Secure E-Business: AA Blueprints, E-Government Solution ...


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Secure E-Business: AA Blueprints, E-Government Solution ...

  1. 1. Secure E-Business::AA Blueprints E-Government Solution Architecture CSF George Thomas GSA OCIO Enterprise Architecture Group
  2. 2. What is a Service Oriented Architecture? <ul><li>SOA emphasizes trans-enterprise interoperability of loosely coupled distributed components whose orchestrated XML message choreographies use open Internet standard transports and protocols. </li></ul><ul><ul><li>Also referred to as Service Based Architectures </li></ul></ul><ul><ul><li>Web Services Standards enable SOA </li></ul></ul><ul><li>SOA is the foundation for an IT infrastructure framework utilizing the Enterprise Service Bus, based on a logical Publish/Find/Bind/Execute processing model. </li></ul><ul><ul><li>An ESB is also referred to as a Data Bus </li></ul></ul><ul><li>ebXML is a practical example of SOA. </li></ul><ul><ul><li>All WS ‘standards’ work toward providing secure, reliable messaging workflows </li></ul></ul>
  3. 3. The emergence of SOA – Application View, part 1 of 3 <ul><li>1st and 2 nd generation IT architectures – standalone systems followed by tightly coupled stovepipes; yields brittle interfaces and redundant yet missing data, leads to costly enhancements and maintenance. </li></ul>App Data App Data App Data App Data
  4. 4. The emergence of SOA – Application View, part 2 of 3 <ul><li>3 rd generation IT architectures centralize data and segregate per LOB - data freshness and application agility are typical problems here, leading us back to where we started… </li></ul>Data Warehouse Data Mart1 Data Mart3 Data Mart2 App1 App2 App3 Data Data Data
  5. 5. The emergence of SOA – Application View, part 3 of 3 <ul><li>4 th generation IT architectures utilize EAI/MOM tools, solving data periodicity and integration problems within the enterprise , but what about external business partners ? </li></ul>firewall Data Warehouse Integration Broker App1 DB App1 App2 DB App2 App3 DB App3 BPN
  6. 6. The emergence of SOA – Network View HTTP XML SOA eGov ISO Stack - 1984 - 1994 - 1998 - (2000) 2003!
  7. 7. 5 th Generation IT Architectures <ul><li>Assume cross enterprise business process integration and interoperability via HTTP/SOAP message exchanges containing XSI and binary (e.g. a bitmap of a signed document) payloads. </li></ul><ul><ul><li>OMG’s formalizes this notion with EDOC, a UML ‘Profile’ that is the foundation for the Model Driven Architecture approach to business models that are independent of technology implementations (PIM/PSM) </li></ul></ul><ul><ul><li>Web Services Framework standards formalize mechanisms for security, transactions, policy, and constituent choreography </li></ul></ul><ul><ul><li>Enabling this approach is a legacy system and application environment liberation, and a COTS competitive imperative </li></ul></ul><ul><li>Message exchanges can be brokered in synchronous request/reply, or asynchronous queue style. </li></ul><ul><ul><li>RPC or MOM like </li></ul></ul><ul><ul><li>P2P, B2B, G2C, all are accommodated and are encapsulated by ‘Any to Any’ (A2A) </li></ul></ul>
  8. 8. A Brief History of Time Physical 1 Data Link 2 Inter-Networking 3 Transport 4 Session 5 Presentation 6 Application 7 IP TCP MIME Mail Server Mail Client SMTP POP Any network that supports TCP/IP – ATM over Fibre, Ethernet over coax, etc. One to Many, Asynchronous Email Any network that supports TCP/IP – ATM over Fibre, Ethernet over coax, etc. IP TCP HTML Web Server Web Browser HTTP Many to One, Synchronous The Web Any network that supports TCP/IP – ATM over Fibre, Ethernet over coax, etc. IP TCP Web Server Web Browser SOAP / HTTP Syntax Semantics Any to Any, BOTH 5 th Gen Arch
  9. 9. The Universe in a Nutshell <ul><li>The Any to Any Scenario </li></ul><ul><ul><li>Your request is handled by a Managed Web services cloud (proxy), which rewrites and/or redirects you (location transparency) to an available endpoint (contract driven or registry discovered) satisfying the versioned implementation of the aggregated or derived service you require </li></ul></ul><ul><ul><li>A Trading Partner Agreement (contract) that fulfills your request exists, or may require adaptive composition of functionally discreet components (which either executes or creates a mutually binding TPA) that are enacted on for the lifetime of that service requirement </li></ul></ul><ul><ul><li>Ultimately, a receiving (endpoint) message handler operates on the payload, returning results to the ‘next actor’ or reporting back to a coordinator to complete its role in the TPA sequence, or choreography </li></ul></ul>
