Service-Oriented Architecture General “Application Architecture for .NET: Designing Applications and Services” MSDN white paper December 2002 http://msdn.microsoft.com/library/default.as
Trang 1Here is a selection of references that you will find useful for learning more about SOA, the
WS-I Basic Profile, the WS- specifications, and Web Services Enhancements The references
are broken out by topic Note that Web services standards and specifications evolve quickly,
so some of the specification references that are listed here will be superseded in future
months by others.
Service-Oriented Architecture (General)
“Application Architecture for NET: Designing Applications and Services”
MSDN white paper (December 2002)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/
distapp.asp
“Building Interoperable Web Services: WS-I Basic Profile 1.0”
MSDN white paper (August 2003)
Trang 2XML Schemas and SOAP
“Understanding SOAP”
Aaron Skonnard
MSDN white paper (March 2003)
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnsoap/html/ understandsoap.asp
“XML Schemas and the XML Designer”
MSDN article
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/ vboricreatingschemas.asp
“A Quick Guide to XML Schema”
“Web Services Encoding and More”
Aaron Skonnard
MSDN Magazine (May 2003)
http://msdn.microsoft.com/msdnmag/issues/03/05/XMLFiles/
“SOAP Is Not a Remote Procedure Call”
Ingo Rammer’s Architecture Briefings (October 2003)
Trang 3WS- Specifications (General)
Resources for developers and links to original standards and specifications documents
IBM developerWorks
http://www-106.ibm.com/developerworks/views/webservices/standards.jsp
“Secure, Reliable, Transacted Web Services: Architecture and Composition”
Donald F Ferguson (IBM), Tony Storey (IBM), Brad Lovering (Microsoft),
John Shewchuk (Microsoft) MSDN white paper (September 2003)
http://msdn.microsoft.com/webservices/webservices/understanding/
advancedwebservices/default.aspx?pull=/library/en-us/dnwebsrv/
html/wsoverview.asp
“Compare Web Service Security Metrics”
Roger Jennings (OakLeaf Systems)
XML and Web Services Magazine (October 2002)
http://www.fawcette.com/xmlmag/2002_10/online/webservices_rjennings_10_16_02/
default.aspx
“Installing Certificates for WSDK X.509 Digital Signing and Encryption”
Roger Jennings (OakLeaf Systems)
XML and Web Services Magazine (October 2002)
http://www.fawcette.com/xmlmag/2002_10/online/webservices_rjennings_10_16_02/
sidebar1.aspx
Web Services Enhancements 2.0 and 3.0 (General)
“What’s New in Web Services Enhancements 3.0”
Trang 4“Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)”
OASIS Standard 200401, March 2004
(Note: This reference is also listed in the “WS-Secure Conversation” section of this appendix.)
