Web Services Architecture

Abstract
This document defines the Web Services Architecture. It identifies the functional
components and defines the relationships among those components to effect the desired
properties of the overall architecture.

1 Introduction
1.1 Purpose of the Web Service Architecture

Web services provide a standard means of interoperating between different software

applications, running on a variety of platforms and/or frameworks. This document
(WSA) is intended to provide a common definition of a Web service, and define its place
within a larger Web services framework to guide the community. The WSA provides a
conceptual model and a context for understanding Web services and the relationships
between the components of this model.

The architecture does not attempt to specify how Web services are implemented, and
imposes no restriction on how Web services might be combined. The WSA describes both
the minimal characteristics that are common to all Web services, and a number of
characteristics that are needed by many, but not all, Web services.

The Web services architecture is an interoperability architecture: it identifies those global

elements of the global Web services network that are required in order to ensure
interoperability between Web services.

Using this assertion as a basis, we can assess conformance to the architecture of a

particular resource by looking for its identifier. If, in a given instance of this architecture,
a resource has no identifier, then it is not a valid instance of the architecture.

While the concepts and relationships represent an enumeration of the architecture, the
stakeholders' perspectives approaches from a different viewpoint: how the architecture
meets the goals and requirements. In this section we elucidate the more global properties
of the architecture and demonstrate how the concepts actually achieve important
objectives.

A primary goal of the Stakeholder's Perspectives section is to provide a top-down view of

the architecture from various perspectives. For example, in the 3.6 Web Services
Security section we show how the security of Web services is addressed within the
architecture. The aim here is to demonstrate that Web services can be made secure and
indicate which key concepts and features of the architecture achieve that goal.

The key stakeholder's perspectives supported in this document reflect the major goals of
the architecture itself: interopability, extensibility, security, Web integration,
implementation and manageability.

1.4 What is a Web service?

For the purpose of this Working Group and this architecture, and without prejudice
toward other definitions, we will use the following definition:

[Definition: A Web service is a software system designed to support interoperable

machine-to-machine interaction over a network. It has an interface described in a
machine-processable format (specifically WSDL). Other systems interact with the Web
service in a manner prescribed by its description using SOAP messages, typically
conveyed using HTTP with an XML serialization in conjunction with other Web-related
standards.]

1.4.1 Agents and Services

A Web service is an abstract notion that must be implemented by a concrete agent. (See
Figure 1-1) The agent is the concrete piece of software or hardware that sends and
receives messages, while the service is the resource characterized by the abstract set of
functionality that is provided. To illustrate this distinction, you might implement a
particular Web service using one agent one day (perhaps written in one programming
language), and a different agent the next day (perhaps written in a different programming
language) with the same functionality. Although the agent may have changed, the Web
service remains the same.

1.4.2 Requesters and Providers

The purpose of a Web service is to provide some functionality on behalf of its owner -- a
person or organization, such as a business or an individual. The provider entity is the
person or organization that provides an appropriate agent to implement a particular
service. (See Figure 1-1: Basic Architectural Roles.)

A requester entity is a person or organization that wishes to make use of a provider

entity's Web service. It will use a requester agent to exchange messages with the provider
entity's provider agent.
(In most cases, the requester agent is the one to initiate this message exchange, though
not always. Nonetheless, for consistency we still use the term "requester agent" for the
agent that interacts with the provider agent, even in cases when the provider agent
actually initiates the exchange.)

Note:

A word on terminology: Many documents use the term service provider to refer to the
provider entity and/or provider agent. Similarly, they may use the term service requester
to refer to the requester entity and/or requester agent. However, since these terms are
ambiguous -- sometimes referring to the agent and sometimes to the person or
organization that owns the agent -- this document prefers the terms requester entity,
provider entity, requester agent and provider agent.

In order for this message exchange to be successful, the requester entity and the provider
entity must first agree on both the semantics and the mechanics of the message exchange.
(This is a slight simplification that will be explained further in 3.3 Using Web Services.)

1.4.3 Service Description

The mechanics of the message exchange are documented in a Web service description
(WSD). (See Figure 1-1) The WSD is a machine-processable specification of the Web
service's interface, written in WSDL. It defines the message formats, datatypes, transport
protocols, and transport serialization formats that should be used between the requester
agent and the provider agent. It also specifies one or more network locations at which a
provider agent can be invoked, and may provide some information about the message
exchange pattern that is expected. In essence, the service description represents an
agreement governing the mechanics of interacting with that service. (Again this is a slight
simplification that will be explained further in 3.3 Using Web Services.)

1.4.4 Semantics

The semantics of a Web service is the shared expectation about the behavior of the
service, in particular in response to messages that are sent to it. In effect, this is the
"contract" between the requester entity and the provider entity regarding the purpose and
consequences of the interaction. Although this contract represents the overall agreement
between the requester entity and the provider entity on how and why their respective
agents will interact, it is not necessarily written or explicitly negotiated. It may be explicit
or implicit, oral or written, machine processable or human oriented, and it may be a legal
agreement or an informal (non-legal) agreement. (Once again this is a slight
simplification that will be explained further in 3.3 Using Web Services.)

While the service description represents a contract governing the mechanics of

interacting with a particular service, the semantics represents a contract governing the
meaning and purpose of that interaction. The dividing line between these two is not
necessarily rigid. As more semantically rich languages are used to describe the mechanics
of the interaction, more of the essential information may migrate from the informal
semantics to the service description. As this migration occurs, more of the work required
to achieve successful interaction can be automated.

1.4.5 Overview of Engaging a Web Service

There are many ways that a requester entity might engage and use a Web service. In
general, the following broad steps are required, as illustrated in Figure 1-1: (1) the
requester and provider entities become known to each other (or at least one becomes
know to the other); (2) the requester and provider entities somehow agree on the service
description and semantics that will govern the interaction between the requester and
provider agents; (3) the service description and semantics are realized by the requester
and provider agents; and (4) the requester and provider agents exchange messages, thus
performing some task on behalf of the requester and provider entities. (I.e., the exchange
of messages with the provider agent represents the concrete manifestation of interacting
with the provider entity's Web service.) These steps are explained in more detail in 3.4
Web Service Discovery. Some of these steps may be automated, others may be
performed manually.

Figure 1-1. The General Process of Engaging a Web Servic

2 Concepts and Relationships
2.2.1 Concepts

A concept is expected to have some correspondence with any realizations of the

architecture. For example, the message concept identifies a class of object (not to be
confused with Objects and Classes as are found in Object Oriented Programming
languages) that we expect to be able to identify in any Web services context. The precise
form of a message may be different in different realizations, but the message concept tells
us what to look for in a given concrete system rather than prescribing its precise form.

Not all concepts will have a realization in terms of data objects or structures occurring in
computers or communications devices; for example the person or organization refers to
people and human organizations. Other concepts are more abstract still; for example,
message reliability denotes a property of the message transport service — a property that
cannot be touched but nonetheless is important to Web services.

Each concept is presented in a regular, stylized way consisting of a short definition, an

enumeration of the relationships with other concepts, and a slightly longer explanatory
description. For example, the concept of agent includes as relating concepts the fact that
an agent is a computational resource, has an identifier and an owner. The description part
of the agent explains in more detail why agents are important to the archicture.

2.2.2 Relationships

Relationships denote associations between concepts. Grammatically, relationships are

verbs; or more accurately, predicates. A statement of a relationship typically takes the
form: concept predicate concept. For example, in agent, we state that:

An agent is

a computational resource

This statement makes an assertion, in this case about the nature of agents. Many such
statements are descriptive, others are definitive:

A message has

a message sender

Such a statement makes an assertion about valid instances of the architecture: we expect
to be able to identify the message sender in any realization of the architecture.
Conversely, any system for which we cannot identify the sender of a message is not
conformant to the architecture. Even if a service is used anonymously, the sender has an
identifier but it is not possible to associate this identifier with an actual person or
organization.
2.2.3 Concept Maps

Many of the concepts in the architecture are illustrated with concept maps. A concept
map is an informal, graphical way to illustrate key concepts and relationships. For
example the diagram:

Figure 2-1. Concept Map

shows three concepts which are related in various ways. Each box represents a concept,
and each arrow (or labeled arc) represents a relationship.

The merit of a concept map is that it allows rapid navigation of the key concepts and
illustrates how they relate to each other. It should be stressed however that these diagrams
are primarily navigational aids; the written text is the definitive source.

2.2.4 Model

A model is a coherent subset of the architecture that typically revolves around a particular
aspect of the overall architecture. Although different models share concepts, it is usually
from different points of view; the major role of a model is to explain and encapsulate a
significant theme within the overall Web services architecture.

