 I was hoping to see a few more people for this one because I thought it's not actually going to be that specific. Right, I forgot to introduce myself last time. I'm Richard Ffetnack-Dunald. I wrote the web services library, which is still something in development, but it's actually used in production codes, so reliable for what it does so far. Right, let's start with web services. For anyone who doesn't know, what are web services? Well, naively they're any web-based service, but there's a standard of web services as definition language, which is what you're really talking about when you say web services in any sort of corporate environment. Web services definition languages is an XML language. It's used by large organisations to present APIs to let other people use their various services. We tend to use it for talking to mobile phone operators. WSDL 1.1, the de facto standard, is, as far as I can tell, what everyone uses. WSDL 2.0 is the recommendation, the actual official standard, and is not completely different, but substantially different with different structures not compatible. What does it do? WSDL provides an abstract service definition for some sort of service you want to offer to other people generally via internet. It has bindings that map the abstract service definition to concrete data encodings and to specific URLs and protocols that you're going to use. It says HTTPS or HTTP or whatever you say, whereabouts the service is. The main targeted binding for WSDL is SOAP, which means that almost everyone maps the abstract service definitions to SOAP calls. In theory, you can use web forms that are mapping to that. You can use XMLRPC, you can use any other mechanism you like. I don't know if there's an XMLRPC mapping that's standard. I should say I'm not claiming to be a great expert on web services. I think you have to be really into standards, bodies and defining things like that to actually get into it that much. The mapping on web services is done by extensibility elements, which are chunks of XML that sit inside other parts of the XML and say this bit is going to be handled by a particular extensibility mechanism. All the different libraries and frameworks that support web services tend to support different subsets of the available extensibility elements, so they're all incompatible. Web services primarily uses SOAP, simple object access protocol, which is a latent light. It's one of the most complex protocols I've ever heard of. It's bloated, and you have to have software to make it manageable really. Either that or you resort to just copying the XML documents and hacking the substitutions for sections of a template XML. The main framework's available are Java and C-Sharp, so they're not much fun if you're an object of C coder. As I said, the different implementations for different incompatible options are largely down to WSBL being designed that way. It's specified to be extensible. I got into this because at work I had to integrate stuff with corporate web services. I just couldn't find free software solutions to do the job in C or object of C. Java was readily available because there's stuff under the name of patching label, I think, really. But using Java from other services is a painful, slow operation. You have to start a virtual machine and run JMI calls to it. So we needed a free object of C or C solution. It's like having an object of C. The Genoestec web services library was written for better performance if you get out of the Java stuff that I was at. Of course we target the most common WSBL setups, specifically the ones I needed to use, of course. But the idea is to make it easy to extend and make the framework more versatile, a couple more options in one way. So the library is written in object of C. It builds with Genoestec make or Apple X code. It's completely portable between the two. In fact, it should run on any system. It implements WSBL 1.1, more or less, just to say, all the way common standard bits. So I think it's been so binding since that's what everyone uses. It can easily be extended to the others, because it's designed with the extensibility elements to be extended to them. It makes it simple to make links without having to use Java or C Java. So the way it works is to parse WSBL documents to produce a tree of objects which can be then examined and modified. You can also generate WSBL documents from a tree of objects, which means it's the possibility of actually writing WSBL editors in the future. In order to support that, we have a lightweight XML tree implementation in there. The main operation that you actually end up doing, hopefully, is telling you a Genoest service object to perform a particular service, to talk to a service and perform an operation. We also provide an XMLRPC calendar. That's purely because I think XMLRPC is a far superior protocol. So if you can possibly do it, you should. So we've got synchronous and asynchronous operations. There's no WSBL extensibility binding for XMLRPC over yet. So it would be nice if someone would contribute that. They'll write one in the future. What that actually means is that you can't take a WSBL document and have it generate the XMLRPC code entirely for you. You've got to do a bit of it yourself. So it's not a big problem. If you don't need to use WSBL and SOAP, just use the XMLRPC. Right. Of course, we provide SOAP in here. You can use it directly for SOAP requests, so you don't have to use it as part of the web services structure. However, the GWS service understands the SOAP extensibility elements in the WSBL and that allows you to invoke a service using SOAP with a minimum of effort. You don't have to fill in details to tell it whether it's supposed to be using literal encoding or not because the WSBL will tell it that for you. Right. So the top of the structure, the tree, is the GWS document. That's initialised from a URL generally, or maybe from a load and file. That downloads or loads in the file, passes it, and creates an instance of the GWS document. That provides methods to