Still working on descriptions.
See *** for some new/merged items.
Most of the words are from Rogers message [1].
[1]
http://lists.w3.org/Archives/Public/www-ws-arch/2003Oct/0010.html
Paul
Ednote:
Pointer to IPR policies for various orgs (W3C, OASIS)
Copyright != IPR
Copyright not related to implementation of spec.
SOAP - Basic messaging spec for Web services. SOAP 1.1 has been very
widely implemented and is part of the WS-I Basic Profile Version 1.0.
SOAP 1.2 went to Recommendation status in June, 2003. It does not seem
likely that SOAP 1.2 will be particularly controversial and major vendors
will probably implement it quickly now that it is a
recommendation.
Web
Services Interoperability Organization, Basic Profile Version 1.0a, Final
Specification, 2003-08-08,
http://ws-i.org/Profiles/Basic/2003-08/BasicProfile-1.0a.html
W3C
NOTE, SOAP: Simple Object Access Protocol 1.1, 08 May 2000,
http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
W3C,
SOAP Version 1.2 Part 1: Messaging Framework, W3C Recommendation, 24 June
2003,
http://www.w3.org/TR/2003/REC-soap12-part1-20030624/
W3C,
SOAP Version 1.2 Part 2: Adjuncts, W3C Recommendation, 24 June 2003,
http://www.w3.org/TR/2003/REC-soap12-part2-20030624/
EbMS - EbXML Messaging - transport, routing and packaging of business
transactions. Part of the larger ebXML structure, this spec leverages
SOAP 1.1 but adds a number of business-critical capabilities such as
security (roughly at the level of WS-Security, I think) and reliability.
EbMS 1.0 was part of the original ebXML package, ebMS 2.0 is a
significant improvement, currently in "final draft" in OASIS (I
think). In practice it appears that much of the industry uptake of ebXML
has been essentially ebMS as opposed to the higher level portions of the
ebXML package.
OASIS,
Message Service Specification, Version 2.0, OASIS ebXML Messaging
Services Technical Committee, 1 April 2002,
http://www.oasis-open.org/committees/ebxml-msg/documents/ebMS_v2_0.pdf
WSDL - Basic Web services description spec. WSDL 1.1 has been very
widely implemented and is part of the WS-I Basic Profile Version 1.0.
WSDL 1.2 is being developed in the W3C and is in a "middle"
stage of the process. There does not seem to be any particular
competition to WSDL 1.2 in other standards organizations and major
vendors will probably implement it quickly once it becomes a
recommendation (which will take a while).
W3C, Web
Services Description Language (WSDL) 1.1, W3C Node, 15 March 2001,
http://www.w3.org/TR/2001/NOTE-wsdl-20010315
W3C,
Web Services Description Language (WSDL) Version 1.2 Part 1: Core
Language, W3C Working Draft, 11 June 2003,
http://www.w3.org/TR/2003/WD-wsdl12-20030611
W3C,
Web Services Description Language (WSDL) Version 1.2 Part 2: Message
Patterns, W3C Working Draft, 11 June 2003,
http://www.w3.org/TR/2003/WD-wsdl12-patterns-20030611
W3C,
Web Services Description Language (WSDL) Version 1.2 Part 3: Bindings,
W3C Working Draft, 11 June 2003,
http://www.w3.org/TR/2003/WD-wsdl12-bindings-20030611
EbCPPA - EbXML Collaboration Protocol Profile and Agreement - The
Collaboration Protocol Profiles (CPPs) and Agreements (CPAs) which define
a business partner's technical capabilities to engage in electronic
business collaborations with other partners, and the technical agreement
between two or more partners to engage in electronic business
collaboration. Version 1.0 was part of the original ebXML package,
version 2 has significant upgrades and was ratified Dec, 2002. Although
the CPP/CPA framework seems very business oriented, I do not know of many
(or any, to be honest) examples of it being used in production.
