Web Services and Identity

Over­view

Web ser­vices are how dis­trib­uted com­put­ing is done in the 21st cen­tury. Web ser­vices use XML and the World Wide Web as enabling tech­no­lo­gies to make applic­a­tion inter­ac­tions more flex­ible and com­pos­able in response to chan­ging needs. Espe­cially in light of Web 2.0 and cloud com­put­ing trends, web ser­vices offer excit­ing new pos­sib­il­it­ies in net­worked com­puter com­mu­nic­a­tions, both within an enterprise’s bound­ar­ies and across the broader Internet.

Digital iden­tity inform­a­tion is a key ingredi­ent for cus­tom­iz­ing the oper­a­tion of web ser­vices and applic­a­tions, as well as authen­tic­at­ing and author­iz­ing users. Par­tic­u­larly now that indi­vidu­als’ digital iden­tity is being “dis­trib­uted” much the way applic­a­tions are being dis­trib­uted, busi­nesses, gov­ern­ments, and other organ­iz­a­tions have a spe­cial chal­lenge in treat­ing it – and our wishes about it – with respect.

This course will use a real-world focus in dis­cuss­ing the fea­tures and bene­fits of web ser­vices and digital iden­tity; review­ing rel­ev­ant con­cepts, tech­no­lo­gies, and stand­ards; and examin­ing secur­ity and pri­vacy challenges.

Classes for 2010

SOA, REST and The Web: Com­pare and Contrast!

Taught by Paul Downey

Ser­vice Ori­ented Archi­tec­ture, and Rep­res­ent­a­tional State Trans­fer both offer prin­ciples for build­ing Web ser­vices. How do these archi­tec­tural styles dif­fer, are they com­ple­ment­ary or do they con­flict? Is it pos­sible to build a “resource-centric” SOA, or REST with mes­saging systems?

Mean­while we have The Web: a prac­tical liv­ing eco­sys­tem where con­ven­tions, agree­ments and light­weight stand­ards quickly evolve, some through “tra­di­tional” stand­ard­iz­a­tion pro­cesses such as HTML5 and WS-* at the W3C and OASIS, oth­ers through light­weight Open Stand­ards ini­ti­at­ives such as Micro­formats, OpenID, OAuth, OEmbed, XMPP and other “open” ini­ti­at­ives from vendors, such as Open Social, YQL and Google Buzz. How many of these activ­it­ies are informed by SOA and REST archi­tec­tural prin­ciples, and is it indeed even pos­sible to build archi­tec­tur­ally pure ser­vices which work within the con­straints of the mod­ern Web?

Ele­ments of Web Ser­vice Design

Taught by Dr. Marc Hadley

This ses­sion will present a case study of expos­ing an exist­ing API as par­al­lel REST­ful and SOAP-based Web Ser­vices. The ses­sion will review basic Web ser­vices tech­no­lo­gies and describe the advant­ages and dis­ad­vant­ages of each approach high­light­ing imped­ance mis­matches between nat­ive pro­gram­ming lan­guage APIs and Web services.

Lunch break, day one

 

XML Pro­cess Pipelining

Taught by Nor­man Walsh

We employ a broad range of XML tech­no­lo­gies to build our applic­a­tions and to join dif­fer­ent applic­a­tions together. Import­ant aspects of a sys­tem can often be described as the applic­a­tion of some sequence of XML transformations.

Until recently, there was no stand­ard way to describe the order and sequence of these tech­no­lo­gies. Per­form­ing, for example, XIn­clude, fol­lowed by val­id­a­tion, fol­lowed by two trans­form­a­tions, and then val­id­at­ing the res­ult required ad hoc “glue code” writ­ten in any num­ber of ways.

With the recent pub­lic­a­tion of XProc: An XML Pipeline Lan­guage, it’s now pos­sible to describe these, and many other, pro­cesses in a stand­ard way.

This ses­sion will review the scope and pur­pose of XProc and provide examples of where it can shorten and sim­plify every­day tasks.

XML and Web Security

Taught by Thomas Roessler.

This ses­sion will give the stu­dents a found­a­tion in under­stand­ing secur­ity prin­ciples as applied to the Web, threats pecu­liar to Web and XML tech­no­lo­gies, and the tech­no­lo­gies typ­ic­ally applied to secure web applic­a­tions and ser­vices to answer those threats (includ­ing but not lim­ited to XML Sig­na­ture and Encryption).

End of day, day one

 

Fed­er­ated Iden­tity Con­cepts and Technologies

Taught by Dr. Hubert le van Gong

This ses­sion will sur­vey busi­ness goals for digital iden­tity man­age­ment in the enter­prise and con­sumer spheres, and will review key web-based tech­no­lo­gies and pro­to­cols for fed­er­ated iden­tity and access man­age­ment. We will pay spe­cial atten­tion to the chal­lenges of meet­ing pri­vacy goals.

Pri­vacy and Assur­ance in Inter­net Identity

Taught by Robin Wilton

In this ses­sion, Robin will look at the links between iden­tity and pri­vacy from the tech­nical and non-technical per­spect­ives. The mater­ial will com­ple­ment Eve Maler’s lec­ture on the prac­tic­al­it­ies of meet­ing pri­vacy goals in fed­er­ated iden­tity systems.

There are no pointy brack­ets in this ses­sion… but don’t ima­gine that that means an easy ride for the tech­no­lo­gists: there are still plenty of hard tech­nical prob­lems in the domain of online iden­tity and pri­vacy, and the talk will set out a few of them (as an exer­cise for the stu­dent, of course…). And if you have cracked the tech­no­logy prob­lem, there is still the ques­tion of how to put it into prac­tice. Robin will exam­ine some of the factors behind the appar­ent fail­ure of “Pri­vacy Enhan­cing Tech­no­lo­gies” (PETs) to make it from tech­nical viab­il­ity into mass adop­tion, and con­sider the ‘eco­sys­tem’ of mostly non-technical factors within which your tech­nical solu­tions will need to thrive.

The goal is for you to come away not just with an under­stand­ing of the land­scape ahead, but also with some tools and simple mod­els to help you nav­ig­ate it suc­cess­fully with your fel­low stakeholders.

Lunch break, day two

 

Work­shop

The course will con­clude with a work­shop on the last afternoon.