Tech Brief
Authentication Service
Defining a Web service with WSDL and XML Schema.
Developers of today's Web-oriented architectures are presented with a formidable challenge in securing their data against Internet fraud and complying with federal legislation. Equifax Inc., a credit-reporting entity and provider of analytical and decision-support tools, has developed a real-time authentication system to help financial and other e-commerce institutions confirm user identities before initiating secure transactions.
The authentication Web service is an advanced SOAP interface defined by Web Service Description Language (WSDL) and XML Schema that allows external applications to access Equifax's back-end data stores, exposing them as a Web service and enabling third-party institutions to retrieve secure information without jeopardizing the integrity of the Equifax mainframe.
[click image for larger view] |
| FIG. 1: A graphical view of WSDL, the XML language that defines the ports and messages that make up the communication infrastructure of the authentication service. |
Authentication Process
The authentication process was designed for use within online applications to authenticate a user's identity based on answers to personalized questions drawn from Equifax's extensive data stores.
It works as follows:
Integrity Check
The service standardizes and screens applicant-provided information to test for data inconsistencies and irregularities.
Pattern Recognition
A pattern-recognition algorithm is conducted on each transaction. For example, a velocity parameter determines the number of times an applicant has applied for authentication in a specific time frame.
Identity Validation
To confirm an identity's legitimacy, the authentication process uses a waterfall approach in gathering validation information from multiple data sources. This means that if the identity can't be validated with the first data source, it will proceed to the next data source until the identity is validated.
Interactive Query
The Web service presents multiple-choice questions to the applicant based upon "shared secret" information that should only be known to the applicant and Equifax. The question sets are customizable to meet individual risk thresholds.
Decision Logic/Output Assessment
There are two output components: an assessment score and reason codes. The assessment score indicates the likelihood of an applicant presenting fraudulent information, while reason codes provide important details on questionable information and highlight any discrepancies between the consumer's application information and Equifax data sources.
The authentication service relies on the SOAP protocol to send messages defining these interactions back and forth between the client interface and the Equifax servers. Third-party institutions license the SOAP interface for use within their online application processes, enabling them to integrate its functionality and access information contained in Equifax's databases.
XML Schema Development
To create the Web Service, Equifax used an XML Schema editor to design the XML Schema Definitions (XSDs). These schemas define the data types for the SOAP messages, as well as for the WSDL documents that describe the SOAP interface as a whole.
Because a large portion of the data retrieved and submitted by the Web service relies on end-user input in the form of variable data types-name, address, phone number, etc.-it's vital that this information is in a format that can be digested by the system. XML Schema provides the syntax and dictates the structure of the data that's transmitted by the authentication service. The use of a graphical XML Schema editor enabled the Equifax development team to create and maintain a complex schema definition without writing any code manually. They were also able to auto-generate readable documentation that describes each element and attribute in detail, allowing them to present the architecture for review at any time during the development process.
Automatic WSDL
WSDL is an XML language that serves as the basis for the authentication application, defining the ports and messages that make up the communication infrastructure of the Web service. The processes executed by the service are described by a WSDL that incorporates the XML Schema to provide information about data types, functions and other interface details to the client-defining and dictating the actions taken to transmit information between the end user and the Equifax database servers.
Equifax chose to use a Java SOAP framework to generate the WSDL document. The XML Schema was used as the basis for an XMLBeans implementation, which was then compiled as a Java service class. Once the authentication service was exposed, a WSDL was automatically created.
Developers can simplify Web service creation by auto-generating a WSDL from XML Schema. This approach enabled the Equifax dev team was able to focus on their Java implementation, rather than the intricacies of XML Schema and WSDL design.
About the Author
Liz Andrews is the technical marketing manager at Altova Inc. She is also one of the authors of the Altova blog.