Two Sets of ‘Composable’ Web Services Specs to be Tested

By By Alan J. Weissberger, Contributing Author

April 11, 2005

I. Introduction

For Grid applications, Web services messages must be reliably and securely delivered. Various Web services standards and specifications have been developed for this purpose. In particular, the WS-Reliability and WS-Security standards from OASIS will be used in the Japanese Business Grid Project. Various Web services and Grid middleware vendors are likely to include WS Reliable Messaging, WS Policy, WS Security, WS Trust and WS Secure Conversation in their commercial product offerings (to be announced).

Two different sets of specifications which address the required functionality for Web services reliability and security will soon be tested for interoperability:

A. BEA Systems, IBM, Microsoft and TIBCO Software, co-developers of the WS-Reliable Messaging specification, are hosting a two-day Composability Interop Workshop on April 13-14 at Microsoft's Silicon Valley Campus in Mountain View, Calif. The two-day interop workshop is an ad-hoc, open forum for companies who have WS-Reliable Messaging (WS-RM) and WS-Secure Conversation1 implementations, and who want to test their implementations with other companies' implementations. Attendees bring their own laptops, implementations and any other tools they feel would be needed; testing among all attendees will occur throughout the day. As with previous WS-* workshops, these events are open to anyone who desires to participate and who can bring an implementation based on the specifications listed above. This is the third WS-RM interop event sponsored by the co-authors of that spec.

The invitation to participate (for those that have implementations of these specs) can be downloaded from the IBM and Microsoft Web sites:

The workshop process, which includes description of two types of events — Feedback Workshops and Interoperability Workshops — may be downloaded from two sites:

A revised test scenario document for use in this Interop Workshop was recently made available to the interop participants who joined the “WS-RM-Workshops” Yahoo! e-mail group. The updates included: Ordering elements inside Security header; Signature Confirmation; and Encrypted Signatures for all messages (including the WS-RM infrastructure messages).

Note that participating companies may bring pre-release code to the workshops, so their results at interop testing time may not necessarily bear any relation to the code they eventually ship to market.


Footnote:

1. Web Services Secure Conversation Language (WS-SecureConversation):

This specification defines extensions that build on [WS-Security] and [WS-Trust] to provide secure communication across one or more messages. Specifically, this specification defines mechanisms for establishing and sharing security contexts, and deriving keys from established security contexts (or any shared secret).


B. The OASIS WSRM TC has just approved an interoperability event, to be hosted in early June by Fujitsu Software (Sunnyvale, Calif.), that will test “composable” implementations of the WS-Reliability (WS-R) and WS-Security standards. This is a follow on to the TCs effort to generate a Composability Concepts document and a more detailed WS-Reliabilty and WS-Security Composability Case Studies document (implementation specific examples of how to compose WS-R with WS-Security). Please refer to the article “Making Web Services Message Exchanges Reliable, Secure” in the Jan. 24 edition of GRIDtoday: news.taborcommunications.com/msgget.jsp?mid=328880&xsl=story.xsl.

The WSRM TC will develop test cases/ test assertions (no more than 12 for this event — see description below) which will be used as the basis for the implementations to be tested for interoperability. This (WS-R/WS-Security) Composability interop event will be very valuable in providing feedback, which will be used to augment and improve the previously referenced Composability Case Studies document. NEC and Fujitu have committed to providing implementations for this interop event. Additional participants are encouraged to join.

Upon successful interop event testing, participants may provide an Internet end point to facilitate more extensive interoperability testing of the composed specs. At that time, additional test assertions may be included.

II. Definition of Composability (in the context of Web services)

IBM, Microsoft, and their WS-* partners have coined the term “composability” to denote the proper combination of various Web service specifications. The term has been accepted throughout the industry and now also applies to emerging Web services standards (e.g., WS-Reliability and WS-Security) which may be combined to cooperatively work with each other.

In particular, the term “Composability” is used to describe independent standards or specifications that can be combined to provide more powerful capabilities. WS middleware providers can support composed capabilities by integrating two (or more) WS standards in a specified way in the same or different SOAP header processing nodes (e.g., providers can integrate WS Reliability support for communicating WS Security message exchanges, or vice versa). The purpose of composability is to combine two independent WS standards or specifications to realize the desired functionality that each provides in a single set of WS message exchanges.

III. Methodology to be Used for OASIS WSRM TC Interoperability Event

The WS-R implementations may be based on those developed for previous interop demos, new implementations based on the WS-R standard, or on the open source RM4GS (which runs under Linux OS). The WS-Security implementations may be based on vendor developed implementations, new implementations for this demo, or open source versions of the standard.

