Semantic Web Unit-2_Answer Booklet

Unit2 -Questions and Answers

1. A) Define Web Services.
Ans: Web services are software applications that can be discovered, described, and accessed
based on XML and standard Web protocols over intranets, extranets, and the Internet.
 Web services are a set of technologies and rules that enable two or more components on the
web talk to each other.
 Web services provide interoperability solutions, making application integration and
transacting business easier.
 A web service is a set of open protocols and standards that allow data to be exchanged
between different applications or systems through a cross platform technology.
 Web services can be used by software programs written in a variety of programming
languages like java, .Net, Python and running on a variety of platforms like Window,
Linux to exchange data via computer networks such as the Internet or Intranet or
Extranet.
B) Describe the basic layers of Web Services with neat diagram.
Ans: The following figure shows the basic layers of Web Services.

12
  The first Layer is the Communication Layer that acts like a foundation of XML for the
technologies of Web services, and using HTTP as the underlying protocol, the world of
Web services involves standard protocols to achieve the capabilities of access, description,
and discovery.
 In the second Layer the XML, a standard that is supported and accepted by thousands of
vendors worldwide, Web services first focus on interoperability.
 XML is the syntax of messages, and Hypertext Transport Protocol (HTTP), the underlying
protocol, is how applications send XML messages to Web services in order to
communicate.
 In the Third layer SOAP, developed as the Simple Object Access Protocol, is the XML-
based message protocol (or API) for communicating with Web services.
 SOAP is the underlying “plumbing” for Web services, because it is the protocol that
everyone agrees with.
 In the fourth layer the message syntax for a Web service is described in WSDL, which
stands for Web Service Description Language.
 In the fifth layer Web services technologies, such as Universal Description, Discovery, and
Integration (UDDI) and ebXML registries, allow applications to dynamically discover
information about Web services.
. C) What is MVC? Apply its implementation in Web Services with block

diagram.
Ans: Separating business logic from presentation is commonly known in software engineering as
the Model-View-Controller (MVC) paradigm.
 Web services support this paradigm.
 In the bellow figure the user interface details (the view) and business logic (the model) are
separated in two different components, while the component layer between them (the
controller) facilitates communication.

13
  This paradigm, which has had much success in software engineering, makes sense because
it solves business problems.
 When a business decides to create a Web service, the application integrator/developer can
simply focus on the business logic when designing and developing the Web service.
 Because the presentation is separate, the client application can present the information to
the user in many different ways.
 This is an important concept because many browsers make it easier for us by offloading
this processing with style sheets, using XSL Transformations (XSLT).
2. A) List the problems that are solved by Web Services?
Ans: Web services address a variety of problems in software development, primarily related to
communication, interoperability, and integration between different systems and platforms. The
following are the problems that web services helps us to solve:
 Platform Independence: Web services allow communication between different
applications and systems regardless of the programming languages, platforms, or operating
systems they are built on.

 Interoperability: They enable disparate systems to communicate and exchange data

seamlessly, enabling integration between heterogeneous systems.
 Integration: Web services provide a standardized way for integrating various applications,
databases, and services across different domains and organizations.
 Service Reusability: They promote the reuse of existing services, as services can be
accessed and utilized by multiple applications and systems.
 Scalability: Web services can be scaled horizontally or vertically to handle increasing
loads and accommodate growing numbers of users and requests.
 Security: Web services offer various security mechanisms such as encryption,
authentication, and authorization to ensure secure communication and data exchange
between systems.
B) Describe the uses of Web Services.
Ans: Web services have a wide range of uses across various domains and industries due to
their ability to facilitate communication, integration, and interoperability between disparate
systems. Here are some common uses of web services:

14
  Enterprise Application Integration: Web services enable seamless integration between
different applications, allowing them to communicate and share data.
 Data Exchange: Web services facilitate the exchange of data between systems using
standard protocols such as XML (Extensible Markup Language) or JSON (JavaScript
Object Notation).
 E-commerce: Web services play a crucial role in e-commerce applications by enabling
interactions between online stores, payment gateways, shipping providers, and other
relevant services. For example, an e-commerce website might use web services to retrieve
product information from a supplier's database or process payments through a third-party
payment gateway.
 Content Syndication: Web services enable content syndication, where content from one
website or application is shared and displayed on another.
 Business Process Automation: Web services are utilized in workflow automation and
business process management (BPM) systems to orchestrate and automate complex
business processes across multiple systems and applications.
 Social Media Integration: Web services provided by social media platforms allow
developers to integrate social features such as user authentication, sharing, and social graph
access into their applications.
C) What is SOAP? Inspect the structure of SOAP with block diagram.
Ans: SOAP stands for Simple Object Access Protocol. It is an XML-based protocol for
exchanging information between computers.

