UNIT-5

Page 1
 BPEL
Business Process Execution Language (BPEL), short for Web Services
Business Process Execution Language (WS-BPEL), is an executable
dialect of XML that allows for the modeling of interactions between Web
services on the cloud.

This modeling is valuable for successful business process management

(BPM) and service-oriented architecture (SOA) implementation.

BPEL's primary uses is to model Web service interactions on a distributed

system.

BPEL allows for complex orchestrations of multiple service applications

through a single controller service. When described in a corresponding
WSDL contract.

A BPEL process must work properly. Because many BPEL processes use
multiple applications, many of which are often written in different languages
and located on distributed systems

Page 2
 WS-BPEL enables
Defining business processes as coordinated sets of
Web service interactions, recursively into new
aggregated Web services

Defining both abstract and executable processes

Abstract processes for B2B style specifications
Executable processes provide a model to integrating
enterprise applications

Creating compositions of Web services

Composition based on abstract descriptions

WS-BPEL was designed to provide an interoperable

process model

Page 3
WS-BPEL in the WS-* Stack

Page 4
 WS-BPEL Language
Structure
Process
Partner links
Data handling
Properties and correlation
Basic and structured activities
Scopes

Page 5
 BPEL and WSDL
BPEL processes are exposed as WSDL
services
Message exchanges map to WSDL operations
WSDL can be derived from partner definitions and
the role played by the process in interactions with
partners

Page 6
 Recursive Composition
BPEL processes interact with WSDL services
exposed by business partners

Page 7
Composition of Web Services

Page 8
 Partner Links
Partner link: instance of typed connector
Partner link type specifies required and/or
provided portTypes

Channel along which a peer-to-peer

conversation with a partner takes place

Page 9
 BPEL Data Model: Variables

Activities
input and output kept in scoped variables

Scoped variables typed as

WSDL messages or
XML Schema elements/types

Page 10
 Properties and Correlation
Messages in long-running conversations are
correlated to the correct process instance

Typed properties defined in WSDL are named

and mapped (aliased) to parts of several
WSDL messages used by the process

Page 11
 Basic Activities
Receive
Do a blocking wait for a matching message to arrive
Reply
Send a message in reply to a formerly received message
Invoke
Invoke a one-way or requestresponse operation
Assign
Update the values of variables or partner links with new data
Validate
Validate XML data stored in variables
Empty
No-op instruction for a business process

Page 12
 Throw
Generate a fault from inside the business process
Re throw
Forward a fault from inside a fault handler
Exit
Immediately terminate execution of a business process instance
wait
Wait for a given time period or until a certain time has passed
compensate
Invoke compensation on an inner scope that has already
completed
Extension activity
Wrapper for language extensions

Page 13
 Structured Activities
flow
Contained activities are executed in parallel,
partially ordered through control links
sequence
Contained activities are performed sequentially in
lexical order
while
Contained activity is repeated while a predicate
holds
Repeat until
Contained activity is repeated until a predicate
holds

Page 14
 pick
Block and wait for a suitable message to arrive (or
time out)
foreach
Contained activity is performed sequentially or in
parallel, controlled by a specified counter variable
ifthenelse
Select exactly one branch of activity from a set of
choices
scope
Associate contained activity with its own local
variables, fault handlers, compensation handler, and
event handlers

Page 15
 Scopes and Handlers
Scope
Local variables
Local partner links
Local correlation sets
Set of activities (basic or structured)

Handlers
Event handlers
Message events or timer events (deadline or duration)
Fault handlers
Dealing with different exceptional situations (internal faults)
Compensation handler
Undoing persisted effects of already completed activities
Termination handler
Dealing with forced scope termination (external faults)

Page 16
 WS-BPEL Application Areas
Business Process Design
Human Workflow
Sub-processes
Static Analysis
Autonomic Computing
Grid Computing
Semantic Web
Regulatory Compliance
Process Analytics
Page 17
WS-Security

Page 18
 What is WS-Security?
WS-Security:
soap message protection through message
integrity, confidentiality, and single message
authentication
extensible and flexible (multiple security
tokens, trust domains, signature formats, and
encryption technologies. )
a flexible set of mechanisms that can be used
to construct a range of security protocols

Page 19
 Why WS-Security?

