Upcoming SlideShare
Loading in...5







Total Views
Views on SlideShare
Embed Views



1 Embed 1

http://www.slideshare.net 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    web-services.gov web-services.gov Presentation Transcript

    • Web Services and SOA for Secure Information Infrastructure 2005 Secure E-Business CxO Security Summit “ Roadmaps for Secure Information Sharing and Critical Information Infrastructure” Solutions Roadmap Track, June 30 th , 10:30-11:30 a.m. Panelist: Brand Niemann, Chair, Semantic Interoperability Community of Practice (SICoP) Best Practices Committee (BPC), CIO Council, and Enterprise Architecture Team, Office of Environmental Information U.S. Environmental Protection Agency
    • My Context
      • Web Services:
        • XML for the data and for the messages.
      • SOA:
        • The IBM model for Web Services interactions simply summarized as “publish, find, and bind.”
      • Secure Information Sharing:
        • The Federal Enterprise Architecture’s Data Reference Model.
      • Critical Information Infrastructure:
        • The Federal Enterprise Architecture’s Security & Privacy Profile and the new IT Security Line of Business.
      • Best Practices and Lessons Learned:
        • What I do in my SICoP Leadership and EPA Enterprise Architecture Team roles.
    • Questions
      • 1. Why is SOA superior?
        • Uses open standards for services, not objects, on the Internet. See next slide.
      • 2. Early Successes?
        • Led CIO Council award winning VoiceXML Web Service for EPA Emergency Response pilot that has subsequently been commercialized and implemented as Infrastructure.
      • 3. Data Governance?:
        • Using the ontology paradigm for collaboration and commitments.
      • 4. Involve Vendor Community:?
        • Fostering “open collaboration with open standards” in pilots for the Federal CIO Council, the Federal Enterprise Architecture, and Agencies (U.S. EPA).
      • 5. Vendor Opportunities?
        • Delivering citizen-centric services with ontology-based interoperability using public-private partnerships.
    • SOA in a Nutshell
      • Think services, not objects.
        • The services are defined in XML, unlike objects, which are defined by classes.
      • Creating a pure SOA environment will take a long time – it may never happen.
        • The initial task is to create service-oriented applications – SOA grows out of this!
      • A service and its client may not belong to the same security domain.
        • An object and its client typically do.
      • Manage Expectations.
        • Reuse, security, and organizational issues are hard
      • Work Toward Business Process Management (BPM) and Aggregating Services.
        • SOA is a means to these ends.
    • SOA in a Nutshell
      • The "Big Bet“:
        • Has anyone ever tried to create a complete, multi-vendor security framework before? Will this work? Keep an eye on the progress of WS-Security implementations - The success of SOA may depend on this technology.
        • Source: David Chappell, Federal Architect Council, April 8, 2004, and May 11, 2005.
      • Panel Preparation Discussions:
        • Greg Lomow (Bearing Point) is working on a multi-vendor security SOA framework for DHS. That is the only one I know of this magnitude. Note: Greg Lomow is co-author with Eric Newcomer of the book “Understanding SOA with Web Services,” Addison—Wesley, 2005.
          • Source: J.P. Morgenthal, Managing Director, Ethink Systems, Inc.
    • Some Conference Highlights
      • ESRI ArcGIS Enterprise Security White Paper:
        • E.g. STRIDE (p. 4), Web Services Architecture (p. 29), WS-Security (p. 34), WS-Enhancements (p. 35), and Trust (p. 43).
      • Praise for NIST Staff and Documents (Several).
      • Test Software Components for Security, Develop Secure Operating Systems, and Work with Vendors to Build in Security.
      • Need Ontologies (John Weiler).
      • Need “Knowledge Management: A Practical Solution for Emerging Global Security Requirements” (Dr. Charlie Bixler).
      • How to Share and Exchange Secure Information When You Can’t Afford to Own the Infrastructure? (General Meyerrose)
    • Integration Versus Interoperability
      • Integration:
        • Participant systems are assimilated into a larger whole
        • Systems must conform to a specific way of doing things
        • Connections (physical and logical) are brittle
        • Rules are programmed in custom code, functions, or scripts
        • Standard data vocabularies are encouraged
      • Interoperability:
        • Participant systems remain autonomous and independent
        • Systems may share information without strict standards conformance
