ACORD XML In Depth

Web Services and the ACORD Messaging Service

4-day Public Class

Tuesday Morning: Architecture and Implementation of Basic Web Services using SOAP

Lecture: Need for programs (as opposed to humans) to interact over the Web. Need for universal Web-based function calls. Using XML and HTTP as a common denominator. Concept of a Web Service, a .NET object automatically made accessible to client through standard Web protocols. Generating a Web service project, inheriting the system-provided Web Service base class. Connection of incoming protocols to Web Service methods, examination of SOAP. Advertising of the server-side contract in the WSDL file. Writing client applications in each supported protocol. Design considerations for web services – state management, chunkiness, security

Lab: Implement rudimentary web service

Tuesday Afternoon: More Complex Infrastructural Needs: Introduction to WS-* Standards

Lecture: Shortcomings of current web service architecture. Need for standards definition and prefabricated implementation of common infrastructural problems. Examination of WS-* architecture specs. Introduction to Microsoft Web Service Extensions version 2.0. Examination of SOAP filter and SOAP context architecture. Working with message timestamp from client and server side.

Lab: Upgrade web service to implement WS-Security via Microsoft WSE.

Wednesday Morning: Web service security, Part 1: Authentication

Lecture: WS-Security overview, types of security tokens (Username, X509, and Kerberos). Drilldown into username token. Placing username token into client-side SOAP context and sending it to the server. Authenticating user in the SOAP filter chain on the server side. Identifying authenticated principal for use in web service's business logic.

Lab: Add authentication to basic web service sample

Wednesday Afternoon: Web service security Part 2: Integrity and Privacy

Lecture: Using signatures to detect tampering with web service packets in transit. Performing signature with each type of token on the client side. Standard portions of the SOAP packet that are included in the signature, overriding these standards to sign other portions. Processing signed messages on the server side, detecting and responding to tampering. Specifying signing administratively as well as programmatically. Types of encryption, symmetric and asymmetric. Encrypting a client-side message with a symmetric key, processing it on the server side. Encrypting a client-side message with an X509 certificate, processing it on the server side. Dealing with failures of encryption. Discussion of key transfer problem. Specifying encryption administratively as well as programmatically.

Lab: Add signature and encryption to basic web service sample

Thursday Morning: ACORD Messaging Service, Part 1

Lecture: Functional requirements in ACORD XML web services. Concepts and definitions. Overall architecture of AMS. Schema and namespace. Inboxes and outboxes. Request - response architecture. Synchronous and asynchronous responses. Simplest example.

Lab: Implement rudimentary client-server application using Acord Messaging Service.

Thursday Afternoon: ACORD Messaging Service, Part 2

Lecture: SOAP-based implementation conventions. Use of Work Folders as attachments. SOAP with Attachments (SwA) standard. Reliable delivery and delivery in sequence. Use of WSDL in AMS. Error handling and SOAP faults. More complex examples.

Lab: Enhance functionality of client-server application using Acord Messaging Service.

Friday Morning: ACORD Messaging Service Security Extension Proposal

Lecture: Review of proposed requirements. Principles of threat modeling; application thereof to AMS standard. Authentication of clients and servers. Data integrity and signatures. Non-repudiation and proof of receipt. Confidentiality of message, encryption techniques and keys. Applying these principles to both message body and to attachments.

Lab: Watch in awe as instructor quickly implements selected portions of this standard.

Friday Afternoon: Students' Requests

Lecture and Lab: Exploration of topics chosen by the students based on their learning experiences during the class.

Class ends at 3:00 on last day so students can make their travel arrangements.