Two Sets of ‘Composable’ Web Services Specs to be Tested

By By Alan J. Weissberger, Contributing Author

April 11, 2005

I. Introduction

For Grid applications, Web services messages must be reliably and securely delivered. Various Web services standards and specifications have been developed for this purpose. In particular, the WS-Reliability and WS-Security standards from OASIS will be used in the Japanese Business Grid Project. Various Web services and Grid middleware vendors are likely to include WS Reliable Messaging, WS Policy, WS Security, WS Trust and WS Secure Conversation in their commercial product offerings (to be announced).

Two different sets of specifications which address the required functionality for Web services reliability and security will soon be tested for interoperability:

A. BEA Systems, IBM, Microsoft and TIBCO Software, co-developers of the WS-Reliable Messaging specification, are hosting a two-day Composability Interop Workshop on April 13-14 at Microsoft's Silicon Valley Campus in Mountain View, Calif. The two-day interop workshop is an ad-hoc, open forum for companies who have WS-Reliable Messaging (WS-RM) and WS-Secure Conversation1 implementations, and who want to test their implementations with other companies' implementations. Attendees bring their own laptops, implementations and any other tools they feel would be needed; testing among all attendees will occur throughout the day. As with previous WS-* workshops, these events are open to anyone who desires to participate and who can bring an implementation based on the specifications listed above. This is the third WS-RM interop event sponsored by the co-authors of that spec.

The invitation to participate (for those that have implementations of these specs) can be downloaded from the IBM and Microsoft Web sites:

The workshop process, which includes description of two types of events — Feedback Workshops and Interoperability Workshops — may be downloaded from two sites:

A revised test scenario document for use in this Interop Workshop was recently made available to the interop participants who joined the “WS-RM-Workshops” Yahoo! e-mail group. The updates included: Ordering elements inside Security header; Signature Confirmation; and Encrypted Signatures for all messages (including the WS-RM infrastructure messages).

Note that participating companies may bring pre-release code to the workshops, so their results at interop testing time may not necessarily bear any relation to the code they eventually ship to market.


1. Web Services Secure Conversation Language (WS-SecureConversation):

This specification defines extensions that build on [WS-Security] and [WS-Trust] to provide secure communication across one or more messages. Specifically, this specification defines mechanisms for establishing and sharing security contexts, and deriving keys from established security contexts (or any shared secret).

B. The OASIS WSRM TC has just approved an interoperability event, to be hosted in early June by Fujitsu Software (Sunnyvale, Calif.), that will test “composable” implementations of the WS-Reliability (WS-R) and WS-Security standards. This is a follow on to the TCs effort to generate a Composability Concepts document and a more detailed WS-Reliabilty and WS-Security Composability Case Studies document (implementation specific examples of how to compose WS-R with WS-Security). Please refer to the article “Making Web Services Message Exchanges Reliable, Secure” in the Jan. 24 edition of GRIDtoday:

The WSRM TC will develop test cases/ test assertions (no more than 12 for this event — see description below) which will be used as the basis for the implementations to be tested for interoperability. This (WS-R/WS-Security) Composability interop event will be very valuable in providing feedback, which will be used to augment and improve the previously referenced Composability Case Studies document. NEC and Fujitu have committed to providing implementations for this interop event. Additional participants are encouraged to join.

Upon successful interop event testing, participants may provide an Internet end point to facilitate more extensive interoperability testing of the composed specs. At that time, additional test assertions may be included.

II. Definition of Composability (in the context of Web services)

IBM, Microsoft, and their WS-* partners have coined the term “composability” to denote the proper combination of various Web service specifications. The term has been accepted throughout the industry and now also applies to emerging Web services standards (e.g., WS-Reliability and WS-Security) which may be combined to cooperatively work with each other.

In particular, the term “Composability” is used to describe independent standards or specifications that can be combined to provide more powerful capabilities. WS middleware providers can support composed capabilities by integrating two (or more) WS standards in a specified way in the same or different SOAP header processing nodes (e.g., providers can integrate WS Reliability support for communicating WS Security message exchanges, or vice versa). The purpose of composability is to combine two independent WS standards or specifications to realize the desired functionality that each provides in a single set of WS message exchanges.

III. Methodology to be Used for OASIS WSRM TC Interoperability Event

The WS-R implementations may be based on those developed for previous interop demos, new implementations based on the WS-R standard, or on the open source RM4GS (which runs under Linux OS). The WS-Security implementations may be based on vendor developed implementations, new implementations for this demo, or open source versions of the standard.

