Published on

1 Comment
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. THE WORLD’S LEADING MAGAZINE DEDICATED TO WEB SERVICES TECHNOLOGIES JANUARY / FEBRUARY 2009 / VOLUME: 9 ISSUE 1 Identify & Achieve ROI with Your SOA Training 10 KYLE GABHART 14 Web Service Contract Design & Versioning for SOA 18 The Table Stakes for Managing IT Just Went Up DOUGLAS R. MACKINNON AND WAYNE GREENE 22 A Multi-Core Optimized Software Appliance GIRISH JUNEJA RIA CONFERENCE & EXPO SEE INSIDE FOR DETAILS
  2. 2. INDUSTRY COMMENTARY INTERNATIONAL ADVISORY BOARD Andrew Astor, David Chappell, Graham Glass, Tyson Hartman, Paul Lipton, Anne Thomas Manes, Norbert Mikula, George Paolini, James Phillips, Simon Phipps, Mark Potts, Martin Wolf Why the Downturn Is TECHNICAL ADVISORY BOARD JP Morgenthal, Andy Roberts, Michael A. Sick, Simeon Simeonov Good for SOA EDITORIAL Editor-in-Chief WRITTEN BY DAVID S. LINTHICUM Sean Rhody XML Editor W Hitesh Seth ho would have thought that if you spent less money you could actually do more? Industry Editor That seems to be the case with SOA. As budgets contract and SOA teams downsize, Norbert Mikula you’d think that SOA projects would be all doom and gloom and lacking in produc- Product Review Editor tivity. However, the opposite seems to be occurring, at least inside my client base. Brian Barbash The reality is, when SOA projects had huge budgets they spent more money and time .NET Editor chasing SOA “quick fixes.” Now that there’s just not enough dough to do anything silly, Dave Rader those working on Service Oriented Architecture are forced to do... well ... architecture. Thus, Security Editor Michael Mosher we’re moving from something that was more about chasing the hype to something that’s more about getting things done in a practical and realistic manner. Research Editor Bahadir Karuv, Ph.D Another issue is the focus on job security. These days when layoffs are more the rule than Technical Editors the exception, SOA teams are more focused on getting results that can be traced to the bot- Andrew Astor tom line. So there’s more “doing” and fewer unproductive activities. Many SOA teams that David Chappell can’t prove their value are typically the first to go, as management focuses more on keeping Anne Thomas Manes Mike Sick the lights on and less about IT improvement. Those that remain are very good at finding the Michael Wacey ROI and executing toward it. International Technical Editor What’s core to this is the fact that the SOA strategy presentations and SOA studies have Ajit Sagar stopped. They weren’t healthy activities anyway, considering that management is looking Executive Editor to find places to cut that won’t cut directly into the operations of the business. The same Nancy Valentine people who were running PowerPoint presentations are now defining metadata, identifying Associate Online Editor services, and just doing some of the “real work” that needs to get done when pushing a SOA Lindsay Hock forward. At the same time, those who just want to jump on SOA teams to do studies and presenta- tions won’t have too many places to hide, and many are looking for new jobs now. A lot of PRODUCTION those folks looked at SOA as something that could be purchased from a technology vendor, ART DIRECTOR perhaps believing more of the SOA hype than the reality. That SOA is something you do, not Abraham Addo something you buy. So I don’t get as many questions about which ESB to buy these days, ASSOCIATE ART DIRECTOR but more about how to get through the architecture and the steps to success. Tami Beatty tami I suspect that by the end of 2009 we could have many more successful SOA projects than we had in 2008, and while that will leave many in the press and analyst community scratch- ing their heads about the logic there, doing more with less, I’ll understand that a return to EDITORIAL OFFICES SYS-CON MEDIA basics was a good thing. Moreover, we learn from success as well as failure, and I suspect 577 CHESTNUT RIDGE ROAD, WOODCLIFF LAKE, NJ 07677 that many more will understand that a focus on the fundamentals of SOA is worth the time. TELEPHONE: 201 802-3000 FAX: 201 782-9637 And it takes less time than you think. If you follow some basic steps, you’ll create the right SOA World Magazine Digital Edition (ISSN# 1535-6906) Is published monthly (12 times a year) architecture the first time. Trust me on that one. By SYS-CON Publications, Inc. The fact of the matter is that SOA had, and in some cases still does have, a lot of unpro- Periodicals postage pending Woodcliff Lake, NJ 07677 and additional mailing offices ductive work surrounding it. Removing the resources has the effect of focusing the SOA POSTMASTER: Send address changes to: teams on what’s most important to the task; getting the fundamentals of SOA right the first SOA World Magazine, SYS-CON Publications, Inc. time, and addressing the needs of the business. While I don’t think that a down economy is 577 Chestnut Ridge Road, Woodcliff Lake, NJ 07677 good, in some aspects it does drive some good changes. ©COPYRIGHT Copyright © 2009 by SYS-CON Publications, Inc. All rights reserved. No part of this publication may be About the Author reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy or any information storage and retrieval system without written permission. For promotional reprints, contact reprint David S. Linthicum is an internationally known thought leader in the EAI, SOA, enterprise architecture, and Web 2.0 spaces. coordinator. SYS-CON Publications, Inc., reserves the right to revise, republish, and authorize its readers to use the articles submitted for publication. All brand and product names used on these pages are trade names, He is a sought-after consultant, speaker, and writer, and formed David S. Linthicum, LLC (, a leading service marks, or trademarks of their respective companies. SYS-CON Publications, Inc., is not affiliated with the companies or products covered in Web Services Journal. consulting organization focusing on enterprise architecture, SOA, and use of the next-generation Web within the enterprise. He keynotes at many leading technology conferences, and has several well-read columns and blogs, as well as a weekly Podcast. Dave has also authored 10 books. You can reach Dave at 2 JANUARY / FEBRUARY 2009 JANUARY /FEBRUARY 2009 3
  3. 3. Crank Up XM L Performance INSIDE M Intel® XML Software Su aking Fa st Work of X ML ite: 2 Why the Downturn Is Good for SOA DAVID LINTHICUM Maximize XML Performance with Minimum Effort Intel® XML Software Suite, a comprehensive high-performance software library, enables solution providers to easily deliver 6 A Reference Architecture for Securing maximum performance of XML processing for any enterprise, Web Services in a Heterogeneous SOA, SaaS, and Web 2.0 based applications. Environment Using WS-Federation KONDURU SRINIVAS AND GVB SUBRAHMANYAM • Comprehensive XML processing with superior XML performance • Efficient memory management for large multi-GB files 10 Identify & Achieve ROI with • Thread safe, ready for multi-core performance on Your SOA Training KYLE GABHART Intel® Core™ microarchitecture • High conformance to XML industry standards • Free XML Benchmark Tool to analyze 14 Web Service Contract Design & the performance of XML Versioning for SOA processing engines BY THOMAS ERL, ANISH KARMARKAR, PRISCILLA WALMSLEY, HUGO HAAS, L. UMIT YALCINALP, KEVIN LIU, DAVID ORCHARD, Solutio ns XML-Based ANDRE TOST AND JAMES PASLEY Your Accelerate 18 The Table Stakes for Managing IT Just Went Up Maximum Performance with Minim DOUGLAS R. MACKINNON AND WAYNE GREENE um Effort 10 Intel® XML Software Suite Visit us at: 22 A Multi-Core Optimized Software Appliance GIRISH JUNEJA Copyright 2008, Intel Corporation. Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation © or its subsidiaries in the United States and other countries. All rights reserved. 4 JANUARY / FEBRUARY 2009
  4. 4. WEB SERVICES CORPORATE Everything you need for your A Reference Architecture for President and CEO Fuat Kircaali Securing Web Services in a Senior VP, Editorial & Events SOA Jeremy Geelan Heterogeneous Environment ADVERTISING Senior VP, Sales & Marketing Using WS-Federation Carmen Gonzalez Advertising Sales Director Megan Mussa Advertising & Events Manager Corinna Melcon Service Creation Three approaches Events Associates Krisandra Russo Web Services Application Server Web Services Framework Susan Wechtler Data Services CUSTOMER RELATIONS BY KONDURU SRINIVAS AND GVB SUBRAHMANYAM Circulation Service Coordinators CO E Service Connection Edna Earle Russell AT NN W C RE Enterprise Service Bus ECT eb Services have played a key role in integrating heterogeneous applications, particularly in cross domains. As part of identity management, Security Token Services are used for request and response tokens. However, we need SYS-CON.COM multiple communication channels among Security Token Services when Consultant Information Systems GOVERN multiple applications in different domains try to reach other Web Services. In this article we have proposed a Master Security Token Service (MSTS) that can act Robert Diamond Web Designers Service Composition Mashup Server Richard Walter as a broker for all security authorization without duplicating the effort at every domain. Joon Kim In a world of heterogeneous systems where each application is leveraging the services CO E Business Process Server of other applications, a service-oriented analysis and design process has become signifi- cant. Web Services are sets of services used for integrating business processes and ser- MPOS vices, and can be accessed over the Internet or executed on a remote system hosting the Service Governance Web Service requests using standard protocols. WS-Federation offers the opportunity of ACCOUNTING fulfilling the SSO behavior across domains. Security information can be shared across Financial Analyst the domains of applications through federated identity, which is about identity informa- Joan LaRose tion across security domains. Heterogeneous applications will have interactions through Accounts Payable Betty White