Secure E-Business: AA Blueprints, E-Government Solution ...Presentation Transcript
Secure E-Business::AA Blueprints E-Government Solution Architecture CSF George Thomas GSA OCIO Enterprise Architecture Group
What is a Service Oriented Architecture?
SOA emphasizes trans-enterprise interoperability of loosely coupled distributed components whose orchestrated XML message choreographies use open Internet standard transports and protocols.
Also referred to as Service Based Architectures
Web Services Standards enable SOA
SOA is the foundation for an IT infrastructure framework utilizing the Enterprise Service Bus, based on a logical Publish/Find/Bind/Execute processing model.
An ESB is also referred to as a Data Bus
ebXML is a practical example of SOA.
All WS ‘standards’ work toward providing secure, reliable messaging workflows
The emergence of SOA – Application View, part 1 of 3
1st and 2 nd generation IT architectures – standalone systems followed by tightly coupled stovepipes; yields brittle interfaces and redundant yet missing data, leads to costly enhancements and maintenance.
App Data App Data App Data App Data
The emergence of SOA – Application View, part 2 of 3
3 rd generation IT architectures centralize data and segregate per LOB - data freshness and application agility are typical problems here, leading us back to where we started…
Data Warehouse Data Mart1 Data Mart3 Data Mart2 App1 App2 App3 Data Data Data
The emergence of SOA – Application View, part 3 of 3
4 th generation IT architectures utilize EAI/MOM tools, solving data periodicity and integration problems within the enterprise , but what about external business partners ?
firewall Data Warehouse Integration Broker App1 DB App1 App2 DB App2 App3 DB App3 BPN
The emergence of SOA – Network View HTTP XML SOA eGov ISO Stack - 1984 - 1994 - 1998 - (2000) 2003!
5 th Generation IT Architectures
Assume cross enterprise business process integration and interoperability via HTTP/SOAP message exchanges containing XSI and binary (e.g. a bitmap of a signed document) payloads.
OMG’s formalizes this notion with EDOC, a UML ‘Profile’ that is the foundation for the Model Driven Architecture approach to business models that are independent of technology implementations (PIM/PSM)
Web Services Framework standards formalize mechanisms for security, transactions, policy, and constituent choreography
Enabling this approach is a legacy system and application environment liberation, and a COTS competitive imperative
Message exchanges can be brokered in synchronous request/reply, or asynchronous queue style.
RPC or MOM like
P2P, B2B, G2C, all are accommodated and are encapsulated by ‘Any to Any’ (A2A)
A Brief History of Time Physical 1 Data Link 2 Inter-Networking 3 Transport 4 Session 5 Presentation 6 Application 7 IP TCP MIME Mail Server Mail Client SMTP POP Any network that supports TCP/IP – ATM over Fibre, Ethernet over coax, etc. One to Many, Asynchronous Email Any network that supports TCP/IP – ATM over Fibre, Ethernet over coax, etc. IP TCP HTML Web Server Web Browser HTTP Many to One, Synchronous The Web Any network that supports TCP/IP – ATM over Fibre, Ethernet over coax, etc. IP TCP Web Server Web Browser SOAP / HTTP Syntax Semantics Any to Any, BOTH 5 th Gen Arch
The Universe in a Nutshell
The Any to Any Scenario
Your request is handled by a Managed Web services cloud (proxy), which rewrites and/or redirects you (location transparency) to an available endpoint (contract driven or registry discovered) satisfying the versioned implementation of the aggregated or derived service you require
A Trading Partner Agreement (contract) that fulfills your request exists, or may require adaptive composition of functionally discreet components (which either executes or creates a mutually binding TPA) that are enacted on for the lifetime of that service requirement
Ultimately, a receiving (endpoint) message handler operates on the payload, returning results to the ‘next actor’ or reporting back to a coordinator to complete its role in the TPA sequence, or choreography
ebXML – an SOA Implementation
ebXML is based on a Reference Architecture much like FEAF, and grew out of the EDI community in light of XML based SOA’s.
Universal Business Language Business Information Entities, XSD data model that extend and contextualize ‘Core (data) Components’
Ubiquitous transport bindings and messaging envelope
ebXML Registry Information Model, merging with UDDI
Describes SOAP Message Service Handlers, which are service endpoint transceivers that operate on message payloads
Expresses the choreography of business processes, analogous to BPEL and BPML
Service providers publish role definitions as a Collaboration Protocol Profile, and execute the contract (SLA) between a service Consumer/Provider via the Collaboration Protocol Agreement.
The great thing about Standards…
Web Service Framework Standards:
Syntax for messages and data types
Transport and syntax for synchronous/asynchronous messaging
Syntax for service interface definitions
Registry model supporting ‘publish, find, bind, execute’
Syntax for expressing semantics of Trading Partner Agreements (TPA)
WS-Security, WS-Transaction, WS-Coordination
Syntax for reliable messaging, signed/encrypted payloads, multi-party TPA sequence management
Syntax for expressing contract of value chain constituent Federation
The Publish-Find-Bind-Execute Model
Each Agency / Service / Enterprise / LOB is both a service provider and a service consumer.