Both Fujitsu and NEC will have implementations for this interop and other companies are encouraged to participate as well. The test scripts/test assertions will be compliant with both the WS-Security standard and the corresponding WS-I Basic Security Profile (BSP) working drafts (please refer to the WS-I March 2005 meeting report in the March 21 edition of GRIDtoday:

The interoperability test assertions will be based on four security requirements:

  • Authentication.
  • Non-repudiation (a type of authorization).
  • Confidentiality (encryption).
  • Integrity (tamper proofing).

For each of these four requirements, security features compliant with WS-Security and WS-I BSP have been selected in order to generate a small set of test assertions. No more than 12 test assertions will be verified during this interop testing round. However, additional test assertions may be specified for future testing.

The derived test cases will be grouped into a test suite that will distinguish two roles: 1) client and 2) service. In order to verify the ability of two composable WS-R/WS-Security implementations to interoperate, the test suite will be executed twice — with the implementations swapping roles — so that each role is properly tested. Besides security artifacts (certificates, keys, etc.) no specific configuration or policy will be required by the receiver of secure and reliable messages to participate in these test cases. In other words, we allow for different WS-R/WS-Security ordered processing configurations on the sender side, while specifying only the composed message format transmitted (we assume over HTTP transport) on the wire. The transmitted message format will implicitly specify the test case for receiver processing.

The composition of the reliability and security functions implied by these test cases will be implemented in a SOAP architecture and processing order that will not vary from one test case to the other. Each Web services end-point may be composed of WS reliability and security modules that may have been developed independently of each other.

Here are a few of the parameters that the test cases will modulate or simply determine:

  • The sections of the SOAP message which are signed.
  • The type of digital signature (detached or enveloped).
  • The parts of the SOAP message which are encrypted (message body vs. headers).
  • Type of encryption algorithm and key management method.
  • Requirements for the integrity of the WS-R header, payload or both?
  • The token type(s) to be used for authentication — X.509, REL, SAML, user name/password.

The sample application to drive the client side interop testing will likely be the Purchase Order processing application, which had previously been used for successful interop testing of WS-R implementations. This will be the fourth WS-R interop event sponsored by the WSRM TC.

Acknowledgements: The author would like to thank Jacques Durand and Hamid Malek of Fujitsu Software-USA for their work in developing the WS-R/WS-Security interop test methodology described above and their extremely valuable contributions to this article. Thanks also to Jorgen Thelin of Microsoft and Doug Davis of IBM for furnishing the links to obtain more information on their respective interop workshops.

About Alan J. Weissberger

Alan J. Weissberger is actively seeking clients in need of his expertise in the telecommunications field. If you would like to speak personally with Alan about how he could help your company, feel free to contact him via e-mail at [email protected] or [email protected]. To learn more about his extensive qualifications, read his annotated biography below.

As the founder and Technical Director of Data Communications Technology (DCT), a technical consulting firm started in March 1983, Alan J. Weissberger specializes in telecommunications standards and their implementation. His clients have included network providers (AT&T, NTT, Pacific Bell, US West, Entel and CTC in Chile, Telkom South Africa, Moroccan PTT, others), equipment and semiconductor manufacturers, and large end users. In 1995 and 1996 Alan was the principal architect for the European Commission's multi-service, multi-country ATM network — the largest private network in Europe (that network has now evolved into Gig Ethernet over CWDM). In 2000-01, he was Ciena's lead ITU-T delegate, contributing to the standardization of the optical control plane in SG13 and SG15. Alan now represents NEC Corp in several OASIS TCs dealing with Web Services, while also attending the Global Grid Forum and the Optical Internetworking Forum (OIF).