For example, the Message Oriented Model focuses and explains Web services strictly
from a message passing perspective. In particular, it does not attempt to relate messages
to services provided. The Service Oriented Model, however, lays on top of and extends
the Message Oriented Model in order to explain the fundamental concepts involved in
service - in effect to explain the purpose of the messages in the Message Oriented Model.

2.2.5 Conformance

Unlike language specifications, or protocol specifications, conformance to an architecture

is necessarily a somewhat imprecise art. However, the presence of a concept in this
enumeration is a strong hint that, in any realization of the architecture, there should be a
corresponding feature in the implementation. Furthermore, if a relationship is identified
here, then there should be corresponding relationships in any realized architecture. The
consequence of non-conformance is likely to be reduced interoperability: The absence of
such a concrete feature may not prevent interoperability, but it is likely to make such
interoperability more difficult.

A primary function of the Architecture's enumeration in terms of models, concepts and

relationships is to give guidance about conformance to the architecture. For example, the
architecture notes that a message has a message sender; any realization of this
architecture that does not permit a message to be associated with its sender is not in
conformance with the architecture. For example, SMTP could be used to transmit
messages. However, since SMTP (at present) allows forgery of the sender's identity,
SMTP by itself is not sufficient to discharge this responsibility.

2.3 The Architectural Models

This architecture has four models, illustrated in Figure 2-2. Each model in Figure 2-2 is
labeled with what may be viewed as the key concept of that model.

Figure 2-2. Meta Model of the Architecture

The four models are:

 The Message Oriented Model focuses on messages, message structure, message

transport and so on — without particular reference as to the reasons for the
messages, nor to their significance.

Figure 2-3. Simplified Message Oriented Model

The essence of the message model revolves around a few key concepts illustrated
above: the agent that sends and receives messages, the structure of the message in
terms of message headers and bodies and the mechanisms used to deliver
messages. Of course, there are additional details to consider: the role of policies
and how they govern the message level model. The abridged diagram shows the
key concepts; the detailed diagram expands on this to include many more
concepts and relationships.

 The Service Oriented Model focuses on aspects of service, action and so on.
While clearly, in any distributed system, services cannot be adequately realized
without some means of messaging, the converse is not the case: messages do not
need to relate to services.
 Figure 2-4. Simplified Service Oriented Model

The Service Oriented Model is the most complex of all the models in the
architecture. However, it too revolves around a few key ideas. A service is
realized by an agent and used by another agent. Services are mediated by means
of the messages exchanged between requester agents and provider agents.

A very important aspect of services is their relationship to the real world: services
are mostly deployed to offer functionality in the real world. We model this by
elaborating on the concept of a service's owner — which, whether it is a person or
an organization, has a real world responsibility for the service.

Finally, the Service Oriented Model makes use of meta-data, which, as described
in 3.1 Service Oriented Architecture, is a key property of Service Oriented
Architectures. This meta-data is used to document many aspects of services: from
the details of the interface and transport binding to the semantics of the service
and what policy restrictions there may be on the service. Providing rich
descriptions is key to successful deployment and use of services across the
Internet.

 The Resource Oriented Model focuses on resources that exist and have owners.
 Figure 2-5. Simplified Resource Oriented Model

The resource model is adopted from the Web Architecture concept of resource.
We expand on this to incorporate the relationships between resources and owners.

 The Policy Model focuses on constraints on the behavior of agents and services.
We generalize this to resources since policies can apply equally to documents
(such as descriptions of services) as well as active computational resources.

Figure 2-6. Simplified Policy Model

 Policies are about resources. They are applied to agents that may attempt to access
those resources, and are put in place, or established, by people who have
responsibility for the resource.

Policies may be enacted to represent security concerns, quality of service

concerns, management concerns and application concerns.

2.3.1 Message Oriented Model

The Message Oriented Model focuses on those aspects of the architecture that relate to
messages and the processing of them. Specifically, in this model, we are not concerned
with any semantic significance of the content of a message or its relationship to other
messages. However, the MOM does focus on the structure of messages, on the
relationship between message senders and receivers and how messages are transmitted.

The MOM is illustrated in the Figure 2-7:

Figure 2-7. Message Oriented Model

2.3.1.1 Address

2.3.1.1.1 Definition

An address is that information required by a message transport mechanism in order to

deliver a message appropriately.
2.3.1.1.2 Relationships to other elements

An address is information used to describe how and where to deliver messages.

An address may be a URI.
An address is typically transport mechanism specific.
An address may be contained in the message envelope.

2.3.1.1.3 Explanation

In order for message transport mechanisms to function, it is normally necessary to

provide information that allows messages to be delivered. This is called the address of the
message receiver.

Typically, the form of the address information will depend of the particular message
transport. In the case of an HTTP message transport, the address information will take the
form of a URL.

The precise method that a message sender uses to convey address information will also
depend on the transport mechanism used. On occasion, the address information may be
provided as additional arguments to the invoking procedure. Or the address information
may be located within the message itself; typically in the message envelope.

2.3.1.2 Delivery Policy

2.3.1.2.1 Definition

A delivery policy is a policy that constrains the methods by which messages are delivered
by the message transport.
2.3.1.2.2 Relationships to other elements

Delivery policy is a policy

Delivery policy constrains message transport
Delivery policy may be expressed in a policy description language
Delivery policy may express the quality of service associated with delivering a message
by a message transport mechanism
2.3.1.2.3 Explanation

Delivery policies are those policies that relate to the delivery of messages.

Typically, a delivery policy applies to the combination of a particular message and a

particular message transport mechanism. The policies that apply, however, may originate
from descriptions in the message itself, or be intrinsic to the transport mechanism, or
both.

Examples of delivery policies include quality of service assurances — such as reliable

versus best effort message delivery — and security assurances — such as encrypted
versus unencrypted message transport. Another kind of delivery policy could take the
form of assertions about recording an audit of how the message was delivered.

2.3.1.3 Message

2.3.1.3.1 Definition

A message is the basic unit of data sent from one Web services agent to another in the
context of Web services.
2.3.1.3.2 Relationships to other elements

a message is a unit of data sent from one agent to another

a message may be part of a message sequence
a message may be described using a service description language
a message has a message sender
a message has one or more message recipients
a message may have an identifier
a message has a message body
a message has zero or more message headers
a message has a message envelope
a message is delivered by a message transport system
a message may have a delivery policy associated with it
2.3.1.3.3 Explanation

A message represents the data structure passed from its sender to its recipients. The
structure of a message is defined in a service description.

The main parts of a message are its envelope, a set of zero or more headers, and the
message body. The envelope serves to encapsulate the component parts of the message
and it serves as a well-known location for message transport services to locate necessary
addressing information. The header holds ancillary information about the message and
facilitates modular processing. The body of the message contains the message content or
URIs to the actual data resource.
A message can be as simple as an HTTP GET request, in which the HTTP headers are the
headers and the parameters encoded in the URL are the content. Note that extended Web
services functionality in this architecture is not supported in HTTP headers.

A message can also simply be a plain XML document. However, such messages do not
support extended Web services functionality defined in this architecture.

A message can be a SOAP XML, in which the SOAP headers are the headers. Extended
Web services functionality are supported in SOAP headers.

2.3.1.4 Message Body

2.3.1.4.1 Definition

A message body is the structure that represents the primary application-specific content
that the message sender intends to deliver to the message recipient.
2.3.1.4.2 Relationships to other elements

a message body is contained by the message envelope.

a message body is the application-specific content intended for the message recipient.

2.3.1.4.3 Explanation

The message body provides a mechanism for transmitting information to the recipient of
the message. The form of the message body, and other constraints on the body, may be
expressed as part of the service description.

In many cases, the precise interpretation of the message body will depend on the message
headers that are in the message.

2.3.1.5 Message Correlation

2.3.1.5.1 Definition

Message correlation is the association of a message with a context. Message correlation

ensures that a requester agent can match the reply with the request, especially when
multiple replies may be possible.
2.3.1.5.2 Relationships to other elements

Message Correlation is a means of associating a message within a specific conversational

context.
Message correlation may be realized by including message identifiers to enable messages
to be identified.
2.3.1.5.3 Explanation

Message correlation allows a message to be associated with a particular purpose or

context. In a conversation, it is important to be able to determine that an actual message
that has been received is the expected message. Often this is implicit when conversations
are relayed over stream-oriented message transports; but not all transports allow
correlation to be established so implicitly.