Registry either Web Service requests or browser requests. While Web Service requests follow the WS-Security and WS-Trust standards, browser requests follow on how the service mes- Identity Solution sages are secured and encoded with Http messages to transport among the resources. While Web Services use is now predominant in many enterprises across domains using different protocols, the security of the Web Services is debatable, consequently federated SUBSCRIPTIONS identity management implementation for the integrated environment of various ap- SUBSCRIBE@SYS-CON.COM 1-201-802-3012 or 1-888-303-5282 plications across domains using Web Services has become a hot topic for the reference For subscriptions and requests for bulk orders, architectural framework. please send your letters to Subscription Department Cover Price: $6.99/issue Federated identity management should do authentication, authorization, auditing, Domestic: $99/yr (12 issues) reporting, and upstream and downstream session management. Security Token Service (U.S. Banks or Money Orders) (STS) implements the protocol for message formats and message exchange patterns as defined in the WS-Trust specification and WS-Secure Conversation will allow multiple Security Token Service requests. The main challenge is how to federate identity and es- For list rental information: tablish connection in domains when multiple applications are in different domains. We can have independent security authentication using separate Security Token Services for Kevin Collopy: 845 731-2684,; Frank Cipolla: 845 731-3832, The open source SOA company each of the applications and each of the services, which involves sets of repeated activi- SYS-CON Publications, Inc., reserves the right to revise, republish and authorize its readers to use the articles ties. To minimize the effort of using multiple Security Token Services, we’ve identified submitted for publication. and proven the architecture, which will have one Security Token Services Server called a Master Security Token Services Server. This will reduce the replication of management credentials and provide robust security since it’s a centrally monitored server. 6 JANUARY / FEBRUARY 2009 JANUARY /FEBRUARY 2009 7
  5. 5. WEB SERVICES WHERE Proposed MSTS Framework Figure 1 shows a reference architecture for managing the secu- will YOU be on June 2? rity of Web Services in a heterogeneous enterprise environment. It’s common for organizations to have multiple domains and for each domain to have a separate Security Token Service Server. It creates a lot of complexity if these systems have to interact with each other securely. In the context of Service Oriented Architec- ture, we use WS-Security and WS-Trust specifications to secure these services. These services will also make use of a Security Token Service from each realm/domain. This will also create a lot of complexity since every STS in one realm/domain has to issue tokens to STS in other domains. In the architecture proposed below, MSTS will reduce the complexity by having fewer commu- nication channels. This architecture recommends creating a Master STS that doesn’t belong to any realm/domain in particular. This cen- Figure 1 Master security token service architecture tral STS has to maintain bindings to the other STS from all the realms/domains. Suppose, for example, that a client from domain 3 wants to call a service from domain 2. It can call the Master STS • Jason Baragry. JavaOne Conference | June 2–5, 2009 SM and get a token to make a call on STS 2. Then the client can call jan07(2).pdf. The Pavilion: June 1–4, 2009, The Moscone Center, San Francisco, CA STS 2 and get a token to call the service from domain 2. Only the Master STS has to maintain a trust relationship with all the other • Luciano Baresi, Elisabetta Di Nitto, Carlo Ghezzi, Sam Guinea. A realms/domains rather than the individual realms/domains. This framework for the deployment of adaptable web service compo- The JavaOne conference brings together developers, technology SM way managing the STS will be easy since only the Master STS has sitions. 75-91. enthusiasts, and industry luminaries from around the world. to be changed if any realms/domains are added or deleted. The nals/soca/soca1.html It’s your chance to learn, grow, and network with the vast—and same architecture can be extended to external realms/domains. growing—technology community. You can treat any external realm/domain as another domain. • WS Federation. specification/ws-fed/ This year’s JavaOne conference offers even more opportunity to Conclusion and Future Work grow your language skills. You can: Implementing an MSTS will reduce STS complexity and sim- • Federated Identity. �� Connect with developers from more than 70 countries plify the overall architecture of the enterprise applications. It will tity. help manage STS connections. Going forward, we’re focused on �� Hear from expert speakers on the hot topics you care about identity management with WS-Federation and SAML2.0. We’re • How to: Create a Security Token