To read his entire biography, please visit

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

SIA Recognizes Robert Dennard with 2019 Noyce Award

November 12, 2019

If you don’t know what Dennard Scaling is, the chances are strong you don’t labor in electronics. Robert Dennard, longtime IBM researcher, inventor of the DRAM and the fellow for whom Dennard Scaling was named, is th Read more…

By John Russell

Leveraging Exaflops Performance to Remediate Nuclear Waste

November 12, 2019

Nuclear waste storage sites are a subject of intense controversy and debate; nobody wants the radioactive remnants in their backyard. Now, a collaboration between Berkeley Lab, Pacific Northwest National University (PNNL Read more…

By Oliver Peckham

Using HPC and Machine Learning to Predict Traffic Congestion

November 12, 2019

Traffic congestion is a never-ending logic puzzle, dictated by commute patterns, but also by more stochastic accidents and similar disruptions. Traffic engineers struggle to model the traffic flow that occurs after accid Read more…

By Oliver Peckham

Mira Supercomputer Enables Cancer Research Breakthrough

November 11, 2019

Dynamic partial-wave spectroscopic (PWS) microscopy allows researchers to observe intracellular structures as small as 20 nanometers – smaller than those visible by optical microscopes – in three dimensions at a mill Read more…

By Staff report

IBM Adds Support for Ion Trap Quantum Technology to Qiskit

November 11, 2019

After years of percolating in the shadow of quantum computing research based on superconducting semiconductors – think IBM, Rigetti, Google, and D-Wave (quantum annealing) – ion trap technology is edging into the QC Read more…

By John Russell

AWS Solution Channel

Making High Performance Computing Affordable and Accessible for Small and Medium Businesses with HPC on AWS

High performance computing (HPC) brings a powerful set of tools to a broad range of industries, helping to drive innovation and boost revenue in finance, genomics, oil and gas extraction, and other fields. Read more…

IBM Accelerated Insights

Tackling HPC’s Memory and I/O Bottlenecks with On-Node, Non-Volatile RAM

November 8, 2019

On-node, non-volatile memory (NVRAM) is a game-changing technology that can remove many I/O and memory bottlenecks and provide a key enabler for exascale. That’s the conclusion drawn by the scientists and researcher Read more…

By Jan Rowell

IBM Adds Support for Ion Trap Quantum Technology to Qiskit

November 11, 2019

After years of percolating in the shadow of quantum computing research based on superconducting semiconductors – think IBM, Rigetti, Google, and D-Wave (quant Read more…

By John Russell

Tackling HPC’s Memory and I/O Bottlenecks with On-Node, Non-Volatile RAM

November 8, 2019

On-node, non-volatile memory (NVRAM) is a game-changing technology that can remove many I/O and memory bottlenecks and provide a key enabler for exascale. Th Read more…

By Jan Rowell

MLPerf Releases First Inference Benchmark Results; Nvidia Touts its Showing

November 6, 2019, the young AI-benchmarking consortium, today issued the first round of results for its inference test suite. Among organizations with submissions wer Read more…

By John Russell

Azure Cloud First with AMD Epyc Rome Processors

November 6, 2019

At Ignite 2019 this week, Microsoft's Azure cloud team and AMD announced an expansion of their partnership that began in 2017 when Azure debuted Epyc-backed ins Read more…

By Tiffany Trader

Nvidia Launches Credit Card-Sized 21 TOPS Jetson System for Edge Devices

November 6, 2019

Nvidia has launched a new addition to its Jetson product line: a credit card-sized (70x45mm) form factor delivering up to 21 trillion operations/second (TOPS) o Read more…

By Doug Black

In Memoriam: Steve Tuecke, Globus Co-founder

November 4, 2019

HPCwire is deeply saddened to report that Steve Tuecke, longtime scientist at Argonne National Lab and University of Chicago, has passed away at age 52. Tuecke Read more…

By Tiffany Trader

Spending Spree: Hyperscalers Bought $57B of IT in 2018, $10B+ by Google – But Is Cloud on Horizon?

October 31, 2019

Hyperscalers are the masters of the IT universe, gravitational centers of increasing pull in the emerging age of data-driven compute and AI.  In the high-stake Read more…

By Doug Black

Cray Debuts ClusterStor E1000 Finishing Remake of Portfolio for ‘Exascale Era’

October 30, 2019

Cray, now owned by HPE, today introduced the ClusterStor E1000 storage platform, which leverages Cray software and mixes hard disk drives (HDD) and flash memory Read more…

By John Russell

Supercomputer-Powered AI Tackles a Key Fusion Energy Challenge

August 7, 2019

Fusion energy is the Holy Grail of the energy world: low-radioactivity, low-waste, zero-carbon, high-output nuclear power that can run on hydrogen or lithium. T Read more…

By Oliver Peckham

Using AI to Solve One of the Most Prevailing Problems in CFD

October 17, 2019

How can artificial intelligence (AI) and high-performance computing (HPC) solve mesh generation, one of the most commonly referenced problems in computational engineering? A new study has set out to answer this question and create an industry-first AI-mesh application... Read more…