For situations where correlation must be handled explicitly, one technique is to associate
a message identifier with messages. The message identifier is an identifier that allows a
received message to be correlated with the originating request. The sender may also add
an identifier for a service, not necessarily the originating sender, who will be the recipient
of the message (see asynchronous messaging).

Correlation may also be realized by the underlying protocol. For example, HTTP/1.1
allows one to correlate a request with its response.

2.3.1.6 Message Envelope

2.3.1.6.1 Definition

A message envelope is the structure that encapsulates the component parts of a message:
the message body and the message headers.
2.3.1.6.2 Relationships to other elements

a message envelope may contain address information about the intended recipients of its
associated message a message envelope contains the message body.
a message envelope contains the message headers.

2.3.1.6.3 Explanation

Issue (message_with_address):

How is a message associated with its destination address?

There is an unresolved issue here. A message somehow must be associated with its
destination address. This combination of the message with its destination address seems
to be a significant architectural concept, yet SOAP does not require that the address be
included in the message header.

Resolution:

None recorded.
The message envelope may contain information needed to actually deliver messages. If
so, it must at least contain sufficient address information so that the message transport
can deliver the message. Typically this information is part of the service binding
information found in a WSDL document.

Other metadata that may be present in an envelope includes security information to allow
the message to be authenticated and quality of service information.

A correctly design message transport mechanism should be able to deliver a message

based purely on the information in the envelope. For example, an encrypted message that
fully protects the identities of the sender, recipient as well as the message content, may
still be delivered using only the address information (and the encrypted data stream
itself).

2.3.1.7 Message Exchange Pattern (MEP)

2.3.1.7.1 Definition

A Message Exchanage Pattern (MEP) is a template, devoid of application semantics, that

describes a generic pattern for the exchange of messages between agents. It describes
relationships (e.g., temporal, causal, sequential, etc.) of multiple messages exchanged in
conformance with the pattern, as well as the normal and abnormal termination of any
message exchange conforming to the pattern.
2.3.1.7.2 Relationships to other elements

a message exchange pattern describes

a generic pattern for the exchange of messages between agents.

a message exchange pattern should have

a unique identifier

a message exchange pattern may realize

message correlation

a message exchange pattern may describe

a service invocation
2.3.1.7.3 Explanation

Distributed applications in a Web services architecture communicate via message

exchanges. These message exchanges are logically factored into patterns that may be
composed at different levels to form larger patterns. A Message Exchange Pattern (MEP)
is a template, devoid of application semantics, that describes a generic pattern for the
exchange of (one-way) messages between agents. The patterns can be described by state
machines that define the flow of the messages, including the handling of faults that may
arise, and the correlation of messages.

Issue (mep_vs_chor):

What is the difference between an MEP and a Choreography?

The precise difference between an MEP and a choreography is unresolved. Some view
MEPs as being atomic patterns, and a choreography as including composition of patterns.
Also, a choreography generally describes patterns that include application semantics
(choreography = MEPs + application semantics), whereas an MEP is devoid of
application semantics. Finally, there is usually a difference in scale between an MEP and
a choregraphy: A choreography often makes use of MEPs as building blocks.

Resolution:

None recorded.

Messages that are instances of an MEP are correlated, either explicitly or implicitly. The
exchanges may be synchronous or asynchronous.

In order to promote interoperability, it is useful to define common MEPs that are broadly
adopted and unambiguously identified. When a MEP is described for the purpose of
interoperability, it should be associated with a URI that will identify that MEP.

Some protocols may natively support certain MEPs, e.g., HTTP natively supports
request-response. In other cases there is may be additional glue needed to map MEPs
onto a protocol.

Web service description languages at the level of WSDL view MEPs from the perspective
of a particular service actor. A simple request-reponse MEP, for example, appears as an
incoming message which invokes an operation and an associated outgoing message with
a reply.

An MEP is not necessarily limited to capturing only the inputs and outputs of a single
service. Consider the pattern:

1. agent A uses an instance of an MEP (possibly request-response) to communicate

initially with B.
2. agent B then uses a separate, but related instance of an MEP to communicate with
C.

3. agent A uses another instance of an MEP to communicate with C but gets a reply
only after C has processed (2).
This example makes it clear that the overall pattern cannot be described in terms of the
inputs and outputs of any single interaction. The pattern involves constraints and
relationships among the messages in the various MEP instances. It also illuminates the
fact that exchange (1) is in in-out MEP from the perspective of actor B, and mirrored by
an out-in MEP from the perspective of actor A. Finally, an actual application instantiates
this communication pattern and completes the picture by adding computation at A, B and
C to carry out application-specific operations.

It is instructive to consider the kinds of fault reporting that occur in such a layering.
Consider a fault at the transport protocol level. This transport level may itself be able to
manage certain faults (e.g., re-tries), but it may also simply report the fault to the binding
level. Similarly the binding level may manage the fault (e.g., by re-initiating the
underlying protocol) or may report a SOAP fault. The choreography and application
layers may be intertwined or separated depending on how they are architected. There is
also no rigid distinction between the choreography and binding layers; binding-level
MEPs are essentially simple choreographies. Conceptually, the choreographic level can
enforce constraints on message order, maintain state consistency, communicate
choreographic faults to the application, etc. in ways that transcend particular bindings and
transports.

2.3.1.8 Message Header

2.3.1.8.1 Definition

A message header is the part of the message that contains information about a specific
aspect of the message.
2.3.1.8.2 Relationships to other elements

a message header is contained in

a message envelope

a message header may be

a specific well known types

Editorial note
The "is-a" relationship here is used in a different way than elsewhere in the
document.
a message header may identify

a service role, which denotes the kind of processing expected for the header.

a message header may be processed

 independently of the message body
2.3.1.8.3 Explanation

Message headers represent information about messages that is independently

standardized (such as WS-Security) — and may have separate semantics -- from the
message body. For example, there may be standard forms of message header that describe
authentication of messages. The form of such headers is defined for all messages;
although, of course, a given authentication header will be specific to the particular
message.

The primary function of headers is to facilitate the modular processing of the message,
although they can also be used to support routing and related aspects of message
processing. The header part of a message can include information pertinent to extended
Web services functionality, such as security, transaction context, orchestration
information, message routing information, or management information.

Message headers may be processed independently of the message body, each message
header may have an identifying service role that indicates the kind of processing that
should be performed on messages with that header. Each message may have several
headers, each potentially identifying a different service role.

Although many headers will relate to infrastructure facilities, such as security, routing,
load balancing and so on; it is also possible that headers will be application specific. For
example, a purchase order processing Web service may be structured into layers;
corresponding to different functions within the organization. These stakeholders may
process headers of different messages in standardized ways: the customer information
may be captured in one standardized header, the stock items by a different standardized
header and so on.

2.3.1.9 Message Receiver

2.3.1.9.1 Definition

A message receiver is an agent that receives a message.

2.3.1.9.2 Relationships to other elements

a message receiver is

a agent

a message receiver is

the recipient of a message

2.3.1.9.3 Explanation
The message receiver is an agent that is intended to receive a message from the message
sender.

Messages may be passed through intermediaries that process aspects of the message,
typically by examining the message headers. The message recipient may or may not be
aware of processing by such intermediaries.

Often a specific message receiver, the ultimate recipient, is identified as the final
recipient of a message. The ultimate recipient will be responsible for completing the
processing of the message.

2.3.1.10 Message Reliability

2.3.1.10.1 Definition

Message reliability is the degree of certainty that a message will be delivered and that
sender and receiver will both have the same understanding of the delivery status.
2.3.1.10.2 Relationships to other elements

message reliability is

a property of message delivery.

message reliability may be realized by

a combination of message acknowledgement and correlation.

message reliability may be realized by

a transport mechanism
2.3.1.10.3 Explanation

The goal of reliable messaging is to both reduce the error frequency for messaging and to
provide sufficient information about the status of a message delivery. Such information
enables a participating agent to make a compensating decision when errors or less than
desired results occur. High level correlation such as "two-phase commit" is needed if
more than two agents are involved. Note that in a distributed system, it is theoretically
not possible to guarantee correct notification of delivery; however, in practice, simple
techniques can greatly increase the overall confidence in the message delivery.

It is important to note that a guarantee of the delivery of messages alone may not improve
the overall reliability of a Web service due to the need for end-to-end reliability. (See
"End-to-End Arguments in System Design".) It may, however, reduce the overall cost of a
Web service.
Message reliability may be realized with a combination of message receipt
acknowledgement and correlation. In the event that a message has not been properly
received and acted upon, the sender may attempt a resend, or some other compensating
action at the application level.