examine the context of the document and to modify them so we can edit. It also provides a mechanism to regenerate a WSBL document so you can post out a new version of it. Finally, it provides a registration mechanism for the handlers to deal with WSBL extensibility. Within the document, you have various other objects. At the top level, the GWS document. Inside, you have GWS messages which encapsulate the XML message element in the WSBL document. We've got the GWS port type, which encapsulates the port type from the XML bindings port service. So these are the major components that appear in a WSBL document on that onto objects that we hold in the tree. The GWS message, which is the XML message, is the abstract idea of passing data between 2 and 10 points. It just says here's the server, here's the client. We're passing this data between the two. It can contain documentation, so there's an element in there in the XML document what that message is supposed to be for. That's supposed to be used. It will contain a list of named parts. Those are the actual data items that go to make up that particular message. The GWS port type represents a port type, which is a definition of an endpoint that you might be talking to. So it's the thing that's sitting on the end of a URL that you're going to connect to. Again, it can provide documentation. It always provides a set of named operations. Those are effectively the procedure calls you can make to that endpoint. Each of those operations can consist of an input message, the data you send to it, an output message, the data that comes back to your client, and perhaps a false message to indicate that there's some sort of error. Again, that would come back to your client. A GWS binding, again, each of these bindings has a unique name, so you can refer to them easily in the document. It can contain documentation, but most people don't. It contains extensibility elements, which basically tell you how to handle something, how, whether you're going to use SOC or XMLRPC or whatever. Each binding reference has a particular port type, so it's talking about how that port type is handled, how operations sent to that port. The operations that you already have listed in the port type at this time, rather than just specifying what the operations are in an abstract way, which is what the port type is, this gives you the extensibility element that tells you how those operations are actually managed, how the data is encoded. A port. The concrete example of the endpoint. If the port type tells you what kind of endpoint you've got, the port tells you you have a particular port. It's on this particular URL. You can therefore, given the port, send a message to it. If you've got a SOC extensibility in the GWS port, then that will tell you that the URL you've got to send to is a particular URL, and it can tell you the SOC action header to put in the HTTP request. I think, almost, finally, the GWS service is where all the other information actually comes together. A service represents, again, a particular service element in the XML document, so you can have multiple services within a single document. Each one has a relief name, so you can find the service you want. Again, a service has documentation in the XML, though I've yet to see any in any real WSTL documents. It has a list of all the ports we've got, so that is the port, if you remember, contained, the extensibility that told you the URL you actually had to connect to, and stuff like that, as well as referencing the abstract binding information that it's talking about the port type that it uses. All the huge chain of information that could be represented much more compactly. That's the way WSTL works. The service lists all the ports that it can use, and the GWS service object handles, enfocling an operation on the service. That's actually making a real concrete port to a real server at the other end, getting the data back. That's what you really need to use, and you can use it without a GWS document. Normally, or let's say normally, hopefully you pass a WSTL object into a GWS document, which creates all those other objects I've talked about behind the scenes, and you look at that GWS document for a particular service by name. That service object you start enfocling operations. GWS Elements. Another lightweight class, a small API, represents an XML element, but emits anything that you don't actually need for supporting web services. It's used throughout the library, and it lets us pass trees and unpass trees to serialize and de-serialize information. It's an intermediate stage when we're encoding server requests. Generally, you probably don't need to touch it, it's the list of the main classes. So we've got two important frames left. The extensibility elements and the coders. They don't map directly to anything in XML. The GWS extensibility is not a mapping from one of the XML extensibility elements. It's actually an object that handles dealing with an extensibility element. So you might have, you do have a GWS soap extensibility that provides for handling of soap extensibility elements. Understands what they mean, basically, and adjusts the way we deal with data. Similarly, the GWS codering in soap classes handle the encoding and decoding of the data. So they don't correspond to anything directly in the document. But they will convert from property list format, which is the way we're backing that, actually. I won't say property list format. I'll say a structure of linked objects, a dictionary containing various other objects that describe the parameters you want to pass across to remote service. They're the native internal objectancy representation of your parameters and service results. So the code that takes those, and it converts them into a soap request, is a extensibility object. The way extensibility works is that each extensibility object in the XML of the WSTL document has a namespace associated with it. So what you do is you register a hand for that particular namespace. And when the document is passed, the