What is a web service?
Web services are web applications based on open standards (XML, SOAP, HTTP, etc.) that interact with other web applications to exchange data. Web services can transform your existing applications into web applications. In this tutorial, you will learn exactly what web services are and why and how to use them.
This is a basic tutorial that introduces the concepts of web services. You don’t need to have prior knowledge of any particular technology, but it sure helps if you have a basic understanding of XML, HTTP, TCP/IP concepts.
Different books and different organizations provide different definitions for web services.
A web service is any software that makes itself available over the Internet and uses a standard XML system. XML is used to encode all communications to a web service. For example, a client invokes a web service by sending an XML message, then waits for the corresponding XML response. Because all communication information is in XML, Web services are not dependent on any operating system or programming language – Java can interact with Perl. Windows programs can interact with Unix programs.
Web services are self-contained, modular, distributed, and dynamic applications that can be described, published, instantiated, or invoked over a network to create products, processes, and supply chains. These programs can be local, distributed or web-based. Web services are built on open standards such as TCP/IP, HTTP, Java, HTML, and XML.
Web services are XML-based information exchange systems that use the Internet for direct application-to-application interaction. These systems can include programs, objects, messages or documents.
Web service is a set of open-source protocols and standards used to exchange data between programs or systems. Software programs written in different programming languages and running on different platforms can use Web services to exchange data over networks such as the Internet in a similar way to interprocess communication on a computer. This interoperability (for example, between Java and Python, or Windows and Linux applications) is due to the use of open standards.
In short, a web service:
It is available through the Internet or private networks (intranets).
It uses a standard XML messaging system
It is not dependent on any operating system or programming language.
It is described through a common XML grammar.
Web service components
The main platform for web services is XML + HTTP. All standard web services work using the following components –
SOAP (Simple Object Access Protocol)
UDDI (Universal Description, Discovery, and Integration)
WSDL (Web Services Description Language)
How does the web service work?
A web service enables communication between different applications using open standards such as HTML, XML, WSDL, and SOAP. A web service from:
XML for tagging data
SOAP for message transfer
WSDL to describe service availability.
You can build a Java-based web service on Solaris that is accessible from your Visual Basic application running on Windows.
You can also use C# to build new Web services on Windows that you can call from your JavaServer Pages (JSP)-based Web application running on Linux.
Example :
Consider a simple account management and order processing system. Accounting personnel uses a custom application built with Visual Basic, or JSP, to create new accounts and enter new customer orders.
The processing logic of this system is written in Java and is located on a Solaris machine that also interacts with a database to store information.
Steps to perform this operation:
The client application bundles the account registration information into a SOAP message.
This SOAP message is sent to the web service as an HTTP POST request body.
The web service decodes the SOAP request and converts it into a command that the application can understand.
The program processes the information as needed and responds with a new unique account number for that customer.
Then, the web service wraps the response in another SOAP message, which it sends to the client application in response to its HTTP request.
The client application opens the SOAP message to obtain the results of the account registration process.
Why do we use web services?
A web service is a unit of managed code that can be called remotely using HTTP. That is, it can be activated using HTTP requests. A web service allows you to display the functionality of your existing code over the network. Once displayed on the network, other applications can use your application’s functionality.
Interoperability
Web services allow different applications to talk to each other and share data and services. Other applications can also use web services. For example, a VB or .NET application can talk to Java web services and vice versa. Web service is used to make application platforms and technology independent.
Standard protocol
Web services use industry-standard protocols for communication. All four layers (Service Transport, XML Messaging, Service Description and Service Discovery layers) use fully defined protocols in the web services protocol stack. This standardization of the protocol stack gives the business many benefits such as a wide range of choices, reduced cost due to competition and increased quality.
Low-cost communication
Web services use SOAP over HTTP protocol, so you can use your existing low-cost Internet to implement Web services. This solution is much cheaper compared to dedicated solutions like EDI/B2B. In addition to SOAP over HTTP, web services can be implemented over other secure transfer mechanisms such as FTP.