OASIS,
Collaboration-Protocol Profile and Agreement Specification, Version 2.0,
OASIS ebXML Collaboration Protocol Profile and Agreement Technical
Committee, 23 September 2002
,http://www.oasis-open.org/committees/download.php/204/ebcpp-2.0.pdf
UDDI (Universal Description, Discovery, and Integration)- Web
services registry. Version 2 adopted 4/2003 has been implemented by a
number of vendors. Version 3, under development, includes new features
like subscriptions/notification, support for digital signatures, keys
assigned by publishers rather than registry providers (which may
facilitate the development of federation), better support for copying of
registry entries between non-replicated registries. UDDI v3 specifies
Schema Centric Canonocalization when using digital signatures.
Implementation of UDDI on the internet has stalled but there is
widespread interest in using UDDI in corporate intranets.
OASIS,
Universal Description, Discovery and Integration (UDDI) Version 3.0
Published Specification, 19 July 2002,
http://www.oasis-open.org/committees/uddi-spec/doc/tcspecs.htm#uddiv3
OASIS,
Universal Description, Discovery and Integration (UDDI) V2.0, 19 July
2002,
http://www.oasis-open.org/committees/uddi-spec/tcspecs.shtml#uddiv2
OASIS,
Schema Centric XML Canonicalization, Version 1.0, 10 July 2002,
http://uddi.org/pubs/SchemaCentricCanonicalization-20020710.htm
ebXML Registry Services - - ebeXML registry, provides function along
lines similar to UDDI. Version 2 adopted 12/2001. See also the ebXML
Registry Information Model
OASIS,
OASIS/ebXML Registry Information Model v2.0, Approved OASIS Standard,
OASIS/ebXML Registry Technical Committee, April 2002,
http://oasis-open.org/committees/regrep/documents/2.0/specs/ebrim.pdf
OASIS,
OASIS/ebXML Registry Services Specification v2.0, Approved OASIS
Standard, OASIS/ebXML Registry Technical Committee, April 2002,
http://oasis-open.org/committees/regrep/documents/2.0/specs/ebrs.pdf
AS2 - Probably best viewed as an alternative to Web services, AS2 is
a draft spec from the IETF. It has not made it completely through the
IETF process, but it appears to be relatively stable nonetheless. It
provides basic but non-extensible security and reliability features for a
payload that may be a binary file (typically an old fashioned EDI file)
or XML. AS2 seems to be appropriate for simple transactions, particularly
those that can be performed synchronously, but may not lend itself to
more elaborate scenarios. WalMart has provided a huge boost to AS2
implementation by requiring in order to do EDI business with them. See,
for example, discussions in product offerings from Isoft and Sterling
Commerce.
XML Signature - Digital signature for an XML document, providing proof of
data integrity, message and user authentication. Used by WS-Security and
ebXML security. This is a mature, widely used spec.
W3C,
XML-Signature Syntax and Processing - W3C Recommendation, 12 February
2002,
http://www.w3.org/TR/xmldsig-core/
XML Encryption - Digital encryption of documents or portions of
documents. Recently (12/2002) finalized, not yet widely used but
presumably it will be.
W3C, XML
Encryption Syntax and Processing - W3C Recommendation, 10 December 2002,
http://www.w3.org/TR/2002/PR-xmlenc-core-20021003/
XKMS - XML Key Management - Protocols for distributing and managing
public keys, intended for use with XML Signature and Encryption. Work in
progress. Based on XKMS proposal
http://www.w3.org/TR/xkms/
W3C,
XML Key Management Specification (XKMS) - W3C Note, 30 March 2001,
http://www.w3.org/TR/xkms/
WS-CHOR - Web Services Choreography WSCI, from Sun and others (not
MS/IBM), was a major submission but the working group has received other
submissions and has moved significantly beyond WSCI. Describes the flow
of messages exchanged by a Web Service participating in choreographed
interactions with other services. Considerable overlap with BPEL, but
more declarative and oriented toward message sequencing rather than
process description. WS-CHOR is intended to be a language that allows
machines to figure out how to use Web services, BPEL focuses on how to
control Web services. (See also
http://xml.coverpages.org/bpm.html)
W3C NOTE,
Web Service Choreography Interface (WSCI) 1.0, 8 August 2002,
http://www.w3.org/TR/2002/NOTE-wsci-20020808
***
W3C NOTE, Web Services Conversation Language (WSCL) 1.0, 14 March 2002,
http://www.w3.org/TR/2002/NOTE-wscl10-20020314/
BPEL - Web Services Business Process Execution Language business
process execution language which form the necessary technical foundation
for multiple usage patterns including both the process interface
descriptions required for business protocols and executable process
models. Based on BPEL4WS submission from Microsoft, IBM and BEA. WSFL
(IBM) and XLANG (Microsoft) were earlier efforts. Considerable overlap
with Web Services Choreography, but more process oriented. See
above.