handler of the namespace receives callbacks from the GWSTL document, telling it about the names the extensibility items is passing, and the handler can then check that those items make sense, check that it understands them. If it's got an extensibility item that it has to understand, and yet it doesn't, it can raise an exception. When a message is sent out by a service, we call the handler again for each of the extensibility elements defined for that service. In that case, the handler doesn't merely validate the XML and check that it understands it. It also takes actions on the basis of that. So it would say, we know that the parameters actually have to be passed in a certain order. We'll define that order for the coder to pass. We know that their sense is literal rather than used with different operative options for you. So it will set in the coder. So obviously implementing that kind of thing is fairly complex, but we have an example in that we have a concrete soap coder. A soap extensibility. The coder's essence encode property list to NSData objects, decode in NSData to a property list. When I wrote that, I was assuming, I guess, a canoe step or anvil audience. So I think I may explain a little more in case that people here are not familiar with either. The term property list in Kerco and NSData is used to describe quite complex data structures consisting of collections, arrays and dictionaries and strings, numbers, dates, booleans. We have a complex network of these objects with a property list. So a coder takes this complex network of objects but actually it's used in fairly simple network of objects because it's generally just a list of parameters and maybe they have some structure. It serialises them. It's a semi abstract class which means it does something because it doesn't do everything that is declared in its API. So it has convenience methods for handling XML encoding, decoding, using GWSM so it can handle the serialisation and deserialisation for an XML document. But it also has other methods for handling the delegation of encoding of specific items. So it does, as I said, the methods for decoding and encoding property lists which are actually handled by a circumstance. OK. So a message is addiction, generally speaking. We add extra keys in our property list in that dictionary to tell the coder how to encode the data. So we have a method here which specifies the method name to encode. The parameters key is the dictionary with the parameters. The order key tells you what order those parameters have to be sent in. An arrow key in a response coming back tells you what the problem was. The XMLRPC encoder is the subclass of the coder and it will take a property list and create an XMLRPC request or a response. Similarly, it will decode any XMLRPC document to a property list. That will actually handle any valid XMLRPC request because XMLRPC is nice and simple. It supports setting the time zone for encoding and decoding the date and time steps because that's about the only thing XMLRPC doesn't really cover. It defines a format for date that doesn't specify the time zone that we agreed between the two end points of a service. The SOAP coder adds yet more keys because SOAP is a whole lot more complex. Right, so this is the body encoding style which can be RPC or document or wrapped. If you're not familiar with SOAP that's really telling you something about the general structure of the SOAP request. But you've got a layout in your XML where if it's a document format everything's near the top level of the XML. It's an RPC format then you've got an XML element to say what the method name is and all the parameters in another XML element a bit further down. So it's something you generally don't have to borrow. Hopefully that information will come from the WSDL document. So you can set it manually using that key or the WSDL document and fill it in for you. Similarly, the use key is encoded or literal tells you something about the way that data is encoded in the XML. Essentially, I remember the right way round encoded means that every element you pass along has to have tight information with it and literal means you pass the element with the data and the other end works out what type it's in, basically. The message header key lets you add header information which is another thing that SOAP adds. The namespace URI and the namespace name key that you assign in URI and the namespace name to your SOAP. The SOAP value key is actually a special case that's not part of the SOAP study so much as it lets you define a dictionary that has extra information in it for you to get more control over how the SOAP study is embedded. I think it's pretty clear that trying to settle that manually for each SOAP request is tedious. If you have a WSDL document, it handles it all. So when you invoke the operation service object calls the extensibility handler and that fills in all those values based on the extensibility information in the XML of the document. It'll even create a code for you. Delegation, we use that for a reasonable amount of years. It's a common practice in OpenSTEP APIs. So the delegate of a coder is an object that handles certain operations for it or is informed of certain operations when they happen. So normally we have a service as the delegate of a coder. If you want to, you can put your own delegates between the service and the coder and then set the messages coming from the coder to the service. If you intercept those messages, you can override the encoding or decoding of any data right of your life. So you've got very fine control over what actually gets sent out to the other end. You can implement custom coding and encoding to deal with bugs or unusual features in a service that you're talking to. The service delegates, normally a service has no delegate and you can set up your own delegate for a service. So it could be notified when it's completed an RPC or it's sent something to the other end if it receives something back. You can be notified when it's about to send something to the