Service Oriented Architecture for Net Centric Operations based on Open Source Technology Sanjiva Weerawarana, Ph.D. Founder, Chairman & CEO, WSO2 Founder, Director & Chief Scientist, Lanka Software Foundation Member, Apache Software Foundation Emeritus Board Member, Open Source Initiative Visiting Lecturer, Univ. of Moratuwa, Sri Lanka IONS Technical Seminar. May 21, 2009. Colombo, Sri Lanka.

About me IBM Research from 1997 to 2005 Co-authored most of the key Web services specifications WSDL, WS-Eventing, BPEL4WS, ... Contributor to Apache Web services Contributor to Apache SOAP, Apache Axis, Apache Axis2, Apache WSIF, Apache Neethi, Apache Axiom, ... Member of Apache Software Foundation Founder & Chief Scientist, Lanka Software Foundation (Emeritus) Board Member of Open Source Initiative Founder, Chairman & CEO of WSO2 Open source SOA platform company

IBM Research from 1997 to 2005

Co-authored most of the key Web services specifications

WSDL, WS-Eventing, BPEL4WS, ...

Contributor to Apache Web services

Contributor to Apache SOAP, Apache Axis, Apache Axis2, Apache WSIF, Apache Neethi, Apache Axiom, ...

Member of Apache Software Foundation

Founder & Chief Scientist, Lanka Software Foundation

(Emeritus) Board Member of Open Source Initiative

Founder, Chairman & CEO of WSO2

Open source SOA platform company

Agenda SOA & its implications Open source and its implications Open standards Interoperability framework for net centric operations US DoD SOA activities Open source SOA for defence applications Summary

SOA & its implications

Open source and its implications

Open standards

Interoperability framework for net centric operations

US DoD SOA activities

Open source SOA for defence applications

Summary

What is SOA? An approach for building large scale systems where functionality is bundled as interoperable “services” Details of how the service is implemented are not important Consumer operates against a service contract that defines the business interface and qualities of service Services interact with each other by sending messages in an interoperable standard Service metadata is often registered for easy discovery and governance

An approach for building large scale systems where functionality is bundled as interoperable “services”

Details of how the service is implemented are not important

Consumer operates against a service contract that defines the business interface and qualities of service

Services interact with each other by sending messages in an interoperable standard

Service metadata is often registered for easy discovery and governance

SOA?

Typical business SOA picture

SOA in Sri Lanka government: LankaGate Other Applications Services Providers Open Standards SOA Architecture Enabling Web 2.0 Concepts Mobile Payment Gateway Other portlets Lanka Interoperability Exchange Citizens Businesses Visitors Government Multiple Access Channels (eg. Web, Mobile, Email, etc.) Identity Mgt. CMS portlet GIC portlet e-Gov Service 1 portlet e-Gov Service m portlet Services Directory Service 1 (eg. e-RL) Service n

Advantages of SOA Localized management of information and data (Think of object orientation taken to the next level) Decentralized deployment Owner of information runs the service that exposes the data 100% securable Complete security platform available Total focus on interoperability While maintaining proper authentication & authorization Open-ended, decentralized customization and localization Scalable for a single country or a coalition

Localized management of information and data

(Think of object orientation taken to the next level)

Decentralized deployment

Owner of information runs the service that exposes the data

100% securable

Complete security platform available

Total focus on interoperability

While maintaining proper authentication & authorization

Open-ended, decentralized customization and localization

Scalable for a single country or a coalition

Open source Open source fundamentally about source code being available Under license terms that allow you to improve & redistribute Collaborative development paradigm Enabled by the Internet Does not necessarily mean free of charge Support often costs money “Free software” vs. “open source software” Free & open source software (FOSS)

Open source fundamentally about source code being available

Under license terms that allow you to improve & redistribute

Collaborative development paradigm

Enabled by the Internet

Does not necessarily mean free of charge

Support often costs money

“Free software” vs. “open source software”

Free & open source software (FOSS)

Advantages of FOSS Freedom to innovate Try before you buy Lower cost of entry Better security

Freedom to innovate

Try before you buy

Lower cost of entry

Better security

FOSS software? Anything ! Everything from server/desktop/embedded system operating systems to all middleware to desktop apps to enterprise apps Very often FOSS builds on other FOSS Standing on the shoulders of giants Culture of easy license-compatible dependency taking EVERY software vendor now has FOSS in some form, inside or shipping No longer a niche concept

Anything !

Everything from server/desktop/embedded system operating systems to all middleware to desktop apps to enterprise apps

Very often FOSS builds on other FOSS

Standing on the shoulders of giants

Culture of easy license-compatible dependency taking

EVERY software vendor now has FOSS in some form, inside or shipping

No longer a niche concept

FOSS & SOA “You can't buy SOA, you have to build it” Closed-source SOA products are complex, non-agile and expensive Deployment of SOA always requires a lot of customization Especially in military context, does not provide the framework for the military organization to take control of the software Build local skill and knowledge and reduce external dependency Opportunity to “fork”

“You can't buy SOA, you have to build it”

Closed-source SOA products are complex, non-agile and expensive

Deployment of SOA always requires a lot of customization

Especially in military context, does not provide the framework for the military organization to take control of the software

Build local skill and knowledge and reduce external dependency

Opportunity to “fork”

Open standards Standards are critical for interoperability Open standard means has wide adoption and support Critical for long term data protection Critical for interoperability between friendly nations

Standards are critical for interoperability

Open standard means has wide adoption and support

Critical for long term data protection

Critical for interoperability between friendly nations

Interoperability framework vs. architecture framework for net centric operations Traditional thinking on building large scale systems is to have an architecture framework Does not provide sufficient room for innovation within local contexts “Local” can range from national level to different military branches to different parts of a single organization Key criteria is interoperability Documented data standards Use of interoperable message protocols and standards Use of interoperable security protocols and standards Opportunity to share code across units, branches, nations