Both Fujitsu and NEC will have implementations for this interop and other companies are encouraged to participate as well. The test scripts/test assertions will be compliant with both the WS-Security standard and the corresponding WS-I Basic Security Profile (BSP) working drafts (please refer to the WS-I March 2005 meeting report in the March 21 edition of GRIDtoday: news.taborcommunications.com/msgget.jsp?mid=352675&xsl=story.xsl.

The interoperability test assertions will be based on four security requirements:

  • Authentication.
  • Non-repudiation (a type of authorization).
  • Confidentiality (encryption).
  • Integrity (tamper proofing).

For each of these four requirements, security features compliant with WS-Security and WS-I BSP have been selected in order to generate a small set of test assertions. No more than 12 test assertions will be verified during this interop testing round. However, additional test assertions may be specified for future testing.

The derived test cases will be grouped into a test suite that will distinguish two roles: 1) client and 2) service. In order to verify the ability of two composable WS-R/WS-Security implementations to interoperate, the test suite will be executed twice — with the implementations swapping roles — so that each role is properly tested. Besides security artifacts (certificates, keys, etc.) no specific configuration or policy will be required by the receiver of secure and reliable messages to participate in these test cases. In other words, we allow for different WS-R/WS-Security ordered processing configurations on the sender side, while specifying only the composed message format transmitted (we assume over HTTP transport) on the wire. The transmitted message format will implicitly specify the test case for receiver processing.

The composition of the reliability and security functions implied by these test cases will be implemented in a SOAP architecture and processing order that will not vary from one test case to the other. Each Web services end-point may be composed of WS reliability and security modules that may have been developed independently of each other.

Here are a few of the parameters that the test cases will modulate or simply determine:

  • The sections of the SOAP message which are signed.
  • The type of digital signature (detached or enveloped).
  • The parts of the SOAP message which are encrypted (message body vs. headers).
  • Type of encryption algorithm and key management method.
  • Requirements for the integrity of the WS-R header, payload or both?
  • The token type(s) to be used for authentication — X.509, REL, SAML, user name/password.

The sample application to drive the client side interop testing will likely be the Purchase Order processing application, which had previously been used for successful interop testing of WS-R implementations. This will be the fourth WS-R interop event sponsored by the WSRM TC.

Acknowledgements: The author would like to thank Jacques Durand and Hamid Malek of Fujitsu Software-USA for their work in developing the WS-R/WS-Security interop test methodology described above and their extremely valuable contributions to this article. Thanks also to Jorgen Thelin of Microsoft and Doug Davis of IBM for furnishing the links to obtain more information on their respective interop workshops.

About Alan J. Weissberger

Alan J. Weissberger is actively seeking clients in need of his expertise in the telecommunications field. If you would like to speak personally with Alan about how he could help your company, feel free to contact him via e-mail at [email protected] or [email protected]. To learn more about his extensive qualifications, read his annotated biography below.

As the founder and Technical Director of Data Communications Technology (DCT), a technical consulting firm started in March 1983, Alan J. Weissberger specializes in telecommunications standards and their implementation. His clients have included network providers (AT&T, NTT, Pacific Bell, US West, Entel and CTC in Chile, Telkom South Africa, Moroccan PTT, others), equipment and semiconductor manufacturers, and large end users. In 1995 and 1996 Alan was the principal architect for the European Commission's multi-service, multi-country ATM network — the largest private network in Europe (that network has now evolved into Gig Ethernet over CWDM). In 2000-01, he was Ciena's lead ITU-T delegate, contributing to the standardization of the optical control plane in SG13 and SG15. Alan now represents NEC Corp in several OASIS TCs dealing with Web Services, while also attending the Global Grid Forum and the Optical Internetworking Forum (OIF).

To read his entire biography, please visit www.gridtoday.com/04/1011/bio.html.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Supercomputers Streamline Prediction of Dangerous Arrhythmia

June 2, 2020

Heart arrhythmia can prove deadly, contributing to the hundreds of thousands of deaths from cardiac arrest in the U.S. every year. Unfortunately, many of those arrhythmia are induced as side effects from various medicati Read more…

By Staff report

Indiana University to Deploy Jetstream 2 Cloud with AMD, Nvidia Technology

June 2, 2020

Indiana University has been awarded a $10 million NSF grant to build ‘Jetstream 2,’ a cloud computing system that will provide 8 aggregate petaflops of computing capability in support of data analysis and AI workload Read more…

By Tiffany Trader

10nm, 7nm, 5nm…. Should the Chip Nanometer Metric Be Replaced?