2.3.1.11 Message Sender

2.3.1.11.1 Definition

A message sender is the agent that transmits a message.

2.3.1.11.2 Relationships to other elements

a message sender is

an agent

a message sender is

the originator of a message

2.3.1.11.3 Explanation

A message sender is an agent that transmits a message to another agent. Although every
message has a sender, the identity of the sender may not be available to others in the case
of anonymous interactions.

Messages may also be passed through intermediaries that process aspects of the message;
typically by examining the message headers. The sending agent may or may not be aware
of such intermediaries.

2.3.1.12 Message Sequence

2.3.1.12.1 Definition

A message sequence is a sequence of related messages.

2.3.1.12.2 Relationships to other elements

a message sequence is

a sequence of related messages

a message sequence may realize

a documented message exchange pattern

2.3.1.12.3 Explanation
A requester agent and a provider agent exchange a number of messages during an
interaction. The ordered set of messages exchanged is a message sequence.

This sequence may be realizing a well-defined MEP, usually identified by a URI.

2.3.1.13 Message Transport

2.3.1.13.1 Definition

A Message Transport is a mechanism that may be used by agents to deliver messages.

2.3.1.13.2 Relationships to other elements

a message transport is

a mechanism that delivers messages

a message transport has

zero or more capabilities

a message transport is constrained by

various delivery policies

a message transport must know

sufficient address information in order to deliver a message.

2.3.1.13.3 Explanation

The message transport is the actual mechanism used to deliver messages. Examples of
message transport include HTTP over TCP, SMTP, message oriented middleware, and so
on.

The responsibility of the message transport is to deliver a message from a sender to one
or more recipient, i.e. transport a SOAP Infoset from one agent to another, possibly with
some implied semantics (e.g. HTTP methods semantics).

Message transports may provide different features (e.g. message integrity, quality of
service guaranties, etc.).

For a message transport to function, the sending agent must provide the address of the
recipient.

2.3.2 The Service Oriented Model

The Service Oriented Model (SOM) focuses on those aspects of the architecture that
relate to service and action.

The primary purpose of the SOM is to explicate the relationships between an agent and
the services it provides and requests. The SOM builds on the MOM, but its focus is on
action rather than message.

The concepts and relationships in the SOM are illustrated in Figure 2-8:

Figure 2-8. Service Oriented Model

2.3.2.1 Action

2.3.2.1.1 Definition
An action, for the purposes of this architecture, is any action that may be performed by an
agent, possibly as a result of receiving a message, or which results in sending a message
or another observable state change.
2.3.2.1.2 Relationships to other elements

An action may result in

a desired goal state

An action may be

the sending of a message

An action may be

the processing of a received message

2.3.2.1.3 Explanation

At the core of the concept of service is the notion of one party performing action(s) at the
behest of another party. From the perspective of requester and provider agents, an action
is typically performed by executing some fragment of a program.

In the WSA, the actions performed by requester and provider agents are largely out of
scope, except in so far as they are the result of messages being sent or received. In effect,
the programs that are executed by agents are not in scope of the architecture, however the
resulting messages are in scope.

2.3.2.2 Agent

2.3.2.2.1 Definition

An agent is a program acting on behalf of person or organization. (This definition is a

specialization of the definition in [Web Arch]. It corresponds to the notion of software
agent in [Web Arch].)
2.3.2.2.2 Relationships to other elements

An agent is

a computational resource

An agent has

an owner that is a person or organization

An agent may realize

 zero or more services

An agent may request

zero or more services

2.3.2.2.3 Explanation

Agents are programs that engage in actions on behalf of someone or something else. For
our purposes, agents realize and request Web services. In effect, software agents are the
running programs that drive Web services — both to implement them and to access them.

Software agents are also proxies for the entities that own them. This is important as many
services involve the use of resources which also have owners with a definite interest in
their disposition. For example, services may involve the transfer of money and the
incurring of legal obligations as a result.

We specifically avoid any attempt to govern the implementation of agents; we are only
concerned with ensuring interopability between systems.

2.3.2.3 Choreography

2.3.2.3.1 Definition

A choreography defines the sequence and conditions under which multiple cooperating
independent agents exchange messages in order to perform a task to achieve a goal state.

Editorial note
This is a different level of abstraction from the definition used by the W3C Web Services
Choreography Working Group.

2.3.2.3.2 Relationships to other elements

A choreography uses

one or more service interfaces .

A choreography defines

the pattern of possible interactions between a set of agents .

A choreography may be expressed in

a choreography description language

A choreography pertains to
 a given task

A choreography defines

the relationship between exchanged messages and tasks of a service.

2.3.2.3.3 Explanation

A choreography is a model of the sequence of operations, states, and conditions that

control the interactions involved in the participating services. The interaction prescribed
by a choreography results in the completion of some useful function. Examples include
the placement of an order, information about its delivery and eventual payment, or
putting the system into a well-defined error state.

A choreography can be distinguished from an orchestration. An orchestration defines the

sequence and conditions in which one Web service invokes other Web services in order to
realize some useful function.

A choreography may be described using a choreography description language. A

choreography description language permits the description of how Web services can be
composed, how service roles and associations in Web services can be established, and
how the state, if any, of composed services is to be managed.

2.3.2.4 Capability

2.3.2.4.1 Definition

A capability is a named piece of functionality (or feature) that is declared as supported or

requested by an agent.
2.3.2.4.2 Relationships to other elements

a capability has a

identifier which is a URI

a capability has a

a description of its semantics

a capability can be

advertised by an agent that supports it

a capability can be

required by agent that wishes to use it

a capability may be referenced by

a service description
2.3.2.4.3 Explanation

Agents participating in an exchange may implement a wide variety of features. For

example, there may be different ways to achieve the reliable delivery of a message, or
there may be several mechanisms available to support security. A Web service may
advertise that it supports a particular capability, and an agent requiring that capability
might select the service on that basis. Or a Web service may indicate that it requires a
particular capability of any requester agent that uses it, and a requester agent may select it
or avoid it on that basis. There may also be a negotiation -- either manual or automatic --
about which capabilities to select.

The concept of capability encompasses SOAP features, but is broader.

2.3.2.5 Goal State

2.3.2.5.1 Definition

A goal state is a state of some service or resource that is desireable from some person or
organization's point of view.
2.3.2.5.2 Relationships to other elements

a goal state is

a state of the real world, which includes the state of relevant resources

a goal state is

desired by some person or organization which has an interest in defining it.

a goal state may be characterized

informally, or formally with a formal expression.

2.3.2.5.3 Explanation

Goal states are associated with tasks. Tasks are the unit of action associated with services
that have a measurable meaning. Typically measured from the perspective of the owner
of a service, a goal state is characterized by a predicate that is true of that state — for
example, a book selling service may have as its goal state that a book has been purchased
by a legitimate customer.

It is difficult to be formal about vague properties such as desireable, however, it is also

clear that services are deployed and used with an intention. An e-commerce service is
oriented towards buying and selling, a stock ticker service is oriented towards giving
timely information. A goal state is simply a way of being able to declare success when a
task has completed sucessfully.

2.3.2.6 Provider Agent

2.3.2.6.1 Definition

A provider agent is an agent that is capable of and empowered to perform the actions
associated with a service on behalf of its owner — the provider entity.
2.3.2.6.2 Relationships to other elements

a provider agent is

a Web service software agent

a provider agent realizes

one or more services

a provider agent performs, or causes to perform

the actions associated with a task

a provider agent acts on behalf of

a provider entity
2.3.2.6.3 Explanation

The provider agent is the software agent that realizes a Web service by performing tasks
on behalf of its owner — the provider entity.

A given service may be offered by more than one agent, especially in the case of
composite services, and a given provider agent may realize more than one Web service.

2.3.2.7 Provider Entity

2.3.2.7.1 Definition

The provider entity is the person or organization that is providing a Web service.
2.3.2.7.2 Relationships to other elements

a provider entity

is a person or organization
a provider entity

offers a Web service

a provider entity owns

a provider agent
2.3.2.7.3 Explanation

The provider entity is the person or organization that is offering a Web service. The
provider agent acts on behalf of the provider entity that owns it.

2.3.2.8 Requester Agent

2.3.2.8.1 Definition

A requester agent is a software agent that wishes to interact with a provider agent in order
to request that a task be performed on behalf of its owner — the requester entity.
2.3.2.8.2 Relationships to other elements

a requester agent is

an agent

a requester agent uses

a service

a requester agent acts on behalf of

a requester entity
2.3.2.8.3 Explanation

The requester agent is the software agent that requires a certain function to be performed
on behalf of its owner — the requester entity. From an architectural perspective, this is
the agent that is looking for and invoking or initiating an interaction with a provider
agent.

