Application Security Testing: An Integral Part of DevOps
What Are Web Services?
During the last decade in the world, software didn't get a huge influx as the Internet and the World Wide Web expanded. Most enterprises accomodated the new environments created by the Internet; browser-based applications became a standard. Although they were very useful, such browser-based applications are not unique in using the Web's technology. Why not create regular applications that can offer service for a huge number of clients?
Web Services allows access to software components through standard Web protocols such as HTTP and SMTP. By using the Internet and XML, we now can create software components that communicate with others, regardless of language, platform, or culture. Web Services helps software developers create building blocks of software, which can be re-used and intergrated into their location. The new technology is one of the important components in the .NET technology.
Web Services in Practice
Have you heard the phrase "Software as a Service" and wondered about its meaning? The term Service, in day-to-day usage, refers to what you get from a service provider. But how can software be viewed as services? Suppose you didn't install Microsoft Word on your system and need to write a document. Microsoft could provide such a service, which lets you point your system to the Microsoft Word service somewhere and type away without the need to install word-processing software. When you are done, the document can be saved on a server. A service could also be provided by Microsoft or by an another company, that lets you later retrieve the document from the server. Note that for you to do this, the server, provided by a company, must host a service that allows you to store documents. Microsoft would charge you a service fee based on the amount of time your word processor is running and which features you use (such as the grammar and spell checkers). The server, which stores your documents, will also charge you a fee based on the size of your document and how long it is stored.
All of these things can be done with Web Services.
Microsoft already launched a version of the "Software as a Service," also known as the Passport authentication service. Basically, it is a centralized authentication service that you can incorporate into your Web sites. At sites using the Passport authentication service, it's no longer necessary to memorize or track numerous username/password pairs. Microsoft also announed .NET My Services, formerly codenamed "HailStorm," a set of user-centric Web Services, including identification and authentication, e-mail, instant messaging, automated alert, calendar, address book, and storage. Consolidating these user-centric services and exposing them as Web Services would allow the user to publish and manage his own information. A .NET My Services customer can also control access permissions to the data to allow or restrict access to content. These services allow other users, organizations, and smart devices to communicate and retrieve information about us. For example, how many times have you been on the road with your mobile phone and wanted your contact list from Outlook? Your mobile phone should be able to communicate with your address book Web Service to get someone's phone number, right? Currently, users store important information in many different places. With .NET My Services, information will be centrally managed.
Main Aspects of the Web Services
The technology of Web Services is based on three main areas.
- Web Service wire formats: The technology enabling universal understanding of how to perform data exchange between the service provider and consumer; the format of data for the request and response.
- Web Service discription: The Web Services Description Language (WSDL) describes how the Service can be used. Think of this as the instructions on the washing machine at the laundromat telling you where to put quarters, what buttons to push, and so forth.
- Web Service Discovery: The process of advertising or publishing a piece of software as a Service and allowing for the discovery of this service.
Web Services Framework
Web Services combine the best of both distributed componentization and the World Wide Web, extending distributed computing to broader ranges of client applications. The best thing is done by seamlessly marrying and enhancing existing technologies.
Web Services Architecture
Web Services are distributed software components accessible through standard Web protocols. The first part of the definition is similar to COM/DCOM. However, it is the second part that distinguishes Web Services from the crowd. Web Services enables software to interoperate with a much broader range of clients. While COM-aware clients can understand only COM components, Web Services can be consumed by any application that understands how to parse an XML-formatted stream transmitted through HTTP channels. XML is the key technology used in Web Services.
Web Services Wire Formats
You have heard the phrase "DCOM is COM over the wire." Web Services is similar to DCOM except that the wire is no longer a proprietary communication protocol. With Web Services, the wire formats rely on more open Internet protocols such as HTTP or SMTP. A Web Service is more or less a component through standard Internet protocols. Microsoft's .NET Web Services currently supports three protocols: HTTP, GET, HTTP POST, and SOAP (Simple Object Access Protocol, one of the most important protocols). Because these protocols are standard protocols for the Web, it is very easy for the client applications to use the services provided by the server.
Usage of Web Services
Web Services can be used in different categories. The main three categories can be described as follows:
- Direct access to the Internet
- Business to Business (B2B). That allows the communication through the Internet of applications between different Enterprises.
- Application to Application (A2A). That allows the communication through the Internet of Applications within the same Enterprise.
About the Author
This article is provided by Sonu Kapoor and is associated with Codefinger (www.codefinger.de), a company specializing in Windows Application Development.