and of course a very warm welcome to all readers!
I'll start this with a web service design checklist that I've developed based on the experience in a customer project. Ideally, all of these topics are documented for your service, so the source and/or target systems know which standards they have to support and what infrastructure they need.
The checklist provides only little explanation and background information about the topics discussed. I plan to teach class XMWSDICH available at IBM Learning to give more background information.
- Of course you have addressed these, but we put them in here for completeness sake nevertheless.
- Are the possible business and input data faults modeled in your interface?
- Does the service client receive meaningful and concise information in case of an fault/error?
- How many messages per second (per minute) do you expect at average?
- How many messages per second (per minute) do you expect in peak times?
- How large are average messages?
- How large are the largest messages?
- What response times do you require?
(Web Service Engine, service implementation and back-end all have an impact)
- Is your web service server designed to be able to handle this load?
- Does the web service need security at all?
- Do you need Transport Level or Message Level security?
- If SSL is used for Transport Level Security, do you have a Certificate Authority to issue and/or sign SSL certificates?
- Do you require client authentication?
- Do you need the service client's end-users identity or is a system identity sufficient?
- Which technology do you use to propagate identities?
- SSL certificates
- HTTP basic authentication
- If you use WS-Security, which
- message parts are encrypted?
- message parts are digitally signed?
- identity tokens are required?
- Is the web service part of a client transaction? (i.e. does the client perform multiple actions in a transaction, one of them being the web service?
- What happens if the client sends a web service request, but never receives an answer?
- Which version of SOAP do you use?
- SOAP 1.1 is most commonly used
- SOAP 1.2 has been W3C recommendation since 2003
- Are custom SOAP headers used?
- Do you transfer files with web services?
- Do you need to have attachments?
- Transferring large amounts of data in the body of a SOAP message wastes of memory and CPU power
- Use MTOM attachments wherever necessary/possible
- Which transport protocol is used for the web service?
standard is HTTP or HTTPS, also possible are SMTP or JMS/MQ
- Which text encoding is used for the SOAP messages?
- Unless there are strong arguments against it, commit clients to using UTF-8
- Do you require the use of additional WS-* or other standards?
- Is your web service BasicProfile compliant?
- If yes, which version?
- If no, do you have a good reason for not complying?
Anything you do not agree with? anything I forgot? let me know!