        • Connections (physical and logical) are loosely coupled
        • Rules are modeled in schemas, domain models, and mappings
        • Local data vocabularies are encouraged
      Source: Semantic Information Interoperability in Adaptive Information, by Jeffrey Pollack and Ralph Hodgson, Wiley Inter-Science, 2004, page 38.
    • Suggested Roadmap
      • Dimensions of Interoperability:
        • Organizational Interoperability is about streamlining administrative processes and information architecture top the institutional goals we want to achieve – and to facilitate the interplay of technical and organizational concerns. It requires the identification of “business interfaces”, and coordination throughout Member States and the European Union.
        • Technical Interoperability is about knitting together IT-systems and software, defining and using open inter-faces, standards, and protocols. It relies on cooperation as well as on technical infrastructures.
        • Semantic Interoperability is about ensuring that the meaning of the information we exchange is contained and understood by the involved people, applications, and institutions. It needs the know-how of sector institutions and publication of specifications.
      Source: Barbara Held, The European Interoperability Framework for pan-European eGovernment Services, IDABC, Enterprise & Industry Directorate-General, European Commission, February 17-18, 2005:
    • Suggested Roadmap
      • Evolution of the SOA Platform:
        • Simple Web Services – exposing data and actions
        • Composite Applications – business processes consumed by portals
        • Service Infrastructure
      Sources: (1) David Chappell, Business Process Management in a Service-Oriented World, Federal Architect Forum, May 11, 2005, (2) Bruce Graham, Taking SOA from Pilot to Production with Service Infrastructure, May 12, 2005; and (3) David Martin, Semantic Web Services: Promise, Progress, and Challenges, SWANS Conference Tutorial, April 8, 2005.
    • Suggested Roadmap Simple Composite Infrastructure Organizational Technical Semantic Dimensions of Interoperability Evolution of the SOA Platform Line of Sight 1 2 3
    • Suggested Roadmap
      • Example 1 - Web Services for E-Government:
        • 1. Organizational-Simple:
          • Led CIO Council award winning VoiceXML Web Service for EPA Emergency Response pilot that has subsequently been commercialized and implemented as Infrastructure (see below).
        • 2. Technical-Composite:
          • Lead the CIO Council’s E-Forms for E-Gov Pilot that saw 13 E-forms vendors each build an XML Web Service using a common XML Schema for E-Grants to increase their collective technical interoperability with one another.
        • 3. Semantic-Infrastructure:
          • Our recent Semantic Web for Military Applications Conference featured 40 vendors implementing RDF/OWL including the “Putting Context to Work: Semantic Keys to Improve Rapid First Response” that used an event ontology to achieve semantic interoperability across five vendors.
    • Suggested Roadmap
      • Caution: Be Prepared to Slow Down – Road Work Ahead:
        • David Martin, SRI International, April 8, 2005: Sociological (crossing the chasm) – getting to where the payoff exceeds the overhead (for significant numbers).
        • Rob Vietmeyer, DISA Net-Centric Enterprise Services, April 18, 2005 – We are two years into SOA efforts with only some small pilot tests being conducted so far, Federal Computer Week story.
        • Russ Reopell, MITRE, Intelligence Community Metadata Working Group Meeting, May 4-5, 2005: The SOA Threat.
        • SOA Leaders, Building the Business Case for SOA, June 9, 2005. (New consortium of XML Web Services hardware and software vendors.)
    • Suggested Roadmap
      • Bottom Line:
        • 1. Use the Federal Enterprise Architecture:
          • Data Reference Model, Security & Privacy Profile, and the new IT Security Line of Business.
        • 2. Separate hype from reality:
          • Build the business case focusing on business process management and aggregating services.
        • 3. Follow a “line of sight”:
          • Semantic Interoperability Architecture (SIA) and Infrastructure.
      • Suggested Reading:
        • Web Services Platform Architecture, Sanjiva Weerawarana, et al, 2005, Prentice Hall.
    • Contact Information
      • Email:
        • [email_address]
      • Web Sites:
        • http://web-services.gov
        • http://colab.cim3.net/cgi-bin/wiki.pl?SICoP
      • Voice Mail:
        • 202-564-9491
      • Location:
        • EPA East Building, 1301 Constitution Avenue, NW, Washington, DC 20460