Web Services Workshop
Position Paper

Scott Isaacson
[email protected]
W3C AC Rep, Novell, Inc.

 

Overview

Each succeeding network generation raises the layer at which emerging standards and interoperability play a crucial role. Over the years, we as an industry, have moved from

It is true that today's applications are tomorrow's components and services, and today's interoperability issues lead to tomorrow's standards, and today's agreements build bridges to tomorrow's new yet-to-be-imagined creations.

Novell's Role

Novell is interested in a Web Services Workshop because the very nature of the general topic mirrors Novell's gown growth and development pattern:

The Internet has been a catalyst for change. Initial web change brought divergence: the Internet vs Intranets vs Extranets. Each using similar HTTP technology, but each using different security technologies and trust components. The move was away from one network to multiple simultaneous networks. This change increased cost and complexity for system administrators, network engineers, and end users. We see an opportunity to now converge these networks into the "one Net" vision. "one Net means using more similar services across LANs and WANs, wired and wireless, corporate and public, commercial and educational. There is an opportunity to have all of this work together as one Net.

We see web services as being key to:

Novell is actively designing and delivering the following web services:

 

Futures

What do we expect the direction of the workshop to take? Consider the following analogy:

Phases

Transportation Networks

Web/Net Services

Phase 1

In the US, one can drive from any house or business in any city to any other house or business in any other city using a completely interconnected set of surface streets and highways and freeways.

Ethernet and MAC-layer addressing (and now wireless) have allowed almost all computers and smart devices to be interconnected.

Phase 2

While in the car on the trip, there are signs, services stations, rest stops, and other features available to the driver and passengers. At stops along the way some passengers get out, others get in.

TCP/IP and its corresponding suite of other protocols and services have allowed the Internet to become so ubiquitous, that it creates a single entity at the transport layer and below.

Phase 3

Satellite, GPS, Radio, TV, Video, billboards, hotels, restaurants, and cell phone support all create an environment of information flow for the humans while they are in the car on the trip.

HTML/HTTP and its corresponding suite of scripting features and services have allowed the Web to become so ubiquitous, that it creates a single entity usable by most humans on a global basis.

Phase 4

This is where we are today. What happens next?

 

The Web: A Global Distributed Computing Environment

We will see the web become a complete, global distributed system, that becomes the world's largest (because it covers the entire globe) distributed computing platform. Not only will data continue to move and migrate, but processing will be factored and moved towards optimum locations around the network. Using meta-data and relationship descriptions as standardized in the Semantic Web Activity, all resources and relationships will be auto-discoverable. Semantic web activities and higher level applications encoding their communications using XML, all using XML protocol for those communications, will lead to the next level of global interaction. Humans will continue to use HTML (XHTML) and HTTP to interact with data and resources; applications and system components will begin using XML Protocol as the basis for all interactions ranging from simple to complex message exchange patterns.

What is needed?

Consider what the web could be like if the following were available, all using XML as a common technology for service interaction between service users and service providers as well as between alternate service providers themselves:

  1. Authentication Brokers (like Novell's NDS eDirectory products) that would support single sign-on to the Internet, rather that forcing each secure web site to maintain their own set if identities and credentials that must be validated by each user on each access to the web site.
  2. Authorization Brokers (like Novell's iChain, supply chain management solution) that would support access control list management.
  3. Digital Certificates (like Novell's Certificate Server) that allows for any organization that
  4. Plug-in Authentication Modules (like Novell's NMAS (Novell Modular Authentication Service) product) that allows for any combination of exiting or new authentication modules such a password, token, smart-card, bio-metric, or other challenge-response modules to be used to created graded levels of authentication and authorization
  5. Digital Rights Management (like Novell's OnDemand solution) that allows for both releasing and protecting copyrighted and restricted material over the web.
  6. XML Integration Services (like Novell's XIS, XML Intergration Services) that can be common high-level platform that supports both serialized and DOM XML documents as well as other services like notification, messaging, parsing, and tools for building web-enabled applications.