 SOAP is a communication protocol.

 SOAP is for communication between applications.
 SOAP is a format for sending messages.
 SOAP is the envelope syntax for sending and receiving XML messages with Web services.
 SOAP is the “envelope” that packages the XML messages that are sent over HTTP between
clients and Web services.
 As defined by the W3C, SOAP is “a lightweight protocol for exchange of information in
a decentralized, distributed environment.”
 It provides a standard language for tying applications and services together.
 An application sends a SOAP request to a Web service, and the Web service returns the
response in something called a SOAP response.
 SOAP can potentially be used in combination with a variety of other protocols, but in
practice, it is used with HTTP.
 The following diagram Shows the Structure of web-based SOAP message.

15
A SOAP message contains the following elements:
 A SOAP envelope that wraps the message
 A description of how data is encoded
 A SOAP body that contains the application-specific message that the back- end application
will understand
The following Example shows the SOAP Request.

<SOAP-ENV:Envelope
xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”
SOAP-ENV:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”>
<SOAP-ENV:Body>
<m:GetLastTradePrice xmlns:m=”Some-URI”>
<symbol>DIS</symbol>
</m:GetLastTradePrice>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

16
 The following Example shows the SOAP Response.
<SOAP-ENV:Envelope
xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”
SOAP-ENV:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”/>
<SOAP-ENV:Body>
<m:GetLastTradePriceResponse xmlns:m=”Some-URI”>
<Price>34.5</Price>
</m:GetLastTradePriceResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

3. A) Define WSDL in Web Services.

Ans: WSDL is an XML-based language for describing web services and how to access them.
 WSDL stands for Web Services Description Language.
 WSDL was developed jointly by Microsoft and IBM.
 WSDL is an XML based protocol for information exchange in
decentralized anddistributed environments.
 WSDL is the standard format for describing a web service.
 WSDL definition describes how to access a web service and what
operations it willperform.
 WSDL is a language for describing how to interface with XML-based services.

 WSDL is an integral part of UDDI, an XML-based worldwide business registry.

 WSDL is the language that UDDI uses.

B) Illustrate about Confidentiality and Integrity in Securing Web services.

Ans:
Confidentiality. When sensitive information is transmitted, keeping it secret is important. It
is common practice to satisfy confidentiality requirements with encryption.
In Web services XML Encryption is a technology and W3C Candidate Recommendation
that handles confidentiality; it can hide sensitive content, so that only the intended recipient
can read the sensitive information.

17
  Integrity. In a network, making sure data has not been altered in transit is imperative.
Validating a message’s integrity means using techniques that prove that data has not been
altered in transit.
 In webservices XML Signature is a W3C Recommendation that provides a means to
validate message integrity and nonrepudiation. With XML Signature, any part of an XML
document can be digitally signed.
C) How to Describe Basic Web Services? Demonstrate its implementation with
neat diagram.
Ans: SOAP is the communication language of Web services; Web Service Description Language
(WSDL) is the way we describe the communication details and the application-specific
messages that can be sent in SOAP.

• The following figure shows the dynamic communication by inspecting WSDL.

• In the above Figure the Web service developer creates a WSDL description with
developer tools that inspect the Web service’s SOAP interface layer in Step 1.
• In Step 2, the client application generates the code for handling the Web service (its SOAP
handler) by looking at the WSDL.
• Finally, in Step 3, the client application and the Web service can communicate. In this
message can be exchanged in the form of SOAP request and SOAP Response.
• The W3C defines WSDL as “an XML format for describing network services as a set of
endpoints operating on messages containing either document-oriented or procedure-
oriented information.”
• To know how to send messages to a particular Web service, an application can look at the
WSDL and dynamically construct SOAP messages.
The following diagram shows the basic elements of WSDL.