2.3.2.9 Requester Entity

2.3.2.9.1 Definition

The requester entity is the person or organization that wishes to use a provider entity's
Web service.
2.3.2.9.2 Relationships to other elements
a requester entity

is a person or organization

a requester entity owns

a requester agent
2.3.2.9.3 Explanation

The requester entity is the person or organization that wishes to make use of a Web
service. The requester entity is the counterpart to the provider entity.

2.3.2.10 Service

2.3.2.10.1 Definition

A service is an abstract resource that represents a capability of performing tasks that

represents a coherent functionality from the point of view of provider entities and
requester entities. To be used, a service must be realized by a concrete provider agent.
2.3.2.10.2 Relationships to other elements

a service is a

resource

a service performs

one or more tasks

a service has

a service description

a service has a

service interface

a service has

service semantics

a service has

an identifier
a service has

a service semantics

a service has

one or more service roles in relation to the service's owner

a service may have

one or more policies applied to it.

a service is owned by

a person or organization.

a service is provided by

a person or organization.

a service is realized by

a provider agent.

a service is used by

a requester agent.
2.3.2.10.3 Explanation

A service is an abstract resource that represents a person or organization in some

collection of related tasks as having specific service roles. The service may be realized by
one or more provider agents that act on behalf of the person or organization — the
provider entity.

The critical distinction of a Web service, compared to other Web resources, is that Web
services do not necessarily have a representation; however, they are associated with
actions.

Issue (ws_get):

What should be the representation returned by an HTTP "GET" on a Web service

URI?

What should be the representation of a Web service? Should a service description be

available at the service URI?
Resolution:

None recorded.

For a Web service to be compliant with this architecture there must be sufficient service
descriptions associated with the service to enable its use by other parties. Ideally, a
service description will give sufficient information so that an automatic agent may not
only use the service but also decide if the service is appropriate; that in turn implies a
description of the semantics of the service.

We distinguish a number of things in their relation to a service: a service has an owner; a

service must be realized by a (software) provider agent; a requester agent may interact
with a provider agent; and a provider agent has an owner (the provider entity). Web
services are inherently about computer-to-computer interactions between requester and
provider agents; yet they are also ultimately deployed in human service because the
requester and provider agents act on behalf of their owners.

Web services are focused on actions. It is convenient, for the purposes of characterizing
their semantics, to capture this in terms of tasks. The semantics of any computational
system is bound with the behavior of the system: and the intended semantics is bound
with some desired behavior. Tasks combine the concept of action with intention: i.e., Web
services are conventionally invoked with a given purpose in mind. The purpose can be
expressed as an intended goal state: such as a book being delivered or a temperature
reading being taken.

There is no requirement for there to be a one-to-one correspondence between messages

and services. A given message may be processed by more than one service, especially in
the situation where there are service intermediaries, and a given service may, of course,
process more than one kind of message. We formalize this by asserting that a service
adopts one or more service roles. The service role identifies the intended role as
determined by the owner of the service. A given role is characterized by the aspects of
messages it is concerned with.

2.3.2.11 Service Description

2.3.2.11.1 Definition

A service description is a set of documents that describe the interface to and semantics of
a service.
2.3.2.11.2 Relationships to other elements

a service description is

a machine-processable description of a service

a service description is
 a machine-processable description of the service's interface

a service description contains

a machine-processable description of the messages that are exchanged by the

service

a service description may include

a description of the service's semantics

a service description is expressed in

a service description language

2.3.2.11.3 Explanation

A service description contains the details of the interface and, potentially, the expected
behavior of the service. This includes its data types, operations, transport protocol
information, and address. It could also include categorization and other metadata to
facilitate discovery and utilization. The complete description may be realized as a set of
XML description documents.

There are many potential uses of service descriptions: they may be used to facilitate the
construction and deployment of services, they may be used by people to locate
appropriate services, and they may be used by requester agents to automatically discover
appropriate provider agents in those case where requester agents are able to make suitable
choices.

2.3.2.12 Service Interface

2.3.2.12.1 Definition

A service interface is the abstract boundary that a service exposes. It defines the types of
messages and the message exchange patterns that are involved in interacting with the
service, together with any conditions implied by those messages.
2.3.2.12.2 Relationships to other elements

a service interface defines

the messages relevant to the service

2.3.2.12.3 Explanation

A service interface defines the different types of messages that a service sends and
receives, along with the message exchange patterns that may be used.
2.3.2.13 Service Intermediary

2.3.2.13.1 Definition

A service intermediary is a Web service whose main role is to transform messages in a

value-added way. (From a messaging point of view, an intermediary processes messages
en route from one agent to another.) Specifically, we say that a service intermediary is a
service whose outgoing messages are equivalent to its incoming messages in some
application-defined sense.
2.3.2.13.2 Relationships to other elements

A service intermediary is

a service.

A service intermediary adopts

a specific service role.

A service intermediary preserves

the semantics of messages it receives and sends.

2.3.2.13.3 Explanation

A service intermediary is a specific kind of service which typically acts as a kind of filter
on messages it handles. Normally, intermediaries do not consume messages but rather
forward them to other services. Of course, intermediaries do often modify messages but, it
is of the essence that from some application specific perspective they do not modify the
meaning of the message.

Of course, if a message is altered in any way, then from some perspectives it is no longer
the same message. However, just as a paper document is altered whenever anyone writes
a comment on the document, and yet it is still the same document, so an intermediary
modifies the messages that it receives, forwarding the same message with some changes.

Coupled with the concept of service intermediary is the service role is adopts. Typically,
this involves one or more of the messages' headers rather than the bodies of messages.
The specification of the header is coupled with the permissable semantics of the
intermediary should make it clear to what extent the messages forwarded by an
itnermediary are the same message and what modifications are permitted.

There are a number of situations where additional processing of messages is required. For
example, messages that are exchanged between agents within an enterprise may not need
encryption; however, if a message has to leave the enterprise then good security may
suggest that it be encrypted. Rather than burden every software agent with the means of
encrypting and decrypting messages, this functionality can be realized by means of an
intermediary. The main responsiblity of the software agents then becomes ensuring that
the messages are routed appropriately and have the right headers targetted at the
appropriate intermediaries.

2.3.2.14 Service Role

2.3.2.14.1 Definition

A service role is an abstract set of tasks which is identified to be relevant by a person or

organization offering a service. Service roles are also associated with particular aspects of
messages exchanged with a service.
2.3.2.14.2 Relationships to other elements

a service role is

a set of service tasks

a service role may be defined

in terms of particular properties of messages.

a service role may be established by

a service owner.
2.3.2.14.3 Explanation

A service role is an intermediate abstraction between service and task. A given message
that is received by a service may involve processing associated with several service roles.
Similarly, messages emitted may also involve more than one service role.

We can formalize the distinction by noting that a service role is typically associated with
a particular property of messages. For ultimate processing, the service role may be to
determine some final disposition of messages received. However, other service roles may
be associated with more generic properties of messages — such as their encryption, or
whether they reference a customer or inventory item.

Service roles identify the points of interest that a service owner has in the processing of
messages. As such, they are established by the party that offers in the service.

2.3.2.15 Service Semantics

2.3.2.15.1 Definition

The semantics of a service is the behavior expected when interacting with the service.
The semantics expresses a contract (not necessarily a legal contract) between the provider
entity and the requester entity. It expresses the intended real-world effect of invoking the
service. A service semantics may be formally described in a machine readable form,
identified but not formally defined, or informally defined via an "out of band" agreement
between the provider entity and the requester entity.
2.3.2.15.2 Relationships to other elements

a service semantics is

the contract between the provider entity and the requester entity concerning the
effects and requirements pertaining to the use of a service

a service semantics describes

the intended effects of using a service

a service semantics is about

the service tasks that constitute the service.

a service semantics should be identified

in a service description

a service semantics may be described

in a formal, machine-processable language

2.3.2.15.3 Explanation

Knowing the type of a data structure is not enough to understand the intent and meaning
behind its use. For example, methods to deposit and withdraw from an account typically
have the same type signature, but with a different effect. The effects of the operations are
the semantics of the operation. It is good practice to be explicit about the intended effects
of using a Web service; perhaps even to the point of constructing a machine readable
description of the semantics of a service.

Machine processable semantic descriptions provide the potential for sophisticated usage
of Web services. For example, by accessing such descriptions, a requester agent may
autonomously choose which provider agent to use.

