Integrated Programming and Technologies

1. What is Web Services and Middleware?

Web Services

 A web service is any piece of software that makes itself available over the internet and uses a
standardized XML messaging system. XML is used to encode all communications to a web
service. For example, a client invokes a web service by sending an XML message, then waits for a
corresponding XML response. As all communication is in XML, web services are not tied to any
one operating system or programming language—Java can talk with Perl; Windows applications
can talk with Unix applications.
 Web services are self-contained, modular, distributed, dynamic applications that can be
described, published, located, or invoked over the network to create products, processes, and
supply chains. These applications can be local, distributed, or web-based. Web services are built
on top of open standards such as TCP/IP, HTTP, Java, HTML, and XML.
 Web services are XML-based information exchange systems that use the Internet for direct
application-to-application interaction. These systems can include programs, objects, messages,
or documents.
 A web service is a collection of open protocols and standards used for exchanging data between
applications or systems. Software applications written in various programming languages and
running on various platforms can use web services to exchange data over computer networks
like the Internet in a manner similar to inter-process communication on a single computer. This
interoperability (e.g., between Java and Python, or Windows and Linux applications) is due to
the use of open standards.

To summarize, a complete web service is, therefore, any service that −

 Is available over the Internet or private (intranet) networks

 Uses a standardized XML messaging system
 Is not tied to any one operating system or programming language
 Is self-describing via a common XML grammar
 Is discoverable via a simple find mechanism

Middleware

There are usually two levels on any device.

  The first one is the operating system, which is the low level software whose main role is to
manage the device’s resources and control the device’s basic functions.

 The second level is the applications that are meant to run on top of the operating system. These
applications expand the functions of the device beyond what is offered by the operating system.

Middleware refers to any behind the scenes software that allows these two levels to communicate and
interact with each other.

For instance, middleware will sit between Windows 10 and an office productivity suite.

Aside from the operating system and applications, middleware also helps separate process, applications
and software components to exchange information either within the same device, or between multiple
devices.

You can compare middleware to a translator helping people who speak different languages understand
each other.

In this case, middleware facilitates interoperability between applications running on different

frameworks.

Middleware does this by providing a standard-based means of data exchange.

This way, the two applications can connect without having to communicate directly.

Some people refer to middleware as plumbing since it connects and passes data between two
fundamentally different applications.

Middleware has also been referred to as “software glue”, since it helps “glue” together different
software so they can work together.

The term middleware is a bit vague since it does not refer to a specific type of software. Instead, it refers
to any software that sits between and links two separate applications.

Middleware includes software like content management systems, application servers, web servers, and
other similar tools that support the development and delivery of applications. Middleware started
becoming popular in the 80s as a solution for enabling newer applications to work on older systems.

To enable communication between different applications, middleware utilizes different communication

frameworks such as Representational State Transfer (REST), web services, JavaScript Object Notation
(JSON), Simple Object Access Protocol (SOAP), and so on.

Modern integration infrastructure such as enterprise service bus (ESB) and API management software
also depend on middleware concepts.
2. What are the web services model that was built on emerging standards?

Web Services Technology

Web services are built on several technologies that work in conjunction with emerging standards to
ensure security and manageability, and to make certain that Web services can be combined to work
independent of a vendor. The term Web service describes a standardized way of integrating Web-based
applications using the XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone.

XML

Short for Extensible Markup Language, a specification developed by the W3C. XML is a pared-down
version of SGML, designed especially for Web documents. It allows designers to create their own
customized tags, enabling the definition, transmission, validation, and interpretation of data between
applications and between organizations.

SOAP

Short for Simple Object Access Protocol, a lightweight XML-based messaging protocol used to encode
the information in Web service request and response messages before sending them over a network.
SOAP messages are independent of any operating system or protocol and may be transported using a
variety of Internet protocols, including SMTP, MIME, and HTTP.

