WAP gateway:

What is a WAP Gateway ? : Wireless Application Protocol ( WAP ) is an

open, global specification which empowers mobile users with wireless devices to
easily access and interact with information and services instantly. In common
language, a large number of device manufactures like Nokia, Ericsson, Motorola
and software developers like IBM, Microsoft, Oracle have agreed on one common
standard.

WAP gives mobile phone users access to Internet or web services

through handheld devices. WAP Gateway technology provides a
solution to the growing demand for wireless mobile services across
the world. WAP Gateways act as a bridge between the mobile world
and the Internet and offers wap services like encoding of WML
pages, end-user authentication system, & WML script compiling.

WAP uses the underlying web structure to enable communication

between content providers and mobile devices. This wireless protocol
employs Wireless Markup Language (WML) for application contents
instead of Hypertext Markup Language coding (HTML).

A useful & utility feature of WAP technology is the ability to support

telephony service integrated with micro-browsing of data. WAP
Gateways acts as a proxy between wireless networks & the Internet
while encoding WAP data into byte codes.

What does a Gateway Do?

A WAP Gateway plays many roles in the scheme of turning the WAP model into
working services. A list of just some of the functions of a WAP gateway include the
following:

• implementation of the WAP stack

• converting protocols
• converting markup languages
• compiling WMLScript programs
• encoding WML into a binary bitstream
• providing access control
• caching
• domain name resolution services (DNS)
• security features
WS-Security:

WS-Security (Web Services Security, short WSS) is a flexible and feature-rich

extension to SOAP to apply security to Web services. It is a member of the WS-* family
of web service specifications and was published by OASIS.

The protocol specifies how integrity and confidentiality can be enforced on messages and
allows the communication of various security token formats, such as SAML, Kerberos,
and X.509. Its main focus is the use of XML Signature and XML Encryption to provide
end-to-end security.

Features

WS-Security describes three main mechanisms:

• How to sign SOAP messages to assure integrity. Signed messages provide also
non-repudiation.
• How to encrypt SOAP messages to assure confidentiality.
• How to attach security tokens.

The specification allows a variety of signature formats, encryptions algorithms and

multiple trust domains, and is open to various security token models, such as:

• X.509 certificates
• Kerberos tickets
• UserID/Password credentials
• SAML-Assertion
• Custom defined token

WebLogic Server:

WebLogic Server 7.0 offers a new, integrated approach to solving the overall security problem
for enterprise applications. With this framework, application security becomes a function of the
application infrastructure and is separate from the application itself. Any application deployed
on WebLogic Server (WLS) can be secured either through the security features included with the
server out of the box, by extending the open Security Service Provider Interface to a custom
security solution, or by plugging in other specialized security solutions from major security
vendors that the customer's enterprise standardizes on.
The change cipher spec Protocol:

• The change cipher spec message is sent by both the client and server to notify the
receiving party that subsequent records will be protected under the just-negotiated
CipherSpec and keys.
o It exists to update the cipher suite to be used in the connection.
 o It permits a change in the SSL session occur without having to renegotiate
the connection.
o The message consists of a single byte of value 1.

• There are two states for the change cipher spec message.
o Read Current
o Read Pending

• The change cipher spec message is normally sent at the end of the SSL
handshake.

Roxie's:

Roxie's of Quincy is a one of a kind meat market that prides itself

on fresh, high quality meat and produce at affordable prices. Looking
for something you can’t find, need advice on a purchase, just ask –
customer service is a top priority.

Established in 1957, Roxie’s has over 50 years of experience and

many loyal customers. Our variety of products along with our convenient
location has become a destination grocer for many shoppers. We carry all
the ingredients you need to put together a complete meal in just minutes.
Easy in, easy out!

Holidays, BBQs, Special Occasions or everyday shopping

- you’ll always find what you need at Roxie’s.

History of SOAP:
SOAP once stood for 'Simple Object Access Protocol' but this acronym was dropped
with Version 1.2 of the standard.[1] Version 1.2 became a W3C recommendation on June
24, 2003. The acronym is sometimes confused with SOA, which stands for Service-
oriented architecture; however SOAP is different from SOA.