Secure soap message exchange

Page 20
 The WS-Security specification set defines the
following tokens:

Unsigned security tokens

Username

Signed security tokens

X.509 certificates (binary)
Kerberos tickets (binary)

XML security tokens

Any XML token, such as SAML
Usually self verifying / signed

Page 21
 Terminology
Claim - A claim is a statement that a requestor makes
(e.g. name, identity, key, group, privilege, capability, etc).
Security Token - A security token represents a
collection of claims.
Signed Security Token - A signed security token is a
security token that is asserted and cryptographically
endorsed by a specific authority (e.g. an X.509 certificate
or a Kerberos ticket).
Proof-of-Possession - The proof-of-possession
information is data that is used in a proof process to
demonstrate the sender's knowledge of information that
should only be known to the claiming sender of a
security token.

Page 22
 Terminology
Digest - A digest is a cryptographic checksum of an
octet stream
Signature - A signature is a cryptographic binding of a
proof-of-possession and a digest. This covers both
symmetric key-based and public key-based signatures.
Consequently, non-repudiation
Non-repudiation - means to ensure that a transferred
message has been sent and received by the parties
claiming to have sent and received the message. A way
to guarantee that the sender of a message cannot later
deny having sent the message and that the recipient
cannot deny having received the message.

Page 23
 How to Secure?
Integrity - information is not modified in transit
XML signature in conjunction with security tokens
Multiple signature, multiple actors, additional signature formats

Confidentiality - only authorized actors or security token owners can

view the data
XML encryption in conjunction with security tokens
Multiple encryption processes, multiple actors

Authentication you are whom you said you are

Security Tokens

Page 24
 XML Security Dialogue
Non Self-Validating Credentials

Page 25
XML Security Dialogue Self Validating Credentials

No need to query the security service to validate the

credentials.
Usually done by the security authority digitally signing
the credentials.

Page 26
 Syntax
<S:Envelope>
<S:Header>
...
<Security
S:actor="... S:mustUnderstand="...">
...
</Security>
...
</S:Header>

<S:Body>
</S:Body>
</S:Envelope>

Page 27
 UsernameToken Element
<UsernameToken Id="...">
<Username>...</Username>
<Password Type="...">...</Password>
</UsernameToken>
Types:
wsse:PasswordText The actual password for the username
(default)
wsse:PasswordDigest The digest of the password for the
username. The value is a base64-encoded
SHA1 hash value of the UTF8-encoded
password

Page 28
 UsernameToken Example
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>Zoe
</wsse:Username>
<wsse:Password>ILoveDogs
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

Page 29
 Binary Security Tokens
<BinarySecurityToken Id=... EncodingType=... ValueType=.../>

EncodingType: wsse:Base64Binary base 64 encoding

wsse:HexBinary hex encoding

wsse:X509v3 X.509 v3 certificate

ValueType:
wsse:Kerberosv5TGT Kerberos v5 ticket, ticket
granting ticket
wsse:Kerberosv5ST Kerberos v5 ticket,
service ticket

Page 30
Binary Security Tokens Example
<wsse:BinarySecurityToken
xmlns:wsse="http://schemas.xmlsoap.org/ws/20
02/04/secext"
Id="myToken" ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary">
MIIEZzCCA9CgAwIBAgIQEmtJZc0...
</wsse:BinarySecurityToken>

Page 31
 SecurityTokenReference
<SecurityTokenReference Id="..."> <Reference URI="..."/>
</SecurityTokenReference>

Example:
<wsse:SecurityTokenReference
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/se
cext">
<wsse:Reference
URI="http://www.fabrikam123.com/tokens/Zoe#X509toke
n"/>
</wsse:SecurityTokenReference>

Page 32
WS-Policy

Page 33
 WS-Policy
WS-Policy Framework
Defines a general purpose model and corresponding syntax to describe and
communicate Web services policies
Allows Service consumers can discover the information they need to know to be
able to access services from a Service Provider
http://www-106.ibm.com/developerworks/webservices/library/ws-polfram/
WS-Policy Attachments
Provides a general-purpose mechanism for associating policy assertions
with subjects (services).
Provides two approaches for making assertions:
policy assertions defined as part of the definition of the subject
policy assertions defined independently of and associated through an external
binding to the subject
http://www-106.ibm.com/developerworks/webservices/library/ws-polatt/
WS-Policy Assertions
Specifies a set of common message policy assertions that can be specified
within a policy
http://www-106.ibm.com/developerworks/webservices/library/ws-polas/

Page 34