Integrated Information System Based on Web Services - CiteSeerX

International Conference on Computer Systems and Technologies - CompSysTech’07

Integrated Information System Based on Web Services Krasimir Trichkov, Elisaveta Trichkova, Elena Ivanova Abstract: This paper aims to present web services - Index for Citations and management of Cisco router and methods for web service security. This paper examines modelling and execution on Web Services and their application in the Web Information Systems. Key words: Information systems; Web service; BPEL; XPDL; WSDL; SOAP; PHP; Web Security

INTRODUCTION Web Service technologies, is considered to be the best solution of the problem of software complexity and reusability. In general, Web services are modular applications or functions, which are generally independent and self-describing, that can be discovered and called across the Internet or an enterprise intranet. Web services are based on open standards: WSDL (Web Services Definition Language) for description, SOAP (Simple Object Access Protocol) for communication and UDDI (Universal Description, Discovery, and Integration) for register and discover services. Service choreography and orchestration is the next stage in developing and extending web services paradigm and addresses the need of composing several services in some business logic in order to achieve more complex and meaningful processes. The most common technologies for services composition appear to be BPEL and XPDL. Nowadays security takes a significant part in design and implementation of any kind of software applications. Security is one of the major concerns of web service based applications as well, because they are based on common standards, providing interoperability and location transparency. The paper aims to present a technological solution for integrating of different software components in a common architecture based on web service technologies WSDL and SOAP. Two particular services are described Index for Citations as Web Service and management of Cisco router. In order for web services to be composed into a complex service or business process, there are a set of requirements which should be addressed. Several works and papers deal with such requirements [1, 2]. The main of them can be summarized as follows: • ability to invoke services in an asynchronous manner – the system has to enable services to be invoked concurrently, not only sequentially; • ability to manage transaction and compensation – this is crucial for longrunning compound services – in case of a failure in a single component service, the system has to provide adequate compensation; • exception handling – how the system will behave when some error occurs; • security and reliable messaging – security is a key point in all the layers in web service technologies; • support the separation of abstract process logic and concrete web services used – it is necessary for building dynamic and flexible processes. Almost all available languages for web services orchestration have mechanisms respecting the aforementioned requirements.

- IIIA.16-1 -


ABSTRACT MODEL OF WEB SERVICES Figure 1 shows abstract model of Web Services. HTTP client

Cisco router Firewall/NAT

Request/Response SOAP Protocol

WSDL

WSDL

Apache Web server

Apache Tomcat

PHP

Web Service Proxy

SOAP Server

Active BPEL Engine

Web Service1 Cisco router

Request to get Link Speed/IP route/MAC address

Active BPEL designer

Web Service2 Index of Citation

Request to set Firewall/NAT/Stop IP address

Repository

Verifying by System Administrator

snmpget

Cisco router

Figure 1. Common client/server architecture Web Service1 demonstrates the implementation of network services, which can be invoked both from a workflow orchestration engine and through graphical user interface. The role of the mediation device is related with the automatic interfacing and invocation of network information services, but the triggering of these services is performed from an object, belonging to workflow execution architecture. The mediation architecture is connected into three tiers functional scheme of workflow execution, including automatic service invocation for the networked elements: • workflow engine and/or graphical user interface; • mediation device to perform the automatic functionality for service invocation and - IIIA.16-2 -


results communication to and from the network technical elements; • the network technical elements, which are managed by the workflow engine. The web service1 is developed for the case of management of routes services. The lasts are defined as user available Web services, which can be automatically called by workflow engine. The sequence of operation and the invocation of the network services with mediation devices are explained as follows. A Client, as part of the workflow sequence, invokes a network service. The network services are formalized with WSDL (Web Service Description Language) description, related for the implementation of a set of Router Web Services. Client of the workflow applications sends and SOAP Request messages to the network Router Web Services. The Mediation device is responsible for the transmission of the parameters of the Requests to the network Router Web Services. Currently the Mediation device is implemented to support the following working algorithm: • With respect to the internal router functionalities, the mediation device can directly perform tuning of the router parameters. These operations are implemented using the SNMP management protocol and MIB (Management Information Base) of router. For example: to view IP route, mediation device using snmp and router’s MIB sends - snmpget("$host","$community",".1.3.6.1.2.1.4.21.1.7.0.0.0.0"). The host is local router address (192.168.0.1), community string is “public”, and “.1.3.6.1.2.1.4.21.1.7.0.0.0.0” is description in router MIB of this operation (IP route). To stop IP address, mediation device sends: snmpset("$host","$community",".1.3.6.1.2.1.2.2.1.7.9","i","2"). The ".1.3.6.1.2.1.2.2.1.7.9" describes that this operation will stop IP with number 9 (the last digit), "i" presents “integer, and "1" - the status (1-up, 2-down). • For the case when the internal router functionalities don’t allow automatic and/or SNMP management (for example for security or MIB reasons), man-machine interface has to be applied. In this case the mediation device sends an E-mail to the system administrator for the invocation of a set of commands trough a Command Line Interface, supported by the network device. For example: to make NAT (Network Address Translation) or open port in firewall. After the implementation of the network operations, the results, generated by the network devices are sent to the Mediation devices. The last then defines a respond message to the client. Following the workflow architecture of the workflow engine, a Send SOAP Response messages is directed to the client. In the end the Client receives the SOAP Response messages and following the modelled workflow choreography can perform new network service and to resubmit new message towards the network router Web Services. Web Service2 demonstrates the implementation of “index for citations” service which also can be invoked from a workflow orchestration engine and through graphical user interface. It is a service which allows participants to search and retrieval datas in distributed database. For creation of the searvice is used information systems of threehierarchical client/server model. The functional part of the system is written on PHP server language, for database is used MySQL and for Web server is used Apache. SOFTWARE IMPLEMENTATION Apache web server – is an open-source HTTP Web server that runs on most commonly used platforms. Apache has a modular design that provide a variety of services such as server-side scripting PHP – is an open-source server-side scripting language for creating dynamic Web - IIIA.16-3 -