BEA/IBM/Microsoft,
Business Process Execution Language for Web Services, Version 1.0, 31
July 2002,
http://www-106.ibm.com/developerworks/webservices/library/ws-bpel/
BEA/IBM/Microsoft/SAP/Siebel,
Business Process Execution Language for Web Services, Version 1.1, 5 May
2003,
***IBM,
Web Services Flow Language (WSFL 1.0), May 2001,
http://www-3.ibm.com/software/solutions/webservices/pdf/WSFL.pdf
***Microsoft,
XLANG, 2001,
http://www.gotdotnet.com/team/xml_wsspecs/xlang-c/default.htm
ebBPSS - ebXML Business Process - Representation and model compatible
with an underlying generic metamodel for business processes, activities,
and collaboration. This is the ebXML version of choreography, and I think
it is simpler than either WS-CHOR or BPEL. Version 1.001 was part of the
original ebXML package, and I think that an OASIS TC is just now in the
process of starting up to work on enhancements. I am not aware of any
significant applications of ebBPSS.
OASIS-UN/CEFACT,
ebXML Business Process Specification Schema (BPSS), Version 1.01, 11 May
2001,
http://www.ebxml.org/specs/ebBPSS.pdf
WS-Security – Construct secure SOAP message exchanges, including
provision for multiple security tokens for authorization and
authentication, multiple trust domains, multiple encryption technologies
and end-to-end message-level security (not just transport-level
security). Out of scope: multiple message exchanges, key exchange,
establishing and maintaining trust. WS-Security defines two core
capabilities: 1- how to use XML-Signature and XML-Encryption with SOAP
messaging. It specifies how to pass signatures and key information in a
SOAP header. 2- how to pass security tokens with a SOAP message.
WS-Security supports a variety of security tokens (each defined by its
own binding specification), such as userid/password, X.509 certificates,
Kerberos tickets, and SAML tokens. The WS-Security TC is just starting in
OASIS, but major vendors (MS, IBM) have already implemented the submitted
spec.
IBM/Microsoft/VeriSign,
"Web Services Security (WS-Security)", 5 April 2002,
http://msdn.microsoft.com/ws/2002/04/Security/
IBM/Microsoft/VeriSign,
"Web Services Security Addendum", Version 1.0, 18 August 2002,
http://msdn.microsoft.com/ws/2002/07/Security/
OASIS,
Web Services Security,
http://www.oasis-open.org/committees/download.php/1204/doc-index.html
SAML – Security Assertion Markup Language. Exchanging authorization
and authentication information. Version 1.0 finalized 11/2002. SAML
defines three core capabilities: 1- how to represent security tokens in
XML. These tokens are called assertions, and SAML defines three types of
assertions -- authentication, authorization, and attributes. (attributes
provide qualifying information that constrain the other assertions --
such as spending limits or timing constraints). An assertion is made by
some type of trust authority. 2- a process model for obtaining security
tokens from a trust authority. This includes a set of protocols for
accessing a trust authority. SAML defines two types of trust authorities:
Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs). SAML
has defined bindings for multiple protocols, including SOAP/WSDL. 3- a
set of protocol bindings for conveying SAML tokens. SAML 1.1 defines how
to pass SAML tokens for browser applications. It does not define bindings
for how to pass SAML tokens in SOAP messages -- that is left to
WS-Security. It appears that this spec may be getting some real traction
in terms of practical implementations. See, for example, this auto
industry implementation.
