Trends in Global Application Development

Featured Featured
Uploaded from authorPOINT
Download as
 PPT
Presentation Description 

No description available

Comments Sign in to comment
Embed URL Thumbnail


Custom Embed WordPress Embed

Views: 451
Like it  ( Likes) Dislike it  ( Dislikes)
Added: June 15, 2007 This Presentation is Public 
Presentation Category : Education All Rights Reserved
Presentation Transcript

Trends in Global Application Development: Trends in Global Application Development Alberto Pace - January 2002 alberto.pace@cern.ch http://cern.ch/alberto.pace


The web as an application platform: The web as an application platform The web as the backbone of distributed applications The vertical integration of E-commerce has shown its limits: A single company cannot do it all Production, Marketing, catalogue, web portal, Sales, Distribution, After sales support, etc Going back to the real segmented world: Companies do only what they are good at. This requires improvements and automation in the business-to-business (B2B) technology.


What we have already: What we have already The 'old' web was targeted to humans, not computers. We have a world-wide file system, read/write (webdav) XML seems to be 'the' way to represents information Automation of b2b relations is done only with expensive, custom, non-reusable, developments SOAP addresses these issues Goes well beyond the b2b case, several technologies can be leveraged for CERN needs


Ideas behind SOAP : Ideas behind SOAP The web as the backbone of distributed applications SOAP is a set of well defined XML schemas used for remote procedure calls, and Object Oriented programming Allows Method invocation, property modifications, event triggering, callback notifications, etc. By using HTTP/XML, it is possible to reach any OS (not only Windows and Unix) and any device (not only computers)


SOAP: SOAP Simple Object Access Protocol Fully based on HTTP (or Secure HTTP) Remote Procedure call (RPC) model inspired by CORBA Internet Inter Object Protocol (IIOP) Supported by W3C and by all major names in the computing industry (Compaq, HP, IBM, Microsoft, SAP Sun, Oracle, and other companies) http://www.w3.org/2000/xp/


SOAP Example: SOAP Example POST /path/foo.pl HTTP/1.1 Content-Type: text/xml Content-Length: nnnn andlt;soap:Envelopeandgt; andlt;soap:Bodyandgt; andlt;Addandgt; andlt;arg1andgt;24andlt;/arg1andgt; andlt;arg2andgt;53.2andlt;/arg2andgt; andlt;/Addandgt; andlt;/soap:Bodyandgt; andlt;/soap:Envelopeandgt; 200 OK Content-Type: text/xml Content-Length: nnnn andlt;soap:Envelopeandgt; andlt;soap:Bodyandgt; andlt;Responseandgt; andlt;sumandgt;77.2andlt;/sumandgt; andlt;/Responseandgt; andlt;/soap:Bodyandgt; andlt;/soap:Envelopeandgt; (simplified)


SOAP terminology: SOAP terminology WebMethod The URL used to invoke a function implemented in a WebService A WebService can expose an unlimited number of WebMethods WebService (or SOAP interface) An URL (accessible using HTTP) that exposes a set of callable methods that conform to the SOAP XML schema A device on the network (internet), can expose an unlimited number of WebServices WSDL (Web Service Definition Language) Contract An XML document that describes the WebService for programmatical use. Every Web Service should expose a WSDL contract that allow the automated interface discovery by SOAP clients.


Demo of SOAP: Demo of SOAP Normally you never use telnet to connect to a Web server, unless you really want to see how http is implemented Similarly, you never use a web browser to connect to a webservice, unless you really want to see the XML that implements SOAP Web Service Standard SOAP (XML / HTTP) Web Browser


Slides for the DEMO no 1: Slides for the DEMO no 1


Demo of SOAP: Demo of SOAP SOAP is used only for inter-object communications One or more objects implement the user interface. The user interface is in this example, based on HTML Web Application Web Browser Standard HTTP Web Service Standard SOAP (XML / HTTP)


DEMO No 2: DEMO No 2 Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim ws As New pcap5.Service1() ws.SetMagnetCurrent(TextBox1.Text) End Sub


User interface: Web Service Web Service User interface SOAP represents ONLY how objects communicates between them There is STRICTLY no implications on the user interface. Any SOAP agent can have a user interface and it can be a native Windows or Unix application Web Service SOAP (XML / HTTP) Web Service Web Service Web Service Web Service Custom User Interface User Interface


Demo of SOAP: Demo of SOAP The usage of web services is completely hidden to the user that cannot be aware that he is using the web Web Service Standard SOAP (XML / HTTP) Windows Application Native Win32 User interface


Demo No 3: Demo No 3 Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim ws As New pcap5.Service1() ws.SetMagnetCurrent( textbox1.Text) End Sub


Security of SOAP: Security of SOAP When running on the internet every object of your distributed application is accessible by anyone Security can be implemented at the web service level, but typically is done at the web server (Apache, IIS) level (see next slides). In a distributed application using SOAP, security must be thought from the beginning. Don’t implement everything without security and then expect the 'network administrator' to fix the security for you. Especially if you are planning to use SSL.


