Pervasive Computing. Is the Next Big Thing Finally Here?’ Continued

May 2002

The Journal of Web Service & Component Based Business

Long ago we formed the opinion that we are on an Pervasive evolutionary journey, which is likely to be measured in decades. This journey commenced in the mid Computing - nineties with thinking on how we componentized software, and continues today with web services. The Next Big And surprise, surprise, web services will not be the end of the technology journey, and understanding Thing? the underlying component-based principles and how they impact on current practices, allows you to predict where we go next.

It is quite easy to dismiss web services as simply message interaction protocols that are a thin layer on top of existing products inside and processes. Indeed many vendors are guilty of exactly this Pervasive Computing. practice. However the successful (vendors and users) will be those Is the Next Big Thing Finally 2 that search out the real opportunities. It's important to start exploiting Here? by Lawrence Wilkes web services; they are not just another adapter or interface WS-Security - technique. Smart vendors and users will do new things such as Practical Response for blurring the boundaries between development and execution and Web Service Architects 9 taking advantage of self-discovery. by Richard Veryard Very soon however, web services as a separate concept will actually Tools For Service disappear. They won’t however get superseded and replaced like so Oriented Architectures 14 many other technologies. In the same way that (the vast majority of by Jonathan Stephenson us) don’t give any consideration to telephone wire and transport protocols, we won’t be concerned with web services protocols. Product Report - Wilde They become part of the infrastructure that we reply upon and the Technologies Architecture 22 core concepts will continue to evolve. Implementation Platform Vendors are already doing quite a good job of hiding the underlying Product Report - protocols. What we all have to learn is how to take a service oriented ObjectVenture’s approach. For example learning how to provide and work with ObjectAssembler - 26 SLA’s and contracts. But within a couple of years at most, (no prefix) Standards Based Pattern services will have entered the vocabulary, and everything will be Management delivered as a service. At that stage there will be another set of Product Report - “new kids on the block” that take us onto the next stage of development. But the underlying principles will persist and evolve. Next Generation EAI, 29 A Update on Grand continues... Central Communications ‘Pervasive Computing - The Next Pervasive Big Thing?’ continued... In our first major report this month we suggest that Computing. the next big thing will be pervasive computing. Whilst this has been predicted for years, all the signs are that there will be a convergence of open technologies Is the Next Big based on web services, together with the essential economic recovery that will see vast numbers of devices providing alternative, and sometimes the Thing Finally Here? basis for superior business models. In the first of two reports on this subject we examine the business requirement and question whether this is a repeat of a By Lawrence Wilkes neat technology that is looking for a problem to solve, or whether there's real substance here. In part II of this report next month, we will take a look at The pervasive computing vision programming models and technology infrastructure for pervasive computing provided by the major has been around for some time platform vendors. now. After a long period of In other reports this month: gestation it appears the technology ● We look at the recent WS-Security announcement from IBM, Microsoft and Verisign infrastructure is finally falling into and comment on how architects and web place. But is this still a solution cbdiforum.com service engineers can make a practical response to this. looking for a problem, or is the ● We examine the burgeoning web services tools time right to at least start planning market and try to make sense of this. for pervasive computing? ● Plus we have a number of interesting product reports that provide excellent practical examples of how the industry is providing automated “TOASTER: Howdy doodly do! How’s it going? support for components and web services. I’m Talkie – Talkie Toaster, your chirpy breakfast www. David Sprott [email protected] companion. Talkie’s the name, toasting’s the game. Anyone like any toast? LISTER: Look, I don’t want any toast, and he doesn’t want any toast. In fact, no one around here wants any toast. Not now, not ever. NO TOAST. TOASTER: How ‘bout a muffin? LISTER: OR muffins! OR muffins! We don’t LIKE muffins around here! We want no muffins, no toast, no teacakes, no buns, baps, baguettes or bagels, no croissants, no crumpets, no pancakes, no potato cakes and no hot-cross buns and DEFINITELY no flapjacks! TOASTER: Aah, so you’re a waffle man!”