pages and can be embedded into HTML. Active BPEL designer – is a comprehensive visual tool (editor) for creating, testing and deploying composite applications, based on the BPEL standard. Active BPEL Engine – is a complete BPEL engine running either on top of a J2EE application server or standalone with a web servlet container. ActiveBPEL Engine servers are high performance BPEL servers that deliver many enterprise features including static analysis, process persistence, process versioning, extensive runtime web console, programmable Web Service and Java APIs plus diagram-based diagnostics. MySQL database - is an open source relational database management system (RDBMS) that uses Structured Query Language (SQL), the most popular language for adding, accessing, and processing data in a database. NuSOAP - is an open source SOAP implementation, object oriented, deployed with PHP scripting language. SECURING A PHP WEB SERVICE This section describes briefly the ways of securing a PHP based web service, implemented with NuSOAP library [nusoap]. Basic Authentication NuSOAP library provides means for securing access to a SOAP server. This is the method setCredentials() of the class soapclient with two arguments username and password. // include soap library require_once "nusoap.php"; //define the endpoint $SoapServerURL="http://server.dom/SOAPServer.php"; // instantiate soap client object, passing the endpoint url to the constructor $soapclient = new soapclient("$SoapServerURL"); // authentication $soapclient -> setCredentials( ‘username’, ‘password’ ) // continue … This level of security is usually implemented using .htaccess files of Apache web server. These files provide a way for protecting files and/or folders. SSL SSL can be used with soap client, implemented in NuSOAP. To do so the CURL extension should be installed and configured. In this case a soap client uses secure URL as an endpoint: //define the secure endpoint $SoapServerURL="https://server.dom/SOAPServer.php"; Proxy approach for securing a web service This approach is described in [3] and the idea is invoking firstly a proxy web service instead of the real service (fig.2). After successful authentication and authorization the proxy service queries the real service and finally returns the result. The proxy service is responsible not only for authentication and authorization, but also for data integrity. - IIIA.16-4 -


Application Server Web service 1 Proxy web service Client

Authentication

Proxy client

Web service 2 Figure 2. Securing web service using proxy service [3] This approach is suitable not only for securing newly created services but also for securing already existing services. Another advantage is that the proxy service operates as plug-in and can be removed or replaced with other solution at any time [3]. CONCLUSIONS AND FUTURE WORK Workflow technologies provide powerful mechanisms for web services compositions, including coordination of tasks and monitoring. Definite are special futures of modeling and execution on Web Services and their application in the Web Information Systems. Proposed is a decision for Web Services - Index for Citations in the Web Information Systems and management of Cisco router. Definite are methods for Web Service security and their application in the Web Information Systems. As a future work is the problem for optimization of Index for Citation as Web Service and Web Service security in Internet. This work is partly supported by the National Scientific Fund of Bulgaria, project № МУ-МИ-16-02/2006. REFERENCES [1] Stoilov T., K. Stoilova. Integration of Web Services in Internet. 18th International Conference on Systems for Automation of Engineering and Research "SAER-2004", 24-26 September, 2004, St. Konstantin resort, Varna, Bulgaria. [2] WfMC, Workflow Standard, Process Definition Interface - XML Process Definition Language, Technical Report Document Number WFMC-TC-1025, Workflow Management Coalition, 2005. [3] Rajesh Devadas, Ayyappan Gandhirajan, A Proxy-Based Approach to Secure Web Services, available at http://www.developer.com/services/article.php/3320851 [nusoap] http://dietrich.ganx4.com/nusoap/ ABOUT THE AUTHOR Assist.Prof. Krasimir Trichkov, Department Hierarchical Systems, Institute of Computer and Communication Systems – BAS, phone: (359 2) 979 2774, e-mail: [email protected] Assist.Prof. Elisaveta Trichkova, Department Hierarchical Systems, Institute of Computer and Communication Systems – BAS, phone: (359 2) 979 2774, e-mail: [email protected] Assist.Prof. Elena Ivanova, Department Hierarchical Systems, Institute of Computer and Communication Systems – BAS, phone: (359 2) 979 2774, e-mail: [email protected] - IIIA.16-5 -