Provider Consumer Registry Contract 1. Provider publishes service interface description(s) 2. Consumer queries Registry and finds a service that fulfills a requirement 3. Provider and Consumer bind to a contract, Consumer executes Providers' hosted service
Publish to the Registry
Location transparent component implementations are distributed across Agencies, separately managed and maintained. They are language (J2EE/.NET) and platform (Linux/Unix/Windows) independent.
Agency 1 Agency 1 Agency 2 Agency N Service Registry 1 A1:S1 A1:S2 A2:S1 AN:S1
Find, Bind and Execute
Agencies can find any published service component in the Registry. Here, Agency 1 binds to Agency N’s Service, and executes the message and data exchange described by the interface definition in the Registry.
Agency 1 Agency 1 Agency 2 Agency N A1:S1 A1:S2 A2:S1 Service Registry 1 AN:S1
Extending the Value Chain
Agency X creates an activity from a set of sub-functions, negotiates distinct contracts that new partner Agencies Y and Z bind to - which utilize distributed components from other Agencies (1, 2, and N) behind the scenes.
Service Registry 1 publishes new choreography Agency X Agency Y Agency Z creates composite process A1:S1 A1:S2 A2:S1 AN:S1 Service Registry 2 AX:C1
Extending the Data Model
UBL/BIE - Agency X creates a data schema required for a business process by using core components expressed as XSD’s. Agency Y uses this BIE to validate XSI data in message payloads exchanged with Agency Z.
Data Schema Registry 1 Publishes new XSD Agency X Agency Y Agency Z creates compound schema XSD1 XSD2 XSD3 XSD4 Data Schema Registry 2 BIE:UUID
What exactly is a ‘Registry’ then?
An XML Document Object Database, or Repository
Implemented using a ‘Native XML DB’, Registries are Object/Document agnostic, as everything is an XML Document/Object!
A Federation of value chain constituent Registries at the network edge will emerge on the ESB, with a specific role in the business process.
Directory, Identity, cluster management, data schemas, collaboration contracts, trust/privacy policies, multi-channel trans-coding style-sheets, etc.
Registries enable dynamic discovery of published services, but are not necessarily required for static execution of an established service contract .
What is stored in a Registry?
Data Models, expressed in XML Schema (XSD) for validating data instances
UBL/BIE’s representing individual process customized, compound data types
N number of XSI’s (XSD ‘instances’) representing;
Persistent or transient data objects, such as UBL/BIE instance data
WSDL docs that describe component interfaces, messages and payloads by their endpoints (URI’s)
XSLT docs that adapt and/or transform data sets
Aggregation and/or segregation of message data instances per application, activity, function, etc.
Many other conceivable XML document/object types!
A document expressing Policy or Trust
A component to component or Agency to Agency contract
A summary report of financial management data and an accompanying XSLT transform for creating a GUI
An instance document containing data representing the state of a business process in progress
5 th Gen SOA, Logical Service Execution
The Orchestration Server governs the consumer/provider contract and fulfillment of its business process, and may also manage the SLA providing appropriate QoS.
TCP/IP The Internet Contract N <soap> < execute /> < contract id=‘N’/> <command> < ping /> </command> </soap> <soap> < begin /> < contract id=‘N’/> <command> < ping /> </command> </soap> <soap> < begun /> < contract id=‘N’/> … </soap> <soap> < response /> < contract id=‘N’/> < pong /> … </soap> .NET App Server MS Managed Code COM Provider Agency SOAP transceiver MSMQ Coordinator Agency eGov Orchestration Server SOAP transceiver J2EE App Server JMX Managed Code Consumer Agency JCA SOAP transceiver EJB MDB JMS Agency Z SAP PeopleSoft SOAP transceiver JMS
Core Concepts, Key Take-Aways
SOA externalizes EAI and OO-DBC disciplines, best expressed by OMG’s EDOC UML Profile for MDA’s.
Web Services open standards are the foundation for SOA, moving the focus of IT interoperability from applications to message streams .
SOA framework implies an infrastructure supporting contractual choreography compositions and executions, representing any sequence in a business value chain interaction .
SOA provides a unified approach to simplifying the federation of a globally interoperable heterogeneous distributed component marketplace, flexibly serving diverse business processes across enterprise partner boundaries.
Oasis-UN/CEFACT and ebXML
MS GXA Specs
OMG MDA and EDOC
Contact – [email_address]
George Thomas is an Enterprise Architect at the GSA, working on Financial Management IT projects. Formerly a Technical Director in the J2EE Practice at Dimension Data/Proxicom, George lead large teams of engineers implementing KM, STP, Portfolio Life-cycle Management, and custom Portals for Putnam and TRowe Price. George has also held Chief Technologist positions at Luminant Worldwide, and VP of Professional Services for XMLSolutions. His experiences spans Fortune 500 companies in virtually every industry sector.
George holds IBM Certifications including ‘E-Business Solutions Technologist’ and ‘XML and Related Technologies’. George received a BA in Interdisciplinary Arts from the University of Maryland and a Masters of Music in Computer Music from the Peabody Conservatory of the Johns Hopkins University.