The Talkie Toaster from RED DWARF Season IV Episode 4, “White Hole”, by Rob Grant and Doug Naylor

2 © CBDi Forum Limited, May 2002 The idea of pervasive computing sometimes worries dialoguing with each other on our behalf. The telecoms me. The idea of always being connected, and hence sector in particular is desperate for us to connect available, has as many negative connotations for the everyone and everything having invested so much in individual as it does positive, whilst the notion of the enabling infrastructure - or at least licenses for it. ‘intelligent’ devices could easily get out of hand – Because the vision has been portrayed for so long now sidebars on Pages 2 and 5. Do I really want my it can seem more like science fiction, however the refrigerator alerting me in the middle of a meeting to reality is that not only is the infrastructure now in place, make a decision on whether to order more frozen peas? but the devices too are readily available. Furthermore, Yet the industry continues to try convince us that and perhaps most importantly, this is no longer an pervasive computing is the next big thing, and putting expensive early adopter market. As illustrated below, humor and social implications aside, there clearly is you can put broadband and a wireless network in your value in being able to involve employees and customers home for a couple of hundred dollars, address even in business processes regardless of place or time, or individual light bulbs with X10 technology available off have applications on smart devices automatically the shelf in the DIY store, or even buy a whole range of

continues...

Figure 1: Pervasive Technologies Images courtesy of BMW, Compaq, Fujitsu, Handspring, LGE, Netgear, Pace, RIM, Sendo

3 © CBDi Forum Limited, May 2002 ‘Pervasive Computing. Is the Next Big Thing Finally Here?’ continued...

Technology Availability Impact

GPRS - General Packet Radio Rolling out now Always on Service - so called 2.5 generation Most new mobile phones and Still slow, but useful for alerts, mobile telecoms devices available with GPRS simple transactions capability UTMS – Universal Mobile Very limited trials Adds high bandwidth. More Telecommunications System. relevant to delivering content than So called 3rd generation mobile enabling e-business telecoms IEEE 802.11x - Wireless Moving out from offices to shop High bandwidth, always on. No Networking standards and factory floor, and now into telecoms charges public places. However, home use Involve employees in real-time very limited so far. business process regardless of Gaining popularity in USA public location in premises places. BT plan availability in 200+ UK public places by 2003, similar to US (A)DSL - (Asymmetric) Digital Widespread in many countries Delivers always on, high bandwidth Subscriber Line. Broadband to SME and home users Internet RFID - Radio Frequency Widespread Automated physical product Identification management X10 Widespread, though little Home and device automation implementation outside US. Older technology. Possibly replaced by Simple Control Protocol (SPC) recently adopted by Microsoft XML Web Services Widely available, but protocols that Provides the protocols to enable add reliability and security still applications to interoperate developing regardless of underlying technology

Table 1: Infrastructure Technology

Internet enabled household devices such as washing computing industry is not making the technology machines, microwave ovens and refrigerators from LG available, but users implementing applications that take and others. On the other hand, devices that blend PDA, advantage of it. XML Web Services will play a major part Mobile phone and wireless networking are now available, in this. Having a standard protocol that is independent whilst GPRS, DSL and 802.11b Wi-Fi protocols mean of the underlying technology provides an important cbdiforum.com employees and customers can be permanently layer for applications to talk to each other regardless connected. Digital TV delivers interactive shopping into of the device or communications mechanism. the living room, whilst the latest automobiles phone up the manufacturers for diagnostics. Pull all these strands Sectors together, and perhaps the time is now right to consider So where could you apply pervasive computing, and pervasive computing more seriously. what options makes sense today? Though the notion But as is so often, this is a chicken and egg situation. might be ‘pervasive’ it makes sense to divide the Installing the devices and infrastructure shown in market into sectors to consider different opportunities. Table 1 is one thing, but having something for them to Useful segmentation might be: www. do is another. The compelling event for the pervasive