“WS-Security Authentication and Digital Signatures with Web Services Enhancements” Matt Powell
MSDN white paper (December 2002)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/ wssecauthwse.asp
“Building Secure Web Services”
J.D Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla, and
Anandha Murukan MSDN Patterns and Practices white paper, Chapter 12 (June 2003, revised January 2006) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ THCMCh12.asp
A P P E N D I X ■ R E F E R E N C E S
228
Trang 5“Encrypting SOAP Messages Using Web Services Enhancements”
Jeannine Hall Gailey
MSDN white paper (December 2002)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/
wseencryption.asp
“Web Services Security: Moving Up the Stack”
Maryann Hondo, David Melgar, and Anthony Nadalin
IBM developerWorks white paper (December 2002)
http://www-106.ibm.com/developerworks/library/ws-secroad/
“Web Services Security Username Token Profile”
OASIS working draft (January 2003)
http://www.oasis-open.org/committees/wss/documents/WSS-Username-11.pdf
“Web Services Security Kerberos Binding”
Giovanni Della-Libera (Microsoft), Brendan Dixon (Microsoft), Praerit Garg (Microsoft),
Maryann Hondo (IBM), Chris Kaler (Microsoft), Hiroshi Maruyama (IBM), Anthony Nadalin (IBM), and Nataraj Nagaratnam (IBM)
MSDN white paper (December 2003)
Jason Hogg (Microsoft), Don Smith (Microsoft), Fred Chong (Microsoft), Dwayne Taylor
(RDA Corporation), Lonnie Wall (RDA Corporation), and Paul Slater (Wadeware LLC) MSDN Patterns and Practices guide (December 2005)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/
wssp.asp Web Service Security: Scenarios, Patterns, and Implementation Guidance home page
Microsoft Patterns and Practices community workspace
http://www.gotdotnet.com/codegallery/codegallery.aspx?id=
67f659f6-9457-4860-80ff-0535dffed5e6
Trang 6“Security for SOA and Web Services”
Dipak Chopra
SAP Developer Network
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ webservices/Security%20for%20SOA%20and%20Web%20Services.article
“Windows 2000 Kerberos Authentication”
Microsoft TechNet
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/ kerberos.mspx
WS-Policy
“Web Services Policy Framework”
IBM developerWorks specification (May 2003)
“Web Services Policy Assertions Language (WS-Policy Assertions)”
Don Box (Microsoft), Maryann Hondo (IBM), Chris Kaler (Microsoft), Hiroshi Maruyama (IBM), Anthony Nadalin (IBM), Nataraj Nagaratnam (IBM), Paul Patrick (BEA), Claus von Riegen (SAP), and John Shewchuk (Microsoft)
MSDN white paper (May 2003)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ ws-policyassertions.asp
“Using Role-Based Security with Web Services Enhancements 2.0”
Ingo Rammer
MSDN white paper (September 2003)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/ wserolebasedsec.asp
WS-Secure Conversation
“Web Services Secure Conversation Language”
IBM developerWorks specification (May 2004, updated February 2005)
http://www-128.ibm.com/developerworks/library/specification/ws-secon/
A P P E N D I X ■ R E F E R E N C E S
230
Trang 7“Web Services Trust Language”
IBM developerWorks specification (May 2004, updated February 2005)
“Managing Security Context Tokens in a Web Farm”
“Web Services Addressing”
IBM developerWorks specification (March 2004, updated August 2004)
“Asynchronous Operations and Web Services, Part 2: Programming Patterns to Build
Asynchronous Web Services”
Trang 8WS-Routing and WS-Referral
“Routing SOAP Messages with Web Services Enhancements 1.0”
“Web Services Reliable Messaging”
IBM developerWorks specification (March 2004, updated February 2005)
Windows Communication Foundation (Indigo)
“Introduction to Building Windows Communication Foundation Services”
Clemens Vasters
MSDN white paper (September 2005)
http://msdn.microsoft.com/webservices/indigo/default.aspx?pull=/library/en-us/ dnlong/html/introtowcf.asp
Windows Communication Foundation articles and white papers
A P P E N D I X ■ R E F E R E N C E S
232
Trang 9MSDN Web Services Books
List of books on building Web services using NET in particular
“Accessing Custom Attributes”
.NET Framework Developer’s Guide
MSDN articles
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/
