Can Web services be used as a middle tier? How can we do it? How are the transactions carried on?
The Middle Tier, as defined in my book, Mastering Web Services Security, is that area that lies between the perimeter/DMZ and the legacy or back office tier. Assuming that this is the your definition, Web services are suitable for the middle tier as well as other situations. Web services is a multi-hop messaging protocol that is designed to send messages between companies and between multiple applications within a target company.
The best way to use Web services in the middle tier is to use the frameworks supplied by vendors such as IBM, Microsoft, Sun, BEA, Novell and others. For example, if you are a Microsoft shop, download their latest .NET framework or if you are an IBM shop download the latest WebSphere implementation. Both of these frameworks enable you to use Web services in the middle tier. One of the advantages of Web services is that it is interoperable between vendors. Therefore you can generate a Web services message using one vender and send it to a receiver using another vendor's implementation. You can, of course, construct your own Web services framework, but this is not recommended.
As far as transactions, the sender constructs a SOAP message, using one of the frameworks and usually using HTTP sends the message to a receiver who interprets the message also using one of the frameworks. The framework uses two other parts of Web services, WSDL and XML Schema. WSDL is an XML document that describes the elements of the message, thus assisting the sender in constructing the message and the receiver in interpreting the message. An XML schema defines the syntax of the message, which can be used to check its format. For example, the schema can be used to determine that this element should be an integer or this element must contain a name and address. Both WSDL and XML Schema capabilities are supplied in the various vendors' frameworks.
The frameworks construct and interpret the elements of the message in the form, name/value pairs. There may also be some attributes associated with the name. An example might be a request to purchase a stock with Name "IBM" and Value "96" with Attributes "market order" and number of shares 100. The recipient of this request must then have code beyond the framework to carry out the purchase of 100 shares of IBM at 96 and, using its Web services framework, send a Web services confirmation of the purchase.
Dig Deeper on Securing services
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.