GXA

Last updated

The Global XML Web Services Architecture (GXA) was an announcement [1] by Microsoft in 2002 of several proposals for extensions to SOAP. Some of the components of GXA were developed into standards in combination with other companies, including IBM. Others were specific to Microsoft and have been superseded. Microsoft released a reference implementation of a part of GXA as Web Services Enhancements 1.0 SP1 for Microsoft .NET (WSE).

SOAP is a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. Its purpose is to provide extensibility, neutrality and independence. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP) or Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.

IBM American multinational technology and consulting corporation

International Business Machines Corporation (IBM) is an American multinational information technology company headquartered in Armonk, New York, with operations in over 170 countries. The company began in 1911, founded in Endicott, New York, as the Computing-Tabulating-Recording Company (CTR) and was renamed "International Business Machines" in 1924.

Web Services Enhancements (WSE) is an obsolete add-on to the Microsoft .NET Framework, which includes a set of classes that implement additional WS-* web service specifications chiefly in areas such as security, reliable messaging, and sending attachments. Web services are business logic components which provide functionality via the Internet using standard protocols such as HTTP. Web services communicate via either SOAP or REST messages. WSE provides extensions to the SOAP protocol and allows the definition of custom security, reliable messaging, policy, etc. Developers can add these capabilities at design time using code or at deployment time through the use of a policy file.

Contents

Components of GXA in WSE 1.0

GXA Future Directions

At the time of the GXA announcement, Microsoft listed further standards they were participating in developing:

Federated security: WS-Trust, WS-Privacy, WS-Federation, WS-SecureConversation, WS-Policy

WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.

WS-Federation is an Identity Federation specification, developed by a group of companies: BEA Systems, BMC Software, CA Inc., IBM, Microsoft, Novell, HP Enterprise, and VeriSign. Part of the larger Web Services Security framework, WS-Federation defines mechanisms for allowing different security realms to broker information on identities, identity attributes and authentication.

WS-SecureConversation is a Web Services specification, created by IBM and others, that works in conjunction with WS-Security, WS-Trust and WS-Policy to allow the creation and sharing of security contexts. Extending the use cases of WS-Security, the purpose of WS-SecureConversation is to establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment.

Pervasive metadata and discovery: WS-Referral

Microsoft also announced they were working on distributed agreement (transaction) standards.

See also

The Web Services Interoperability Organization (WS-I) is an industry consortium chartered to promote interoperability amongst the stack of web services specifications. WS-I does not define standards for web services; rather, it creates guidelines and tests for interoperability. It is part of OASIS, another standards body.

Related Research Articles

The Organization for the Advancement of Structured Information Standards (OASIS) is a global nonprofit consortium that works on the development, convergence, and adoption of open standards for security, Internet of Things, energy, content technologies, emergency management, and other areas.

Web Services Security is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.

Web Services Discovery provides access to software systems over the Internet using standard protocols. In the most basic scenario there is a Web Service Provider that publishes a service and a Web Service Consumer that uses this service. Web Service Discovery is the process of finding suitable web services for a given task.

WS-Inspection is a Web service specification for "discovery documents" developed in a joint effort by Microsoft and IBM. WS-Inspection lists groups of web services and their endpoints in an XML format. Currently, other standards are being used for this purpose, such as Microsoft's DISCO. It is expected that WS-Inspection will eventually replace these standards to become the universally accepted discovery standard for Web services.

In computing, Web-Based Enterprise Management (WBEM) comprises a set of systems-management technologies developed to unify the management of distributed computing environments. The WBEM initiative, initially sponsored in 1996 by BMC Software, Cisco Systems, Compaq Computer, Intel, and Microsoft, is now widely adopted. WBEM is based on Internet standards and Distributed Management Task Force (DMTF) open standards:

Web Services Resource Framework (WSRF) is a family of OASIS-published specifications for web services. Major contributors include the Globus Alliance and IBM.

Windows Communication Foundation

The Windows Communication Foundation (WCF), previously known as Indigo, is a runtime and a set of APIs in the .NET Framework for building connected, service-oriented applications.

An XML appliance is a special-purpose network device used to secure, manage and mediate XML traffic. They are most popularly implemented in service-oriented architectures (SOA) to control XML-based web services traffic, and increasingly in cloud-oriented computing to help enterprises integrate on premises applications with off-premises cloud-hosted applications. XML appliances are also commonly referred to as SOA appliances, SOA gateways, XML gateways, and cloud brokers. Some have also been deployed for more specific applications like Message-oriented middleware. While the originators of the product category deployed exclusively as hardware, today most XML appliances are also available as software gateways and virtual appliances for environments like VMWare.

Windows CardSpace

Windows CardSpace, is Microsoft's now-canceled client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual Information Cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

The Devices Profile for Web Services (DPWS) defines a minimal set of implementation constraints to enable secure web service messaging, discovery, description, and eventing on resource-constrained devices.

Service-oriented architecture (SOA) allows different ways to develop applications by combining services. The main premise of SOA is to erase application boundaries and technology differences. As applications are opened up, how we can combine these services securely becomes an issue. Traditionally, security models have been hardcoded into applications and when capabilities of an application are opened up for use by other applications, the security models built into each application may not be good enough.

Apache Axis2

Apache Axis2 is a core engine for Web services. It is a complete re-design and re-write of the widely used Apache Axis SOAP stack. Implementations of Axis2 are available in Java and C.

Apache CXF is an open-source, fully featured Web services framework. It originated as the combination of two open-source projects: Celtix developed by IONA Technologies and XFire developed by a team hosted at Codehaus. These two projects were combined by people working together at the Apache Software Foundation and the new name CXF was derived by combining "Celtix" and "XFire".

WS-SecurityPolicy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-SecureConversation by offering mechanisms to represent the capabilities and requirements of web services as policies. Security policy assertions are based on the WS-Policy framework.

Information Card

Information cards are personal digital identities that people can use online, and the key component of an identity metasystem. Visually, each i-card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select one they want to use for any given interaction. The information card metaphor is implemented by identity selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector.

Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.cf. Within that claims-based identity framework, a secure token service is responsible for issuing, validating, renewing and cancelling security tokens. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as OpenID, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of IBM, Microsoft, Nortel and VeriSign.

Web Services Flow Language 1.0 (WSFL) was an XML programming language proposed by IBM in 2001 for describing Web services compositions. Language considered two types of compositions. The first type was for describing business processes as a collection of web services and the second was for describing interactions between partners. WSFL was proposed to be layered on top of Web Services Description Language.

References

  1. http://msdn.microsoft.com/en-us/library/aa479664.aspx Understanding GXA

Further reading

GXA (Global XML Architecture) at serviceoriented.org

GXA Defines Framework for Web Services from Directions On Microsoft, Sep 23 2002


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.