other end and you can take the data that it's about to send and completely replace it with something else. Similarly, when a response comes back, you can take the raw data coming from the other end, part it your own way with something that's optimised for part of a particular service. The cert bindings contain the URL to the user in operation. That's in the extensibility for the port, if I remember correctly. Often the URL is wrong. Almost always the URL is wrong. That tends to be, I think, what happens is you've got big organisation, they develop this, they set the URL that they're doing their web service on and then they expose this nice new web service to the rest of the world through a firewall that's using that to change the IP address. So the URL is then wrong. So you have to override it. You can do that by setting the delegate for the service. At the moment when it's about to send the request to the other end, you tell it to use a different URL. Quite straightforward, you can change the state action header in the HTTP request at the same time. Debugging. Well, you've got to have to do that. You can set on, turn debugging on globally for the web service just by turning on a user default. That will do. You can also use a method on the service to turn on debugging for that service which will record all the XML sent and received. So you can look and see exactly what's been done to try and figure out why the other end didn't like it. And that will also turn on debugging in the code of that service to users. You can also set it at the specific code level if you just want to. Turn on or off debugging for that code. Tunisatio. That's a big issue because using web services tends to be very slow. It was really designed to try and make it faster, mostly because the main use iPad for it is sending SMS messages to mobile phones, which occasionally needs you to send out tens of possibly even hundreds of thousands of calls to the web service. Occasionally needs you to send out tens or possibly even hundreds of messages a second. You don't get hundreds of messages a second through a typical web service API no matter what you did, but you can get tens of messages a second. So the code is elegant methods to let you override the encoding and decoding of individual items. That means that if you know that most of the items that you're going to be sending as part of your service request or instance, what you can do is capture them the first time they're generated and just reset the same one again and again so that you save the software, the effort of having to generate those items. Similarly, the service delegate methods let you override the encoding and decoding the entire request. Now, probably you don't want to do that but on the odd occasion when performance really is the issue you can do that. Again, you have the advantage of what the system will do is the first time around it will produce the XML that you need to send and you can then use that as a template for new versions of the XML when you send the next message. The GWS element class has a strange method that's set to literal value which allows you to basically set a string value for that element and that string will be used literally in the serialized XML resulting from it. Again, that's the mechanism of stopping you having to generate the text in the document you can just plug that in directly. It has to be used with caution obviously because if you set a literal value represent value of XML and the other thing that you can do is use a standalone service instance to avoid checking the WSDF so in that case you do have to fill in all those properties for yourselves for yourself as you can avoid more overhead. So what we've given you is something that lets you write see it should let you write service in Objective C as well if you want but that's largely untested because that's not what I need. Your code will run on Koco run with no step on Linux, BSD, Windows and you can actually keep it simple by ignoring almost everything I've talked about. Which is probably a good idea if possible. I think that's it. So Riccardo is going to give you a concrete example of application using using your fabulous web services. So what are we going to see now? It's an example usage of his web services so concretely we access hastepost.com which is a major it's a major on-demand CIM solution leader extension it's not open source but it's commercially used and very widespread. What does it mean it's on-demand? It's mean they call it software as a service so you don't install anything you get your browser looking and walk from everywhere. How do you access that inside? So if you have a CIM solution you can integrate with legacy application with other systems because you need to essentially import and export data. The easiest case is if you use a CIM professional usage you have another solution because it gets much more complex because companies may have to track orders, opportunities leads up to ticket cases, customer support so it can be tons of data but let's think about context because it is easy. Since application doesn't assign your data center, you don't have access to the database so the only way you can get data in or out safe for us or competing solution everything which is on-demand essentially follows the same philosophy is you need to pass their mechanism so they can give you tools and if these tools don't fit you, you need to access the database using APIs. These APIs are exported as web services and here we have a connection. What's the problem? Say source.com supplies you with tools for example for your contact list or exporting, updating doing everything with your data but these are for Windows. So if you have a tool or for example you can take a flat file or a CSV file, an XML file and just pump it up and blow up all your orders in quick time or you can update them, delete them If you need something more customized they provide you with a library for Java or C sharp, I call it .NET majority of .NET users use C sharp So, with those libraries