OASIS,
Security Assertion Markup Language (SAML) v1.1, OASIS Standard, 2
September 2003,
http://www.oasis-open.org/committees/download.php/3400/oasis-sstc-saml-1.1-pdf-xsd.zip
OASIS,
Security Assertion Markup Language (SAML), v1.0, OASIS Standard, 5 Nov
2002,
http://www.oasis-open.org/committees/download.php/1383/oasis-sstc-saml-1.0-pdf.zip
*** Trust -
***
IBM/Microsoft/VeriSign/RSA Security, Web Services Trust Language
(WS-Trust), Version 1.0, 18 December 2002,
http://msdn.microsoft.com/ws/2002/12/ws-trust/
Reliable Messaging: A protocol that allows messages to be delivered
reliably between distributed applications in the presence of software
component, system, or network failures by implementing an acknowledgement
infrastructure. There are two major specs that differ in some technical
respects but which by and large implement the same type of
functionality:
- Web Services Reliability - OASIS TC. Based on WS-Reliability submission
from Oracle, Sun and others.
Fujitsu/Hitachi/Oracle/Sonic/Sun,
Web Services Reliability (WS-Reliability) Ver1.0, 8 Jan 2003,
http://www.sonicsoftware.com/wsreliability
- WS-ReliableMessaging from BEA Systems, Microsoft, IBM, Tibco. Not
currently submitted to any standards body but being implemented
nevertheless by several technology vendors.
BEA/IBM/Microsoft/TIBCO
Software, "Web Services Reliable Messaging Protocol
(WS-ReliableMessaging)", 13 March 2003,
http://msdn.microsoft.com/ws/2003/03/ws-reliablemessaging/
XACML – XML Access Control Markup Language – Fine-grained access
control to XML documents, including by element, sub-tree, temporal, data
dependent and so on. Here is a brief introduction to XACML. XACL from
IBM, was one of the major submissions for this spec but there were a
number of others and XACML differs substantially from XACL. Spec
finalized 2/2003.
OASIS,
eXtensible Access Control Markup Language (XACML) Version 1.0, OASIS
Standard, 18 February
2003,http://www.oasis-open.org/committees/download.php/940/oasis-xacml-1.0.pdf
WS-Transaction Framework - WS-Transaction and WS-Coordination were
originally released by IBM, Microsoft and BEA along with BPEL4WS. These
specifications have recently been updated and revised. The latest set of
specifications for the WS Transaction Framework, published by the same
authors, include an updated WS-Coordination spec, WS-AtomicTransaction
which replaces part 1 of WS-Transaction, and WS-BusinessActivity (still
to be published) which replaces part 2 of WS-Transaction. WS-Coordination
defines the protocols for creating activities, registering in activities,
and transmitting information to disseminate an activity.
WS-AtomicTransaction defines the Atomic Transaction coordination type,
which is appropriate to use when building applications that require a
consistent agreement on the outcome of a short-lived distributed
activity, where strong isolation is required until the transaction
completes. WS-BusinessActivity defines the Business Activity coordination
type, which is appropriate to use when building applications that require
a consistent agreement on the coordination of a distributed activity,
where strong isolation is not feasible, and application-specific
compensating actions are used to coordinate the activity. It appears to
me that the WS-Transaction Framework and the Web Services Composite
Application Framework (described below) are playing in more or less the
same space and are not obviously compatible. That is, that they are in
competition.
BEA/IBM/Microsoft,
Web Services Coordination (WSCoordination), September 2003,
http://ftpna2.bea.com/pub/downloads/ws-standards-coordination.pdf
BEA/IBM/Microsoft,
Web Services Transaction (WS-Transaction), August 2002,
http://msdn.microsoft.com/ws/2002/08/wstx/
BEA/IBM/Microsoft,
Web Services Atomic Transaction (WSAtomicTransaction), September 2003,
http://ftpna2.bea.com/pub/downloads/ws-at-pub.pdf
Web Services Composite Application Framework (WS-CAF) - WS-CAF
defines a generic framework for applications that contain multiple
services used in combination (composite applications). It specifies
interoperable mechanisms to set the boundaries of an activity (such as
start/end, or success/failure), to create, access and manage context
information, and to inform participants of changes to an activity. And it
supports a range of transaction models, including simple activity
scoping, single and two phase commit ACID transactions, and recoverable
long running activities. The WS-CAF suite includes three specs published
by Arjuna, Fujitsu, IONA, Oracle and Sun: Web Service Context (WS-CTX ) a
lightweight framework for simple context management, Web Service
Coordination Framework (WS-CF) a sharable mechanism that manages context
augmentation and lifecycle, and Web Services Transaction Management
(WS-TXM) which comprises three distinct, interoperable transaction
protocols that can be used across multiple transaction managers. A new
OASIS TC has recently been created to further develop the WS-CAF
specifications.
