Making Web Services Secure: An Introduction - Kelvin Lawrence, IBM
Kelvin is the Co-chair of the OASIS Web Services Security Committee. He started his presentation saying that the goal of the committee is to foster strong and reliable interoperability along with security. He dealt with security at the SOAP message level. The seven aspects of security are, Identification, athentication, authorization, integrity, confidentiality, auditing, and non-repudiation. Kelvin stated the shortfalls of browser-model security and why HTTPS isn't enough. The talk included a review of SOAP. The WS-Security model makes use of existing XML security standards like, PKI, W3C XML Signature, W3C XML Encryption, W3C XKMS (key management service), OASIS SAML (Secure Authorization Markup Language), and OASIS XACML (Access Control Markup Language). Basically WS-Security has added parts to the SOAP message.
Portlets (JSR-168) - Dave Landers, BEA Systems, Inc.
JSR-168, the Portlet specification, was finalized a few weeks ago. Dave explained what a portal is and how portlets relate. Portals aggregate content and portlets are that content or mini-applications. Dave explained that a portal application is part of a WebApp. Portlets cans use Servlets and JSPs to generate markup fragments and they have access to other Servlet container services, along with J2EE services if the WebApp is in a J2EE container. Portlets generate markup fragments, not web pages. Standard Portlets should be portable across Portal vendors. There is a related spec from OASIS called Web Services for Remote Portlets that is not part of JSR-168.
Struts Controller in Action - Gary D. Ashley Jr., 3rd Millenium Visions, Inc.
Gary introduced the Struts framework from the Jakarta Project. He mentioned that version 1.1 includes support for modules and plugins and is now integrated with Tiles. JSTL and EL are also supported in the new version. There is a 1.2.x version in the wings also. Modules help you divide up your project. Plugins provide an extension point to add or enhance functionality. Tiles is a powerful templating engine that allows you to assemble presentation pages from components. Gary mentioned some of the main elements in configuring Struts, including, web.xml, struts-config.xml, tiles-config.xml, validation-config.xml, and messages-text.properties. He then went on to show how these files worked to enable the functionality of his sample application. He demonstrated Digester and Action Mapping.
Web Services and Mobile Devices - Peter Haggar, IBM
Peter is part of a research group inside IBM that has been building Web Services for mobile devices for a year or so. Their work is the foundation for the IBM Web Services Toolkit for Mobile Devices. He demonstrated web services running on Blackberry and Palm devices. He showed samples using Java and C. Mobile devices fall into three categories. WAN (Wide Area Network) with connections to cellular services, LAN (Local Area Network) utilizing 802.11x, and PAN (Personal Area Network) using Bluetooth. Right now no devices exist that can roam through all three. There exists a plethora of features and devices and that limits portability and drives application design. Firewall tunneling is a problem as is security and performance, and a limited range of UI components.