Service. most, including SOA, cloud computing, and virtualization also planning to work on the persistence of token services. com/en-us/library/ms733095.aspx. �� Choose from a wide variety of targeted tracks, labs, and BOFs References • Web Service Security: Scenarios, Patterns, and Implementation �� Get tips and best practices from JavaOne conference • Shankar_Kambhampaty. Guidance for Web Services Enhancements (WSE) 3.0 Micro- Rock Stars and Java technology creators and evangelists 348235&dl=&coll=GUIDE. soft Corporation. �� Experience JavaFX , RIAs, and other groundbreaking TM aa480557.aspx. . technologies—hands-on in our Pavilion • Nowadays money’s tight. That’s why it’s more important than • Cesare Pautasso and Thomas Gschwind. Emerging Web Services About the Authors ever to attend the one conference that delivers everything you Technology, Vol. II: Wewst 2007, Halle (Saale), Germany, Novem- Gvb Subrahmanyams is an Application Developer, Lead, Project Manager, and Development want to see, learn, and experience—all under one big roof. And ber 2007. Selected Revised Papers; more by Cesare Pautasso and Manager and Delivery Manager in a wide variety of business applications as part of an IT ser- that’s the JavaOne conference. Save $200 more by Thomas Gschwind. vice provider. He has an M.Tech. and a PhD in chemical technology from IIT Kharagpur, India, and an MS in software systems from BITS Pilani. He is also a PMI certified PMP. • Gustavo Alonso, Fabio Casati, Harumi Kuno, and Vijay Machiraju. Save Your Spot—Register Today! Web Services. Amazon. on Conference registration! Srinivas Konduru has about 10 years of experience in developing, designing and architecting By the way, check out CommunityOne, Sun’s conference on • Klaus Aschenbrenner. Implement Secure .NET Web Services with J2EE, SOA-based solutions. Register by April 22 at open-source innovation and implementation, colocated with the JavaOne conference. WS-Security. • Brokered Authentication: Security Token Service (STS). http:// Cosponsors • • dcvtfut/SOA-+og+Web+Services-seminar+2008.pdf. © 2009. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, JavaFX, and JavaOne are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other countries. Information subject 8 JANUARY / FEBRUARY 2009 to change without notice. JANUARY /FEBRUARY 2009 9
  6. 6. TRAINING practices regarding SOA education. Finally we’ll crystallize the tices for adopting SOA identified as standard practices performed return on investment (ROI) delivered by prioritizing SOA education. by “best-in-class” organizations. According to Aberdeen, best-in-class organizations (the top 20% SOA Skills Shortage of aggregate performance scorers) prioritize investments in educa- Multiple experts have recognized the tremendous shortage of tion/training, architecture, SOA middleware and infrastructure, and SOA skills: processes aimed at measuring and tweaking performance. “There is a looming enterprise architect ‘drought’ and a signifi- Correspondingly average organizations (the middle 50% of aggre- cant demand in the marketplace for experienced SOA talent,” said gate performance scorers) tend to make minor investments in SOA ZapThink principal Ron Shmeltze a few years ago. middleware and infrastructure, very little in education/training, “Both SOA and Web Services application development pose and have virtually ignored organizational performance measure- unique challenges to the skills of the department,” the Aberdeen ment metrics for refining the enterprise Group said. The Aberdeen report advises organizations to retrain their de- “There is a shortage of SOA skills in a typical company and velopment teams. “Don’t expect IT to just ‘get it’’when it comes to demand for SOA skills far outstrips the supply,” according to, AMR SOA,” it says. research director Ian Finley a year ago. Furthermore, it also says, “Don’t skimp on training. Even though Then an IBM survey that queried Fortune 1000 CEOs in 2008 SOA applications are similar to earlier distributed architectures that Identify & Achieve ROI with found that 56% said a shortage of SOA skills is the number one you may have experience with, the difference are significant and obstacle to “launching and delivering SOA projects with strong require new approaches to design and develop.” business impact.” Identifying and Achieving a Return on Training Your SOA Training How is it that such a significant gap in skills has existed for so long? First, many people assume that SOA can be learned from Investments books. Second, there’s a lack of awareness regarding the significant Calculating a specific ROI for education is a tricky proposi- value-add that genuine education provides. tion. According to research conducted by UK-based e-Skills and reported in its Q4 2005 ICT inquiry report, only 11% of businesses Learning SOA quantitatively measure ROI for IT spending. Those that do are Why you need a comprehensive and When “learning SOA” the de facto approach tends to be a combi- predominately medium-sized and larger organization in the