4 © CBDi Forum Limited, May 2002 inter 1. B2E - Employee Enablement E-Commerce Process. As well as obvious use of The simplest option is to exploit the availability of devices to browse and buy products, this can be new devices that integrate PDA and communications extended via devices to keep customers involved in to keep in contact with employees and involve them the whole e-commerce process right up to the point in business processes regardless of place or time. of delivery. Carriers as well as retailers can inform For example: customers of impending deliveries or involve them in decisions – such as when is it a suitable time to Sales/Field force automation. This can be seen as deliver. an evolution in the process of equipping employees with mobile phone and laptop computers. The cost Mobile Commerce. Mobile phones will increasingly justification for this should be straightforward, be used for a variety of mobile commerce applica-

particularly as in some respects the technology tions. This is not just ‘traditional’ e-commerce via a act acquisition costs are declining, making it easier to mobile phone, but new models such as micro-pay- justify providing a greater number of the workforce ments. Using vending machines or paying car park with access. Organizations can put this in place now. charges via mobile phones is already real.

Office, Shop and Factory Floor. Mobile does not 3. B2C - The Automated Home just mean those staff that are frequently out of the The ‘house of the future’ seems to be permanently office, but also those who are not tied to a desk but just around the corner. Always looking like something are out on the shop or factory floor. The use of from the set of a science-fiction movie, reality never wireless networking together with various hand-held seems to quite turn out like the show homes from devices such PDA, or coming Tablet PCs, should World Fairs and other showcases, for example from make them more productive, and able to participate IT vendors such as Microsoft and others. However, regardless of location on the premises. Again, the home of today can easily be brought into the organizations can put this in place now. digital age, This can be seen as an alternative 2. B2C – Customer Enablement approach in the customer enablement process, Whilst the same technology and applications for integrating e-commerce and other processes into employees can also apply to customers, their their home. For example: adoption is outside the control of the providing Digital TV. Interactive shopping should be one of the organizations. Though you cannot force your key opportunities here, but so far it has not been customers to buy PDAs or other devices, you can very successful. The temptation is to use digital TV however make it more attractive for those that do, set top boxes as a living-room PC, whereas they using it perhaps for competitive advantage at this should try to do something different that exploits the stage. Usage by customers will more likely come via media better. Instead of presenting an experience the next generation of smart mobile phones rather that looks too similar to e-commerce via a PC than full blown PDAs, though take up will be very browser, organisations involved should perhaps dependent on price. Usage includes: continues...

“Hello,” said the elevator sweetly, “I am to be your There was a moment of silence. elevator for this trip to the floor of your choice. I “Down's very nice,” suggested the elevator have been designed by the Sirius Cybernetics hopefully. Corporation to take you, the visitor to the Hitch “Oh yeah?” Hiker’s Guide to the Galaxy, into these their offices.” “Super.” “Yeah,” said Zaphod, stepping into it, “what else do “Good,” said Zaphod, “Now will you take us up?” you do besides talk?” “May I ask you,” inquired the elevator in its sweet- “I go up,” said the elevator, “or down.” est, most reasonable voice, “if you’ve considered all “Good,” said Zaphod, “We’re going up.” the possibilities that down might offer you?” “Or down,” the elevator reminded him. Douglas Adams, The Restaurant at the End of the Universe “Yeah, OK, up please.”

5 © CBDi Forum Limited, May 2002 ‘Pervasive Computing. Is the Next Big Thing Finally Here?’ continued...

