Fig-4: Front End calls Web Service, passing through 4 enforcement points (callouts, per Fig-2.2 of D7.1).
Fig-4: Front End calls Web Service, passing through 4 enforcement points (callouts, per Fig-2.2 of D7.1).
Considering Fig-4, a Front End (FE) is composed of a Web GUI, a Web Application (the payload of the front end), and a Service Requester module which is used to call Web Services. The counter part of the Service Requester is the Service Responder module of the Web Service.
Service Requester is a software module that encapsulates the mechanics of performing a Web Service call. An implementation of the Service Requester module will be provided as a deliverable of the TAS3 Project. However, it is possible to implement this independently as long as all requirements prescribed here are maintained.
Service Responder is a software module that encapsulates the mechanics of accepting a Web Service call and responding to it. An implementation of the Service Responder module will be provided as a deliverable of the TAS3 Project. However, it is possible to implement this independently as long as all requirements prescribed here are maintained.
Traffic Lights
PEPOut-Rq. Service Requester Outbound Policy Enforcement Point (PEP). This PEP is used to check whether data can be submitted to the Web Service, or whether the call can be made at all. The PEP will contact organization's Master PDP to obtain a policy decision.
PEPIn-Rs. Service Responder Inbound PEP. This PEP is used to check whether data or call can be accepted by the Web Service. It also records what obligations and policies does the Service Requester pledge to honour. These will be checked later by PEPOut-Rs.
PEPOut-Rs. Service Responder Outbound PEP. This PEP is used to filter the data on responder side and to perform any responder obligations attached to the data. In particular, the pledges recorded by PEPIn-Rs are checked against obligations and sticky policies attached to the data and if found unsatisfiable either data is filtered out or operation aborted. If no data can be returned, an error response will still be returned.
PEPIn-Rq. Service Requester Inbound PEP. This PEP is used to extract and perform or record for later performance any obligations attached to the response.
Recursive Call
As shown in Fig-5, it is possible to chain web services calls, such that the application layer of upstream server may invoke as client a down stream service. There is no difference whether the Service Requester module resides in right hand side of a Front End or a Web Service, turned into Web Services Client (WSC). This pattern can be repeated in any tree topology to any depth of call - however in practical implementation the call depth MAY be limited to 7 to avoid infinite recursion.
Fig-5: Recursive Web Service calls.