1. Field of the Invention
The present invention relates generally to a data processing system and in particular to a method and apparatus for web services. More particularly, the present invention relates to a computer implemented method, apparatus, and computer usable program code for processing of extensible markup language (XML) security messages using delta parsing technology with a lightweight data model.
2. Description of the Related Art
A web service is a collection of protocols and standards for enabling an application to interact and exchange data with one or more other applications over the Internet. An application that is available over the Internet may be referred to as a web application or a web service application. Web services enable applications on different hardware, software, databases, or network platforms to interact with each other over the Internet.
Web services provide self-contained, modular, platform-independent applications. Web service applications are not limited to any one operating system platform or programming language for applications to communicate and exchange data. For example, encoding web services messages in extensible markup language enables an application on a computer running a Unix® operating system to interact with an application associated with a computer running a Windows® operating system. Likewise, an application written in Java® can interact with an application written in a different programming language, such as practical extraction and report language. Thus, a web service is like an application programming interface that allows a client to execute an application on a remote computing device as if the application were present on the client's own system.
Web services may be implemented using service oriented architecture in which the basic unit of communication and data exchange between applications is a message. Web services message-level communications between applications are generally performed in extensible markup language format. Web services exchange extensible markup language documents and messages over the Internet using standards such as transmission control protocol/Internet protocol, hypertext transfer protocol, simple object access protocol, web service definition language, and other standards and protocol layers for exchanging data over the Internet.
Web services enable business applications to be shared, combined, and used by heterogeneous computing devices within a business or enterprise. Web services also allow those business applications to be shared with customers, suppliers, vendors, and business partners. Due to the varied and widespread uses of web services, security of web services messages is important to ensure trust and privacy for users, as well as to avoid malicious and intentional changes of web services messages, man-in-the-middle attacks, and repudiations by senders.
Web Services Security defines data structures describing digital signatures, encryption, and other security devices that can be implemented on top of a simple object access protocol message to secure message data. When Web Services Security is applied to a Web Services message, the message may be referred to as a security message. Simple object access protocol is the basic messaging protocol for exchanging extensible markup language messages, such as security messages. The simple object access protocol may be thought of as an envelope that encloses an extensible markup language message. Web Services Security provides enhancements to simple object access protocol messaging to provide increased security of message data exchanged by web services. Many of the security features and protocols used in a security message may be found in the simple object access protocol envelope associated with the message.
However, Web Services Security processing typically requires that the entire content of an extensible markup language security message be parsed and stored in memory as a tree-based data model, such as document object model. Document object model tree-type data models can result in considerable overhead for creating the data model, as well as for traversing the possibly extensive nodes and branches in the data model to access needed data values. Thus, currently available Web Services Security message processing may result in decreased performance due to the overhead associated with processing the extensible markup language security message in addition to the overhead associated with the verbosity of extensible markup language messages.