better integrate it into the TV experience such as demonstrated a ‘pay per use’ option in their Dialogic Interactive adverts that don’t require the user to drop Kitchen equipment range, or to supermarkets and out of their favorite programming, providing simple other retailers, for example providing a shopping ‘click to buy one now’ options that can capitalize on basket Web Service (e.g. Tesco.com are implementing impulse buying. this) that talks directly to the self-restocking refrigerator (e.g. LGE Home Network). Internet Appliances. The household appliance that can be connected to the Internet is reality, though 4. The Automated Office/Factory perhaps currently more confined to the upper end of Automated devices are not just the domain of the the market. However, the cost of adding Internet home of course – though ultimately this is the biggest capability is now relatively small (for example via a opportunity. Their use in the office, store, or factory low footprint, open source Java approach) where the is just as applicable. In some respects this is already device already has some ‘intelligence’ in it’s control widespread, though typically not using the program or UI, and it is likely that the next generation technologies discussed here. Currently, more likely to of household devices will increasingly incorporate be some non-Internet based or proprietary protocols the functionality by default, whether users choose to being used for factory or warehouse automation connect it or not. As well as obvious diagnostic and Tagging. Use of RFID is widespread in areas such as maintenance uses that reduce servicing time and logistics, and is growing rapidly. As costs fall, RFID costs, there are new opportunities for the device could spread beyond warehousing and shipping, and manufacturers, for example Melloni have

Provider Other User Sector Technologies Challenges Justifications Justifications

B2E – Field Force Business Process Integrated 2.5G Not always Automation Integration Security PDA able to on-line Real-time access to remote Reduction of tire- support local information some household apps, and off-line Productivity tasks working B2E – Office, Decision making Wireless Shop, Factory Location based services Floor B2C – Customer Improve service to 2.5G Not always enablement customer on-line Involve customer in process Transaction Location based services integrity without creating technology dependency B2C – Automated Increase e-commerce reach Broadband Home Automated e-commerce X10/SPC cbdiforum.com Reduce servicing costs Home Networking Automated Business Process Wireless Factory, office Automation Networking Improve integrity, accuracy RFID and timeliness of information Automotive Reduce service costs Navigation 2.5G Location based services Wireless www.

6 © CBDi Forum Limited, May 2002 inter into the store and home, providing seamless tracking companies charging on actual usage (including location, of products right across the supply chain. weather conditions, driver, etc) rather than blanket coverage might see pervasive computing devices fitted 5. Automotive. to automobiles sooner rather than later, to collect and Several automobiles, again mainly at the upper end feedback the relevant information. These types of of the market, now feature sophisticated on-board initiatives will at least start to drive the necessary computers that can connected via the Internet. infrastructure for pervasive computing into every home, Maintenance. Useful again for diagnostics and automobile and location. maintenance Those in employment might also find that the investment Location Based Services. Imagine the in-car in devices needed for pervasive computing is borne

mapping system not just locating nearby gas stations, by their employees. The PDA’s and other mobile act but also showing their pump prices too. devices provided by employers are likely also to be used in a personal context. This could accelerate Some sectors of pervasive computing have a straight- adoption in some areas. forward justification, such as B2E where the costs, implementation timeline, and technology decisions are As such, for many organizations the adoption of relatively controllable. But having been bitten once with pervasive computing at least in the short to medium the vision of e-commerce, organizations will be wary of term will be inward looking as in scenarios 1 and 3 technologies that promise to change the lives of their above. Unless you are a vendor with a motive to kick customers. But therein lies the rub. As computing start adoption in scenarios 2 and 4, you will find it technology increasingly invades our lives, suddenly the much easier to justify projects based on internal cost infrastructure for pervasive computing will be there. And savings via automation of business processes for when it all clicks into place, who is going to be most example, or improving employee productivity by making prepared? You or your competitors? information available to them anywhere, anytime. You might be tempted to look at external opportunities with Adoption customers, but this is likely to require your organization Adoption in these sectors will occur at different rates. takes a long-term investment view. The transition will take much longer, probably decades before computing will become truly pervasive. Few Application Considerations homeowners will upgrade their household equipment As well as making decisions on which device and just to take advantage of home automation, and will communications infrastructure to be used, there are wait instead for the normal cycle of replacement. No several considerations organizations need to make one is going to buy a new car just because it has a when implementing applications for pervasive Windows powered dashboard. computing, as follows,

