Rights Markup Language (XrML)
•
Security Assertion Markup Language (SAML)
•
Service Protection Markup Language (SPML)
•
Web Services Security (WSS)
•
XML Common Biometric Format (XCBF)
•
XML Key Management Specification (XKMS)
•
Organization for the Advancement of Structured Information Standards
(OASIS) is the standards organization promoting security standards for web
services. It is a not-for-profit, global consortium that drives the development,
convergence, and adoption of e-business standards. Two standards provided by