nation of self-study, sending a couple people to a conference, and technology industry. The vast majority (89%) rely on “informed taking one or two technical classes from a major platform vendor. guesswork” or “personal intuition” rather than any sort of defined well-reasoned education strategy Unfortunately, this results in ill-informed SOA adoption plans, ven- dor-driven architectural designs, and ultimately solutions that don’t process for measuring the productivity returns for technology investments. meet business needs. The lack of historical metrics and ROI tracking for technology To salvage the project, organizations typically pour in addi- initiatives makes crafting a reliable value proposition challenging. BY KYLE GABHART tional resources to try to patch and augment the project, moving If you happen to be one of the minorities of companies that have closer to a successful state. This sort of post-design patchwork this data then you can use that as your baseline for gauging the rarely produces a solution that completely addresses enterprise improvement offered by education. Otherwise, you may need to get needs. Moreover, these solutions tend to be less resilient to creative with how you can articulate the pre-training cost of doing change, resulting in an inability to adapt alongside the changing business and then compare that against a post-training cost of do- organization. ing business. Adopting SOA and a service-oriented approach to business is a non-trivial task. Significant changes must be made in the business Step 1 – Focus your education initiative analysis discipline, solution design and architecture, as well as Regardless of whether you have good historical data to go development, testing, and effective project management. Acquiring on or simply have to use more recent data combined with a solid grasp of methodology as well as developing new skill sets is some educated extrapolations, you’ll need to identify specific crucial for the successful adoption of SOA. The fact is that few orga- metrics that you intend to improve through education. This nizations invest in preparing for the shift that is required in terms of will provide two key benefits: 1) You’ll have objective targets mindset as well as knowledge and skills. to hit, providing you with a means of measuring education success and 2) The education program can be focused to target The Value of Education improvement in the specific areas that are relevant to your The Aberdeen Group released a report in 2007, “SOA Middle- business. Two common focal points include project execution ware Takes the Lead: Picking up Where Web Services Leaves Off” (i.e., ability to deliver on time and on budget) and solution that included its findings in a survey of 400 organizations that had quality (i.e., providing products and/or services with a mini- A adopted SOA over a period of 18 months. It identified key best prac- mal number of defects). n ancient Chinese proverb says, “Tell me and I forget. business’s needs. The next step is either to scrap the initiative or Show me and I remember. Involve me and I understand.” pour more time and money into patching the solution to bridge the chasm that could have been avoided with a more complete “Business-driven, results-oriented SOA training can mean For many people, even entire organizations, the approach to education seems to be along the lines of learning understanding of the domain and the implications and strategies surrounding service orientation. the difference between a SOA adoption initiative that meets leadership expectations and one that does not” facts, figures, details, tools and standards. This results in a shallow In this article, we’ll unpack the challenges facing organizations understanding of both the business problem and the new Service that adopt a service-oriented enterprise strategy with a special Oriented Architecture (SOA) strategies available for addressing the emphasis on the importance of training. We’ll then examine best 10 JANUARY / FEBRUARY 2009 JANUARY /FEBRUARY 2009 11
  7. 7. TRAINING REPRINTS! Content Management Interoperability Services—Driving the Evolution of ECM Step 2 – Select a measurable metric One approach would be to calculate project overruns due to By Razmik Abnous poor analysis and design (a key target of SOA education). Another approach would be to calculate the cost of service defects and/or Coping with the information exaflood service refactoring with an eye toward improving the quality of ser- Despite the prevalence of content management technology, vices and processes post training (cutting these costs by 20%-40% is managing unstructured digital information—information not a reasonable target objective). in databases—remains a tremendous challenge for most Many of our clients find that one effective and reliable approach enterprises. Industry research estimates that as much as 90 is to aim for a measurable improvement in knowledge and practical percent of unstructured information goes unmanaged. skill sets. This sort of analysis can be achieved