Expert Service-Oriented Architecture In CSharp 2005 (2006) [eng]
.pdf
226 A P P E N D I X ■ R E F E R E N C E S
XML Schemas and SOAP
“Understanding SOAP” Aaron Skonnard
MSDN white paper (March 2003) http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnsoap/html/
understandsoap.asp
“XML Schemas and the XML Designer” MSDN article
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/ vboricreatingschemas.asp
“A Quick Guide to XML Schema” Aaron Skonnard
MSDN Magazine (April 2002) http://msdn.microsoft.com/msdnmag/issues/02/04/xml/default.aspx
“Place XML Message Design Ahead of Schema Planning to Improve Web Service Interoperability”
Yasser Shohoud
MSDN Magazine (December 2002) http://msdn.microsoft.com/msdnmag/issues/02/12/WebServicesDesign/
“RPC/Literal and Freedom of Choice” Yasser Shohoud
MSDN white paper (April 2003) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/
rpc_literal.asp
“Web Services Encoding and More” Aaron Skonnard
MSDN Magazine (May 2003) http://msdn.microsoft.com/msdnmag/issues/03/05/XMLFiles/
“SOAP Is Not a Remote Procedure Call”
Ingo Rammer’s Architecture Briefings (October 2003) http://www.thinktecture.com/Resources/ArchitectureBriefings/
SoapIsNotARemoteProcedureCall.pdf
“Increase Your App’s Reach Using WSDL to Combine Multiple Web Services” Gerrard Lindsay
MSDN Magazine (March 2005) http://msdn.microsoft.com/msdnmag/issues/05/03/WSDL/
A P P E N D I X ■ R E F E R E N C E S |
227 |
WSSpecifications (General)
Resources for developers and links to original standards and specifications documents IBM developerWorks http://www-106.ibm.com/developerworks/views/webservices/standards.jsp
“Secure, Reliable, Transacted Web Services: Architecture and Composition” Donald F. Ferguson (IBM), Tony Storey (IBM), Brad Lovering (Microsoft),
John Shewchuk (Microsoft) MSDN white paper (September 2003)
http://msdn.microsoft.com/webservices/webservices/understanding/ advancedwebservices/default.aspx?pull=/library/en-us/dnwebsrv/ html/wsoverview.asp
“Compare Web Service Security Metrics” Roger Jennings (OakLeaf Systems)
XML and Web Services Magazine (October 2002) http://www.fawcette.com/xmlmag/2002_10/online/webservices_rjennings_10_16_02/
default.aspx
“Installing Certificates for WSDK X.509 Digital Signing and Encryption” Roger Jennings (OakLeaf Systems)
XML and Web Services Magazine (October 2002) http://www.fawcette.com/xmlmag/2002_10/online/webservices_rjennings_10_16_02/
sidebar1.aspx
Web Services Enhancements 2.0 and 3.0 (General)
“What’s New in Web Services Enhancements 3.0” Mark Fussell
MSDN white paper (November 2005) http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/html/
newwse3.asp
“Programming with Web Services Enhancements 2.0” Matt Powell
MSDN white paper (May 2004) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/
programwse2.asp
228 A P P E N D I X ■ R E F E R E N C E S
WS-Security
“WSE Security: Protect Your Web Services Through the Extensible Policy Framework in WSE 3.0”
Tomasz Janczuk
MSDN Magazine (February 2006) http://msdn.microsoft.com/msdnmag/issues/06/02/WSE30/default.aspx
Web Services Security (WS-Security) standards documents
OASIS
http://www.oasis-open.org/committees/tc_cat.php?cat=security
“Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)” OASIS Standard 200401, March 2004
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- security-1.0.pdf
“Understanding WS-Security” Scott Seely
MSDN white paper (October 2002) http://msdn.microsoft.com/webservices/webservices/understanding/
advancedwebservices/default.aspx?pull=/library/en-us/dnwssecur/ html/understw.asp
“WS-Security Drilldown in Web Services Enhancements 2.0” Don Smith
MSDN white paper (August 2004) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/
wssecdrill.asp
(Note: This reference is also listed in the “WS-Secure Conversation” section of this appendix.)