XML based
Web services use XML in the data display and data transfer layers. Using XML eliminates any network, operating system, or platform dependencies in accessing information. Applications based on web services can use them for themselves, and they are also very interoperable at their core level.
The structure of its components
Over the past few years, three main technologies have emerged as global standards that form the core of today’s web services technology. These technologies are discussed below.
XML-RPC
It is the simplest XML-based protocol for exchanging information between computers.
XML-RPC is a simple protocol that uses XML messages to perform RPC.
Requests are encoded in XML and sent via HTTP POST.
XML responses are embedded in the HTTP response body.
XML-RPC is platform-independent.
XML-RPC allows different applications to communicate.
A Java client can talk XML-RPC to a Perl server.
XML-RPC is the easiest way to get started with web services.
SOAP
SOAP is an XML-based protocol for exchanging information between computers.
SOAP is a communication protocol.
SOAP is for communication between programs.
SOAP is a format for sending messages.
SOAP is designed to communicate over the Internet.
SOAP is platform-independent.
SOAP is language-independent.
SOAP is simple and extensible.
SOAP allows you to bypass firewalls.
SOAP will be developed as a W3C standard.
WSDL
WSDL is an XML-based language for describing web services and how to access them.
WSDL stands for Web Services Description Language.
WSDL is jointly developed by Microsoft and IBM.
WSDL is an XML-based protocol for exchanging information in decentralized and distributed environments.
WSDL is the standard format for describing a web service.
The WSDL definition describes how to access a web service and the operations it will perform.
WSDL is a language for describing how to communicate with XML-based services.
WSDL is an integral part of UDDI, an XML-based worldwide business registry.
WSDL is the language used by UDDI.
WSDL is pronounced ‘wiz-dull’ and written ‘W-S-D-L’.
To learn more about WSDL, visit our WSDL tutorial.
UDDI
UDDI is an XML-based standard for describing, publishing, and locating Web services.
UDDI stands for Universal Description, Discovery, and Integration.
UDDI is a specification for a distributed registry of web services.
UDDI is an open and platform-independent framework.
UDDI can communicate via SOAP, CORBA, and the Java RMI protocol.
UDDI uses WSDL to describe interfaces to web services.
UDDI is seen as one of the three basic web services standards along with SOAP and WSDL.
UDDI is an open-source initiative that allows businesses to discover (find) each other and define how they interact over the Internet.
Security
Security is very important for web services. However, neither XML-RPC nor the SOAP specification imposes any explicit security or authentication requirements.
There are three specific security issues in web services
- confidentiality
- Authentication
- Network Security
- confidentiality
If the client sends an XML request to the server, can we ensure that the communication remains confidential?
XML-RPC and SOAP mainly run on top of HTTP.
HTTP supports Secure Sockets Layer (SSL).
Communications can be encrypted via SSL.
SSL is a proven and widely used technology.
A single web service may consist of a chain of applications. For example, one large service may connect the services of three other applications. In this case, SSL is not enough. Messages must be encrypted at each node along the service path, and each node represents a potential weak link in the chain. Currently, there is no consensus solution to this issue, but one promising solution is the W3C XML encoding standard. This standard provides a framework for encoding and decoding entire XML documents or only parts of an XML document.
Authentication
If a client connects to a web service, how do we identify the user? Is the user authorized to use the service?
The following options can be considered, but there is no clear agreement on a strong authentication scheme.
HTTP includes built-in support for basic and digest authentication, and so services can be protected in the same way that HTML documents are currently protected.
SOAP Digital Signature (SOAP-DSIG) uses public key cryptography to digitally sign SOAP messages. It enables the client or server to verify the identity of the other party.
Network Security
There is currently no easy answer to this problem, and it has been the subject of much debate. Now, if you really intend to filter SOAP or XML-RPC messages, one possibility is to filter all HTTP POST requests that set their content type to text/xml.
Another alternative is to filter the SOAPAction HTTP header attribute. Firewall vendors are also developing tools specifically designed to filter web service traffic.