June 1, 2020

The biggest cool factor in server chips is the nanometer. AMD beating Intel to a CPU built on a 7nm process node* – with 5nm and 3nm on the way – has been instrumental to AMD’s datacenter market resurgence. Nanomet Read more…

By Doug Black

Supercomputer-Powered Protein Simulations Approach Lab Accuracy

June 1, 2020

Protein simulations have dominated the supercomputing conversation of late as supercomputers around the world race to simulate the viral proteins of COVID-19 as accurately as possible and simulate potential bindings in t Read more…

By Oliver Peckham

HPC Career Notes: June 2020 Edition

June 1, 2020

In this monthly feature, we'll keep you up-to-date on the latest career developments for individuals in the high-performance computing community. Whether it's a promotion, new company hire, or even an accolade, we've got Read more…

By Mariana Iriarte

AWS Solution Channel

Computational Fluid Dynamics on AWS

Over the past 30 years Computational Fluid Dynamics (CFD) has grown to become a key part of many engineering design processes. From aircraft design to modelling the blood flow in our bodies, the ability to understand the behaviour of fluids has enabled countless innovations and improved the time to market for many products. Read more…

Supercomputer Modeling Shows How COVID-19 Spreads Through Populations

May 30, 2020

As many states begin to loosen the lockdowns and stay-at-home orders that have forced most Americans inside for the past two months, researchers are poring over the data, looking for signs of the dreaded second peak of t Read more…

By Oliver Peckham

Indiana University to Deploy Jetstream 2 Cloud with AMD, Nvidia Technology

June 2, 2020

Indiana University has been awarded a $10 million NSF grant to build ‘Jetstream 2,’ a cloud computing system that will provide 8 aggregate petaflops of comp Read more…

By Tiffany Trader

10nm, 7nm, 5nm…. Should the Chip Nanometer Metric Be Replaced?

June 1, 2020

The biggest cool factor in server chips is the nanometer. AMD beating Intel to a CPU built on a 7nm process node* – with 5nm and 3nm on the way – has been i Read more…

By Doug Black

COVID-19 HPC Consortium Expands to Europe, Reports on Research Projects

May 28, 2020

The COVID-19 HPC Consortium, a public-private effort delivering free access to HPC processing for scientists pursuing coronavirus research – some utilizing AI Read more…

By Doug Black

$100B Plan Submitted for Massive Remake and Expansion of NSF

May 27, 2020

Legislation to reshape, expand - and rename - the National Science Foundation has been submitted in both the U.S. House and Senate. The proposal, which seems to Read more…

By John Russell

IBM Boosts Deep Learning Accuracy on Memristive Chips

May 27, 2020

IBM researchers have taken another step towards making in-memory computing based on phase change (PCM) memory devices a reality. Papers in Nature and Frontiers Read more…

By John Russell

Hats Over Hearts: Remembering Rich Brueckner

May 26, 2020

HPCwire and all of the Tabor Communications family are saddened by last week’s passing of Rich Brueckner. He was the ever-optimistic man in the Red Hat presiding over the InsideHPC media portfolio for the past decade and a constant presence at HPC’s most important events. Read more…

Nvidia Q1 Earnings Top Expectations, Datacenter Revenue Breaks $1B

May 22, 2020

Nvidia’s seemingly endless roll continued in the first quarter with the company announcing blockbuster earnings that exceeded Wall Street expectations. Nvidia Read more…

By Doug Black

Microsoft’s Massive AI Supercomputer on Azure: 285k CPU Cores, 10k GPUs

May 20, 2020

Microsoft has unveiled a supercomputing monster – among the world’s five most powerful, according to the company – aimed at what is known in scientific an Read more…

By Doug Black

Supercomputer Modeling Tests How COVID-19 Spreads in Grocery Stores

April 8, 2020

In the COVID-19 era, many people are treating simple activities like getting gas or groceries with caution as they try to heed social distancing mandates and protect their own health. Still, significant uncertainty surrounds the relative risk of different activities, and conflicting information is prevalent. A team of Finnish researchers set out to address some of these uncertainties by... Read more…

By Oliver Peckham

[email protected] Turns Its Massive Crowdsourced Computer Network Against COVID-19

March 16, 2020

For gamers, fighting against a global crisis is usually pure fantasy – but now, it’s looking more like a reality. As supercomputers around the world spin up Read more…

By Oliver Peckham

[email protected] Rallies a Legion of Computers Against the Coronavirus

March 24, 2020

Last week, we highlighted [email protected], a massive, crowdsourced computer network that has turned its resources against the coronavirus pandemic sweeping the globe – but [email protected] isn’t the only game in town. The internet is buzzing with crowdsourced computing... Read more…

