Web Services Standards

We have already mentioned SOAP and WSDL. SOAP describes the format of data that is transmitted over the wire. WSDL describes the interface specifying what messages an endpoint may receive and send. These descriptions must be understood and processed by communicating parties for meaningful exchange of messages. For this reason, they are also known as interoperability standards. Interoperability standards are critical for programs interacting over the network to work.

The most widely used version of SOAP, SOAP 1.1, is a W3C Note dated May 08, 2000. Since then, W3C has created a working group named XML Protocol Working Group, to work on its standardization. At the time of finalizing this chapter, the current specification, known as SOAP Version 1.2, has become a W3C Recommendation. There have been some changes from SOAP 1.1 to SOAP Version 1.2 in certain areas, but these changes are not significant for discussion in this chapter.

Likewise, WSDL 1.1 is a W3C Note dated March 15, 2001. The Web Services Description Working Group is working toward its standardization. The current draft maintained by this group is a working draft and may undergo significant changes before it becomes a recommended specification. Most of the current implementations are based on WSDL 1.1 and this is what we use for our discussion. Actually, most of what we talk about is independent of WSDL specifics and should be applicable to WSDL Version 1.2 as well.

The Web services standard most relevant to us in this chapter is WS Security (Web Services Security) Version 1.0 published by IBM, Microsoft and VeriSign on April 5, 2002, and available online at http://www-106.ibm.com/developerworks/webservices/library/ws-secure/. This document has been augmented with Web Services Security Addendum Version 1.0, published on August 18, 2002, and available at http://www-106.ibm.com/developerworks/webservices/library/ws-secureadd.html. Together, these documents describe enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single-message authentication.

Since the publication of WS Security specification by IBM, Microsoft and VeriSign, an OASIS (Organization for the Advancement of Structured Information Standards) Technical Committee, known as Web Services Security TC, has been formed to further develop this specification as a standard. At the time of finalizing this chapter (May 2003), this committee has not yet completed its work. For the purpose of this chapter, we rely on the two documents mentioned in the previous paragraph.