  10. 10. ebXML – an SOA Implementation <ul><li>ebXML is based on a Reference Architecture much like FEAF, and grew out of the EDI community in light of XML based SOA’s. </li></ul><ul><ul><li>UBL/BIE </li></ul></ul><ul><ul><ul><li>Universal Business Language Business Information Entities, XSD data model that extend and contextualize ‘Core (data) Components’ </li></ul></ul></ul><ul><ul><li>HTTP/SOAP </li></ul></ul><ul><ul><ul><li>Ubiquitous transport bindings and messaging envelope </li></ul></ul></ul><ul><ul><li>RIM </li></ul></ul><ul><ul><ul><li>ebXML Registry Information Model, merging with UDDI </li></ul></ul></ul><ul><ul><li>MSH </li></ul></ul><ul><ul><ul><li>Describes SOAP Message Service Handlers, which are service endpoint transceivers that operate on message payloads </li></ul></ul></ul><ul><ul><li>BPSS </li></ul></ul><ul><ul><ul><li>Expresses the choreography of business processes, analogous to BPEL and BPML </li></ul></ul></ul><ul><ul><li>CPP/CPA </li></ul></ul><ul><ul><ul><li>Service providers publish role definitions as a Collaboration Protocol Profile, and execute the contract (SLA) between a service Consumer/Provider via the Collaboration Protocol Agreement. </li></ul></ul></ul>
  11. 11. The great thing about Standards… <ul><li>Web Service Framework Standards: </li></ul><ul><ul><li>XML/XSD </li></ul></ul><ul><ul><ul><li>Syntax for messages and data types </li></ul></ul></ul><ul><ul><li>HTTP/SOAP </li></ul></ul><ul><ul><ul><li>Transport and syntax for synchronous/asynchronous messaging </li></ul></ul></ul><ul><ul><li>WSDL </li></ul></ul><ul><ul><ul><li>Syntax for service interface definitions </li></ul></ul></ul><ul><ul><li>UDDI </li></ul></ul><ul><ul><ul><li>Registry model supporting ‘publish, find, bind, execute’ </li></ul></ul></ul><ul><ul><li>BPEL, BPML </li></ul></ul><ul><ul><ul><li>Syntax for expressing semantics of Trading Partner Agreements (TPA) </li></ul></ul></ul><ul><ul><li>WS-Security, WS-Transaction, WS-Coordination </li></ul></ul><ul><ul><ul><li>Syntax for reliable messaging, signed/encrypted payloads, multi-party TPA sequence management </li></ul></ul></ul><ul><ul><li>WS-Federation, WS-Secure Conversation, WS-Trust, WS-Policy </li></ul></ul><ul><ul><ul><li>Syntax for expressing contract of value chain constituent Federation </li></ul></ul></ul>
  12. 12. The Publish-Find-Bind-Execute Model <ul><li>Each Agency / Service / Enterprise / LOB is both a service provider and a service consumer. </li></ul>Provider Consumer Registry Contract 1. Provider publishes service interface description(s) 2. Consumer queries Registry and finds a service that fulfills a requirement 3. Provider and Consumer bind to a contract, Consumer executes Providers' hosted service
  13. 13. Publish to the Registry <ul><li>Location transparent component implementations are distributed across Agencies, separately managed and maintained. They are language (J2EE/.NET) and platform (Linux/Unix/Windows) independent. </li></ul>Agency 1 Agency 1 Agency 2 Agency N Service Registry 1 A1:S1 A1:S2 A2:S1 AN:S1
  14. 14. Find, Bind and Execute <ul><li>Agencies can find any published service component in the Registry. Here, Agency 1 binds to Agency N’s Service, and executes the message and data exchange described by the interface definition in the Registry. </li></ul>Agency 1 Agency 1 Agency 2 Agency N A1:S1 A1:S2 A2:S1 Service Registry 1 AN:S1
  15. 15. Extending the Value Chain <ul><li>Agency X creates an activity from a set of sub-functions, negotiates distinct contracts that new partner Agencies Y and Z bind to - which utilize distributed components from other Agencies (1, 2, and N) behind the scenes. </li></ul>Service Registry 1 publishes new choreography Agency X Agency Y Agency Z creates composite process A1:S1 A1:S2 A2:S1 AN:S1 Service Registry 2 AX:C1
  16. 16. Extending the Data Model <ul><li>UBL/BIE - Agency X creates a data schema required for a business process by using core components expressed as XSD’s. Agency Y uses this BIE to validate XSI data in message payloads exchanged with Agency Z. </li></ul>Data Schema Registry 1 Publishes new XSD Agency X Agency Y Agency Z creates compound schema XSD1 XSD2 XSD3 XSD4 Data Schema Registry 2 BIE:UUID