Apart from the expected behavior of a service, other semantic aspects of a service include
any policy restrictions on the service, the relationship between the provider entity and the
requester entity, and what manageability features are associated with the service.

2.3.2.16 Service Task

2.3.2.16.1 Definition
A service task is an action or combination of actions that is associated with a desired goal
state. Performing the task involves executing the actions, and is intended to achieve a
particular goal state.
2.3.2.16.2 Relationships to other elements

a service task is

an action or combination of actions.

a service task is associated with

one or more intended goal states.

a service task is performed by

executing the actions associated with the task.

a service task has a

service interface
2.3.2.16.3 Explanation

A service task is an abstraction that encapsulates some intended effect of invoking a

service.

Tasks are associated with goal states — characterized by predicates that are satisfied on
successful completion.

The performance of a task is made observable by the exchange of messages between the
requester agent and the provider agent. The specific pattern of messages is what defines
the choreography associated with the task.

In addition to exchanged messages, there may be other private actions associated with a
task. For example, in a database update task, the task may be signaled by an initiating
message and a completion message, which are public, and the actual database update,
which is typically private.

In the case of a service oriented architecture only the public aspects of a task are
important, and these are expressed entirely in terms of the messages exchanged.

Tasks represent a useful unit in modeling the semantics of a service and indeed of a
service role — a given service may consist of a number of tasks.

2.3.3 The Resource Oriented Model

The Resource Oriented Model focuses on those aspects of the architecture that relate to
resources. Resources are a fundamental concept that underpins much of the Web and
much of Web services; for example, a Web service is a particular kind of resource that is
important to this architecture.

The ROM focuses on the key features of resources that are relevant to the concept of
resource, independent of the role the resource has in the context of Web services. Thus
we focus on issues such as the ownership of resources, policies associated with resources
and so on. Then, by virtue of the fact that Web services are resources, these properties are
inherited by Web services.

We illustrate the basic concepts and relationships in the ROM in Figure 2-9:

Figure 2-9. Resource Oriented Model

2.3.3.1 Discovery

2.3.3.1.1 Definition
Discovery is the act of locating a machine-processable description of a Web service-
related resource that may have been previously unknown and that meets certain
functional criteria. It involves matching a set of functional and other criteria with a set of
resource descriptions. The goal is to find an appropriate Web service-related resource.
[WS Glossary]
2.3.3.1.2 Relationships to other elements

Discovery is

the act of locating a resource description

Discovery involves

matching a set of functional and other criteria with a set of resource descriptions.

Discovery may be performed

by an agent, or by an end-user

Discovery may be realized

using a discovery service

2.3.3.1.3 Explanation

In the context of Web services, the resources being discovered are usually service
descriptions. If a requester entity does not already know what service it wishes to engage,
the requester entity must discover one. There are various means by which discovery can
be performed. Various things — human end users or agents — may initiate discovery.
Requester entities may find service descriptions during development for static binding, or
during execution for dynamic binding. For statically bound requester agents, using
discovery is optional, as the service description might be obtained in other ways, such as
being sent directly from the provider entity to the requester entity, developed
collaboratively, or provided by a third party, such as a standards body.

2.3.3.2 Discovery Service

2.3.3.2.1 Definition

A discovery service is a service that enables agents to retrieve Web service-related

resource descriptions.
2.3.3.2.2 Relationships to other elements

A discovery service is

a service
A discovery service is used to

publish descriptions

A discovery service is used to

search for resource descriptions

A discovery service may be used

by an agent
2.3.3.2.3 Explanation

A discovery service is used to publish and search for descriptions meeting certain
functional or semantic criteria. It is primarily intended for use by requester entities, to
facilitate the process of finding an appropiate provider agent for a particular task.
However, depending on the implementation and policy of the discovery service (3.4.2
Discovery: Registry, Index or Peer-to-Peer?), it may also be used by provider entities
to actively publish their service descriptions.

Although the resource model is general purpose, the most important resource for our
purposes is the Web service. Furthermore, the primary role of a discovery service is to
facilitate the discovery of Web services.

For dynamic discovery, the requester agent may interact directly with the discovery
service to find an appropriate provider agent to engage. For static discovery, a human
may interact with the discovery service through an appropriate software agent, such as a
browser.

The use of an automated discovery service is optional, since other means can be used to
enable a requester entity and provider entity to agree on the service description that will
govern the interaction. For example, the requester entity might obtain the service
description directly from the provider entity, the two parties might develop the service
description collaboratively, or, in some circumstances, the service description may be
created by the requester entity and dictated to the provider entity. (For example, a large
company may require its suppliers to provide Web services that conform to a particular
service description.) Likewise, a requester entity can obtain a service description from
other sources besides a discovery service, such as a local file system, FTP site, URL, or
WSIL document.

2.3.3.3 Identifier

2.3.3.3.1 Definition

An identifier is an unambiguous name for a resource.

2.3.3.3.2 Relationships to other elements
an identifier should be realized

a URI

an identifier identifies

a resource that is relevant to the architecture

2.3.3.3.3 Explanation

Identifiers are used to identify resources. In the architecture we use Uniform Resource
Identifiers [RFC 2396] to identify resources.

Issue (urivsqname):

Should URIs be used to identify Web services components, rather than QNames?

Some specifications use QNames to identify things. However, QNames may be

ambiguous, because the same QName may be used to identify things of different types.
(In effect, specifications having this practice have different symbol spaces to distinguish
the different uses of a QName.) Should URIs be preferred instead of QNames for Web
services? A significant majority of this Working Group believes the answer is yes.

Resolution:

None recorded.

2.3.3.4 Representation

2.3.3.4.1 Definition

A representation is a piece of data that describes a resource state.

2.3.3.4.2 Relationships to other elements

a resource may have a

representation
2.3.3.4.3 Explanation

Representations are data objects that reflect the state of a resource. A resource has a
unique identifier (a URI). Note that a representation of a resource need not be the same as
the resource itself; for example the resource asociated with the booking state of a
restaurant will have different representations depending on when the representation is
retrieved. A representation is usually retrieved by performing an HTTP "GET" on a URI.

2.3.3.5 Resource
2.3.3.5.1 Definition

A resource is defined by [RFC 2396] to be anything that can have an identifier. Although
resources in general can be anything, this architecture is only concerned with those
resources that are relevant to Web services and therefore have some additional
characteristics. In particular, they incorporate the concepts of ownership and control: a
resource that appears in this architecture is a thing that has a name, may have reasonable
representations and which can be said to be owned. The ownership of a resource is
critically connected with the right to set policy on the resource.
2.3.3.5.2 Relationships to other elements

a resource has

an identifier

a resource may have

zero or more representations

a resource may have

zero or more resource descriptions

a resource is owned by

a person or organization

a resource may be governed by

zero or more policies

2.3.3.5.3 Explanation

Resources form the heart of the Web architecture itself. The Web is a universe of
resources that have URIs as identifiers, as defined in [RFC 2396].

From a real-world perspective, a most interesting aspect of a resource is its ownership: a

resource is something that can be owned, and therefore have policies applied to it.
Policies applying to resources are relevant to the management of Web services, security
of access to Web services and many other aspects of the role that a resource has in the
world.

2.3.3.6 Resource description

2.3.3.6.1 Definition
A resource description is any machine readable data that may permit resources to be
discovered. Resource descriptions may be of many different forms, tailored for specific
purposes, but all resource descriptions must contain the resource's identifier.
2.3.3.6.2 Relationships to other elements

A resource description contains

the resource's identifier

A resource description may reference

the policies applicable to the resource

A resource description may reference

the semantics applicable to the resource

2.3.3.6.3 Explanation

A resource description is a machine-processable description of a resource. Resource

descriptions are used by and within discovery services to permit agents to discover the
resource.

The precise contents of a resource description will vary, depending on the resource, on
the purpose of the description and on the accessibility of the resource. However, for our
purposes it is important to note that the description must contain the resource's identifier.
I.e., a description of the form: "the new resource that is owned by XYZ co." is not
regarded as a valid resource description because it does not mention the resource's
identifier.

A primary purpose of resource descriptions is to facilitate the discovery of the resource.

To aid that purpose, the description is likely to contain information about the location of
the resource, how to access it and potentially any policies that govern the policy. Where
the resource is a Web service, the description may also contain machine-processable
information about how to invoke the Web service and the expected effect of using the
Web service.

Note that a resource description is fundamentally distinct from the resource

representation. The latter is a snapshot reflecting the state of resource, the description is
meta-level information about the resource.

