Académique Documents
Professionnel Documents
Culture Documents
Page 1
BPEL
Business Process Execution Language (BPEL), short for Web Services
Business Process Execution Language (WS-BPEL), is an executable
dialect of XML that allows for the modeling of interactions between Web
services on the cloud.
A BPEL process must work properly. Because many BPEL processes use
multiple applications, many of which are often written in different languages
and located on distributed systems
Page 2
WS-BPEL enables
Defining business processes as coordinated sets of
Web service interactions, recursively into new
aggregated Web services
Page 3
WS-BPEL in the WS-* Stack
Page 4
WS-BPEL Language
Structure
Process
Partner links
Data handling
Properties and correlation
Basic and structured activities
Scopes
Page 5
BPEL and WSDL
BPEL processes are exposed as WSDL
services
Message exchanges map to WSDL operations
WSDL can be derived from partner definitions and
the role played by the process in interactions with
partners
Page 6
Recursive Composition
BPEL processes interact with WSDL services
exposed by business partners
Page 7
Composition of Web Services
Page 8
Partner Links
Partner link: instance of typed connector
Partner link type specifies required and/or
provided portTypes
Page 9
BPEL Data Model: Variables
Activities
input and output kept in scoped variables
Page 10
Properties and Correlation
Messages in long-running conversations are
correlated to the correct process instance
Page 11
Basic Activities
Receive
Do a blocking wait for a matching message to arrive
Reply
Send a message in reply to a formerly received message
Invoke
Invoke a one-way or requestresponse operation
Assign
Update the values of variables or partner links with new data
Validate
Validate XML data stored in variables
Empty
No-op instruction for a business process
Page 12
Throw
Generate a fault from inside the business process
Re throw
Forward a fault from inside a fault handler
Exit
Immediately terminate execution of a business process instance
wait
Wait for a given time period or until a certain time has passed
compensate
Invoke compensation on an inner scope that has already
completed
Extension activity
Wrapper for language extensions
Page 13
Structured Activities
flow
Contained activities are executed in parallel,
partially ordered through control links
sequence
Contained activities are performed sequentially in
lexical order
while
Contained activity is repeated while a predicate
holds
Repeat until
Contained activity is repeated until a predicate
holds
Page 14
pick
Block and wait for a suitable message to arrive (or
time out)
foreach
Contained activity is performed sequentially or in
parallel, controlled by a specified counter variable
ifthenelse
Select exactly one branch of activity from a set of
choices
scope
Associate contained activity with its own local
variables, fault handlers, compensation handler, and
event handlers
Page 15
Scopes and Handlers
Scope
Local variables
Local partner links
Local correlation sets
Set of activities (basic or structured)
Handlers
Event handlers
Message events or timer events (deadline or duration)
Fault handlers
Dealing with different exceptional situations (internal faults)
Compensation handler
Undoing persisted effects of already completed activities
Termination handler
Dealing with forced scope termination (external faults)
Page 16
WS-BPEL Application Areas
Business Process Design
Human Workflow
Sub-processes
Static Analysis
Autonomic Computing
Grid Computing
Semantic Web
Regulatory Compliance
Process Analytics
Page 17
WS-Security
Page 18
What is WS-Security?
WS-Security:
soap message protection through message
integrity, confidentiality, and single message
authentication
extensible and flexible (multiple security
tokens, trust domains, signature formats, and
encryption technologies. )
a flexible set of mechanisms that can be used
to construct a range of security protocols
Page 19
Why WS-Security?
Page 20
The WS-Security specification set defines the
following tokens:
Page 21
Terminology
Claim - A claim is a statement that a requestor makes
(e.g. name, identity, key, group, privilege, capability, etc).
Security Token - A security token represents a
collection of claims.
Signed Security Token - A signed security token is a
security token that is asserted and cryptographically
endorsed by a specific authority (e.g. an X.509 certificate
or a Kerberos ticket).
Proof-of-Possession - The proof-of-possession
information is data that is used in a proof process to
demonstrate the sender's knowledge of information that
should only be known to the claiming sender of a
security token.
Page 22
Terminology
Digest - A digest is a cryptographic checksum of an
octet stream
Signature - A signature is a cryptographic binding of a
proof-of-possession and a digest. This covers both
symmetric key-based and public key-based signatures.
Consequently, non-repudiation
Non-repudiation - means to ensure that a transferred
message has been sent and received by the parties
claiming to have sent and received the message. A way
to guarantee that the sender of a message cannot later
deny having sent the message and that the recipient
cannot deny having received the message.
Page 23
How to Secure?
Integrity - information is not modified in transit
XML signature in conjunction with security tokens
Multiple signature, multiple actors, additional signature formats
Page 24
XML Security Dialogue
Non Self-Validating Credentials
Page 25
XML Security Dialogue Self Validating Credentials
Page 26
Syntax
<S:Envelope>
<S:Header>
...
<Security
S:actor="... S:mustUnderstand="...">
...
</Security>
...
</S:Header>
<S:Body>
</S:Body>
</S:Envelope>
Page 27
UsernameToken Element
<UsernameToken Id="...">
<Username>...</Username>
<Password Type="...">...</Password>
</UsernameToken>
Types:
wsse:PasswordText The actual password for the username
(default)
wsse:PasswordDigest The digest of the password for the
username. The value is a base64-encoded
SHA1 hash value of the UTF8-encoded
password
Page 28
UsernameToken Example
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>Zoe
</wsse:Username>
<wsse:Password>ILoveDogs
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Page 29
Binary Security Tokens
<BinarySecurityToken Id=... EncodingType=... ValueType=.../>
Page 30
Binary Security Tokens Example
<wsse:BinarySecurityToken
xmlns:wsse="http://schemas.xmlsoap.org/ws/20
02/04/secext"
Id="myToken" ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary">
MIIEZzCCA9CgAwIBAgIQEmtJZc0...
</wsse:BinarySecurityToken>
Page 31
SecurityTokenReference
<SecurityTokenReference Id="..."> <Reference URI="..."/>
</SecurityTokenReference>
Example:
<wsse:SecurityTokenReference
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/se
cext">
<wsse:Reference
URI="http://www.fabrikam123.com/tokens/Zoe#X509toke
n"/>
</wsse:SecurityTokenReference>
Page 32
WS-Policy
Page 33
WS-Policy
WS-Policy Framework
Defines a general purpose model and corresponding syntax to describe and
communicate Web services policies
Allows Service consumers can discover the information they need to know to be
able to access services from a Service Provider
http://www-106.ibm.com/developerworks/webservices/library/ws-polfram/
WS-Policy Attachments
Provides a general-purpose mechanism for associating policy assertions
with subjects (services).
Provides two approaches for making assertions:
policy assertions defined as part of the definition of the subject
policy assertions defined independently of and associated through an external
binding to the subject
http://www-106.ibm.com/developerworks/webservices/library/ws-polatt/
WS-Policy Assertions
Specifies a set of common message policy assertions that can be specified
within a policy
http://www-106.ibm.com/developerworks/webservices/library/ws-polas/
Page 34