Web Services and Identity



Web ser­vices are how dis­trib­uted com­put­ing is done in the 21st cen­tury. Web ser­vices use XML and the World Wide Web as enabling tech­no­lo­gies to make applic­a­tion inter­ac­tions more flex­ible and com­pos­able in response to chan­ging needs. Espe­cially in light of Web 2.0 and cloud com­put­ing trends, web ser­vices offer excit­ing new pos­sib­il­it­ies in net­worked com­puter com­mu­nic­a­tions, both within an enterprise’s bound­ar­ies and across the broader Internet.

Digital iden­tity inform­a­tion is a key ingredi­ent for cus­tom­iz­ing the oper­a­tion of web ser­vices and applic­a­tions, as well as authen­tic­at­ing and author­iz­ing users. Par­tic­u­larly now that indi­vidu­als’ digital iden­tity is being “dis­trib­uted” much the way applic­a­tions are being dis­trib­uted, busi­nesses, gov­ern­ments, and other organ­iz­a­tions have a spe­cial chal­lenge in treat­ing it – and our wishes about it – with respect.

This course will use a real-world focus in dis­cuss­ing the fea­tures and bene­fits of web ser­vices and digital iden­tity; review­ing rel­ev­ant con­cepts, tech­no­lo­gies, and stand­ards; and examin­ing secur­ity and pri­vacy challenges.

Classes for 2009

SOA, REST and The Web: Com­pare and Contrast!

Taught by Paul Downey

Ser­vice Ori­ented Archi­tec­ture, and Rep­res­ent­a­tional State Trans­fer both offer prin­ciples for build­ing Web ser­vices. How do these archi­tec­tural styles dif­fer, are they com­ple­ment­ary or do they con­flict? Is it pos­sible to build a “resource-centric” SOA, or REST with mes­saging systems?

Mean­while we have The Web: a prac­tical liv­ing eco­sys­tem where con­ven­tions, agree­ments and light­weight stand­ards quickly evolve, some through “tra­di­tional” stand­ard­iz­a­tion pro­cesses such as HTML5 and WS-* at the W3C and OASIS, oth­ers through light­weight Open Stand­ards ini­ti­at­ives such as Micro­formats, OpenID, OAuth, OEmbed, XMPP and other “open” ini­ti­at­ives from vendors, such as Open Social, YQL and Google Wave. How many of these activ­it­ies are informed by SOA and REST archi­tec­tural prin­ciples, and is it indeed even pos­sible to build archi­tec­tur­ally pure ser­vices which work within the con­straints of the mod­ern Web?

Ele­ments of Web Ser­vice Design

Taught by Dr. Marc Hadley

This ses­sion will present a case study of expos­ing an exist­ing API as par­al­lel REST­ful and SOAP-based Web Ser­vices. The ses­sion will review basic Web ser­vices tech­no­lo­gies and describe the advant­ages and dis­ad­vant­ages of each approach high­light­ing imped­ance mis­matches between nat­ive pro­gram­ming lan­guage APIs and Web services.

Web Secur­ity

Taught by Rich Salz

When think­ing about secur­ity, it’s import­ant to keep in mind of the over­all goal: allow the “right” entit­ies to have access to data and resources, while pre­vent­ing the “wrong” ones from see­ing or doing things they shouldn’t. This talk will review the com­mon secur­ity mech­an­isms used by both web applic­a­tions and web ser­vices, and provide an over­view for when and how to use each one. At the end of the class, stu­dents will either be able to factor hundred-digit num­bers in their head, or under­stand why it’s important.

Iden­tity, Access Man­age­ment, and Pri­vacy: Con­cepts and Technologies

Taught by Eve Maler

This ses­sion will sur­vey busi­ness goals for digital iden­tity man­age­ment in the enter­prise and con­sumer spheres, and will review key web-based tech­no­lo­gies and pro­to­cols for fed­er­ated iden­tity and access man­age­ment. We will pay spe­cial atten­tion to the chal­lenges of meet­ing pri­vacy goals.