2.3.4 The Policy Model

The Policy Model focuses on those aspects of the architecture that relate to policies and,
by extension, security and quality of service.
Security is fundamentally about constraints; about constraints on the behavior on action
and on accessing resources. Similarly, quality of service is also about constraints on
service. In the PM, these constraints are modeled around the core concept of policy; and
the relationships with other elements of the architecture. Thus the PM is a framework in
which security can be realized.

However, there are many other kinds of constraints, and policies that are relevant to Web
services, including various application-level constraints.

The concepts and relationships in the PM are illustrated in Figure 2-10:

Figure 2-10. Policy Model

2.3.4.1 Audit Guard

2.3.4.1.1 Definition

An audit guard is a mechanism used on behalf of an owner that monitors actions and
agents to verify the satisfaction of obligations.
2.3.4.1.2 Relationships to other elements

a audit guard is a

a policy guard

an audit guard may monitor

one or more resources.

an audit guard may monitor

actions relative to one or more services.

an audit guard may determine

if an agent's obligations have been discharged.

2.3.4.1.3 Explanation

An audit guard is an enforcement mechanism. It is used to monitor the discharge of

obligations. The role of the audit guard is to monitor that agents, resources and services
are consistent with any associated obligations established by the service's owner or
manager.

Typically, an audit guard monitors the state of a resource or a service, ensuring that the
obligation is satisfied. It determines whether the associated obligations are satisfied.

By their nature, it is not possible to proactively enforce obligations; hence, an obligation

violation may result in some kind of retribution after the fact of the violation.

2.3.4.2 Domain

2.3.4.2.1 Definition

A domain is an identified set of agents and/or resources that is subject to the constraints
of one of more policies.
2.3.4.2.2 Relationships to other elements

A domain is

a collection of agents and/or resources.

A domain defines

the scope of application of one or more policies

2.3.4.2.3 Explanation

A domain defines the scope of applicability of policies. A domain may be defined

explicitly or implicitly. Members of an explicitly defined domain are enumerated by a
central authority; members of an implicitly defined domain are not. For example,
membership in an implicitly defined domain may depend on the state of the agent or
something it possesses, and thus may be dynamic.

2.3.4.3 Obligation

2.3.4.3.1 Definition

An obligation is a kind of policy that prescribes actions and/or states of an agent and/or
resource.
2.3.4.3.2 Relationships to other elements

an obligation is a

kind of policy

an obligation may require

an agent to perform one or more actions

an obligation may require

an agent or service to be in one or more allowable states

an obligation may be discharged

by the performance of an action or other event.

2.3.4.3.3 Explanation

An obligation is one of two fundamental types of policies. When an agent has an

obligation to perform some action, then it is required to do so. When the action is
performed, then the agent can be said to have satisfied its obligations.

Not all obligations relate to actions. For example, an agent providing a service may have
an obligation to maintain a certain state of readiness. (Quality of service policies are often
expressed in terms of obligations.) Such an obligation is typically not discharged by any
of the obligee's actions; although an event (such as a certain time period expiring) may
discharge the obligation.

Obligations, by their nature, cannot be proactively enforced. However, obligations are

associated with enforcement mechanisms: audit guards. These monitor controlled
resources and agents and may result in some kind of retribution; retributions are not
modeled by this architecture.

An obligation may continue to exist after its requirements have been met (for example, an
obligation to maintain a particular credit card balance), or it may be discharged by some
action or event.

2.3.4.4 Permission

2.3.4.4.1 Definition

A permission is a kind of policy that prescribes the allowed actions and states of an agent
and/or resource.
2.3.4.4.2 Relationships to other elements

a permission is a

type of policy

a permission may enable

one or more actions

a permission may enable

one or more allowable states

2.3.4.4.3 Explanation

A permission is one of two fundamental types of policies. When an agent has permission
to perform some action, to access some resource, or to achieve a certain state, then it is
expected that any attempt to perform the action etc., will be successful. Conversely, if an
agent does not have the required permission, then the action should fail even if it would
otherwise have succeeded.

Permissions are enforced by guards, in particular permission guards, whose function is to

ensure that permission policies are honored.

2.3.4.5 Permission Guard

2.3.4.5.1 Definition

A permission guard is a mechanism deployed on behalf of an owner to enforce

permission policies.
2.3.4.5.2 Relationships to other elements
a permission guard is a

a policy guard

a permission guard is a

a mechanism that enforces permission policies

a permission guard may control

one or more resources.

a permission guard enables

actions relative to one or more services.

2.3.4.5.3 Explanation

A permission guard is an enforcement mechanism that is used to enforce permission

policies. The role of the permission guard is to ensure that any uses of a service or
resource are consistent with the policies established by the service's owner or manager.

Typically, a permission guard sits between a resource or service and the requester of that
resource or service. In many situations, it is not necessary for a service to be aware of the
permission guard. For example, one possible role of a message intermediary is to act as a
permission guard for the final intended recipient of messages.

A permission guard acts by either enabling a requested action or access, or by denying it.
Thus, it is normally possible for permission policies to be proactively enforced.

2.3.4.6 Person or Organization

2.3.4.6.1 Definition

A person or organization may be the owner of agents that provide or request Web
services.
2.3.4.6.2 Relationships to other elements

a person or organization may own

an agent

a person or organization may belong to

a domain
a person or organization may establish

policies governing resources that they own

2.3.4.6.3 Explanation

The WSA concept of person or organization is intended to refer to the real-world people
that are represented by agents that perform actions on their behalf. All actions considered
in this architecture are ultimately rooted in the actions of humans.

2.3.4.7 Policy

2.3.4.7.1 Definition

A policy is a constraint on the behavior of agents or people or organizations.

2.3.4.7.2 Relationships to other elements

a policy is a

constraint on the allowable actions or states of an agent or person or organization

a policy may have

an identifier

a policy may be described

in a policy description

a policy may define

a capability
2.3.4.7.3 Explanation

A policy is a constraint on the behavior of agents as they perform actions or access

resources.

There are many kinds of policies, some relate to accessing resources in particular ways,
others relate more generally to the allowable actions an agent may perform: both as
provider agents and as requester agents.

Logically, we identify two types of policy: permissions and obligations.

Although most policies relate to actions of various kinds, it is not exclusively so. For
example, there may be a policy that an agent must be in a certain state (or conversely may
not be in a particular state) in relation to the services it is requesting or providing.
Closely associated with policies are the mechanisms for establishing policies and for
enforcing them. This architecture does not model the former.

Policies have applications for defining security properties, quality of service properties,
management properties and even application properties.

2.3.4.8 Policy Description

2.3.4.8.1 Definition

A policy description is a machine-processable description of a policy or set of policies.

2.3.4.8.2 Relationships to other elements

a policy description describes

a policy
2.3.4.8.3 Explanation

A policy description is a machine processable description of some constraint on the

behavior of agents as they perform actions, access resources.

The policy description itself is not the policy, but it may define the policy and it may be
used to determine if the policy applies in a given situation.

Policy descriptions may include specific conditions, such as "agents of XXX Co. may
access files in directory FFF". They may also include more general rules, such as "if an
entity has the right to access files in the directory FFF, it also has the obligation to close
them after 20 seconds.".

2.3.4.9 Policy Guard

2.3.4.9.1 Definition

A policy guard is a mechanism that enforces one or more policies. It is deployed on

behalf of an owner.
2.3.4.9.2 Relationships to other elements

a policy guard has

an owner responsible for establishing the guard

2.3.4.9.3 Explanation

A policy guard is an abstraction that denotes a mechanism that is used by owners of

resources to enforce policies.
The architecture identifies two kinds of policy guards: audit guards and permission
guards. These relate to the core kinds of policies (obligation and permission policies
respectively).

2.4 Relationships

This section defines terms that appear in our architectural models but are not specific to
Web services or Web services architecture. However, they are defined here to help clarify
our use of these terms in this document.

2.4.1 The is a relationship

2.4.1.1 Definition

The X is a Y relationship denotes the relationship between concepts X and Y, such that
every X is also a Y.

2.4.1.2 Relationships to other elements

Assuming that X is a Y, then:

true of

if P is true of Y then P is true of X

contains

if Y has a P then X has a Q such that Q is a P.

transitive

if P is true of Y then P is true of X

2.4.1.3 Explanation

Essentially, when we say that concept X is a Y we mean that every feature of Y is also a
feature of X. Note, however, that since X is presumably a more specific concept than Y,
the features of X may also be more specific variants of the features of Y.