WS-Policy is a grammar for specifying Web services policy assertions such
as authentication schemes, transport protocol selection, privacy policy,
QoS characteristics. Another Microsoft, IBM, BEA spec, not submitted yet
to any standards body.
IBM/Microsoft/BEA/SAP,
Web Services Policy Assertions Language (WS-PolicyAssertions), 18
December 2002,
http://msdn.microsoft.com/ws/2002/12/PolicyAssertions/
IBM/Microsoft/BEA/SAP,
Web Services Policy Attachment (WS-PolicyAttachment), 18 December 2002,
http://msdn.microsoft.com/ws/2002/12/PolicyAttachment/
IBM/Microsoft/BEA/SAP,
Web Services Policy Framework (WS-Policy), 18 December 2002,
http://msdn.microsoft.com/ws/2002/12/Policy/
WS-Addressing - provides transport-neutral addressing for Web
services that work through firewalls, gateways, etc. Another spec from
MS/IBM/BEA, it apparently replaces WS-Routing. I don't think it has been
submitted to any standards body.
BEA/IBM/Microsoft,
Web Services Addressing (WS-Addressing), 13 March 2003,
http://msdn.microsoft.com/ws/2003/03/ws-addressing/
WS-Federation - A spec for standardizing the way companies share user
and machine identities among disparate authentication and authorization
systems spread across corporate boundaries. Developed by IBM/MS/BEA/RSA,
I think it is at least partly in competition with the ID-WSF from the
Liberty Alliance, discussed below..
Web
Services Federation Language (WS-Federation), Version 1.0, July 8, 2003,
http://www.ibm.com/developerworks/library/ws-fed/
WS-Federation:
Active Requestor Profile, 08 July 2003,
http://www.ibm.com/developerworks/library/ws-fedact/
SPML - Service Provisioning Markup Language - exchanging and
administering user access rights and resource information across
heterogeneous environments. How this differs from N other security specs
is beyond me, but supposedly it works in conjunction with WS-Security and
SAML. Currently in "public review" period at OASIS, which means
it is close to being approved as a spec, it has apparently been
implemented in the catalyst industry.
ID-FF - IDentity Federation Framework, from the Liberty Alliance. Defines
an architecture for providing federated network identity that enables
single signon functionality for a user to multiple service providers.
Liberty is a major consortium that does not include MS or IBM, and the
products are more or less in competition with varioius WS-* specs. I
think that ID-FF is more or less along the same lines as WS-Policy.
Submitted to OASIS.
ID-WSF - IDentity Web Services Framework - Another spec from the Liberty
Alliance, it builds on ID-FF and provides a framework for identity based
web services in a federated network identity environment. I believe that
ID-WSF is pretty much in the same space, and incompatible with,
WS-Federation. Detailed comparison is beyond the scope of this document,
but it appears that both have a number of components for which there is
no comparable function in the other, with Liberty possibly being the more
fully developed. In addition, they have made different technology choices
for similar functions (e.g. ID-WSF Discovery Services vs UDDI for
WS-Federation.
WSRP - Web Services for Remote Portlets - Intended to provide
"plug-n-play" for portals and other apps that aggregate
content. Recently adopted as an OASIS standard, the players in the
interop testing include BEA, IBM and Oracle. Microsoft, Sun and many
others participated in the TC. This spec seems to have wide industry
participation, but I have no idea how soon to expect
implementation.
OASIS, Web
Services for Remote Portlets Specification, OASIS Standard, August 2003,
http://www.oasis-open.org/committees/download.php/3343/oasis-200304-wsrp-specification-1.0.pdf
*** BEA Building Blocks
The following specs, developed by BEA, are available with clear Royalty
Free (RF) terms.