18
4. A) Define the Semantic Web of Web Services.
Ans:

DARPA Agent Markup Language Services (DAML-S) is an effort that is specifically
addressing the Semantic Web of Web Services. Built on the foundation of Resource
Description Framework (RDF), RDF Schema, and DAML+OIL(Ontology Inference
Layer).

DAML-S provides an upper ontology for describing properties and capabilities of Web
services in an unambiguous, computer interpretable markup language.
 DAML-S is an ontology for Web services.
 Semantic Web Enabled Web Services (SWWS) was developed in August 2002 to provide
a comprehensive Web service description framework and discovery framework, and to
provide scalable Web service mediation.
 Together, both of these technologies have the potential to increase automated usability of
Web services.
B) Compare Authentication and Authorization in Securing Web Services.
Ans:
Authentication means validating user identity.
 In a Web services environment, it may be important to initially validate a user’s identity in
certain transactions.
 Usually, an organization’s infrastructure provides mechanisms for proving a user’s
identity.

19
  Mutual authentication means proving the identity of both parties involved in
communication, and this is done using special security protocols.
 Message origin authentication is used to make certain that the message was sent by the
expected sender and that it was not “replayed.”
Authorization: Once a user’s identity is validated, it is important to know what the user has
permission to do.
 Authorization means determining a user’s permissions.
 Usually, an organization’s infrastructure provides mechanisms (such as access control lists
and directories) for finding a user’s permissions and roles.
In Web services Extensible Access Control Markup Language (XACML) is an initiative driven
by OASIS (Organization for the Advancement of Structured Information Standards) that
expresses access control policy (authentication and authorization information) for XML
documents and data sources.

C) Demonstrate about UDDI Registry with block diagram.

Ans: Universal Description, Discovery, and Integration is an evolving technology.
 UDDI is an XML-based standard for describing, publishing, and finding web services.
o UDDI is a specification for a distributed registry of web services.
o UDDI is platform independent, open framework.
• UDDI is a phone book for Web services.
• Organizations can register public information about their Web services and types of
services with UDDI, and applications can view information about these Web services with
UDDI.
• UDDI allows you to discover Web services just like network discovery tools (such as “My
Network Places”) can discover nodes on a network.
The information provided in a UDDI business registration consists of three components:
 White pages of company contact information.
 Yellow pages that categorize businesses by standard taxonomies.
 Green pages that document the technical information about services that are exposed. The
following Figure demonstrates the UDDI concept.

20
 • A business’s white pages may include basic business information, such as a description of
the business in different languages, points of contact with email addresses and phone
numbers, and links to external documents that describe the business in more detail.
• The yellow pages describe taxonomies of what kinds of information the services provide.
• The green pages show information on how to do business with the Web service, listing
business rules and specifying how to invoke Web services (the WSDL).
5. A) Define ebXML in Web Service Registry.
Ans: The ebXML standard was created by OASIS (Organization for the Advancement of
Structured Information Standards) to link traditional data exchanges to business applications to
enable intelligent business processes using XML.
 Because XML by itself does not provide semantics to solve interoperability problems,
ebXML was developed as a mechanism for XML-based business vocabularies.
 ebXML provides a common way for businesses to quickly and dynamically perform
business transactions based on common business practices.
B) Illustrate about Orchestrating Web Services with an example.
Ans: Orchestration is the process of combining simple Web services to create complex, sequence
driven tasks. This process, sometimes called flow composition or Web service choreography,
involves creating business logic to maintain conversations between multiple Web services.
Orchestration can occur between an application and multiple Web services, or multiple Web
services can be chained into a workflow, so that they can communicate with one another.
The following example list five separate Web services within a fictional organization: a hotel
finder Web service, a driving directions finder, an airline ticket booker, a car rental service, and
an expense report creator:

21
  Hotel finder Web service. This Web service provides the ability to search for a hotel in
a given city, list room rates, check room availability, list hotel amenities, and make room
reservations.
 Driving directions finder. This Web service gives driving directions and distance
information between two addresses.
 Airline ticket booker. This Web service searches for flights between two cities in
a certain timeframe, lists all available flights and their prices, and provides the capability
to make flight reservations.
 Car rental Web service. This provides the capability to search for available cars on a
certain date, lists rental rates, and allows an application to make a reservation for a car.
 Expense report creator. This Web service automatically creates expense reports, based
on the expense information sent.