through administer- ing pre-training tests, post-training tests, and then a third evalua- tion six weeks later to gauge the applicability of the education from Moreover, the volume of information that needs to be man- a practical implementation perspective. aged continues to grow at an alarming rate. In 2006, the world created, captured, and replicated more than 150 exabytes of Step 3 – Have test pilots take the lead digital information. Projections indicate that by 2011 we’ll be Prior to a major education rollout, it’s important to have a select creating 1,800 exabytes annually. Bret Swanson, senior fel- group of personnel serve as test pilots for the training. Ideally, low at the Discovery Institute, calls this trend, “the exaflood.” this group should be senior-level, very involved in the adoption of SOA and perhaps even participants within the organization’s SOA The challenge of disparate content repositories Center of Excellence (CoE). While taking the training, this group can So, on the one hand, we have a huge volume of unman- Multiple content repositories are accessible look for opportunities to tweak terminology, refine examples to be aged, unstructured information. On the other, we have per- from the same applcation via CMIS more relevant to the organization, and otherwise tailor the course content to more accurately reflect the motivations for adopting SOA haps 10 percent of unstructured information in enterprise The specification currently provides for two protocol bind- and ensure that the ROI metrics (identified earlier) are achieved. content management (ECM) systems. Unfortunately, that 10 ings, one based on Simple Object Access Protocol and the percent is not likely to be in the same ECM repository. other on Representational State Transfer and Atom Publish- Step 4 – Put governance gates in place ing Protocol. They provide a lightweight, loosely coupled re- Identifying your ROI objectives is only half the battle. You also For a variety of legitimate reasons, businesses often de- pository interface, independent of the underlying platform, need to establish checkpoints along the way to evaluate the prog- ploy different ECM systems. But, whatever the reason, the programming language, or transport protocol. ress and ensure that you are on target. Recommended governance outcome is the same. Essential business content ends up gates include a preliminary check prior to the first course delivery, locked in separate, application-specific repositories that CMIS: setting the stage for next-generation ECM another check after the first course, and then periodic checks every three-six weeks. Finally, there should be some major milestone make information sharing difficult. Moreover, application de- CMIS is an elegant, simple approach to content interoper- (the third or fourth month is generally good) during which a more velopers invariably build separate ecosystems around each ability. Once the standard is approved, existing repositories comprehensive analysis and adjustment is performed. At each of repository. Thus an organization ends up with multiple in- can be made CMIS compliant with a simple, vendor supplied these steps, the education program should be evaluated and tuned vestments in discrete environments, greater maintenance software download. For the enterprise with multiple content to ensure that it is targeting the right content at the appropriate costs and management overhead, and a loss of business management systems, this means all its repositories become degree of depth. Additionally, information from the field should be flexibility. Or as one Gartner analyst described it, “a mess.” accessible and interoperable without expensive custom inte- folded back into the education program to ensure that the training gration. For developers and independent software vendors, program is timely and relevant. When the going gets tough, the tough propose a standard new applications that are coded to the standard will enjoy To deal with this “mess”—the IT burden of multi-vendor, a substantially broader market. The CMIS standard willl: Summary multi-repository environments—EMC, IBM, and Microsoft Business-driven, results-oriented SOA training can mean the difference between a SOA adoption initiative that meets leadership joined forces in developing a specification that uses web • Improve user access to content from any application expectations and one that does not. Too often, SOA training focuses services to share information among different content re- • Enable one application to access multiple CMIS-compli- on teaching vendor tools or simply providing academic facts and positories. Other leading ECM providers including Alfresco ant repositories details regarding SOA and related technology standards. If you Software, Open Text, Oracle, and SAP also contributed to • Support workflows and business processes that span truly want to change your enterprise for the better through service this effort. The result is Content Management Interoper- different ECM systems orientation, you need