cpconaccessingcustomattributes.asp
Trang 11autogenerating proxy class, 72, 99Address class, 176
addressing WS- specifications, 13
addressing classes, 175–176
Addressing property
SoapContext class, 92AddressingFault class, 176
AddressingHeaders class, 176
AnonymousForCertificateSecurity
assertion, 118AppDomain class
SetPrincipalPolicy() method, 155.asmx pages, preparing for WCF, 220
ASP.NET
and asynchronous communicationpattern, 170
communication models, 170hosting environments supported byWCF, 212
setting permissions with X.509Certificate Tool, 103–105Web service technology extended byWCF, 220
working with WSE, 91–94assemblies
business assembly, 61, 66–68, 80–81type definition assembly, 61, 64–66asymmetric encryption, 100, 108
asynchronous communication, 170, 172
authentication, 107
WS-Security specification, 108
authentication models, 133brokered authentication, 135–137implementation using Kerberos,146–158
implementation using MutualCertificates, 137–145direct authentication, 133–135Authentication Service, 146–147authenticator, 146
authorization, 107, 130code-based authorization, 131–132declarative authorization, 131
B
<binding> element, 21–22concrete implementation elements,17
Binding propertySoapDocumentMethod attribute, 43Body property
SoapEnvelope class, 179brokered authentication, 135advantages and disadvantages,136–137
implementation options, 137implementation with MutualCertificates, 137–145implementing with Kerberos, 146–158business assembly
calling service agent, 80–81creating, 61, 66–68
importing into Web service, 62business layer, encapsulates serviceinterfaces, 7
business facadeWeb services architecture, 9–10
Index
235
Trang 12Current property
RequestSoapContext class, 94Current User certificate store, 101
custom security token
implementation option for brokeredauthentication, 137
discovery, WS- specifications, 87distributed architectures, SOAs asexample of, 2
DLLHost supported by WCF, 212documentation included as part ofWSE 3.0, 89
SoapContext class, 92SoapEnvelope class, 179establishSecurityContext attribute, 166external Web service, 78
F
Fault propertySoapEnvelope class, 179From class, 176
G
Group Policy Object Editormodifying Active Directory Kerberosticket, 135
H
handshake, 162Header propertySoapEnvelope class, 179help files
included as part of WSE 3.0, 89hosted service token provider, 165
■ I N D E X
236
Trang 13hosting environments, 207
introduction, 211–212HTTP protocol
compared with messaging, 178–179HTTPContext class
avoid using in asmx pages, 220SoapContext class compared to, 91
I
IDC (Interface Definition Class) files
and WSDL, 186–187generating, 44–45implementing in Web service, 46–47role of, 40–42
XML serialization attributes, 42–43identity and trust
challenges in securing an SOA, 111IETF (Internet Engineering Task Force),
146impersonation, 155–158
<import> element, 18, 51
In-Process, 169
supported by WSE 3.0, 178Indigo, now known as WCF, 88
Interface Definition Class See IDC
interfaces, implementing in Web service
code-behind file, 32Internet B2B, common security
scenario, 114
Internet Engineering Task Force See
IETFinteroperability
advantages of using Kerebos, 149challenges in securing an SOA, 111WS- specifications, 86
interprocess communication See IPC
Intranet Web service, common security
scenario, 113IPC transport protocol, 211
Kerberosimplementing brokeredauthentication, 137, 146advantages and disadvantages ofKerberos, 149
Constrained Delegation, 158impersonation, 155–158Kerberos protocol, 146securing client application, 153–155securing Web service, 151–152setting up environment, 150workings of Kerberos, 147–148
Kerberos Key Distribution Center See
KDCKerberos protocol, 146Kerberos tickets 135KerberosSecurity strategy, 118
L
ListenerManager object, 218load balancing, 189
building SOAP router for, 190Local Computer certificate store, 101long-term keys, 146
loosely coupled services, 4loosely coupled Web services client, 71
M
Makecert toolgenerating X.509 certificates, 138Massachusetts Institute of Technology
See MIT
message channelsWCF connector elements, 211
<message> element, 16, 18–19, 21abstract description elements, 16message information headers, 173within SOAP message, 174message queue trigger, 198–199message security
