Web Services Intermediary featuresWith the adoption of Web Services in the SOA space WS based intermediaries are gaining importance. The key factors for this adoption are because no matter how Web services are provisioned finally they would be consumed by some applications, the consumption of such services will demand certain functionality which is not related to the service itself, functionalities such as Security, SLA, and Routing for high availability etc.One could argue that these features could be part of the application that hosts the service. Well, on second thoughts you would agree that all these features would provide more value if isolated and handled by an intermediary.1) Different application servers which have hosted services can utilize these features rather than implementing such logic.2) Policy enforcement can be done agnostic of any application server’s native features.3) Performance would not be hindered due to Application server’s bottle-necks4) Performance can be managed by dealing with the intermediary5) The load of processing the components can be separated out and let the Application server handle just the Web services6) Apart from the additional functions there would be certain maintainability aspects relating to the intermediary such as , handling Policies, data persistence, handling statistics, EPR routing etc7) Clustering of proxies would serve multiple Applications servers and cater to HA1.1 Components1.1.1 AuthenticationAuthentication details will be taken from a) WS Security Token, b) protocol headers and checked against the following:SAML assertionKerberos tokensLDAPDatabaseFile based1.1.2 AuthorizationDepending on the Authentication, user’s groups and roles will be assigned and based on their privileges will allowed to administer the intermediary.Users: users would belong to a group and share roles.Group: groups will have rolesRole: roles would have none or many privilegesPrivileges: Users can be directly assigned privileges1.1.3 WS Security – SOAP BasedSecurity features will be applicable to the SOAP request as well as SOAP response but will also depend whether it’s synchronous or Asynchronous.SignatureEncryptionSignature VerificationDecryptionTimestampCRLCertification Path validation/Certificate Chain1.1.4 XML SecurityThis will be used for XML based services such as REST1.1.5 SLA – Service Level AgreementResponse timePriorityMeteringCustom rule based1.1.6 BAM – Business Activity MonitoringKPI definitionRulesActions1.1.7 DeprecationDate time rangeCustom rule based1.1.8 WS-BPEL orchestration1.1.9 Incentive based contract overridingNumber of hitsPromotion basedCustom rules1.1.10 Routing1.1.10.1 ContextContext would depend on the underlying protocolJMSHTTPEmail1.1.10.2 ContentContent evaluation will be on the SOAP message. Evaluation will be based on xpath.XPath basedStrategies could be Until Success1.1.10.3 BlindRandom selection of endpoint1.1.10.4 ParallelFirst available service1.1.10.5 Round RobinUntil success1.1.10.6 FailoverOn Network error, soap fault and timeout; default to the next available service1.1.10.7 PerformanceCached priority based service endpoint performance1.1.11 Protocol translatorThis feature will act as a protocol translator. This will be applicable in cases where a customer sends a SOAP request using HTTP for a service but the native or endpoint service is say JMS or uses some other protocol.1.1.12 Content translatorThis will be used when the request SOAP or xml needs to be changed. Probable use case would be operation change due to versioning.1.1.13 Outbound Credential translatorThis would be required when the native service requires auth tokens such as WS Security Token, Signed request.1.2 Services1.2.1 Embedded SOAP StackThe embedded SOAP stack could be used to host two types of services:a) System Services: All system related services such as resource adaptors for integration with application, instrumentation of statistical data.b) Embedded Web services: For high performance Web services that may be required by clients.1.2.2 Hot deployment of configuration filesTo orchestrate components configuration files need to be hot deployed without affecting requests in the pipeline.1.2.3 Callback based extension processorsEach component could utilize external components to process the messages. Common cases would be to say eternalize SLA processing.1.2.4 Polled Extension adaptorsApart from the intermediary related configuration files some background processes could be required to run on a timely basis.1.2.5 Service performance statisticsInstrumentation using Web service and MBeans for maintaining state as well as instrumentation.1.2.6 WS-NotificationLess of acceptance.1.2.7 Monitoring & Rule based AlertsSNMP trapsEmailSMS1.2.8 LoggingLog4j1.2.9 EventsService level transactionSystem exceptionService level business exceptionIntermediary startIntermediary stopService startService stop1.2.10 Reliable MessagingJMS based reliable message delivery1.2.11 Resource Adaptors - integrationUDDI interfaceWeb services interfaceServlet interfaceEmail interface1.2.12 Data PersistenceDatabase1.2.13 System wide data backupRule basedManual1.2.14 ClusteringSharing of resources across clustered intermediaries1.2.15 Automated endpoint service tweakingMonitoring and eliminating rouge services – Rule based1.2.16 PKI management· KeystoreMaintain keystore for WS-Security and SSL· KeypairManage Keypairs in various keystores· CRLTo manage Certification Revocation List’s by polling for CRLs from different CAs1.2.17 MIB ManagementManage MIBs1.2.18 Intermediary Policy ManagementCreate and manage service policies1.3 BindingsThe possible bindings for commonly used protocols are as follows1.3.1 HTTPCould be used for synchronous high security based Web service request with WS-security functionalities1.3.2 HTTPSCould be used for synchronous low security based Web service request1.3.3 JMSCould be used for asynchronous Web service requests1.3.4 EmailCould be used for asynchronous Web service requests1.3.5 FTPCould be used for asynchronous Web service requests1.4 Technology1.4.1 SOAP1.4.2 UDDI1.4.3 JMS1.4.4 J2EE1.4.5 Java1.4.6 WSDL1.4.7 WSDM1.4.8 WS-Security1.4.9 XML1.4.10 JMX1.4.11 RDBMS1.4.12 Directory Servers1.4.13 SNMP1.4.14 SMTP/POP1.4.15 X509 Certificates1.4.16 PKI1.4.17 JAAS

Soumadeep Gourangi