However, in certain areas it is possible the take up Context could be quite swift, particularly if external forces such Organizations, or more correctly the services they as governments force the change. An example of this is provide via applications, will need to deal with many Digital TV where broadcasters will subsidize the different contexts within which the devices or the users hardware cost in return for content subscriptions, and of pervasive computing are operating. This also applies governments still eager to sell the airwaves used by of course to the device manufacturer, who needs to television and radio will attempt to force the switch. understand where their device might need to operate in The next generation of digital TV set top boxes from multiple contexts. For example, does the behavior of an companies like Pace Micro and Microsoft will have application vary based on the following, much wider application, moving beyond simple TV ● Location – Provision of location based services, reception to add technologies like broadband and ● Device – What capabilities does the device have? wireless networking, becoming more of a ‘home E.g. Local storage, processing power, UI and gateway’ that ushers in the long awaited convergence presentation, communications support. of broadcasting and telecoms. ● User – Is the user operating the device in a Similarly, the introduction of road charging by business or personal context? Users are not likely governments to reduce congestion, or insurance continues...

7 © CBDi Forum Limited, May 2002 ‘Pervasive Computing. Is the Next Big Thing Finally Here?’ continued...

to duplicate mobile devices for separate business Part II and personal usage. However, home appliances In part II of this report we take a look at programming are more likely to be used only in a personal models and technology infrastructure for pervasive context. computing provided by the major platform vendors. ● Communications – what different communications In the meantime, here are some interesting links to technologies are supported? Is moving between pervasive technologies that background context, and/or them seamless. Can the device and/or application demonstrations of usage. function off and on-line? ● Ericsson and Electrolux e2Home – Intelligent home Transactions project - http://www.e2-home.com/ Pervasive computing and the diversity of devices and ● communications technologies exacerbate the existing GSM World – Mobile communications technologies problem of delivering transaction integrity across the such as GPRS and UTMS - Internet. In the medium term, wider use of Web Service http://www.gsmworld.com standards will reduce the problem. In the meantime, ● LG Home Network – Internet enabled home organizations will have to implement proprietary appliances - http://www.lge.com/c_product/h_ technology, such as guaranteed message delivery to network/index.shtml improve transactions, though the technology ● Microsoft Automotive - dependency this creates will limit the contexts in which http://www.microsoft.com/automotive/ it can be used. It would be fine for example in B2E where there is control over the infrastructure, but less ● Pace Micro – Digital TV and useful in B2C situations. Home Gateway technology - http://www.pace.co.uk/networked-home/index.asp Programming model Whilst the use of Web Services will reduce the ● Texas Instruments - Tiris RFID - cbdiforum.com technology dependency between devices, they do not http://www.ti.com/tiris/default.htm solve the challenge of deployment of code to those ● Vodophone - Future Vision - devices. Organizations wanting to deploy applications http://www.receiver.vodafone.com/ to devices, perhaps to support off-line working or provide local intelligence will need to consider a diverse Lawrence Wilkes [email protected] range of programming models and technologies on offer. Some devices can support alternative programming models, and host additional infrastructure technologies that increase the options available to developers. We www. will consider this in detail in part II of this report.

Transition The challenge for most will be managing the transition to pervasive computing. Not just dealing with the new technologies, but also in coping with the fact that it will not be quite as pervasive as desired. For a considerable time, the reality of ‘Anywhere, anytime’ is more likely to be ‘some places, sometimes’. As such applications cannot just expect the device to seamlessly move between different communications networks, but must also be designed to provide an off-line mode of working too via queuing and caching, synchronization and replication mechanisms. This will be less than ideal – for example creating demands for more powerful local devices than would be necessary if only on-line behavior was required – but it will be reality.