In the above diagram the following steps resolves the solution for a complex task.
1. The client application sent a message to the hotel finder Web service, looking for the name,
address, and the rates of hotels (with nonsmoking rooms, local gyms, and rates below $150
a night) available in the Wailea, Maui, area during the duration of your trip.
2. The client application sent a message to the driving directions finder Web service. For the
addresses returned in Step 1, the client application requests the distance to Big Makena

22
 Beach. Based on the distance returned for the requests to this Web service, the client
application finds the four closest hotels.
3. After finding the four closest hotels, the client application requested the user to make a
choice. Once that choice was selected, the application booked a room at the desired hotel
by sending another message to the hotel finder Web service.
4. Based on the user’s frequent flyer information on Party Airlines and the date of the trip to
Maui, the client application sent a message to the airline ticket booker Web service,
requesting the cheapest ticket on Party Airlines, as well as the cheapest ticket in general.
Luckily, Party Airlines had the cheapest ticket, so after receiving user confirmation on the
flight, the application booked this flight reservation.
5. The client application sent a message to the car rental Web service, requesting the cheapest
rental car during the dates of the trip. Because multiple car types were available for the
cheapest price, the client application prompted the user for a choice. After the user selected
a car model, the client application reserved the rental car for a pickup at the airport arrival
time found in Step 4, and the drop-off time at a time two hours prior to the airport departure
time.
6. Sending all necessary receipt information found in Steps 1 to 5, the client application
requested an expense report generated from the expense report creator Web service. The
client application then emailed the resulting expense report, in the corporate format, to the
end user.

23
 C) What are ebXML Registries? Demonstrate the ebXML architecture with neat
block diagram.
Ans: The ebXML standard was created by OASIS (Organization for the Advancement of
Structured Information Standards) to link traditional data exchanges to business applications to
enable intelligent business processes using XML.

• The following diagram shows an example of an ebXML architecture in use.

• In the above diagram, company business process information and implementation details
are found in the ebXML registry, and businesses can do business transactions after they
agree on trading arrangements.
Information that can be described and discovered in an ebXML architecture includes the
following:
 Business processes and components described in XML

24
  Capabilities of a trading partner
 Trading partner agreements between companies
The heart of the ebXML architecture is the ebXML registry, which is the mechanism that
is used to store and discover the above information.
6. A) Define Single Sign-On (SSO)?
Ans: Single Sign-On (SSO) is a concept, or a technical mechanism, that allows the user to only
authenticate once so that the user does not have to memorize many credentials like user names and
passwords for other Web sites, Web services, and server applications.
 It indicates that user can sign in once and access the multiple applications without sign on
for each application.
 In Web services Security Assertion Markup Language (SAML) is an OASIS
(Organization for the Advancement of Structured Information Standards) standard
that has received industrywide support and acceptance, and it promises to be key in the
achievement of SSO in Web services.
 An initiative driven by OASIS that is used for passing authentication and authorization
information between parties. SAML provides “assertions” of trust.
B) Illustrate about the Grid-Enabled Web Services?
Ans: Grid computing is a technology concept that can achieve flexible, secure, and
coordinated resource sharing among dynamic collections of individuals, institutions, and
resources.
 One popular analogy of grid computing is the electric utility grid, which makes power
available in our homes and businesses.
 A user connects to this system with a power outlet, without having to know where the
power is coming from and without scheduling an appointment to receive power at any
given instant.
 A computational grid is a collection of distributed systems that can perform operations.
 Each individual system may have limitations, but when hundreds, thousands, or millions
of systems work together in a distributed environment, much computing power can be
realized.
 Work being done by the Globus Project (http://www.globus.org/) will allow grids to offer
computing resources as Web services to open up the next phase of distributed computing.
Globus will add tools to its Open Grid Services Architecture (OGSA) that deliver
integration with Web services technologies. Vendors such as Sun, IBM, and The Mind Electric
will be implementing grid- enabled Web services as products.