“WS-Security Authentication and Digital Signatures with Web Services Enhancements” Matt Powell
MSDN white paper (December 2002) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/
wssecauthwse.asp
“Building Secure Web Services”
J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla, and Anandha Murukan
MSDN Patterns and Practices white paper, Chapter 12 (June 2003, revised January 2006) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/
THCMCh12.asp
A P P E N D I X ■ R E F E R E N C E S |
229 |
“Encrypting SOAP Messages Using Web Services Enhancements” Jeannine Hall Gailey
MSDN white paper (December 2002) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/
wseencryption.asp
“Web Services Security: Moving Up the Stack” Maryann Hondo, David Melgar, and Anthony Nadalin IBM developerWorks white paper (December 2002)
http://www-106.ibm.com/developerworks/library/ws-secroad/
“Web Services Security Username Token Profile” OASIS working draft (January 2003)
http://www.oasis-open.org/committees/wss/documents/WSS-Username-11.pdf
“Web Services Security Kerberos Binding”
Giovanni Della-Libera (Microsoft), Brendan Dixon (Microsoft), Praerit Garg (Microsoft), Maryann Hondo (IBM), Chris Kaler (Microsoft), Hiroshi Maruyama (IBM),
Anthony Nadalin (IBM), and Nataraj Nagaratnam (IBM) MSDN white paper (December 2003)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ ws-security-kerberos.asp
“Security Features in WSE 3.0” Keith Brown
MSDN Magazine (November 2005) http://msdn.microsoft.com/msdnmag/issues/05/11/SecurityBriefs/default.aspx
“Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0”
Jason Hogg (Microsoft), Don Smith (Microsoft), Fred Chong (Microsoft), Dwayne Taylor (RDA Corporation), Lonnie Wall (RDA Corporation), and Paul Slater (Wadeware LLC)
MSDN Patterns and Practices guide (December 2005) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/
wssp.asp
Web Service Security: Scenarios, Patterns, and Implementation Guidance home page Microsoft Patterns and Practices community workspace http://www.gotdotnet.com/codegallery/codegallery.aspx?id=
67f659f6-9457-4860-80ff-0535dffed5e6
230A P P E N D I X ■ R E F E R E N C E S
“Security for SOA and Web Services” Dipak Chopra
SAP Developer Network https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/
webservices/Security%20for%20SOA%20and%20Web%20Services.article
“Windows 2000 Kerberos Authentication” Microsoft TechNet
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/
kerberos.mspx
WS-Policy
“Web Services Policy Framework”
IBM developerWorks specification (May 2003) http://www-106.ibm.com/developerworks/library/ws-polfram/
“Understanding WS-Policy” Aaron Skonnard
MSDN white paper (August 2003) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/
understwspol.asp
“Web Services Policy Assertions Language (WS-Policy Assertions)”
Don Box (Microsoft), Maryann Hondo (IBM), Chris Kaler (Microsoft), Hiroshi Maruyama (IBM), Anthony Nadalin (IBM), Nataraj Nagaratnam (IBM), Paul Patrick (BEA), Claus von Riegen (SAP), and John Shewchuk (Microsoft)
MSDN white paper (May 2003) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/
ws-policyassertions.asp
“Using Role-Based Security with Web Services Enhancements 2.0” Ingo Rammer
MSDN white paper (September 2003) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/
wserolebasedsec.asp
WS-Secure Conversation
“Web Services Secure Conversation Language”
IBM developerWorks specification (May 2004, updated February 2005) http://www-128.ibm.com/developerworks/library/specification/ws-secon/
A P P E N D I X ■ R E F E R E N C E S |
231 |
“Web Services Trust Language”
IBM developerWorks specification (May 2004, updated February 2005) http://www-128.ibm.com/developerworks/library/specification/ws-trust/
“WS-Security Drilldown in Web Services Enhancements 2.0” Don Smith
MSDN white paper (August 2004) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/
wssecdrill.asp
(Note: This reference is also listed in the “WS-Security” section of this appendix.)
