Web Services Applications and Security: Part 1
Business and technology are the two arms of any company that like to offer services to satisfy customer needs efficiently. It has been proven that technology helps the business execute in a manner that reaches the customers of global scope using the latest technologies, such as the Internet and other communication channels, such as mobile. For the past couple of years, the technology has helped design new business models. One such business model is e-commerce or e-business, which is nothing but business over the wire/Internet. This model is used for Business-to-Business (B2B) transactions and Business-to-Customer (B2C) transactions. Now, most organizations (private and public, ltd) prefer to establish their business through the Internet.
So, it is clear that technology revolutions are helping in key decisions of long-term corporate planning and giving ideas to think about innovative ways to do business in a highly efficient and effective manner that meets and satisfies the customers' needs.
One recent revolution in technology is the Service Oriented Approach (SOA) or Web Services Model, which changes the business over the Web or redesigns the e-commerce model. It is a loosely coupled architecture that fits into an existing system/infrastructure and is more flexible to enhance the application later.
The SOA or Web Services model is an approach that allows the publishing of business functionalities as services and registered with some broker. The customer or consumer of the service then can contact the broker to get the best services in terms of cost effectiveness and quality. The companies like to move their services as Web Services, but they are really looking for the key benefits that they are getting out of the Web Services model.
When you decide to start a business, you need to think not only about getting profit from the business, but also about things that can affect your business in the future. One important thing is the security implementation in your Web Service Application.
The objective of this article is to bring out the key benefits of the Web Services model and attempt to throw some light on various security scenarios for the implementation of the Web Service application to make your application more reliable and secure.
So, let us start our journey with the following route map now.
- What is a Web Services Model?
- When should you use a Web Services model?
- What are the key benefits of a Web Services model?
- How can we secure a Web Services application?
Web Services are a new breed of Web applications. They are self-contained, self-describing, and modular applications that can be published, located, and invoked across the Web. Web Services perform functions that can be anything from simple requests to complicated business processes. Once a Web Service is deployed, other applications (and other Web Services) can discover and invoke the deployed service.
The following Use Case scenario demonstrates how the Web Services model helps do business in innovative ways, the key benefits that we get from it, and gives you an overview of various scenarios to make an application efficient in terms of security.
Use Case: Online Bookstore Web Services Application
Before going into Use Case functionalities, let us look at the key things involved in this use case. The use case demonstrates how a Web Service application is different from a normal e-commerce application and the value added for the business when we move into a Web Service model.
The Online Bookstore Use Case involves functionalities such as providing interfaces to browse catalogs of books, get an order from the customer, accept online payment, and so forth.
What are the customer's key requirements?
The customer wants to buy a book and he/she would like to search for a book that matches his/her requirements in terms of cost, concepts, breadth of knowledge, and so on. The customer does not want to limit himself to few links. He does not care whether the broker has contacts with all the publishers or not. The customer's main aim is to get the best book that matches his interest.
|Let us look at how Web Services approach makes a difference over the existing e-commerce approach.|
Approach 1—Normal E-Commerce/General Web Site Approach
We have used many Web sites that are doing business over the Internet/Web. You might be aware of how they operate and execute their service. This article does not focus on how they built the application. This article aims to bring out how the Web Service model is more beneficial than a simple e-commerce approach.
Suppose you implement a Bookstore application just like a normal Web site that provides a set of links to each category by Subject/Author/Publisher. Then let us see what is happening.
The customer is able to get information only about a set of URLs/links/pages provided by the Web site. This is very limited information because any Web site can provide only a set of links/pages under each category.
- He should be restricted to get limited information.
- If he is not satisfied with the information at the Web site, he needs to go to another Web site for more information.
- He has to spend a lot of time in terms of browsing all these sites and there is no guarantee that he will get the information he wants.
- He is not able to get a wide amount of information about his choice.
- The provider needs to provide more information about each category of books.
- It is a very difficult task to maintain a whole set of information about different publishers, subjects, concepts, and so forth.
- If the provider is very much interested in offering all the information, he should spend a lot of money to get information and present the information in terms of Web pages.
Approach 2—Recommended Approach
Web Services Architecture
The important entities in this architecture are the Service Provider and Service Requestor. Service providers (producers) maintain information about their services in a registry. Service requesters (consumers) search registries for services. Once found, a service can be invoked. A Service Broker (Registry Provider) is a repository of all services that are registered with the Registry. Assume that in our use case, book publishers (Wrox, O'Reilly, and so on) act as Service Providers and customers play the role of service consumers.
The bookstore application acts as a Service Broker to provide an interface between the customer and service providers.
Online Bookstore Application Use Case Diagram
Following are some services that are offered at the Bookstore Application:
- BrowseCatalog Service
- Order Service
- Payment Service
Let us look at each service and how it fit into the Web Services architecture.