challenges in securing an SOA, 111 message security in WCF, 211message verification
message correlation and sequencenumbers, 161–162
username token nonce values,160–161
using time stamps, 159–160
Trang 14message-oriented Web services
designing and building, 34building Web service consumer,49–55
consuming Web service, 49messages compared to types, 47–48role of IDC files, 40–47
role of XML messages and XSDschemas, 34–40
steps in building, 31–33messages
See also message verification; message
security; messagingcapabilities in WSE 3.0, 211compared to types, 47–48creating class file of interfacedefinitions for, 32designing, 31
role of XML messages in Web service,34–37
security in WCF, 211SOAP senders and SOAP receivers,181–182, 184, 186
IDC file and WSDL, 186–187implementing Windows Forms-based receiver, 184
messaging
compared with HTTP and TCPprotocols, 178–179overview, 178
properties of message-enabled Webservices, 188–189
representing SOAP messages in WSE3.0 messaging framework,179–180
SOAP messaging compared to XMLWeb services, 187–188
WS- specifications, 13, 87Messaging group
WS-I Basic Profile, 12Messaging services, 207
introduction, 212supported by WCF connector, 222methods, WSDL
service interfaces supports, 7
Microsoft Message Queuing See MSMQ
Microsoft Windows Vista, 205
Microsoft.Web.Services3 assemblyincluded as part of WSE 3.0, 89must reference in projects, 90namespaces, 93
Microsoft.Web.Services3 namespaceSoapContext class, 91
WebServicesClientProtocol class, 129Microsoft.Web.Services3.Addressingnamespace, 93
Microsoft.Web.Services3.Configurationnamespace, 93
Microsoft.Web.Services3.Configuration.Install namespace, 93
Microsoft.Web.Services3.Designnamespace, 93
Microsoft.Web.Services3.Diagnosticsnamespace, 93
Microsoft.Web.Services3.Messaging.Configuration namespace, 93Microsoft.Web.Services3.Referralnamespace, 93
Microsoft.Web.Services3.Securitynamespace, 93
Microsoft.Web.Services3.Security.Configuration namespace, 93Microsoft.Web.Services3.Security.Cryptography namespace, 93Microsoft.Web.Services3.Security.Policynamespace, 93
Microsoft.Web.Services3.Security.Tokensnamespace, 93
Microsoft.Web.Services3.Security.Tokens.Kerberos namespace, 94Microsoft.Web.Services3.Security.Utilitynamespace, 94
Microsoft.Web.Services3.Security.X509namespace, 94
Microsoft.Web.Services3.Security.Xmlnamespace, 94
Microsoft.Web.Services3.Xmlnamespace, 94MIT (Massachusetts Institute ofTechnology), 146
MSMQ (Microsoft Message Queuing),206
and WSE 3.0, 212creating message queue trigger,198–199
■ I N D E X
238
Trang 15creating Web service that uses MSMQ,
199, 201implementing Web service client,202–203
integrating with SOAP, 169integrating with Web services, 197reliable messaging, 197
multiple Internet Web services
common security scenario, 114mutual authentication
advantages of using Kerebos, 149Mutual Certificates
implementing brokeredauthentication, 137infrastructure prerequisites,138–139
message flow, 140–141running sample solution, 145securing Client application,143–145
securing Web services, 141–143workings of, 138
abstract description elements, 17modes, 19
definition of, 115simplified policy file, 116
policy, WS- specifications, 13Policy Wizard, 89
PolicyAssertion class, 116PolicyManager object, 218polling and request/response, 170
<port> element, 22–23concrete implementation elements,17
Port object, 216ports
introduction, 215–217WCF connector elements, 211
<portType> element, 21–22abstract description elements, 17proxy class file
building consumer, 49generating client proxy class file,50–51
generating for clients based on WSDLdocuments, 32
generating Web service proxy class filebased on WSDL documents, 63implementing Web service client, 33public Web service
common security scenario, 113public-key encryption, 100, 108
Q
QuickStart samplesincluded as part of WSE 3.0, 89
R
Receive methodSoapReceiver class, 181ReferenceProperties class, 176references, 225–233
referral
See also routing
WS-Referral, 196Referrals propertySoapContext class, 92reflection attributes, 43reliability, SOA improves, 2reliable messaging
WS- specifications, 13RemotingManager object, 218renewExpiredSecurityContext attribute,166