25
C) Demonstrate the mechanisms of securing the Web Services in the internet.

Ans:
A common vocabulary of security concerns and explain how they are related to Web services
security:
 Authentication. This means validating user identity. In a Web services environment,
it may be important to initially validate a user’s identity in certain transactions.
 Authorization. Once a user’s identity is validated, it is important to know what the
user has permission to do. Authorization means determining a user’s permissions. Usually,
an organization’s infrastructure provides mechanisms (such as access control lists and
directories) for finding a user’s permissions and roles.
 Single sign-on (SSO). Although this term may not fit with the other security terms
in this list, it is a popular feature that should be discussed. SSO is a concept, or a technical
mechanism, that allows the user to only authenticate once to her client, so that she does not
have to memorize many usernames and passwords for other Web sites, Web services, ad
server applications.
 Confidentiality. When sensitive information is transmitted, keeping it secret is
important. It is common practice to satisfy confidentiality requirements with encryption.
Example credit card pins and Debit card pins must be encrypted during the transactions.
 Integrity. In a network, making sure data has not been altered in transit is imperative.
Validating a message’s integrity means using techniques that prove that data has not been
altered in transit.
 Usually, techniques such as hash codes and MAC (Message Authentication Codes) are
used for this purpose.
 Nonrepudiation. The process of proving legally that a user has performed a
transaction is called nonrepudiation. Using digital signatures provides this capability.

26
 s
Fortunately, technologies for Web services security and XML security have been evolving over
the past few years. Some of these technologies are XML Signature, XML Encryption, XKMS,
SAML, XACML, and WS-Security.
 XML Signature is a W3C Recommendation that provides a means to validate message
integrity and nonrepudiation.
 With XML Signature, any part of an XML document can be digitally signed. In fact,
multiple parts of an XML document can be signed by different people or applications.
 XML Signature, sometimes called XML-DSIG or XML-SIG, relies on public key
technology in which the hash (or message digest) of a message is cryptographically signed.

 XML Encryption is a technology and W3C Candidate Recommendation that handles

confidentiality; it can hide sensitive content, so that only the intended recipient can read
the sensitive information.
 In an XML file, different parts of the document can be encrypted, while other parts can
remain unencrypted. This can be helpful with Web services, when messages may be sent
to multiple points before the receiver gets the message.
 Different ciphers (encryption mechanisms) can be used, including symmetric (secret key)
and public key encryption.
 If confidentiality is a factor in Web services, a part of the application specific SOAP
message may be encrypted to the intended recipient.

 XML Key Management Specification (XKMS) is a W3C Note that was developed
jointly by the W3C and the IETF, and it specifies protocols for registering and distributing
public keys.
 It is something that is intended for use in conjunction with XML Signature and XML
Encryption.
 XKMS is composed of the XML Key Information Service Specification (X-KISS) and
the XML Key Registration Service Specification (X-KRSS). These protocols can be
used with SOAP for securely distributing and finding key information.

 Security Assertion Markup Language (SAML) is an OASIS (Organization for the

Advancement of Structured Information Standards) standard that has received
industrywide support and acceptance, and it promises to be key in the achievement of SSO
in Web services.
 An initiative driven by OASIS that is used for passing authentication and
authorization information between parties.
 SAML provides “assertions” of trust. That is, an application can assert that it
authenticated a user, and that the user has certain privileges.

27
  A SAML document can be digitally signed using XML Signature, providing
nonrepudiation of a user’s original authentication, identity, and authorization
credentials.
 Because SAML is used to distribute information between platforms and
organizations, regardless of how many points it crosses, it can solve tough
challenges in Web services security.

 Extensible Access Control Markup Language (XACML) is an initiative driven by

OASIS (Organization for the Advancement of Structured Information Standards)
that expresses access control policy (authentication and authorization information) for
XML documents and data sources.
 It relates to SAML in the sense that SAML provides the mechanism of propagating
authentication and authorization information between services and servers, and
XACML is the authentication and authorization information.
 The idea of XACML is that XML documents (or SOAP messages themselves) can
describe the policy of who can access them, which has interesting potential.

 The WS-Security specification was released in April 2002 by Microsoft, IBM, and
VeriSign, and is a specification that describes enhancements to SOAP messaging to
provide protection through integrity, confidentiality, and message authentication.
o It combines SOAP with XML Encryption and XML Signature, and is intended
to complement other security models and other security technologies.
o WS-Security also includes a family of specifications these are given bellow.
o WS-Policy
o WS-Trust
o WS- SecureConversation.

28