“Managing Security Context Tokens in a Web Farm” Chris Keyser
MSDN white paper (November 2004) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/
sctinfarm.asp
WS-Addressing
“Web Services Addressing”
IBM developerWorks specification (March 2004, updated August 2004) http://www-106.ibm.com/developerworks/webservices/library/ws-add/
WS-Messaging
“Asynchronous Operations and Web Services, Part 1: A Primer on Asynchronous Transactions” Holt Adams
IBM developerWorks white paper (April 2002) http://www-128.ibm.com/developerworks/library/ws-asynch1.html
“Asynchronous Operations and Web Services, Part 2: Programming Patterns to Build Asynchronous Web Services”
Holt Adams
IBM developerWorks white paper (June 2002) http://www-106.ibm.com/developerworks/library/ws-asynch2/index.html
“Introducing the Web Services Enhancements 2.0 Messaging API” Aaron Skonnard
MSDN Magazine (September 2003) http://msdn.microsoft.com/msdnmag/issues/03/09/XMLFiles/
232 A P P E N D I X ■ R E F E R E N C E S
WS-Routing and WS-Referral
“Routing SOAP Messages with Web Services Enhancements 1.0” Aaron Skonnard
MSDN white paper (January 2003) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/
routsoapwse.asp
WS-Reliable Messaging
“Web Services Reliable Messaging”
IBM developerWorks specification (March 2004, updated February 2005) http://www-106.ibm.com/developerworks/webservices/library/ws-rm/
“Reliable Message Delivery in a Web Services World: A Proposed Architecture and Roadmap” IBM Corporation and Microsoft Corporation
MSDN white paper (March 2003) http://msdn.microsoft.com/webservices/webservices/understanding/advancedwebservices/
default.aspx?pull=/library/en-us/dnglobspec/html/ws-rm-exec-summary.asp
Windows Communication Foundation (Indigo)
“Introduction to Building Windows Communication Foundation Services” Clemens Vasters
MSDN white paper (September 2005) http://msdn.microsoft.com/webservices/indigo/default.aspx?pull=/library/en-us/
dnlong/html/introtowcf.asp
Windows Communication Foundation articles and white papers Resources page http://wcf.netfx3.com/content/resources.aspx
“A Guide to Developing and Running Connected Systems with Indigo” Don Box
MSDN Magazine (January 2004) http://msdn.microsoft.com/msdnmag/issues/04/01/Indigo/
“Creating Indigo Applications with the PDC Release of Visual Studio .NET Whidbey” Yasser Shohoud
MSDN white paper (January 2004) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlingo/html/
indigolingo01062004.asp
A P P E N D I X ■ R E F E R E N C E S |
233 |
Miscellaneous
MSDN Web Services Books
List of books on building Web services using .NET in particular http://msdn.microsoft.com/webservices/understanding/books/default.aspx
Discussions in .NET Framework Web Services Enhancements MSDN Newsgroups
http://msdn.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.
dotnet.framework.webservices.enhancements
“Orchestrating XML Web Services and Using the Microsoft .NET Framework with Microsoft BizTalk Server”
Ulrich Roxburgh
MSDN white paper (February 2002) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbiz2k2/html/
bts_wp_net.asp
“Accessing Custom Attributes”
.NET Framework Developer’s Guide MSDN articles
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/ cpconaccessingcustomattributes.asp
Index
A
abstract description elements, 16 Action class, 176
Active Directory Kerberos ticket security tokens, 135
Add Web Reference Wizard autogenerating proxy class, 72, 99
Address class, 176
addressing WSspecifications, 13 addressing classes, 175–176 Addressing property
SoapContext class, 92 AddressingFault class, 176 AddressingHeaders class, 176 AnonymousForCertificateSecurity
assertion, 118 AppDomain class
SetPrincipalPolicy() method, 155
.asmx pages, preparing for WCF, 220 ASP.NET
and asynchronous communication pattern, 170
communication models, 170 hosting environments supported by
WCF, 212
setting permissions with X.509 Certificate Tool, 103–105
Web service technology extended by WCF, 220
working with WSE, 91–94 assemblies
business assembly, 61, 66–68, 80–81 type definition assembly, 61, 64–66
asymmetric encryption, 100, 108 asynchronous communication, 170, 172 authentication, 107
WS-Security specification, 108
authentication models, 133 brokered authentication, 135–137
implementation using Kerberos, 146–158
implementation using Mutual Certificates, 137–145
direct authentication, 133–135 Authentication Service, 146–147 authenticator, 146 authorization, 107, 130
code-based authorization, 131–132 declarative authorization, 131
B
<binding> element, 21–22
concrete implementation elements, 17
Binding property SoapDocumentMethod attribute, 43
Body property SoapEnvelope class, 179
brokered authentication, 135 advantages and disadvantages,
136–137 implementation options, 137 implementation with Mutual
Certificates, 137–145 implementing with Kerberos, 146–158
business assembly
calling service agent, 80–81 creating, 61, 66–68
importing into Web service, 62 business layer, encapsulates service
interfaces, 7 business facade
Web services architecture, 9–10
235