8 © CBDi Forum Limited, May 2002 Management Summary WS-Security - IBM, Microsoft and Verisign have joined forces to develop and promote a new architecture for web Practical service security. Its purpose is to enable a variety of web service implementations to securely interoperate in a platform- Response for Web and language-neutral manner, and to ensure the integrity, confidentiality and security of Web services. Service Architects It makes three important claims: ● That it defines a comprehensive Web service security model that supports, integrates and By Richard Veryard unifies several popular security models, mechanisms, and technologies (including both symmetric and public key technologies). In a significant announcement ● That it describes a set of specifications and last month IBM, Microsoft and scenarios that show how these specifications might be used together. Verisign addressed the number ● And that it brings together formerly incompatible one issue that most organizations security technologies. have with web services - security. In this report, we review these claims, and discuss how web service engineers can make practical use of this The trio published a new security new architecture. services specification for web Given that the architecture is being released in phases, services interoperation, that we also consider whether companies can do anything useful with it straightaway. Does it make sense to provides a modular, flexible implement this architecture piecemeal? Or is it simply to provide a basis for companies to plan ahead? framework based approach to security. Clearly this will take time The security challenge of web services inter One of the key enablers for the exploitation of web to work through; so what do you service technology is security, and the CBDi Forum has do right now? accordingly paid considerable attention to this topic. While some vendors seem to regard security as an add- on – to be simplistically provided by some additional “security” features – the Forum sees security an essential part of base interoperability.

Furthermore, we expect this view to prevail within WS-I – although it is still early days for this organization. act Response by industry leaders – “a comprehensive model” The web services security Architecture represents a combined initiative by IBM, Microsoft and Verisign to provide a framework for web service security, as a convergence of IBM’s and Microsoft’s SOAPsec note to the W3C and Microsoft’s inclusion of WS-Security and WS-Licence as an element within its WS-Architecture.

continues...

9 © CBDi Forum Limited, May 2002 ‘WS-Security - Practical Response for Web Service Architects’ continued...

Some web service experts have already dismissed this 2 A set of specifications, which address various initiative as little more than a standardized way to subsets of the risk analysis. The first specification describe security within custom SOAP headers. has been released, “WS-Security”, which addresses However, the declared intention of this initiative is the security of the base messages. very much larger than this, since it is billed as “a 3 Application notes for each specification, which help comprehensive model of security functions and developers develop these technologies. Application components for web services” aiming to integrate notes for WS-Security are currently in draft. currently available processes, technologies, and 4 A set of interoperability profiles, which show how standards with the evolving security requirements of the specifications can be composed. These profiles future applications. will define the risks addressed. The goal is to develop a set of unifying concepts, 5 A set of scenarios, which illustrate selected risks spanning both technological and business aspects of and sketch how they are addressed by the security, providing coordinated support for everyone in specifications and interoperability profiles. A small the software supply chain – including platform vendors, number of simple scenarios are included in the white application developers, network and infrastructure paper already published. providers, and customers. The starting point is primarily 6A roadmap, showing how all the parts will fit technological, addressing secure messaging – this will together. This is contained in the white paper, but subsequently provide the basis for business process without any indication of timescale. security issues, such as policy, risk and trust. The specifications are extensible frameworks – don’t We have little doubt that these are genuine aspirations contain MUSTs and SHOULDs – these go into the for the security experts within IBM and Microsoft. interoperability scenarios/profiles. Notwithstanding the sincerity and commitment of the vendors, the key question facing the industry is – how Component-Based Security much safety will this initiative actually procure, what

cbdiforum.com The web service security architecture and roadmap can kind of safety and within what timescale. be regarded as an exercise in what we might call component-based security, appealing to the following Elements and Structure principles of componentry. There are six key elements to the web service security ● Solution assembled from components or architecture. “building blocks”. 1 A comprehensive risk analysis for the security of ● Requirements decomposed into discrete web service. This has not been released. Subsets of component specifications or “responsibilities”. the risk analysis will be contained in each ● Interoperability of components from multiple www. interoperability profile (see below). sources ● Separation of specification from implementation. ● Possibility of substituting components with the same specification or interface. ● Possibility of iterative development, with phased implementation and deployment

Does this set of principles make sense for security? The following sections consider the implications of a component- based approach for security in some detail.

