132 Broker Interactions for Intra- and Inter-enterprise
For more details on the Web Services Invocation Framework see:
http://ws.apache.org/wsif/
7.3.3 Web services and the service-oriented architecture
Service-oriented architectures (SOAs) support a programming model that allows
service components residing on a network to be published, discovered, and
invoked by each other in a platform, network protocol, and
language-independent manner.
The origin of SOA can be traced back to Remote Procedure Calls (RPCs),
distributed object protocols such as CORBA and Java RMI, and
component-based architecture such as J2EE/EJBs (Sun) and
(D)COM/COM+/.Net (Microsoft).
Using XML over HTTP, Web services extend the SOA programming model into
the global Internet, allowing the publication, deployment, and discovery of
service applications over the Internet.
For more information on SOA and Web services, refer to:
http://www.ibm.com/software/solutions/webservices/resources.html
This Web site provides a collection of IBM resources on this topic. For example,
there is an introduction to the SOA in a white paper titled Web Services
Conceptual Architecture (WSCA 1.0).
7.3.4 Web services security
In April 2002, IBM and Microsoft proposed a technical strategy and roadmap for
“addressing security within a Web service environment.” The Web services
security specifications define a comprehensive Web service security model that
supports, integrates, and unifies several popular security models, mechanisms,
and technologies (including both symmetric and public key technologies) in a
way that enables a variety of systems to securely interoperate in a platform- and
language-neutral manner.
The Web services security specification provides a broad set of specifications
that cover security technologies, including authentication, authorization, privacy,
trust, integrity, confidentiality, secure communications channels, federation,
delegation, and auditing across a wide spectrum of application and business
topologies. These specifications provide a framework that is extensible and
flexible, and that maximizes existing investments in security infrastructure. By
leveraging the natural extensibility that is at the core of the Web services model,