Message Exchange Patterns
The following tables summarize the MEPs supported by the different SWIM-TI Yellow Profile Service Bindings, based either on primitive MEPs or application MEPs.
Traceability of Primitive MEPs
|
|
SWIM-TI Fire-and-Forget
|
SWIM-TI Synchronous R/R
|
|
WS Light
|
NO
|
YES
|
|
WS SOAP
|
NO
|
YES
|
|
WS SOAP with Basic Message Security
|
NO
|
YES
|
|
WS SOAP with Message Security
|
NO
|
YES
|
|
WS SOAP with Federated Security
|
NO
|
YES
|
|
AMQP Messaging
|
YES
|
NO
|
NOTE: WS-Notification is an application level protocol built on top of WS SOAP, it provides support for Publish/Subscribe application MEPs.
Traceability of application MEPs
Application MEPs are composed of adequate combinations of the Primitive MEPs. An implementer can build Application MEPs as illustrated in reference [2] using suitable Primitive MEP combinations.
For example:
-
The Application Fan-Out MEP can be implemented using AMQP Messaging which supports the SWIM-TI Fire-and-Forget.
-
The Application Publish/Subscribe Push MEP can be implemented as:
-
WS-Light for the Request/Response exchange (subscription) and AMQP Messaging for the Fan-Out exchange (publication) or,
-
WS SOAP for the Request/Response exchange (subscription) and AMQP Messaging for the Fan-Out exchange (publication) or,
-
WS-Notification SOAP for both interfaces or,
-
AMQP Messaging for both interfaces…
Security
This section provides a classification of the Service Bindings according to the security characteristics provided by each Service Binding;
-
Confidentiality,
-
Integrity and
-
Authentication mechanisms.
WS Light
Confidentiality
The WS Light Service Binding guarantees point-to-point confidentiality of the information at transport layer using TLS 1.2.
Integrity
The WS Light Service Binding guarantees point-to-point integrity of the information at transport layer using TLS 1.2.
Authentication
The WS Light Service Binding provides the following options for authentication:
Mutual authentication with X.509
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
TLS
|
|
Authenticator
|
X.509 certificates
|
X.509 certificates
|
Server authentication with X.509 and Client authentication with Username/Password
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
HTTP
|
|
Authenticator
|
X.509 certificates
|
Username/Password
|
Server authentication with X.509 and anonymous client authentication
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
None
|
|
Authenticator
|
X.509 certificates
|
Anonymous
|
WS(-N) SOAP
Confidentiality
The WS(-N) SOAP Service Binding guarantees point-to-point confidentiality of the information at transport layer using TLS 1.2.
Integrity
The WS(-N) SOAP Service Binding guarantees point-to-point integrity of the information at transport layer using TLS 1.2.
Authentication
The WS(-N) SOAP Service Binding provides the following options for authentication:
Mutual authentication with X.509
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
TLS
|
|
Authenticator
|
X.509 certificates
|
X.509 certificates
|
Server authentication with X.509
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
None
|
|
Authenticator
|
X.509 certificates
|
Anonymous
|
WS(-N) SOAP with Basic Message Security
Confidentiality
The WS SOAP with Basic Message Security and WS-N with Basic Message Security Service Bindings guarantee point-to-point confidentiality of the information at transport layer using TLS 1.2.
Integrity
The WS SOAP with Basic Message Security and WS-N with Basic Message Security Service Bindings guarantee point-to-point integrity of the information at transport layer using TLS 1.2.
Authentication
The WS SOAP with Basic Message Security and WS-N with Basic Message Security Service Bindings provide the following options for authentication:
Mutual authentication with X.509 and Client Authentication with Username/Password
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
TLS
|
SOAP
|
|
Authenticator
|
X.509 certificates
|
X.509 certificates
|
WSSE
Username
|
Server authentication with X.509 and Client Authentication with Username/Password
|
|
Server
|
Client
|
|
Protocol
|
Transport
|
SOAP
|
|
Authenticator
|
X.509 certificates
|
WSSE Username
|
WS(-N) SOAP with Message Security
Confidentiality
The WS SOAP with Message Security and WS-N SOAP with Message Security Service Bindings may provide end-to-end confidentiality of the information at message layer using WS-Security and XML Encryption.
Integrity
The WS SOAP with Message Security and WS-N SOAP with Message Security Service Bindings guarantee the end-to-end integrity of information at message layer using WS-Security and XML Digital Signature.
Authentication
The WS SOAP with Message Security and WS-N with Message Security Service Bindings provide the following options for authentication:
Mutual authentication with X.509
|
|
Server
|
Client
|
|
Protocol
|
SOAP
|
SOAP
|
|
Authenticator
|
WSSE X.509
|
WSSE X509
|
WS(-N) SOAP with Federated Security
Confidentiality
The WS SOAP with Federated Security and WS-N SOAP with Federated Security Service Bindings may provide end-to-end confidentiality of the information at message layer using WS-Security and XML Encryption.
Integrity
The WS SOAP with Federated Security and WS-N SOAP with Federated Security Service Bindings guarantee the end-to-end integrity of information at message layer using WS-Security and XML Digital Signature.