 

Directory Services and XML

Just as the standalone operating system registry has been key to supporting system management and control within the processing space of that operating system, there is a need for directory services for the larger distributed system called the web. The directory is both distributed and replicated, and can hold information that is essential to the system as a whole. 10 years ago, Novell moved from the Bindery model to the Directory model. In the Bindery model, each node on the network was its own authentication and authorization authority. Each user had to login to each server as it used or interacted with resources and services on that server. In the directory model, the servers are joined into authoritative groups called trees. A user logs into the network, rather than each individual server. The resources on all servers are managed and controlled using a hierarchical rights management system in the directory. Users and applications can find, attach to, and use ! resources on any server in the tree. Authentication is done in the background and so there is a single sign on. Authorization is done in a consistent manner often using inheritance and role based access along with identity based access.

Novell's early leadership in directory services has been validated by the advent of directory service products and applications now being developed and delivered from most of the major vendors in the industry: IBM, Microsoft, Sun, Oracle, IPlanet, etc. The IETF has done much to standardize on directory access with Lightweight Directory Access Protocol (LDAP) and directory modeling and synchronization (LDUP, LBURP, LDAPEXT, etc), however, much more needs to be done.

One of the major initiatives that Novell sees as important over the next few years is to build on the functionality of hierarchical and federated directories by combining that technology with the flexibility and extensibility of XML. This will mean that both directory access and management can be done using XML. Novell has developed a technology called DirXML that is currently being used to synchronize directory data between disparate enterprise directories. Many applications have been built, integrating their own directory service features directly within the application. They include their own list of users, access controls, rights management, service configuration options, and interfaces all with the application itself. A large number of Fortune 1000 companies often have 3 or more different and disjoint directories within their enterprise IT infrastructure. DirXML allows the IT support team to synchronize directory content information between the various directories by w! riting XSL style sheets rather than by programming and writing code. XML is the framework for interchange.

Novell is willing to open up the XML specifications surrounding DirXML into the open standards process. Recently Novell made a submission to OASIS as a proposal for DSML 2.0 (Directory Services Markup Language).

Using this DirXML approach, Novell has recently has success internally with its Zero Day Start and i-Login initiatives. With zero Day Start, when a new employee joins the company, she fills out one form, and all of the following happen automatically:

This is all done using XML data exchanges to drivers that front end the various databases spread throughout the company.

With i-Login, a one-stop, customizable portal into all services within the intranet. The i-Login portal is customizable not just with Java widgets or Javascript in DHTML, but with what i-Login calls gadgets. These allow for customized presentation using XML service descriptions and layout.

The call for participation suggests that topics likely to be discussed at this workshop include, but are not limited to:

The role of directory services covers at least Security, Privacy, Transaction, Discovery, and Description. We would like to present or discuss the importance of directory services in the web services infrastructure.

Conclusion

As Tim Berner-Lee's "The Web at 50,000 Feet" slide keeps getting taller and taller toward the right hand side of the diagram, the Web Services Workshop should be focused at the upper layers of standardization and interaction. As the work on significant construction project finishes at one layer, the scaffolding is raised to the next layer where the work is not yet complete.

Let me finish with a another simple analogy. The older Unix (and now newer Linux) programmers remember well the simple abstraction of little languages based on text using the abstractions of stdin, stdout, and stderr. A shell programmer could almost do as much or more in a few minutes or hours than the C programmer could in days or weeks or months. I used to put together some awesome command line pipes that would use sed, awk, cut, sort, perl, tr, cat, etc. and many other componentized tools. There was a standard data representation (text with white space or other delimiters) and a standard data interchange model (stdin and stdout and stderr). I see the Web with XML Protocol (the standard data interchange model) and XML (the standard data representation) as the new foundation for distributed programming. Imagine a simple "sh" script in the standalone case and then compare that to a network of XML Protocol Processors and intermediaries that can be used to build a similar pip! e in the distributed case.

The good news is that today, we have not only the basics, but now, so much more. We have XML Namespaces, links, meta-data (RDF), relation descriptions, self-describing data (Schema), and so on.

The Web Services Workshop is the framework by which many of the individual working groups in the W3C can come together to see the bigger picture. Novell would like to come and participate as well as present on our work using XML to access and coordinate between directories in hopes of helping to build more federated and global directories for the web and its resources. We don't want to promote a model of building a centralized non-distributed database for the entire Web (simply wouldn't scale) but we do want to promote the ideas of modular authentication, authorization, management, and configuration.

Recommendations

We recommend the following:

Continued work in the area of

Continued coordination with