Web Services Applications and Security: Part 1, Page 2
This service offers a wide variety of information to the customer, such as all books from a particular publisher/subject, and so forth. How can we get information from a wide network? Is there any mechanism, such as browsing all Web sites to get information?
- The answer is that service providers (Book Publishers) register their service in a business registry and provide information about their services. For example, a service provider offers a BrowseCatalog service that allows a person to see all the books that the provider published. The provider should register this service with the business registry with details about what books are published in each category and the URL to access the service.
- The Bookstore Application searches the business registry with a query that was passed by the customer with his choice of interest.
- The BrowseCatalog Service starts finding the books that matched the customer's search string.
- The registry sends and receives information to the BrowseCatalog service that meets the search criteria. The BrowseCatalog service sends the customers a list of the books that are available from different publishers.
- If there are no books available, the Bookstore Application asks the customer whether he is interested in another book. If customer is ready to go for another request, it continues its job until the customer likes the result.
Once the user gets a set of results that matches his interest, he spends time choosing the best option out of a set in terms of price, concepts, quality, and so forth. Now he is ready to place an order for the book. The Order Service is the service provided by service providers (Book Publisher) to place an order. Let us see what steps are involved in placing an order.
- It asks the customer about personal details such as name, contact information, shipment address, and the date that he prefers for the book's delivery.
- It also keeps data about the date of birth and his areas of interest for further reference or correspondence.
- It asks the customer the mode of payment that he desires, such as a credit card or cheque (if it is allowed).
- After the customer has placed the order in Bookstore Application, it automatically navigates into the Payment Service.
The Payment Service is actually the core piece of the Bookstore Application. It deals with the more critical data, such as credit card information. We will see in the next section how can we secure the data and our Web Services application. Before that, let us examine how the payment service works.
- The Bookstore Application deals with the Payment Service for payment authorization. The Payment Service does lot of validation on the information provided by customer, whether he is reliable or not.
- The information provided in Payment Service may travel through different networks, so there is a chance to lose valuable credit card or other information.
- There is need to impose high security measures to make the application reliable, such as encrypting the credit card information, authenticating the user, authorizing permission to access services, and so forth.
- The Bookstore application authenticates the user when he logs in to the system. It also allots permission to access the various services based on their category of registration (payment/general).
- It encrypts the credit card information before it sends it across the application.
- There are many ways to make an application secure. So, the next part of this article talks about various security scenarios that help to make a Web Service application secure.
The Key Benefits of a Web Services Approach
- When we compare the two approaches, it is hard to extend beyond the original scope; in other words, the customer might need information (more URLs or book information) from the Bookstore Application.
- In Approach 1, there is no common registry. But the Web Services approach (Approach 2) provides a widely accepted common registry (cross vendors, platforms, and the industry).
- The Web Services Approach provides a consistent architecture, whether the application has to be used inside or outside of the enterprise and regardless of which development environment is used.
- The base of the Web Services Architecture is SOA, which is a new architectural approach that is more flexible to enhance the application.
- A lot of money can be saved by getting the information and presenting the content. This is a very simple phenomenon; everybody publishes their work and you may use their service if it matches your needs.
- We can close the services that are not profitable without affecting the other services.
Let us stop getting the list. These are only a few benefits from the Web Service model. It may provide a lot more, depending on how effectively you designed and implemented the application.
If you have keenly observed the application, you can guess that some of the services deal with money transactions, especially the PaymentService component. It takes credit card information and invokes another Web Service such as verification of the credit card holder's details. There are chances to make the data that has been transferring over the Internet confidential. So, security plays an important role in making the Web Services Application more reliable and usable.
The next part of this article gives you a picture of how you can make a simple Web Services application secure.
About the Author
Sridhar Ravuthula is a senior software engineer with Hewlett-Packard, India. He has a master's degree in computer applications. Sridhar has been involved in designing and developing J2EE-based solutions on various platforms. He has worked in flagship product development, e-speak, and HP Bluestone (HPAS).