UDDI Version 3.0 was released in July 2002. Future versions of UDDI will be built on the foundation of prior versions and incorporate many enhancement requests, including additional security functionality, advanced WSDL support, multiregistry topologies, and a new subscription API.
One of the most significant features that will be incorporated in the next version of UDDI is digital signatures for publishing UDDI entities. These will provide additional data integrity and authentication for UDDI business and service publication. Additionally, queries to a UDDI registry will now support limiting find operations to UDDI entities that have been digitally signed.
This has two advantages. First, when the registry is queried, the caller can determine whether the data was received exactly as the publisher created it upon publication. Publishers of entities can also take advantage of the digital signature to guarantee that they are not misrepresented by some malicious party who claims to own a registry. The assurance that digital signatures provide is transitive for both client and publisher, so that when an entity is copied or replicated between registries, it is guaranteed to not have changed during the process.
For a registry to become successful requires extraordinary levels of security and protection against tampering. Digital signatures, discussed in Chapter 15, are one of the most important features for UDDI.
UDDI 3.0 allows for each entity within a UDDI registry to be assigned a key versus being under the registry's control. In prior versions of the specification, when a publisher wanted to copy an entry from one registry to another, the target registry would assign new keys. Preservation of the key from one registry to another was explicitly not allowed.
UDDI 3.0 introduces the concept of entity promotion, whereby a publisher is allowed to specify a a new key. It is up to the registry and its policies to determine whether this proposed key is allowed and can be inserted into the registry.
Human-friendly keys are another feature of UDDI 3.0 registries. In prior versions of UDDI, the key was based on Unique Universal Identifier (UUID) keys. Version 3.0 of UDDI removes this restriction and proposes an alternative based on DNS names. This feature allows a publisher to establish a key partition and generate keys based on that partition. For example, a version 3.0 key might look like this:
This allows an organization to manage its own key space, using its own conventions.
UDDI 3.0 introduces a new subscription API that allows for notification of changes to a registry. This will allow a subscriber to track registry activity in a programmatic manner. Subscribers can establish a subscription specifying either a query or set of entries in which the subscriber is interested. If the result set or underlying content of the entity changes, the subscriber is notified.
This allows for monitoring new businesses or services that are registered, monitoring of existing businesses or services, obtaining registry information from a public UDDI registry for incorporation into a private UDDI registry, and obtaining information in a marketplace or portal scenario.