a comprehensive and well-reasoned educa- ability Services (CMIS), a draft specification that has been • Reduce application development costs tion strategy. That strategy should be business-driven and include submitted to OASIS (Organization for the Advancement of • Expand the market for content-enabled applications objective, quantifiable metrics. Make 2009 your year to achieve ROI Structured Information Standards) and subjected to its rigor- • Protect future investments in applications and reposi- from your SOA education program. ous standards vetting process. tories • Define a technology independent standard About the Author Kyle Gabhart is a subject matter expert specializing in service-oriented technologies and CMIS will augment existing ECM systems and their appli- currently serves as the SOA Solutions Director for Web Age Solutions, a premier provider of cation interfaces. The specification focuses on basic con- EMC, IBM, and Microsoft recognize that the Internet and technology education and mentoring. Since 2001 he has contributed extensively to the SOA contact tent management capabilities—create, read, write, delete, the Web now provide mainstream technology for informa- community as an author, speaker, consultant, and open source contributor. MEGAN MUSSA and query. Content Management Interoperability Services tion delivery. CMIS is a first step in guiding the ECM indus- tel 201-802-3024 defines these capabilities as simple, generic functions for try toward the creation of a flexible application development managing content regardless of the underlying platform or paradigm that can leverage this technology. storage mechanism. It connects repositories through a ser- vice-oriented interface, as shown in the following illustration. 12 JANUARY / FEBRUARY 2009 JANUARY /FEBRUARY 2009 13 Advertorial
  8. 8. BOOK EXCERPT order to avoid the negative coupling types. The following sections briefly describe common types of coupling. All are consid- Web Service Contract Design & ered negative coupling types, except for the last. Contract-to-Functional Coupling Versioning for SOA Service contracts can become dependent on outside business processes, especially when they are coupled to logic that was de- Contracts must adhere to design principles signed directly in support of these process- es. This can result in contract-to-functional coupling whereby the contract expresses characteristics that are specifically related to the parent process logic. BY THOMAS ERL, ANISH KARMARKAR, PRISCILLA WALMSLEY, HUGO HAAS, L. UMIT YALCINALP, KEVIN LIU, DAVID ORCHARD, ANDRE TOST AND JAMES PASLEY Contract-to-Implementation Coupling When details about a service’s underly- I ing implementation are embedded within t’s always good to get an idea of the big picture before diving Increased Vendor Diversification Options a service contract, an extent of contract-to- into the details of any technology-centric topic. For this reason, For a service-oriented architecture to allow on-going vendor implementation coupling is formed. This we’ll take the time to briefly mention the overarching goals and diversification, individual services must effectively abstract pro- negative coupling type commonly results benefits associated with service-oriented computing as they prietary characteristics of their underlying vendor technology. The when service contracts are a native part of relate to Web Service contract design. contract remains the only part of a service that is published and the service implementation (as with com- Because these goals are strategic in nature, they are focused on available to consumers. It must therefore be deliberately designed ponent APIs) or when they are auto-gener- long-term benefit — a consideration that ties into both the design to express service capabilities without any vendor-specific de- ated and derived from implementation and governance of services and their contracts. An understanding tails. This extent of abstraction allows service owners to extend resources, such as legacy APIs, components, of these long-term benefits helps provide a strategic context for or replace vendor technology. Vendor diversification is especially Figure 1: and databases. many of the suggested techniques and practices in this guide. attainable through the use of Web Services, due to the fact that they Here’s the basic list of the goals and benefits of service-oriented are supported by all primary vendors while providing a non-propri- not all of these principles. Let’s first intro- Service Discoverability – “Services are sup- Contract-to-Logic Coupling computing: etary communications framework. duce their official definitions: plemented with communicative meta data The extent to which a service contract is by which they can be effectively discovered bound to the underlying service program- • Increased Intrinsic Interoperability Increased Business and Technology Standardized Service Contract – “Services and interpreted.” ming logic is referred to as contract-to-logic • Increased Federation Domain Alignment within