Authentication
The WS SOAP with Message Security and WS-N with Message Security Service Bindings provide the following options for authentication:
Mutual authentication with X.509
|
|
Server
|
Client
|
|
Protocol
|
SOAP
|
SOAP
|
|
Authenticator
|
WSSE X.509
|
WSSE X509
|
Mutual authentication with X.509
|
|
Server
|
Client
|
|
Protocol
|
SOAP
|
SOAP
|
|
Authenticator
|
WSSE SAML
|
WSSE SAML
|
AMQP Messaging
Confidentiality
The AMQP Messaging Service Binding guarantees point-to-point confidentiality of the information at transport layer using TLS 1.2.
Integrity
The AMQP Messaging Service Binding guarantees point-to-point integrity of the information at transport layer using TLS 1.2.
Authentication
The AMQP Messaging Service Binding provides the following options for authentication:
Mutual authentication with X.509
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
TLS
|
|
Authenticator
|
X.509 certificates
|
X.509 certificates
|
Server authentication with X.509 and Client authentication with Username/Password
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
SASL
|
|
Authenticator
|
X.509 certificates
|
Username/Password
|
Server authentication with X.509 and anonymous Client authentication
|
|
Server
|
Client
|
|
Protocol
|
TLS
|
SASL
|
|
Authenticator
|
X.509 certificates
|
Anonymous
|
Performance
Reliability
The different SWIM TI YP Service Bindings provide varying degrees of message reliability, this enables implementers to select the Service Binding that best fits their needs.
All the SWIM TI Yellow Profile Service Bindings are layered on top of TCP which is a reliable transport protocol, ensuring delivery and order of the packages. On top of TCP, the Service Bindings might provide additional reliability controls. The following table provides a summary:
|
|
Reliability
|
Protocol
|
Details
|
|
WS Light
|
N/A
|
N/A
|
N/A
|
|
WS SOAP
|
Optional
|
WS-ReliableMessaging
|
3 QoS (
AtLeastOnce, AtMostOnce, OnlyOnce
) and
InOrder
assurance
|
|
WS SOAP with Basic Message Security
|
Optional
|
WS-ReliableMessaging
|
3 QoS (
AtLeastOnce, AtMostOnce, OnlyOnce
) and
InOrder
assurance
|
|
WS SOAP with Message Security
|
Optional
|
WS-ReliableMessaging
|
3 QoS (
AtLeastOnce, AtMostOnce, OnlyOnce
) and
InOrder
assurance
|
|
WS SOAP with Federated Security
|
Optional
|
WS-ReliableMessaging
|
3 QoS (
AtLeastOnce, AtMostOnce, OnlyOnce
) and
InOrder
assurance
|
|
WS-N SOAP
|
Optional
|
WS-ReliableMessaging
|
3 QoS (
AtLeastOnce, AtMostOnce, OnlyOnce
) and
InOrder
assurance
|
|
WS-N SOAP with Basic Message Security
|
Optional
|
WS-ReliableMessaging
|
3 QoS (
AtLeastOnce, AtMostOnce, OnlyOnce
) and
InOrder
assurance
|
|
WS-N SOAP with Message Security
|
Optional
|
WS-ReliableMessaging
|
3 QoS (
AtLeastOnce, AtMostOnce, OnlyOnce
) and
InOrder
assurance
|
|
WS-N SOAP with Federated Security
|
Optional
|
WS-ReliableMessaging
|
3 QoS (
AtLeastOnce, AtMostOnce, OnlyOnce
) and
InOrder
assurance
|
|
AMQP Messaging
|
Optional
|
AMQP 1.0
|
2 QoS (
settled
,
unsettled
)
|
Bandwidth Efficiency
The protocol stack of a Service Binding results in certain message overhead (minimum size that is added to each message) that depends on the specific protocols that comprise the Service Binding. These differences are most important when bandwidth resources are constrained or when the typical size of a message is small with respect to the protocol overhead (e.g. small but frequent publications).
The encoding format used for the data also has an impact on the final size of the messages transferred through the wire. Binary encoding typically results in more efficient representations of the data than text based encodings. Inside text-based encodings those that use XML as their data format are particularly verbose in contrast with other text-based alternatives (e.g. JSON).
The following table provides estimates
of the message overhead associated to each Service Binding and the encoding used:
|
|
Encoding
|
Protocol Overhead
|
|
WS Light
|
Text
|
~100 bytes
|
|
WS SOAP
|
Text (XML)
|
~500 bytes
|
|
WS SOAP with Basic Message Security
|
Text (XML)
|
~1 Kbyte
|
|
WS SOAP with Message Security
|
Text (XML)
|
~4 Kbytes
|
|
WS SOAP with Federated Security
|
Text (XML)
|
~4 Kbytes
|
|
WS-N SOAP
|
Text (XML)
|
~500 bytes
|
|
WS-N SOAP with Basic Message Security
|
Text (XML)
|
~1 Kbyte
|
|
WS-N SOAP with Message Security
|
Text (XML)
|
~4 Kbytes
|
|
WS-N SOAP with Federated Security
|
Text (XML)
|
~4 Kbytes
|
|
AMQP Messaging
|
Binary
|
~100 bytes
|
References
-
Eurocontrol SWIM TI Yellow Profile Specification, EUROCONTROL
-
SWIM Technical Infrastructure Message Exchange Patterns Identification Guidelines, EUROCONTROL
Notes