Simple Object Access Protocol

Karthikeyan Chandrasekaran

&

Nandakumar Padmanabhan

Agenda

Introduction to SOAP How SOAP works

Architecture Examples & demo

Security Aspects Strengths & Weaknesses Web Services.

Formal Definition

SOAP is lightweight, simple XML-based protocol designed to exchange information in a decentralized and distributed environment.

Current Scenario

Web-based services are popular.

Communication between components on different computers.

Difference in technologies and platforms.

Difficulty in achieving interoperability.

Solutions

Distributed Component Architecture (DCOM)

CORBA (Common Object Request Broker Architecture)

Remote Scripting

Java RMI

Why SOAP ? Shortcoming of these technologies– they do not natively

interoperate with each other.

In real world scenarios client and server have different platforms, standards.

Internet supports a wide range of services.

Steep learning curve and the complexities involved .

The solution is SOAP.

Firewall Problems

COM's port management similar to sockets port management.

Most network administrators don't like opening their servers to a range of port addresses.

Usually the Http port is open .

HTTP Protocol

HTTP protocol uses port 80 to communicate over the Internet.

SOAP uses HTTP as its transport mechanism.

Purpose Of SOAP

Improve cross-platform interoperability using the Web and XML.

Enables different programs, written in different languages and running on different platforms, to communicate with each other.

Plus Point

SOAP uses HTTP for transport binding.

Most organizations are familiar with HTTP and already have it incorporated into their network infrastructure.

No complex changes to the network or firewalls needed.

Main Concepts SOAP consists of four parts :

SOAP envelope - what is in a message, who should deal with it, and whether it is optional or mandatory.

SOAP encoding rules - Serialization mechanism used to exchange instances of application-defined datatypes.

Main Concepts (continued)

SOAP RPC representation – A convention that can be used to represent remote procedure calls and responses.

SOAP binding - A convention for exchanging SOAP envelopes between peers using an underlying protocol for transport.

SOAP Architecture

SOAP Node

SOAP node Implemented at client(sender) and server(receiver).

Processes messages according to the formal set of conventions.

Enforces the rules that govern the exchange of SOAP messages.

Accesses the services provided by the underlying protocols through SOAP bindings.

SOAP Message Format

Soap message is an XML document that consists of mandatory SOAP envelope optional SOAP Header mandatory SOAP Body.

SOAP Message Header SOAP Header is a generic mechanism for adding features to

a SOAP message in a decentralized manner.

No prior agreement between the communicating parties is required.

Header may be edited by intermediaries to change the information to be sent to the receiver.

Two types of headers are available in HTTP Request Header – for request messages Response Header – for response messages.

DEMO>>>

Security Within SOAP

SOAP specification does not define any protocol-specific security features.

Utilizes standard HTTP security features. HTTP authentication mechanisms SSL for secure channel communications (using HTTPS).

Security Aspects

Potential security threat due to plain text nature of data.

Security features may be added to the SOAP header.

Transport protocols such as SSL, TLS, and IP SECurity (IPSec) can provide the integrity and confidentiality of the message during transmission.

Developing SOAP Application

SOAP toolkits available to create and parse the SOAP messages.

It helps translate function calls from some kind of language to a SOAP message.

For example Microsoft SOAP Toolkit 2.0 translates COM function calls to

SOAP Apache toolkit translates Java function calls to SOAP.

Pros

Cross Platform Interoperability.

Can support a range of applications – RPC, XML.

Small and easy to implement. Can reuse existing XML Parsers and HTTP libraries.

Main Advantage

Firewalls block most ports, except the standard HTTP port 80.

Most distributed object protocols like DCOM use dynamically assigned ports for remote method invocations.

SOAP uses HTTP as the transport mechanism. No problem invoking SOAP endpoints from either side of a firewall.

Cons Still Evolving.

SOAP data is sent as XML text for standardization.

Converting all data into text and parsing it back into data structures at the other end can use up quite a bit of

processing power.

No inbuilt security features.

References http://www.develop.com/soap/ http://www.microsoft.com/mind/0100/soap/soap.asp http://msdn.microsoft.com/theshow/Episode010/default.asp http://www.w3.org/TR/soap12-part1/ http://www.develop.com/soap/soapfaq.htm http://dcb.sun.com/practices/webservices/overviews/overview_soap.jsp