By Oliver Peckham

Global Supercomputing Is Mobilizing Against COVID-19

March 12, 2020

Tech has been taking some heavy losses from the coronavirus pandemic. Global supply chains have been disrupted, virtually every major tech conference taking place over the next few months has been canceled... Read more…

By Oliver Peckham

Supercomputer Simulations Reveal the Fate of the Neanderthals

May 25, 2020

For hundreds of thousands of years, neanderthals roamed the planet, eventually (almost 50,000 years ago) giving way to homo sapiens, which quickly became the do Read more…

By Oliver Peckham

DoE Expands on Role of COVID-19 Supercomputing Consortium

March 25, 2020

After announcing the launch of the COVID-19 High Performance Computing Consortium on Sunday, the Department of Energy yesterday provided more details on its sco Read more…

By John Russell

Steve Scott Lays Out HPE-Cray Blended Product Roadmap

March 11, 2020

Last week, the day before the El Capitan processor disclosures were made at HPE's new headquarters in San Jose, Steve Scott (CTO for HPC & AI at HPE, and former Cray CTO) was on-hand at the Rice Oil & Gas HPC conference in Houston. He was there to discuss the HPE-Cray transition and blended roadmap, as well as his favorite topic, Cray's eighth-gen networking technology, Slingshot. Read more…

By Tiffany Trader

Honeywell’s Big Bet on Trapped Ion Quantum Computing

April 7, 2020

Honeywell doesn’t spring to mind when thinking of quantum computing pioneers, but a decade ago the high-tech conglomerate better known for its control systems waded deliberately into the then calmer quantum computing (QC) waters. Fast forward to March when Honeywell announced plans to introduce an ion trap-based quantum computer whose ‘performance’ would... Read more…

By John Russell

Leading Solution Providers

SC 2019 Virtual Booth Video Tour

AMD
AMD
ASROCK RACK
ASROCK RACK
AWS
AWS
CEJN
CJEN
CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
IBM
IBM
MELLANOX
MELLANOX
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
SIX NINES IT
SIX NINES IT
VERNE GLOBAL
VERNE GLOBAL
WEKAIO
WEKAIO

Contributors

Tech Conferences Are Being Canceled Due to Coronavirus

March 3, 2020

Several conferences scheduled to take place in the coming weeks, including Nvidia’s GPU Technology Conference (GTC) and the Strata Data + AI conference, have Read more…

By Alex Woodie

Exascale Watch: El Capitan Will Use AMD CPUs & GPUs to Reach 2 Exaflops

March 4, 2020

HPE and its collaborators reported today that El Capitan, the forthcoming exascale supercomputer to be sited at Lawrence Livermore National Laboratory and serve Read more…

By John Russell

‘Billion Molecules Against COVID-19’ Challenge to Launch with Massive Supercomputing Support

April 22, 2020

Around the world, supercomputing centers have spun up and opened their doors for COVID-19 research in what may be the most unified supercomputing effort in hist Read more…

By Oliver Peckham

Cray to Provide NOAA with Two AMD-Powered Supercomputers

February 24, 2020

The United States’ National Oceanic and Atmospheric Administration (NOAA) last week announced plans for a major refresh of its operational weather forecasting supercomputers, part of a 10-year, $505.2 million program, which will secure two HPE-Cray systems for NOAA’s National Weather Service to be fielded later this year and put into production in early 2022. Read more…

By Tiffany Trader

15 Slides on Programming Aurora and Exascale Systems

May 7, 2020

Sometime in 2021, Aurora, the first planned U.S. exascale system, is scheduled to be fired up at Argonne National Laboratory. Cray (now HPE) and Intel are the k Read more…

By John Russell

Summit Supercomputer is Already Making its Mark on Science

September 20, 2018

Summit, now the fastest supercomputer in the world, is quickly making its mark in science – five of the six finalists just announced for the prestigious 2018 Read more…

By John Russell

Fujitsu A64FX Supercomputer to Be Deployed at Nagoya University This Summer

February 3, 2020

Japanese tech giant Fujitsu announced today that it will supply Nagoya University Information Technology Center with the first commercial supercomputer powered Read more…

By Tiffany Trader

Australian Researchers Break All-Time Internet Speed Record

May 26, 2020

If you’ve been stuck at home for the last few months, you’ve probably become more attuned to the quality (or lack thereof) of your internet connection. Even Read more…

By Oliver Peckham

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This