Figure 1: Current/proposed specs Building on the SOAP Foundation

10 © CBDi Forum Limited, May 2002 Abstraction The building blocks of a security solution may be The architecture aims to establish a common level of software products – but of course they may also be abstraction at which the diversity and heterogeneity of managed services. This would of course be entirely rival security devices and mechanisms disappears. This appropriate for a web service security solution – but is the basis for the claim to “bring together formerly that means that all of the web service security incompatible security technologies”. requirements apply equally to the security elements of Thus it should be possible to specify security the solution themselves. requirements and policies (e.g. relating to identity) in a Substitution technology- neutral manner, and then implement specific Component-based security implies the flexibility of mechanisms on each platform that demonstrably con- “plug-and-play”. In principle, this should enable the form to the requirements and policies. system manager to substitute alternative components The example given in the white paper is that a when a breach, vulnerability or other failure is discovered. customer making an on-line purchase should not be This ability potentially increases the robustness of the impacted by whether they are using a cell phone or a whole system –provided the system management is laptop computer, as long as each device can securely capable of a rapid response – since a local failure can express the proper identity. There will be different and be contained and corrected quickly. possibly multiple mechanisms on each platform (cell Substitution brings its own issues, especially in the phone, laptop, and so on). security field. The recent failure of Pilot Network Furthermore, the architecture allows for interoperability Services illustrates some of these issues. Pilot had between existing security systems and new ones. been providing a managed security service for a “Integration through the abstractions of a single security number of large companies. After some warning signs – model enables organizations to use their existing the quality of service had noticeably degraded – the investments in security technologies while communicating company went out of business on April 25th. One of its with organizations using different technologies.” customers (Providian Financial) quickly intervened in an attempt to provide a substitute service, and thus to This is of course very much in the spirit of component- keep its own operations running securely. However, this based and service-based development, where there is intervention could have compromised the independence a clear logical separation between the specification and of the service, which was also being provided to a its implementation. This allows for managed transition and iterative implementation – which fits nicely with the number of Providian’s competitors in the financial sector. popular preference for agile software development, as System Management well as being consistent with other development styles Detection and diagnosis of security breaches is inter and processes. acknowledged as an important security issue, which is While this abstraction represents an attractive seen as a part of system management. There has been simplification, care must be taken when developing and considerable pressure (presumably from customers) to implementing such specifications that they do not pay attention to system management issues generally. represent a reduction in requisite variety or biodiversity. The topic of systems management goes way beyond A sufficiently ingenious attack that is designed at the security to address general interoperability, which will appropriate level of abstraction might be able to be handled by a series of interoperability profiles. overcome any security mechanism that conforms to the Phased Deployment common model. An holistic security architecture will The development of the web services security guard against any such systemic vulnerability. architecture is iterative and phased.