BEA, SOAP
Conversation Protocol (SOAP Conversation) 1.0, 13 Jun 2002,
http://dev2dev.bea.com/technologies/webservices/SOAPConversation.jsp
BEA,
WS-CallBack Protocol (WS-CallBack), 26 Feb 2003,
http://dev2dev.bea.com/technologies/webservices/WS-CallBack-0_9.jsp
BEA,
Web Service Acknowledgement Protocol (WS-Acknowledgement), 26 Feb 2003,
http://dev2dev.bea.com/technologies/webservices/WS-Acknowledgement-0_9.jsp
BEA,
Web Services Message Data (WS-MessageData), 26 Feb 2003,
http://dev2dev.bea.com/technologies/webservices/WS-MessageData-0_9.jsp
*** Semantic Web
- DARPA, DAML-S (and OWL-S) 0.9 Draft Release, 2003-05,
http://www.daml.org/services/daml-s/0.9/
- W3C, OWL Web Ontology Language Guide, W3C Candidate Recommendation 18
August 2003,
http://www.w3.org/TR/2003/CR-owl-guide-20030818/
- W3C, OWL Web Ontology Language Overview, W3C Candidate
Recommendation, 18 August 2003,
http://www.w3.org/TR/2003/CR-owl-features-20030818/
- W3C, OWL Web Ontology Language Reference, W3C Candidate
Recommendation 18 August 2003,
http://www.w3.org/TR/2003/CR-owl-ref-20030818/
- W3C, OWL Web Ontology Language Semantics and Abstract Syntax, W3C
Candidate Recommendation 18 August 2003,
http://www.w3.org/TR/2003/CR-owl-semantics-20030818/
- W3C, OWL Web Ontology Language Test Cases, W3C Candidate
Recommendation, 18 August 2003,
http://www.w3.org/TR/2003/CR-owl-test-20030818/
- W3C, OWL Web Ontology Language Use Cases and Requirements, W3C
Candidate Recommendation 18 August 2003,
http://www.w3.org/TR/2003/CR-webont-req-20030818/
- ISO/IEC, Information Technology - Document Description and Processing
Languages, The XML Topic Maps (XTM) Syntax 1.1, JTC 1/SC34 N0398,
2003-04-03,
http://www.isotopicmaps.org/sam/sam-xtm/
*** SOAP Attachments
- AT&T/BEA/Canon/Microsoft/SAP/ , SOAP Messages with Attachments, 1
Apr 2003,
http://dev2dev.bea.com/technologies/webservices/SOAP_Messages_Attachments.jsp
- W3C, SOAP Message Transmission Optimization Mechanism, W3C Working
Draft, 21 July 2003,
http://www.w3.org/TR/2003/WD-soap12-mtom-20030721
- IBM/Microsoft, WS-Attachments, 17 June 2002,
http://www-106.ibm.com/developerworks/webservices/library/ws-attach.html
- W3C NOTE, SOAP Messages with Attachments, 11 Dec 2000,
http://www.w3.org/TR/2000/NOTE-SOAP-attachments-20001211
- W3C NOTE, SOAP Version 1.2 Message Normalization, 8 October 2003,
http://www.w3.org/TR/2003/NOTE-soap12-n11n-20031008/
*** SOAP Bindings
- IETF, Using the Simple Object Access Protocol (SOAP) in Blocks
Extensible Exchange Protocol (BEEP), RFC 3288,
http://www.rfc-editor.org/rfc/rfc3288.txt
*** Secure Conversations
- IBM/Microsoft/VeriSign/RSA Security, Web Services Secure Conversation
Language (WS-SecureConversation), Version 1.0, 18 December 2002,
http://msdn.microsoft.com/ws/2002/12/ws-secure-conversation/
- IBM/Microsoft/VeriSign/RSA Security, Web Services Security Policy
Language (WS-SecurityPolicy), Version 1.0, 18 December 2002,
http://msdn.microsoft.com/ws/2002/12/ws-security-policy/