WSDL

Short for Web Services Description Language, an XML-formatted language used to describe a Web
service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL
is an integral part of UDDI, an XML-based worldwide business registry. WSDL is the language that UDDI
uses. WSDL was developed jointly by Microsoft and IBM.

UDDI

Short for Universal Description, Discovery and Integration. It is a Web-based distributed directory that
enables businesses to list themselves on the Internet and discover each other, similar to a traditional
phone book's yellow and white pages.

XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services
available and UDDI is used for listing what services are available. Used primarily as a means for
businesses to communicate with each other and with clients, Web services allow organizations to
communicate data without intimate knowledge of each other's IT systems behind the firewall.

Web Security and Security Issues

Security has become a hot topic for Web services. Because it is based on program-to-program
interactions as opposed to human-to-program interaction, it is important for Web service security to
address topics such as access control, authentication, data integrity and privacy. Today the most
common security scheme is SSL (Secure Sockets Layer), but when it comes to Web services there are
limitations with SSL. The Web service technology has been moving towards different XML-based security
schemes for Web services. Some of the XML-based securities include the following:

XML digital signature

The XML Signature specification is a joint effort of W3C and IETF. XML Signatures provide integrity,
message authentication and/or signer authentication services for data of any type, whether located
within the XML that includes the signature or elsewhere.

XML Encryption

W3C's XML Encryption specification addresses the issue of data confidentiality using encryption
techniques. Encrypted data is wrapped inside XML tags defined by the XML Encryption specification.

XKMS (XML Key Management Specification)

The XML Key Management Specification (XKMS) comprises two parts ? the XML Key Information Service
Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). The X-KISS
specification defines a protocol for a Trust service that resolves public key information contained in
XML-SIGelements. The X-KISS protocol allows a client of such a service to delegate part or all of the tasks
required to process elements. The X-KRSS specification defines a protocol for a web service that accepts
registration of public key information. Once registered, the public key may be used in conjunction with
other web services including X-KISS.

SAML (Secure Assertion Markup Language)

SAML is an XML-based framework for communicating user authentication, entitlement and attribute
information. As its name suggests, SAML allows business entities to make assertions regarding the
identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities,
such as a partner company or another enterprise application. The OASIS Security Services Technical
Committee is in charge of defining, enhancing, and maintaining the specifications that define SAML.

WS-Security (Web Services Security)

Security Assertion Markup Language (SAML) from OASIS provides a means for partner applications to
share user authentication and authorization information. This is essentially the single sign-on (SSO)
feature being offered by all major vendors in their e-commerce products. In the absence of any standard
protocol on sharing authentication information, vendors normally use cookies in HTTP communication
to implement SSO. With the advent of SAML, this same data can be wrapped inside XML in a standard
way, so that cookies are not needed and interoperable SSO can be achieved.

ebXML Message Service

The OASIS ebXML Message Service defines the message enveloping and header document schema used
to transfer ebXML messages over a communications protocol such as HTTP or SMTP and the behavior of
software sending and receiving ebXML messages.

3. Draw a simple Web service architecture?

4. What is Network Programming?

Network Programming involves writing programs that communicate with other programs across a
computer network.
There are many issues that arise when doing network programming which do not appear when doing
single program applications. However, JAVA makes networking applications simple due to the easy-to-
use libraries. In general, applications that have components running on different machines are known
as distributed applications ... and usually they consist of client/server relationships.

5. What is Socket?

Java's socket model is derived from BSD (UNIX) sockets, introduced in the early 1980s for interprocess
communication using IP, the Internet Protocol.

The Internet Protocol breaks all communications into packets, finite-sized chunks of data which are
separately and individually routed from source to destination. IP allows routers, bridges, etc. to drop
packets--there is no delivery guarantee. Packet size is limited by the IP protocol to 65535 bytes. Of this,
a minimum of 20 bytes is needed for the IP packet header, so there is a maximum of 65515 bytes
available for user data in each packet.
Sockets are a means of using IP to communicate between machines, so sockets are one major feature
that allows Java to interoperate with legacy systems by simply talking to existing servers using their pre-
defined protocol.