you can write custom applications, you can do for example, websites or other third party vendors that make big integration tools For Objective C no library is absent supply I wonder if I think if I call the customer service say source and tell you I have Objective C I probably don't even know what it is The web services are followed as source standard so it's a complex, verbose and difficult thing which I've explained and the application we think about I have called it database in because you wash your hands with soap and you wash your data with soap Exploits a new set of web assets to encode source requests and decode responses because at the end you speak with request and they give you responses This is the most short summary I can give you Request will be familiar to anybody of you with a database So essentially you are doing queries instead of delete updates There are other requests which are service requests so they actually invoke applications in the application so they are not just accessing table data but for example you can do a login which is the only known database request listed here which is very important and there is a special database request which is the upset which is essentially an update in set so what you typically need to do in a system integration is you have a bunch of orders with a unique ID and you pump them up in your system and you don't want to care if they exist or not Usually what you need to do is first to do an insert and then check what didn't get in and do an update or the other way you do an update what didn't update you get an error file and then you do an insert of what didn't get in says was implemented this upset method I just put it in here as a note so what's the database in short it's an application free open source hosted in the Knustaf application project and the goal is to provide a lot of data loader replacement for the Knustaf environment the spring is such a tool man in two units which is the simple tool says was provided for Windows I cannot have it in my model it's a machine the last for the IPI interaction class which is what I'm writing so I'm writing a class which can talk to say it was having an input which can then be reused that allows it to be used because essentially it's a static tool if you want to have an integration application or you need to have a custom application this class essentially I'm going to write what says was usually provided for other languages here I system where how you talk to says was you send a request the request is for me a dictionary so I can play some data it gets encoded by the web services the soft message and then you get the response the response gets decoded and you have an array with a data so ideally here you have an array with all your names and phone numbers this is plain and simple unfortunately things are not so easy because a web service is and you are everybody and query so you need security and everybody has a fun manner to make security in the case of says was the world login process is done in a complicated way I will explain just because it means it's an example of what code is implemented you have a URL you make a request with a login request and this is a common URL so everybody in the world will query that precise URL even in says process like 20 data centers in the world this URL and you make a login where essentially you have your credentials username, password and a security token because if you are within an organization your username and password are enough if you are outside which is typically the case because you want to have a system on demand because you are above all with your laptop you have a gprs connection unts connection all you are a customer you either need to free up your IP saying this password IP or you insert a token which identifies you uniquely and it gets a set for each password change and it essentially acts as an additional password which means that your client is trusted once you send these three identifying elements it goes to essentially get back a session which means like in most web applications we have an ID for your session for that particular IP which is valid for a certain amount of time what is not written here is that you get also back on your endpoint this your endpoint is where all your further requests will go and this is different each time because for load balancing system outages for every reason each time you get one different and this is what for example discussed not always is your address for example one byte I discovered is that if you do and you can do the whole process either using HTTP or secure HTTP both are possible of course secure connection is because maybe you are sensing sensitive data but what are possible so you can query the first the green, the first then you can do it on the secure or on the non-secure URL the problem is that you should get a new URL which is consistent with what you sent the first time you always get a secure one so if you don't support HTTPS essentially you are not going to send things back so you need to have some example then you have the session ID you keep for all subsequent requests you are going to do in this case the example is just query so I'm going to get some records and I pass a request in this case it's just something which is SQL they call it SQL it's an SQL select from table and you pass a session ID which identifies you from that point on you give it back and ask once the records will query and you ask in caveats because you get an array with types, column names you need to count that with these methods and there is also an imitation because you could query 10,000 objects and you always get 255 records so this is for the record if you want to get more records there is a special query more it is like a query which continues where the previous query left I did not implement this yet so this is in short but with it we send the username and password and talk and receive a valid session ID we send back the SQL like statement the session ID and you receive a record array then you have