  17. 17. What exactly is a ‘Registry’ then? <ul><li>An XML Document Object Database, or Repository </li></ul><ul><ul><li>Implemented using a ‘Native XML DB’, Registries are Object/Document agnostic, as everything is an XML Document/Object! </li></ul></ul><ul><li>A Federation of value chain constituent Registries at the network edge will emerge on the ESB, with a specific role in the business process. </li></ul><ul><ul><li>Directory, Identity, cluster management, data schemas, collaboration contracts, trust/privacy policies, multi-channel trans-coding style-sheets, etc. </li></ul></ul><ul><li>Registries enable dynamic discovery of published services, but are not necessarily required for static execution of an established service contract . </li></ul>
  18. 18. What is stored in a Registry? <ul><li>Data Models, expressed in XML Schema (XSD) for validating data instances </li></ul><ul><ul><li>UBL/BIE’s representing individual process customized, compound data types </li></ul></ul><ul><li>N number of XSI’s (XSD ‘instances’) representing; </li></ul><ul><ul><li>Persistent or transient data objects, such as UBL/BIE instance data </li></ul></ul><ul><ul><li>WSDL docs that describe component interfaces, messages and payloads by their endpoints (URI’s) </li></ul></ul><ul><ul><li>XSLT docs that adapt and/or transform data sets </li></ul></ul><ul><ul><ul><li>Aggregation and/or segregation of message data instances per application, activity, function, etc. </li></ul></ul></ul><ul><li>Many other conceivable XML document/object types! </li></ul><ul><ul><li>A document expressing Policy or Trust </li></ul></ul><ul><ul><li>A component to component or Agency to Agency contract </li></ul></ul><ul><ul><li>A summary report of financial management data and an accompanying XSLT transform for creating a GUI </li></ul></ul><ul><ul><li>An instance document containing data representing the state of a business process in progress </li></ul></ul>
  19. 19. 5 th Gen SOA, Logical Service Execution <ul><li>The Orchestration Server governs the consumer/provider contract and fulfillment of its business process, and may also manage the SLA providing appropriate QoS. </li></ul>TCP/IP The Internet Contract N <soap> < execute /> < contract id=‘N’/> <command> < ping /> </command> </soap> <soap> < begin /> < contract id=‘N’/> <command> < ping /> </command> </soap> <soap> < begun /> < contract id=‘N’/> … </soap> <soap> < response /> < contract id=‘N’/> < pong /> … </soap> .NET App Server MS Managed Code COM Provider Agency SOAP transceiver MSMQ Coordinator Agency eGov Orchestration Server SOAP transceiver J2EE App Server JMX Managed Code Consumer Agency JCA SOAP transceiver EJB MDB JMS Agency Z SAP PeopleSoft SOAP transceiver JMS
  20. 20. Core Concepts, Key Take-Aways <ul><li>SOA externalizes EAI and OO-DBC disciplines, best expressed by OMG’s EDOC UML Profile for MDA’s. </li></ul><ul><li>Web Services open standards are the foundation for SOA, moving the focus of IT interoperability from applications to message streams . </li></ul><ul><li>SOA framework implies an infrastructure supporting contractual choreography compositions and executions, representing any sequence in a business value chain interaction . </li></ul><ul><li>SOA provides a unified approach to simplifying the federation of a globally interoperable heterogeneous distributed component marketplace, flexibly serving diverse business processes across enterprise partner boundaries. </li></ul>
  21. 21. References <ul><li>Oasis-UN/CEFACT and ebXML </li></ul><ul><li>MS GXA Specs </li></ul><ul><li>OMG MDA and EDOC </li></ul><ul><li>Contact – [email_address] </li></ul>
  22. 22. Bio <ul><li>George Thomas is an Enterprise Architect at the GSA, working on Financial Management IT projects. Formerly a Technical Director in the J2EE Practice at Dimension Data/Proxicom, George lead large teams of engineers implementing KM, STP, Portfolio Life-cycle Management, and custom Portals for Putnam and TRowe Price. George has also held Chief Technologist positions at Luminant Worldwide, and VP of Professional Services for XMLSolutions. His experiences spans Fortune 500 companies in virtually every industry sector. </li></ul><ul><li>George holds IBM Certifications including ‘E-Business Solutions Technologist’ and ‘XML and Related Technologies’. George received a BA in Interdisciplinary Arts from the University of Maryland and a Masters of Music in Computer Music from the Peabody Conservatory of the Johns Hopkins University. </li></ul>