Web Services

Web Services are URL addressable resources that expose functionality which can be consumed by other systems. In much the same way a person can use a Web browser to request resources (a Web page) from a Web server, a program running on a remote machine can request, or consume, the functionality made available via a Web Service. xWeb uses the power of web services to allow remote access to features within the NetForum Association Management System (AMS). This allows an organization running NetForum to expose business functionality for use by an external entity, such as a strategic business partner, or internally by other users or groups within the organization.

Web Services are implemented in a platform agnostic manner, using a standards-based approach. This means a system such as NetForum is capable of interacting with a client program (or other Web Service) running on a different operating system and written in a different programming language. Web Services make it possible for these two systems to communicate and integrate without costly, difficult-to-implement solutions that typically require third-party software packages, custom development, and data schema exchange.

The NetForum Web Services are based on the following protocols and tools:

  • TCP/IP-the transmission protocol of the Internet
  • HTTP-a protocol that defines how messages are sent and received
  • SOAP-a protocol that allows complex information to be represented and transferred between two systems
  • WSDL-a language that describes what Web Service is available at a particular location and the information needed to interact with it.

The NetForum Web Services interface exposes key functionality including the ability to interact with any object normally available through the NetForum AMS system. The program of a client or a third party can request XML Schema, insert new records, update existing ones, query NetForum for a list of records meeting a specific criterion, and delete records from the system. There are many conceivable use cases for Web Services and xWeb in particular; for example, an organization that has installed NetForum may decide to allow a third party application to request a member listing based on search criteria.

xWeb Security

NetForum xWeb secure Web Services architecture ensures that the Web Services exposed by xWeb are available only to authorized xWeb Users. Before a secure xWeb Web Service can be accessed, the user (the remote program/machine) must provide a valid user name and password using the Authenticate web method. If the user's authentication fails, access to any other Web Services exposed by xWeb is denied. If the user's credentials are verified, then an authentication token is provided, which is used to verify the identity and authorization level of the requestor when attempts are made to access xWeb functionality.

Moreover, NetForum internal security will permit a program that authenticates in this manner to have a granular level of security within NetForum based on the username with which they authenticate. For example, one vendor authenticating on its username may have permission only to update email addresses, while another vendor authenticating on its own username may have permission only to query membership information. Each username's access level can be tailored and restricted to ensure that the party has only the permissions needed, in order to prevent intentional or accidental access to non-privileged elements in NetForum.

xWeb's built-in security model provides organizations using NetForum xWeb Web Services with a high level of security to ensure only authorized parties can interact with the underlying NetForum framework. See xWeb User Administration for more.

Public Web Methods with Anonymous Access

If you should ever want to publish web services that are open to the whole world (for example, suppose you want to publicize an Event Calendar feed), then baseline xWeb will not work for this. Instead, you (or Avectra) would need to develop a new web service, develop a web method with no type of authentication, and then have this new web method call xWeb and Authenticate within this internal call to xWeb. In Avectra's experience, we do not recall anyone doing this; typically any web services that interact with NetForum have done so only for very specific programs and not for the entire world. One exception is RSS, which is explained in RSS_Publish.

xWeb Facade Object

xWeb enables a developer to interface with NetForum Facade Objects.

A Facade Object is the core object model in NetForum. Each NetForum object is referred to as a Facade Object, in order to distinguish it from a generic object. A Facade Object contains all the data elements of that Object and also can be manipulated with xWeb's basic operations.

A Facade Object can be an Individual, an Organization, an Address, or any other entity in NetForum. A Facade Object always refers to a single entity, for example, one Individual or one Membership.

The word Facade is used to denote that the Facade Object is really a public wrapper around an underlying object. For example, within the deeper NetForum framework, the Individual object is in fact its own special class, but the xWeb service allows an application to reference the Individual object through the more generic and universal representation of a Facade Object.

The Facade Object will, in turn, relay any commands and requests from xWeb to the "real" object behind the Facade Object.

The developer integrating with xWeb need not know the underlying object model of NetForum as xWeb exposes every NetForum object as a generic Facade Object.