Traditional thinking on building large scale systems is to have an architecture framework

Does not provide sufficient room for innovation within local contexts

“Local” can range from national level to different military branches to different parts of a single organization

Key criteria is interoperability

Documented data standards

Use of interoperable message protocols and standards

Use of interoperable security protocols and standards

Opportunity to share code across units, branches, nations

SOA in an SOA (in an SOA ...) MoD MoD Common Services Navy

Security in SOA SOA technology platform provides complete security story Message level security Scalable authentication Fine grained authorization Audit / Non-repudiation Even enemies can share the same technology platform and use policy driven security to ensure proper access and protection End-to-end security is now possible

SOA technology platform provides complete security story

Message level security

Scalable authentication

Fine grained authorization

Audit / Non-repudiation

Even enemies can share the same technology platform and use policy driven security to ensure proper access and protection

End-to-end security is now possible

US DoD SOA activities DoD Net Centric Enterprise Services (NCES) Common services for the DoD SOA platform SOA Symposium in Washington, DC in March 500+ attendees from all branches of military – CIOs, senior IT officers Focused on education of SOA concepts Very large complex problem for US DoD 3.5m people in organization Incredible amount of legacy to deal with Complex procurement processes that are inherently designed around enterprise systems (Which have repeatedly proven to not deliver on time or on budget!)

DoD Net Centric Enterprise Services (NCES)

Common services for the DoD

SOA platform

SOA Symposium in Washington, DC in March

500+ attendees from all branches of military – CIOs, senior IT officers

Focused on education of SOA concepts

Very large complex problem for US DoD

3.5m people in organization

Incredible amount of legacy to deal with

Complex procurement processes that are inherently designed around enterprise systems

(Which have repeatedly proven to not deliver on time or on budget!)

Forge.mil US DoD effort to start an “open source” community around their requirements (initiated in 2009) Sharing code, data standards, protocols, documents: Enable cross-program sharing of software, system components, and services Promote early and continuous collaboration among all stakeholder (e.g., developers, material providers, testers, operators, and users) throughout the development life-cycle Rapidly deliver effective and efficient development and test capabilities for DoD technology development efforts Help protect the operational environment from potentially harmful systems and services Encourage modularity so that large programs to be developed, fielded, and operated as a set of independent components that can evolve and mature at their own rates Eliminate duplicative testing and improve dependability by adopting common test and evaluation criteria supported by standard testing tools and methods SoftwareForge now operational Meant for US military use primarily

US DoD effort to start an “open source” community around their requirements (initiated in 2009)

Sharing code, data standards, protocols, documents:

Enable cross-program sharing of software, system components, and services

Promote early and continuous collaboration among all stakeholder (e.g., developers, material providers, testers, operators, and users) throughout the development life-cycle

Rapidly deliver effective and efficient development and test capabilities for DoD technology development efforts

Help protect the operational environment from potentially harmful systems and services

Encourage modularity so that large programs to be developed, fielded, and operated as a set of independent components that can evolve and mature at their own rates

Eliminate duplicative testing and improve dependability by adopting common test and evaluation criteria supported by standard testing tools and methods

SoftwareForge now operational

Meant for US military use primarily

FOSS for defence Software is underpinning everything – from weapons systems to vessels to operational aspects Depending on external software technology providers only is a huge national security risk Exposes one to external threats FOSS allows one to not only consume, but also PRODUCE software assets Which can become currency in global relationship management On a grander national scale, help develop local IT expertise and industry E.g.: US DoD has been catalyst for much innovation Opportunity to leapfrog!

Software is underpinning everything – from weapons systems to vessels to operational aspects

Depending on external software technology providers only is a huge national security risk

Exposes one to external threats

FOSS allows one to not only consume, but also PRODUCE software assets

Which can become currency in global relationship management

On a grander national scale, help develop local IT expertise and industry

E.g.: US DoD has been catalyst for much innovation

Opportunity to leapfrog!

Recommendations Each country DoD needs to set up their own SOA platform Using FOSS products to give maximum flexibility Each country needs to set up its own equivalent of Forge.mil Set up shared registry of data standards E.g.: Definitions of various types of vessels and their characteristics (Not mandatory to use, but enable serendipitous reuse when possible) Set up shared data centers using (FOSS) cloud computing technology for use within branches of the military as well as across Make military software technology a strategic weapon for the country & allies

Each country DoD needs to set up their own SOA platform

Using FOSS products to give maximum flexibility

Each country needs to set up its own equivalent of Forge.mil

Set up shared registry of data standards

E.g.: Definitions of various types of vessels and their characteristics

(Not mandatory to use, but enable serendipitous reuse when possible)

Set up shared data centers using (FOSS) cloud computing technology for use within branches of the military as well as across

Make military software technology a strategic weapon for the country & allies

Summary Service Oriented Architectures (SOA) is now the accepted approach for building very large scale systems that actually work SOA enables scalable, strategic sharing of information in net centric operations Free & Open Source Software (FOSS) provides a superb platform for building SOA solutions FOSS provides intrinsic strategic advantages to the country It can be done – local expertise is already there in every country Look for it, enable it, sponsor it, nurture it

Service Oriented Architectures (SOA) is now the accepted approach for building very large scale systems that actually work

SOA enables scalable, strategic sharing of information in net centric operations

Free & Open Source Software (FOSS) provides a superb platform for building SOA solutions

FOSS provides intrinsic strategic advantages to the country

It can be done – local expertise is already there in every country

Look for it, enable it, sponsor it, nurture it