something in memory and for the moment I arrive at industry standard because everybody has XML which is two variables that I have given a lot of system and I like them so my experience of CSU is a good compromise between performance this next example I want to try to connect right now with the connection we might try it with a client so here we see at the base the projector to this quality here you see the login panel and here you see you just enter your query set the output file so the interface is quite cool at the moment because important things are with me and here we see just the CSU file and file open office and we say we get back the column name, the type and the ID is blank because I did not request it but we always get it back quite easy and simple what's the future for databaseing well first I just implemented login and query because it was hard enough at the point because I did not use the WSPF passing but I called it all by hand with his help but it wasn't finished because when I started this the web services did not support SOAP yet he called it each time I needed a new feature I actually implemented it and I think we got the needed result because actually what we have here is a demonstration that the whole system works because other queries are not more complicated to login and query so the rest is just the long work of typing and coding but my main work is done then other features which the application itself needs is better I'll input an output CSB, reading and writing it's a matter of advice escaping univode characters because whatever you have in your database I can speak of experience because I use several of these commercial tools and each one has its own bugs and quits what I request from the new web services is that at the moment because first if you do a lot of queries you can say I keep your air connection open and just continue to query at the moment it closes open so this is for pipeline connections and this is more important for you for me which I have another problem I actually have that in Gnu step but not in Cog sorry you need to figure out how to if you have few queries which is what you usually do without integration but have a lot of data, the problem is data compression you can essentially zip up your verbose xml request because sof ends up being very very verbose because you have all the type information all the space information each value is encoded the type information attached to it and there are all the tags around it so you end up for sending 10 kilobytes maybe even send twice that amount of data all in plain asking so says for support and some web service framework support data compression I use professional and expensive tools and they don't support it but the official says for tools supported and the performance improvement is really really especially with hot and dark data like contacts where everybody will have full number of different types so essentially that's it we don't have more I could try to launch the application and see if we have network and see this is an instance of says for cmm if somebody wants to test the application says for speed route re-developer environment which has other features the only thing it limits you in the doubt of like 10 megabytes where you can develop test everything but of course you can use it for your enterprise is proven on on new step and thanks to the latest efforts it already runs on the windows so this is very interesting I'm sure somebody here had my credentials and everybody has seen my password so I need to kill you we did not see the debug which I am sure is very very very in the background we had like 2 kilobytes of debugging information which is very useful there is a lot of debugging and then we can actually do it very for example once everything was done the concept is pretty simple the fact is that between the specification of the WSPI I documented what you actually need with the pattern this thing is amazing yes perfectly my demonstration is actually working it's working because actually as you have seen the presentation is pretty much it's short because there is no rocket science behind it the problem is that for example we discovered that many XML decoders on the server hand are very sensitive so they are order sensitive you send your password and your username or your username and your password one walks and the other one not this makes no sense for XML but we discovered that you need for example to implement all the order coding just to get the parameters in the correct order and there are many other quirks like actions empty screening set of nil it's just debugging it's not awful that's it anybody has questions? the WSDL document is supposed to tell you all those things and usually it's right and we now have the code to pass it and actually fill that all in which takes out all the effort of having to remember it and reading it yourself you don't have the WSDL document here because you want to show the document is really really big so it contains specification not for every period but for every response and for every haircut it needs to specify the type so essentially it covers up everything doesn't have any documentation yes you need to guess we went to get the login walk because the login is the most difficult part because you have no interaction with the system because afterwards you can get an error so I just ended up sniffing the HTTP connection and I can measure two different so I have to make it the same so the WSDL document for each element pretty much contains the documentation element which is supposed to make WSDL self documents so how are you supposed to use the service the sales force one doesn't have any documentation no other WSDL that actually has any documentation that's going to go on so it depends upon human beings to put that into the WSDL and in reality people can use it I tried to load the XML document but the connection is already broken so the polytip is free, available and it may be a good starting point because I could use if you don't, that's the next one