By James Sharpe

Cray Wins NNSA-Livermore ‘El Capitan’ Exascale Contract

August 13, 2019

Cray has won the bid to build the first exascale supercomputer for the National Nuclear Security Administration (NNSA) and Lawrence Livermore National Laborator Read more…

By Tiffany Trader

DARPA Looks to Propel Parallelism

September 4, 2019

As Moore’s law runs out of steam, new programming approaches are being pursued with the goal of greater hardware performance with less coding. The Defense Advanced Projects Research Agency is launching a new programming effort aimed at leveraging the benefits of massive distributed parallelism with less sweat. Read more…

By George Leopold

AMD Launches Epyc Rome, First 7nm CPU

August 8, 2019

From a gala event at the Palace of Fine Arts in San Francisco yesterday (Aug. 7), AMD launched its second-generation Epyc Rome x86 chips, based on its 7nm proce Read more…

By Tiffany Trader

D-Wave’s Path to 5000 Qubits; Google’s Quantum Supremacy Claim

September 24, 2019

On the heels of IBM’s quantum news last week come two more quantum items. D-Wave Systems today announced the name of its forthcoming 5000-qubit system, Advantage (yes the name choice isn’t serendipity), at its user conference being held this week in Newport, RI. Read more…

By John Russell

Ayar Labs to Demo Photonics Chiplet in FPGA Package at Hot Chips

August 19, 2019

Silicon startup Ayar Labs continues to gain momentum with its DARPA-backed optical chiplet technology that puts advanced electronics and optics on the same chip Read more…

By Tiffany Trader

Crystal Ball Gazing: IBM’s Vision for the Future of Computing

October 14, 2019

Dario Gil, IBM’s relatively new director of research, painted a intriguing portrait of the future of computing along with a rough idea of how IBM thinks we’ Read more…

By John Russell

Leading Solution Providers

ISC 2019 Virtual Booth Video Tour


Intel Confirms Retreat on Omni-Path

August 1, 2019

Intel Corp.’s plans to make a big splash in the network fabric market for linking HPC and other workloads has apparently belly-flopped. The chipmaker confirmed to us the outlines of an earlier report by the website CRN that it has jettisoned plans for a second-generation version of its Omni-Path interconnect... Read more…

By Staff report

Kubernetes, Containers and HPC

September 19, 2019

Software containers and Kubernetes are important tools for building, deploying, running and managing modern enterprise applications at scale and delivering enterprise software faster and more reliably to the end user — while using resources more efficiently and reducing costs. Read more…

By Daniel Gruber, Burak Yenier and Wolfgang Gentzsch, UberCloud

Dell Ramps Up HPC Testing of AMD Rome Processors

October 21, 2019

Dell Technologies is wading deeper into the AMD-based systems market with a growing evaluation program for the latest Epyc (Rome) microprocessors from AMD. In a Read more…

By John Russell

Intel Debuts Pohoiki Beach, Its 8M Neuron Neuromorphic Development System

July 17, 2019

Neuromorphic computing has received less fanfare of late than quantum computing whose mystery has captured public attention and which seems to have generated mo Read more…

By John Russell

Rise of NIH’s Biowulf Mirrors the Rise of Computational Biology

July 29, 2019

The story of NIH’s supercomputer Biowulf is fascinating, important, and in many ways representative of the transformation of life sciences and biomedical res Read more…

By John Russell

Xilinx vs. Intel: FPGA Market Leaders Launch Server Accelerator Cards

August 6, 2019

The two FPGA market leaders, Intel and Xilinx, both announced new accelerator cards this week designed to handle specialized, compute-intensive workloads and un Read more…

By Doug Black

When Dense Matrix Representations Beat Sparse

September 9, 2019

In our world filled with unintended consequences, it turns out that saving memory space to help deal with GPU limitations, knowing it introduces performance pen Read more…

By James Reinders

With the Help of HPC, Astronomers Prepare to Deflect a Real Asteroid

September 26, 2019

For years, NASA has been running simulations of asteroid impacts to understand the risks (and likelihoods) of asteroids colliding with Earth. Now, NASA and the European Space Agency (ESA) are preparing for the next, crucial step in planetary defense against asteroid impacts: physically deflecting a real asteroid. Read more…

By Oliver Peckham

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This