The SOAP specification

The SOAP specification defines the messaging framework which consists of:

• The SOAP processing model defining the rules for processing a SOAP message
• The SOAP extensibility model defining the concepts of SOAP features and
SOAP modules
• The SOAP underlying protocol binding framework describing the rules for
defining a binding to an underlying protocol that can be used for exchanging
SOAP messages between SOAP nodes
• The SOAP message construct defining the structure of a SOAP message
[edit] SOAP processing model

The SOAP processing model describes a distributed processing model, its participants,
the SOAP nodes and how a SOAP receiver processes a SOAP message. The following
SOAP nodes are defined:

• SOAP sender

A SOAP node that transmits a SOAP message.

• SOAP receiver

A SOAP node that accepts a SOAP message.

• SOAP message path

The set of SOAP nodes through which a single SOAP message passes.

• Initial SOAP sender (Originator)

The SOAP sender that originates a SOAP message at the starting point of a SOAP
message path.

• SOAP intermediary

A SOAP intermediary is both a SOAP receiver and a SOAP sender and is targetable from
within a SOAP message. It processes the SOAP header blocks targeted at it and acts to
forward a SOAP message towards an ultimate SOAP receiver.

• Ultimate SOAP receiver

The SOAP receiver that is a final destination of a SOAP message. It is responsible for
processing the contents of the SOAP body and any SOAP header blocks targeted at it. In
some circumstances, a SOAP message might not reach an ultimate SOAP receiver, for
example because of a problem at a SOAP intermediary. An ultimate SOAP receiver
cannot also be a SOAP intermediary for the same SOAP message.

POST /InStock HTTP/1.1

Host: www.example.org
Content-Type: application/soap+xml; charset=utf-8
Content-Length: nnn

<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
</soap:Header>
<soap:Body>
<m:GetStockPrice xmlns:m="http://www.example.org/stock">
 <m:StockName>IBM</m:StockName>
</m:GetStockPrice>
</soap:Body>
</soap:Envelope>

Advantages

• SOAP is versatile enough to allow for the use of different transport protocols. The
standard stacks use HTTP as a transport protocol, but other protocols are also
usable (e.g., JMS[5], SMTP[6]).
• Since the SOAP model tunnels fine in the HTTP get/response model, it can tunnel
easily over existing firewalls and proxies, without modifications to the SOAP
protocol, and can use the existing infrastructure.

[edit] Disadvantages

• Because of the verbose XML format, SOAP can be considerably slower than
competing middleware technologies such as CORBA. This may not be an issue
when only small messages are sent.[7] To improve performance for the special
case of XML with embedded binary objects, the Message Transmission
Optimization Mechanism was introduced.
• When relying on HTTP as a transport protocol and not using WS-Addressing or
an ESB, the roles of the interacting parties are fixed. Only one party (the client)
can use the services of the other. Developers must use polling instead of
notification in these common cases.

UDDI

(Universal Description Discovery and Integration protocol) A directory model

for web services. UDDI is a specification for maintaining standardized
directories of information about web services, recording their capabilities,
location and requirements in a universally recognized format. Seen (with
SOAP and WSDL) as one of the three foundation standards of web services,
UDDI is currently the least used.

Purpose of UDDI
“A UDDI registry, either for use in the public domain or behind the firewall,
offers a standard mechanism to classify, catalog and manage Web services,
so
that they can be discovered and consumed. “ UDDI V3.0.2”

Basic goals of UDDI

Framework for describing and discovering business services, and service
providers
Defines data structures and APIs for publishing services descriptions to the
registry
and querying the registry Support developers in finding information about
services Determine the security and transport protocols supported by a given
Web service
Support looking for services based on a general keyword

Basic goals of UDDI

Framework for describing and discovering business services, and service

providers
Defines data structures and APIs for publishing services descriptions to the
registry
and querying the registry Support developers in finding information
about services Determine the security and transport protocols supported by a
given Web service Support looking for services based on a general keyword

UDDI Registry keys

Each entity is assigned a unique key V3 allows keys to be defined in a way
that they are unique across registries Now URI-based, patterned on DNS
names UDDI key for UDDI API itself