Web Services and Identity

 

Overview

Web services are how distributed computing is done in the 21st century. Web services use XML and the World Wide Web as enabling technologies to make application interactions more flexible and composable in response to changing needs. Especially in light of Web 2.0 and cloud computing trends, web services offer exciting new possibilities in networked computer communications, both within an enterprise's boundaries and across the broader Internet.

Digital identity information is a key ingredient for customizing the operation of web services and applications, as well as authenticating and authorizing users. Particularly now that individuals' digital identity is being “distributed” much the way applications are being distributed, businesses, governments, and other organizations have a special challenge in treating it – and our wishes about it – with respect.

This course will use a real-world focus in discussing the features and benefits of web services and digital identity; reviewing relevant concepts, technologies, and standards; and examining security and privacy challenges.

Classes for 2009

SOA, REST and The Web: Compare and Contrast!

Taught by Paul Downey

Service Oriented Architecture, and Representational State Transfer both offer principles for building Web services. How do these architectural styles differ, are they complementary or do they conflict? Is it possible to build a "resource-centric" SOA, or REST with messaging systems?

Meanwhile we have The Web: a practical living ecosystem where conventions, agreements and lightweight standards quickly evolve, some through "traditional" standardization processes such as HTML5 and WS-* at the W3C and OASIS, others through lightweight Open Standards initiatives such as Microformats, OpenID, OAuth, OEmbed, XMPP and other "open" initiatives from vendors, such as Open Social, YQL and Google Wave. How many of these activities are informed by SOA and REST architectural principles, and is it indeed even possible to build architecturally pure services which work within the constraints of the modern Web?

Elements of Web Service Design

Taught by Dr. Marc Hadley

This session will present a case study of exposing an existing API as parallel RESTful and SOAP-based Web Services. The session will review basic Web services technologies and describe the advantages and disadvantages of each approach highlighting impedance mismatches between native programming language APIs and Web services.

Web Security

Taught by Rich Salz

When thinking about security, it's important to keep in mind of the overall goal: allow the "right" entities to have access to data and resources, while preventing the "wrong" ones from seeing or doing things they shouldn't. This talk will review the common security mechanisms used by both web applications and web services, and provide an overview for when and how to use each one. At the end of the class, students will either be able to factor hundred-digit numbers in their head, or understand why it's important.

Identity, Access Management, and Privacy: Concepts and Technologies

Taught by Eve Maler

This session will survey business goals for digital identity management in the enterprise and consumer spheres, and will review key web-based technologies and protocols for federated identity and access management. We will pay special attention to the challenges of meeting privacy goals.