6. What is Internet addresses or IP Addresses?

Internet Addresses
Internet addresses are manipulated in Java by the use of the InetAddress class. InetAddress takes care of
the Domain Name System (DNS) look-up and reverse look-up; IP addresses can be specified by either the
host name or the raw IP address. InetAddress provides methods to getByName(), getAllByName(),
getLocalHost(), getAddress(), etc.

IP Addresses
IP addresses are a 32-bit number, often represented as a "quad" of four 8-bit numbers separated by
periods. They are organized into classes (A, B, C, D, and E) which are used to group varying numbers of
hosts in a hierarchical numbering scheme.

Class A
1.0.0.0 to 126.255.255.255, inclusive. About 16 million IP addresses in a class A domain.

Class B
128.1.0.0 to 191.254.255.255, inclusive. About 64 thousand IP addresses in a class B domain.

Class C
192.0.1.0 to 223.255.254.255, inclusive. 256 IP addresses in a class C domain.

Class D
224.0.0.1 to 239.255.255.255, inclusive, denote multicast groups.
Class E

240.0.0.0 to 254.255.255.255, inclusive. Reserved for future use.

The IP address 127.0.0.1 is special, and is reserved to represent the loopback or "localhost" address.

7. What are the 12 fields in TCP Packet?

The TCP packet format consists of these fields:

1. Source Port and Destination Port fields (16 bits each) identify the end points of the connection.

2. Sequence Number field (32 bits) specifies the number assigned to the first byte of data in the
current message. Under certain circumstances, it can also be used to identify an initial sequence
number to be used in the upcoming transmission.

3. Acknowledgement Number field (32 bits) contains the value of the next sequence number that
the sender of the segment is expecting to receive, if the ACK control bit is set. Note that the
sequence number refers to the stream flowing in the same direction as the segment, while the
acknowledgement number refers to the stream flowing in the opposite direction from the
segment.

4. Data Offset (a.k.a. Header Length) field (variable length) tells how many 32-bit words are
contained in the TCP header. This information is needed because the Options field has variable
length, so the header length is variable too.

5. Reserved field (6 bits) must be zero. This is for future use.

6. Flags field (6 bits) contains the various flags:

 URG—Indicates that some urgent data has been placed.

 ACK—Indicates that acknowledgement number is valid.

 PSH—Indicates that data should be passed to the application as soon as possible.

 RST—Resets the connection.

 SYN—Synchronizes sequence numbers to initiate a connection.

 FIN—Means that the sender of the flag has finished sending data.

7. Window field (16 bits) specifies the size of the sender's receive window (that is, buffer space
available for incoming data).

8. Checksum field (16 bits) indicates whether the header was damaged in transit.
 9. Urgent pointer field (16 bits) points to the first urgent data byte in the packet.

10. Options field (variable length) specifies various TCP options.

11. Data field (variable length) contains upper-layer information.

12. Padding field, pads the TCP header until the whole header ends at a 32-bit boundary. This
ensures that the data part of the packet begins on a 32-bit boundary, and no data is lost in the
packet. The padding always consists of only zeros.

References:

https://www.tutorialspoint.com/webservices/what_are_web_services.htm

https://www.cleverism.com/what-is-middleware-and-how-does-it-work/

https://www.webopedia.com/DidYouKnow/Computer_Science/web_services.asp#

https://www.w3.org/TR/ws-arch/

http://people.scs.carleton.ca/~lanthier/teaching/COMP1406/Notes/
COMP1406_Ch12_NetworkProgramming.pdf

https://www.google.com/url?q=http://people.scs.carleton.ca/~lanthier/teaching/COMP1406/Notes/
COMP1406_Ch12_NetworkProgramming.pdf&usg=AFQjCNH1D1_hGfcDxY0LC50f9ar7DeX97A

https://www.techrepublic.com/article/exploring-the-anatomy-of-a-data-packet/

https://book.huihoo.com/iptables-tutorial/x724.htm