Services provided over the Internet, commonly referred to as web services or application services, are evolving. Likewise, technologies that facilitate such services are also evolving. A web service can be defined as any information sources or business processes that are conveniently made available for use by an application or end-user. Web services typically include some combination of programming and data that are made available from an application server for end users and other network-connected application programs.
Activities focusing on defining and standardizing the use of web services include the development of Web Services Description Language (WSDL). WSDL is an Extensible Markup Language (XML) format for describing web services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. The operations and messages associated with a web service are described abstractly using WSDL, and then bound to a particular network protocol and message format to define an endpoint. Related endpoints may be combined into an abstract collection of endpoints to define a particular web service. A document described as Version 1.1 of Web Services Description Language is available from the World Wide Web Consortium (W3C). WSDL 1.1 is incorporated by reference in its entirety for all purposes as if fully set forth herein.
Descriptions of web services are commonly published in Universal Description, Discovery, and Integration (UDDI) registries, from which they are available for metadata querying, retrieval and interpretation by a potential user or requester of a given web service. A collection of documents described as UDDI Version 3 Specification is available from the OASIS (Organization for the Advancement of Structured Information Standards) UDDI Specifications Technical Committee. The collection of documents is currently described as including (1) UDDI Version 3.0 Features List; (2) UDDI Version 3.0; (3) UDDI Version 3.0 XML Schema; (4) UDDI Version 3.0 WSDL Service Interface Descriptions; all of which are incorporated by reference in their entirety for all purposes as if fully set forth herein. UDDI Version 3.0 provides a specification for building flexible, interoperable XML Web services registries that are useful in private as well as public deployments of web services, and offers clients and application developers a comprehensive and complete blueprint of a description and discovery foundation for a diverse set of Web services architectures.
Web services are increasingly becoming the means through which business enterprises interoperate, such as in the context of business-to-business (B2B) transactions. The prominence of security issues with respect to web services increases as more business transactions utilize such technology. One approach to securing web service exchanges is the use of Web Services Security (WSS), which is currently described in “Web Services Security: SOAP Message Security” available from the OASIS Web Services Security Technical Committee. With the WSS approach, enhancements to SOAP messaging are employed to provide quality of protection through message integrity and single message authentication. Further, the WSS approach provides a general-purpose mechanism for associating security tokens with messages. However, the WSS approach has shortcomings with respect to use with legacy business-transaction applications that were not designed to communicate with modern-day web services and the associated level of security provided to such transactions. Examples of such shortcomings are described below.
Based on the foregoing, there is a general need for enhanced security and processing with web service business transactions. There is a specific need for enhanced security with web service business transactions that involve legacy and proprietary systems.
Trading Partners
Many legacy applications and systems currently used in facilitating business-to-business transactions do not protect communications associated with web service transactions (such communications are referred to herein as “exchanges”) simply with security validations and tokens alone. Rather, such legacy applications may also protect and enhance communications at the transport layer and tailor processing by participating end systems by using prior customized setup procedures that are pertinent to business transactions between “trading partners”. For example, trading partners typically form legal, procedural and other agreements that govern web service business transactions among such partners. However, the WSS approach to securing web service exchanges is silent with respect to the notion of trading partners and the associated agreements and governance that the agreements provide.
Various parties have notions of how trading partner relationships are defined and the associated significance of trading partners. However, known efforts in the area of trading partners are directed at facilitating trading partner establishment, such as setup and exchange of information associated with trading partner agreements, rather than directed at enhancing web service business transactions at transaction-time. For example, tpaML (Trading Partner Agreement Markup Language) uses XML to define and implement electronic contracts. The foundation of tpaML is the Trading Partner Agreement (TPA), which defines how trading partners will interact at the transport, document exchange and business protocol layers. A TPA contains the general contract terms and conditions, participant roles (buyers, sellers), communication and security protocols and business processes, (valid actions, sequencing rules, etc.). XML-based TPA documents capture the essential information upon which trading partners must agree in order for their applications and business processes to communicate.
tpaML is a complementary technology to the ebXML (the Electronic Business XML) initiative, which is a global initiative to develop an open technical framework to enable XML to be utilized in a consistent and uniform manner for the exchange of all electronic business data. ebXML is a modular suite of specifications that enables enterprises of any size and in any geographical location to conduct business over the Internet. Using ebXML, companies now have a standard method to exchange business messages, conduct trading relationships, communicate data in common terms and define and register business processes. In the past, the technology available for most businesses to exchange data was electronic data interchange (EDI). The scope of the focus of ebXML is business transactions in general; not necessarily modern-day web service-specific business transactions, such as with web services that are described in WSDL.
Based on the foregoing, there is a need for assistance with the migration of legacy and proprietary applications so that they can interact efficiently with modern-day Web Services in the context of business transactions over a network.