For example, in the service concept, we state that every service has an identifier. In the
more specific Web service concept, we note that a Web service has an identifier in the
form of a URI identifier.

2.4.2 The describes relationship

2.4.2.1 Definition
The concept Y describes X if and only if Y is an expression of some language L and that
the values of Y are instances of X.

2.4.2.2 Relationships to other elements

Assuming that Y describes X, then: if Y is a valid expression of L, then the values of Y are
instances of concept X

2.4.2.3 Explanation

Essentially, when we say that Y describes concept X we are saying that the expression Y
denotes instances of X.

For example, in the service description concept, we state that service descriptions are
expressed in a service description language. That means that we can expect legal
expressions of the service description language to be instances of the service description
concept.

2.4.3 The has a relationship

2.4.3.1 Definition

Saying that "the concept X has a Y relationship" denotes that every instance of X is
associated with an instance of Y.

2.4.3.2 Relationships to other elements

Assuming that X has a Y, then: if E is an instance of X then Y is valid for E.

2.4.3.3 Explanation

When we say that "concept X has a Y" we mean that whenever we see an X we should
also see a Y

For example, in the Web service concept, we state that Web services have URI identifiers.
So, whenever the Web service concept is found, we can assume that the Web service
referenced has an identifier. This, in turn, allows implementations to use identifiers to
reliably refer to Web services. If a given Web service does not have an identifier
associated with it, then the architecture has been violated.

2.4.4 The owns relationship

2.4.4.1 Definition

The relationship "X owns Y" denotes the relationship between concepts X and Y, such that
every X has the right and authority to control, utilize and dispose of Y.
2.4.4.2 Relationships to other elements

Assuming that X owns Y, then:

policy

X has the right to establish policies that constrain agents and other entities in their
use of Y

disposal

X has the right to transfer some or all of his rights with respect to Y to another
entity.

transitive

if P is true of Y then P is true of X

2.4.4.3 Explanation

Essentially, when we say that X owns Y we mean that X has a significant set of rights with
respect to Y, and that those rights are transferrable.

In general, ownership is partial, and there may be many entities that have rights with
respect to some service or resource.

2.4.5 The realized relationship

2.4.5.1 Definition

The statement "concept X is realized as Y" denotes that the concept X is an abstraction of
the concept Y. An equivalent view is that the concept X is implemented using Y.

2.4.5.2 Relationships to other elements

Assuming that X is realized as Y, then:

implemented

if Y is present, or true of a system, then the concept X applies to the system

reified

Y is a reification of the concept X.

2.4.5.3 Explanation
When we say that the concept or feature X is realized as Y, we mean that Y is an
implementation or reification of the concept X. I.e., if Y is a valid concept of a system
then we have also ensured that the concept X is valid of the same system.

For example, in the correlation feature, we state that message correlation requires that we
associate identifiers with messages. This can be realized in a number of ways —
including the identifier in the message header, message body, in a service binding and so
on. The message identifier is a key to the realization of message correlation.

3 Stakeholder's Perspectives
This section examines the architecture from various perspectives, each perspective
representing one coherent view of the architecture. For example, security represents one
major stakeholder's perspective of the architecture itself.

3.1 Service Oriented Architecture

3.1.1 Distributed Systems

A distributed system consists of diverse, discrete software agents that must work together
to perform some tasks. Furthermore, the agents in a distributed system do not operate in
the same processing environment, so they must communicate by hardware/software
protocol stacks over a network. This means that communications with a distributed
system are intrinsically less fast and reliable than those using direct code invocation and
shared memory. This has important architectural implications because distributed systems
require that developers (of infrastructure and applications) consider the unpredictable
latency of remote access, and take into account issues of concurrency and the possibility
of partial failure [Dist Comp].

Distributed object systems are distributed systems in which the semantics of object
initialization and method invocation are exposed to remote systems by means of a
proprietary or standardized mechanism to broker requests across system boundaries,
marshall and unmarshall method argument data, etc. Distributed objects systems typically
(albeit not necessarily) are characterized by objects maintaining a fairly complex internal
state required to support their methods, a fine grained or "chatty" interaction between an
object and a program using it, and a focus on a shared implementation type system and
interface hierarchy between the object and the program that uses it.

A Service Oriented Architecture (SOA) is a form of distributed systems architecture that

is typically characterized by the following properties:

 Logical view: The service is an abstracted, logical view of actual programs,

databases, business processes, etc., defined in terms of what it does, typically
carrying out a business-level operation.
 Message orientation: The service is formally defined in terms of the messages
exchanged between provider agents and requester agents, and not the properties of
 the agents themselves. The internal structure of an agent, including features such
as its implementation language, process structure and even database structure, are
deliberately abstracted away in the SOA: using the SOA discipline one does not
and should not need to know how an agent implementing a service is constructed.
A key benefit of this concerns so-called legacy systems. By avoiding any
knowledge of the internal structure of an agent, one can incorporate any software
component or application that can be "wrapped" in message handling code that
allows it to adhere to the formal service definition.

 Description orientation: A service is described by machine-processable meta data.

The description supports the public nature of the SOA: only those details that are
exposed to the public and important for the use of the service should be included
in the description. The semantics of a service should be documented, either
directly or indirectly, by its description.

 Granularity: Services tend to use a small number of operations with relatively

large and complex messages.

 Network orientation: Services tend to be oriented toward use over a network,

though this is not an absolute requirement.

 Platform neutral: Messages are sent in a platform-neutral, standardized format

delivered through the interfaces. XML is the most obvious format that meets this
constraint.

3.1.2 Web Services and Architectural Styles

Distributed object systems have a number of architectural challenges. [Dist Comp] and
others point out:

 Problems introduced by latency and unreliability of the underlying transport.

 The lack of shared memory between the caller and object.

 The numerous problems introduced by partial failure scenarios.

 The challenges of concurrent access to remote resources.

 The fragility of distributed systems if incompatible updates are introduced to any

participant.

These challenges apply irrespective of whether the distributed object system is

implemented using COM/CORBA or Web services technologies. Web services are no less
appropriate than the alternatives if the fundamental criteria for successful distributed
object architectures are met. If these criteria are met, Web services technologies may be
appropriate if the benefits they offer in terms of platform/vendor neutrality offset the
performance and implementation immaturity issues they may introduce.
Conversely, using Web services technologies to implement a distributed system doesn't
magically turn a distributed object architecture into an SOA. Nor are Web services
technologies necessarily the best choice for implementing SOAs -- if the necessary
infrastructure and expertise are in place to use COM or CORBA as the implementation
technology and there is no requirement for platform neutrality, using SOAP/WSDL may
not add enough benefits to justify their costs in performance, etc.

In general SOA and Web services are most appropriate for applications:

 That must operate over the Internet where reliability and speed cannot be
guaranteed;
 Where there is no ability to manage deployment so that all requesters and
providers are upgraded at once;

 Where components of the distributed system run on different platforms and

vendor products;

 Where an existing application needs to be exposed for use over a network, and
can be wrapped as a Web service.

3.1.3 Relationship to the World Wide Web and REST Architectures

The World Wide Web operates as a networked information system that imposes several
constraints: Agents identify objects in the system, called resources, with Uniform
Resource Identifiers (URIs). Agents represent, describe, and communicate resource state
via representations of the resource in a variety of widely-understood data formats (e.g.
XML, HTML, CSS, JPEG, PNG). Agents exchange representations via protocols that use
URIs to identify and directly or indirectly address the agents and resources. [Web Arch]

An even more constrained architectural style for reliable Web applications known as
Representation State Transfer (REST) has been proposed by Roy Fielding and has
inspired both the W3C Technical Architecture Group's architecture document [Web Arch]
and many who see it as a model for how to build Web services [Fielding]. The REST Web
is the subset of the WWW (based on HTTP) in which agents provide uniform interface
semantics -- essentially create, retrieve, update and delete -- rather than arbitrary or
application-specific interfaces, and manipulate resources only by the exchange of
representations. Furthermore, the REST interactions are "stateless" in the sense that the
meaning of a message does not depend on the state of the conversation.

We can identify two major classes of Web services:

 REST-compliant Web services, in which the primary purpose of the service is to

manipulate XML representations of Web resources using a uniform set of
"stateless" operations; and
 arbitrary Web services, in which the service may expose an arbitrary set of
operations.
Both classes of Web services use URIs to identify resources and use Web protocols (such
as HTTP and SOAP 1.2) and XML data formats for messaging. (It should be noted that
SOAP 1.2 can be used in a manner consistent with REST. However, SOAP 1.2 can also
be used in a manner that is not consistent with REST.)