This article explains the TrustedX integration architectures.
TrustedX technology has been conceived, designed and developed, bearing in mind the principal concepts of integration based on SOAs (service-oriented architectures), in the aim of providing a complete set of secure and trustworthy Web services. The objective of TrustedX is to separate the security services and policies from the business processes and the applications (traditionally applications tended to be monolithic); converting the services into common trust services which can be used, in runtime, whenever required.
Even though developers have been implementing SOA with technologies, such as DEC or COBRA, for many years, SOA tended to be exclusively associated with SOAP, WSDL and Web services (commonly known as SOAP/WS).
The term REST (Representational State Transfer) was coined in 2000, by Roy T. Fielding in his doctorate thesis, which has proved to be one of the most influential academic studies in recent years. Some examples of REST Web services (commonly known as REST/WS) are Google Data API, Yahoo, eBay and del.icio.us APIs, just to mention a few of the more widely known ones.
TrustedX integration architectures
One of TrustedX's unique features, is that its services can be integrated into the processes and applications using a great number of programming tools, including the SOAP document/literal style or the REST style.
From an architectural point of view, TrustedX can be used, directly, as aWeb service, or via an integration gateway. Thus, modifications to the existing applications are avoided. Therefore, TrustedX includes an integration gateway that can be programmed by means of XML pipelines.
The following are the different alternatives of integration that TrustedX offers:
- Java API (Application Programming Interface).
TrustedX includes a Java library which can be used by clients to invoke the TrustedX services in the traditional way.
- Using a formal description, WSDL, based on the Digital Signature Service (DSS) OASIS open standard, at a Web service level.
In this case, from the description of the Web service, integration is possible using public domain tools or professional tools, such as, Axis, Xfire, .NET, etc. or using the XPath and XSLT standards as variants. For this reason, the platform includes an exhaustive set of integration examples that use these technologies and which have been tested by Safelayer. This is the strategy adopted by ESB (Enterprise Service Bus), including IBM, Microsoft, BEA, etc.
- At Gateway/Pipeline level.
This innovative integration component, in TrustedX, enables the reception of data from the applications and enables operation in proxy/gateway mode, so that the security methods can be implemented with minimum or no modification of the applications. The data can be received through XML, HTTP, SMTP, JMS, etc. and are processed via an XML pipeline language in order to obtain the expected data output. This output will then be returned to the application or forwarded to another recipient.
This is an important form of integration which is based on W3C's future XProc standard. With this type of integration, the application is completely unaware of any knowledge relating to the security web services, due to the services being moved to the TrustedX server side.