Security and authentication: Security and authentication On the Web, security has been traditionally been implemented at the '(web) server level' Local accounts, local password, local authentication, local authorization. A different account for every service you access on the internet Kerberos has been one technology that did not reach the web immediately Typically limited by the necessity of a web server to be able to forward authentication credentials to a database server Certificates have been effective to identify Computers (servers) but not people … but things are changing …


Passport.com and Kerberos: Passport.com and Kerberos 'Endorse' Kerberos and 'Extend' Solves 2 major problems 1) forwarding credentials between 'trusted servers' (ticket forwarding) 2) share user-defined 'profiles' among independent servers (hailstorm, myservices) But there is one additional issue Passport.com is owned by Microsoft


World-Wide kerberos-based services: World-Wide kerberos-based services Example: passport.com The login server checks the Site ID and return URL. They must match a server registration in the login server


Slide19: World-Wide kerberos-based services Example: passport.com If the user’s sign-in name and password match in the login database, the user is authenticated and the Passport Unique Identifier (PUID) and Passport Profile are extracted from the Passport database The user is redirected to the participating site, and the encrypted ticket and profile data are passed to the site as query string parameters Web Server


Demo: Demo Site with authentication using passport.com http://www.argosytech.com/ http://www.doristheflorist.com/ http://www.ebay.com/ http://www.edine.com/ http://www.expedia.com/ http://www.fye.com/ http://lastminute.com/


Slides for DEMO No 4: Slides for DEMO No 4


Demo No 4 (missing profile): Demo No 4 (missing profile)


Passport.com owned by Microsoft: Passport.com owned by Microsoft The technology is simple and works Anybody can setup an identical service: Passport.org is still free, anybody can take his chance … We have identical services already at CERN AIS login for EDH, HRT, BHT, PIE, … WinServices/WebServices authentication Missing 'SITE ID concept' that allows independent user authentication per site (with same login/password) – but straightforward to implement But there is more …


Is the owner of passport.com an issue ?: Is the owner of passport.com an issue ? The Passport.com ticket only guarantees you that the 'entity' who claims to be 'myname@mycompany.com' has access to the 'myname@mycompany.com' mailbox. In other words this means that the 'real authentication' of the user is DELEGATED to the mail administrator of the mycompany.com site. If you hack the mailbox, you hack the passport. Basically the passport initiative creates a worldwide web account repository based on email addresses where authentication is delegated to the existing mail servers and authorizarion is done by the web servers (based on email addresses) No need to have user certificates (nightmare to manage)


Role of the WSDL interface: Role of the WSDL interface Allows 'Discovery' of your webservices by other software (or human being). It always contains the XML formal definitions of all callable webmethods i.e. the programmatical interface can be discovered It can contain documentation in human-readable format (XML + DTD) i.e. functionalities can be discovered In the demos, we have seen how Visual Studio can, given the URL of a webservice, discover all its methods and their exact semantics


The UDDI initiative: The UDDI initiative UDDI = Universal Description Discovery and Integration – See http://www.uddi.org UBR (UDDI Business Registry), based on the WSDL contract It is a set of specifications to describe and discover WebServices Mainly targeted at the b2b communities Applications like Office and internet Explorer will be integrated within UDDI. Services can be plugged in your desktop effortless Great opportunities for services distributions, including application distributions, File and Web Storage, authentication, authorization, payment, … Basically almost all what we are doing in-house today


Demo : Demo A company makes Routers and Network devices http://www.linksys.com


Creating SOAP applications: Creating SOAP applications You don’t need to learn SOAP SOAP can be buried in your ORB product A 'CORBA version' using SOAP instead of IIOP Your existing object can use soap without modification SOAP can be buried in your Web Server Apache, ASP/ISAPI, JSP/Servlets The server maps SOAP calls into COM+, Corba, RMI, … SOAP can roll from your own components Written in any language (Java, Perl, Basic, C/C++/C#…) Can be automatically generated from your development environment Visual Studio .NET has built-in SOAP support. This includes Visual Basic, C++, C#.


SOAP implementations (webservices): SOAP implementations (webservices) Too many for a single page Links to some 'partial lists' http://www.soapware.org/directory/4/implementations http://www.soaplite.com/#TOOLKITS If you search on Google for 'SOAP+Linux+implementations' you get back 4300 pages Linux Magazine claims 'there are already more than 60 implementations of SOAP available for just about any programming language'


Conclusion: Conclusion Put the WEB at the 'core' of your computing services Understand security implications Tools exists to build distributed, global services and applications that can be targeted to any platform (virtually anything that can acces the internet, including mobile phones, webTv, etc …). Your applications will cross all firewalls It is no longer vaporware, but real implementations exist, are used and have real companies behind It has never been easier to build web applications using the current generation of tools We can even expect a migration of Win32 applications to the Web (as a platform)


Slide31: http://cern.ch/web http://cern.ch/win http://cern.ch/mail http://cern.ch/it-div-is-techmeet