the same service inventory are in coupling. This is considered a negative • Increased Vendor Diversification Options The service layers that tend to yield the greatest gains for service- compliance with the same contract design Service Composability – “Services are effec- type of service coupling because service • Increased Business and Technology Domain Alignment oriented environments are those comprised of business-centric standards.” tive composition participants, regardless of consumer programs that bind to the service • Increased ROI services (such as task and entity services). These types of services the size and complexity of the composition.” contract end up also inadvertently forming • Increased Organizational Agility introduce an opportunity to effectively express various forms of Service Loose Coupling – “Service contracts dependencies on the underlying service • Reduced IT Burden business logic in close alignment with how this logic is modeled impose low consumer coupling require- Each of these design principles can, to logic. and maintained by business analysts. ments and are themselves decoupled from some extent, influence how we decide to A Web Service contract can be negatively Although it might not be evident, service contract design touches This expression is accomplished through service contracts and their surrounding environment.” build a Web Service contract. With regards coupled to various parts of the underlying each of these goals to some extent. it is considered so important that entire modeling processes and to the topics covered in this book, the fol- service implementation. Let’s explore how. approaches exist to first produce a conceptual version of the service Service Abstraction – “Service contracts lowing principles have a direct impact. contract prior to its physical design. only contain essential information and in- Contract-to-Technology Coupling Increased Intrinsic Interoperability formation about services is limited to what Standardized Service Contract When the contract exposed by a service is For services to attain a meaningful level of intrinsic interoper- Strategic Benefits is published in service contracts.” Given its name, it’s quite evident that bound to non-industry-standard commu- ability, their technical contracts must be highly standardized and The latter three goals listed in the previous bullet list represent this design principle is only about service nications technology, it forms an extent of designed consistently to share common expressions and data mod- strategic benefits that are achieved when attaining the first four Service Reusability – “Services contain and contracts and the requirement for them contract-to-technology coupling. Although els. This fundamental requirement is why project teams often must goals. We therefore don’t need to map the relevance of service con- express agnostic logic and can be posi- to be consistently standardized within the this coupling type could be applied to the take control of their Web Service contracts instead of allowing them tracts to each of them individually. tioned as reusable enterprise resources.” boundary of a service inventory. This design dependencies associated with any propri- to be auto-generated and derived from different sources. If we take the time to understand how central service contract de- principle essentially advocates “contract etary technology, it is used exclusively for sign is to the ultimate target state we hope to achieve with service-ori- Service Autonomy – “Services exercise a first” design for services. communications technology because that is Increased Federation ented computing in general, it’s clear to see why this book was written. high level of control over their underlying Service-oriented computing aims to achieve a federated service runtime execution environment.” Service Loose Coupling endpoint layer. It is the service contracts that are the endpoints in Service-Orientation and Web Service Contracts This principle also relates to the service this layer, and it is only through their consistent and standardized To understand SOA is to understand service-orientation, the Service Statelessness – “Services minimize contract. Its design and how it is architec- design that federation can be achieved. This, again, is a goal that is design paradigm that establishes what is required to create software resource consumption by deferring the turally positioned within the service archi- supported by the ability of a project team to customize and refine programs that are truly service-oriented. management of state information when tecture are regulated with a strong empha- Web Service contracts so that they establish consistent endpoints Service-orientation represents a design approach comprised of necessary.” sis on ensuring that only the right type of within a given service inventory boundary. eight specific design principles. Service contracts tie into most but content makes its way into the contract in Figure 2: 14 JANUARY / FEBRUARY 2009 JANUARY /FEBRUARY 2009 15