Interoperability act The first priority has been to secure the base message In any component-based or service-based approach, traffic underlying web services – message protection is interoperability is one of the key concerns. If security is a theme common to all scenarios – and so this is the decomposed into a number of separate building blocks, objective of the first specification. The other stuff will be how are these building blocks wired together, and how built on top of message security. The ongoing process effective is the integration between them. for developing the web services security architecture The WS-* specifications are designed to be component- will be to keep going back over the risk analysis, and based, and to build upon the basic constructs defined revisiting and revising the specifications. in WS-Security for interoperability between the continues... specifications. 11 © CBDi Forum Limited, May 2002 12 www.cbdiforum.com )Web servicesthatinvolveprotected documentsor b) Web services that involvebusinesstransactions a) security. services, whichmayprovide particularchallengesfor We are interested inexploringcomplextypesofweb confidentiality. provide amore rounded solutionbeyondintegrityand be negotiated.Theroadmap extendstheframeworkto only becausetheyrequire itemslikePolicyorPrivacyto WS-Security itselfdoesn'tcaterforsomescenarios– Types ofWeb Service–More Complex Scenarios specifications withinayear. months. Theyaimtohaveaninitialpassatallthe another passatWS-Security–perhapswithin2-4 cover more complexscenarios. Theyalsoexpect specifications “verysoon”,togetherwiththeabilityto IBM expectstohaveafirstcutatthree orfour problem byaseriesofinteroperability profiles. to howitwasdonewithebXML–solvingacomplex industry body. IBMexpectsthisprocess tobesimilar have thedevelopmentdoneunderumbrella ofan jointly byIBMandMicrosoft, buttheintentionisto Up tothispoint,thedevelopmenthasbeencarriedout Further Development important. stop usersdoingsomethingaboutprivacyifthat’s Privacy specification(say)isnotyetavailabledoesn’t most aspectsofsecurity–sothefactthatWS- point outthatthere are already solutionsavailablefor various specificationsastheybecomeavailable.They risk assessmentforwebservices,andtopluginthe They expectuserorganizations tocarry outtheirown published soon WS-Security are currently indraft,andshouldbe implement thesetechnologies.ApplicationNotesfor be publishingApplicationNotes,tohelpdevelopers to theircustomersstartimplementingtoday. IBMwill interactions wellenoughtosupportarecommendation IBM’s claimisthattheyunderstandtheoverall and phasedmanner? users todeploythearchitecture inthesameiterative So thisraisesthequestion:doesitmakesensefor ‘WS-Security -PracticalResponseforWeb Architects’continued... Service service thatrequires accesstothesource code. artifacts –forexample,asoftware engineeringweb dates. selectively andprogressively released toprospective dating agency, where personaldetailsmaybe between more thanonecustomer. For example,a in anonymousorstatisticalform. some cases,useofinformation ispermitted–butonly these datawillbesafeguarded andnotabused.In third partywebservicewithoutsomeguaranteesthat to sendcommercially sensitiveorvaluabledatatoa perform itsproper function,companieswillbereluctant While awebservicemayrequire someinformationto constrain itsstorage,useandpropagation. commercial, industrialandintellectualproperty), andto ownership ofinformationandknowledge(including The generalrequirement onprivacyistodefinethe Privacy appropriate corrective/preventative action. get in,howdidthisinformationleakout-andplanning diagnosing anybreach of security-howdidthisintruder The architecture shouldalsoprovide somebasisfor other aspectofawebservicesecuritysolution.) then thiswoulddamagethecredibility oftestsany web servicemessagescanbeintercepted andfalsified, verification andtestingofthelower-level security. (Ifthe security mechanismsisdependentuponprior indicates thatverificationandtestingofthehigherlevel if themessagesecurityiscompromised. Thisalso the mechanismsformessagetraffic, andwillbenullified mechanisms willonlyworkiftheyare compatiblewith for variousaspectsofsecurity. Privacyandtrust some indicationofaproper divisionofresponsibilities Within thewebservicessecurityarchitecture, there is of thelocks,thenlocksmaybeuseless. windows thatare notcompatible withthespecification incorrectly, orifthearchitect haschosendoorsand the expectedway. Ifthedoorsandwindows are fitted only appliestowindowsandlocksthatare installedin provide somedegree ofassurance–butthis burglar mightbeexpectedtouse.Such atestwill and openthewindows,usingtoolsthatacasual effective againstcasualburglary, someoneneedstotry In order toverifythatcertainwindowlocksare indeed allows ittobeimplementedinacertainway. (against agivenlevelofthreat) becausethearchitecture and operational.Alockofacertainkindiseffective policies mayrequire certainkindsoflocktobefitted the doorsandwindows.Forthisreason, insurance way foranunauthorizedpersontobreak inisthrough architecture ofanormalhousethatthemostconvenient Let’s considerananalogy. Itisaconsequenceofthe basis forverificationandtesting. functions ofanarchitecture shouldbetoprovide asolid and tested-anybreaches detected.Oneofthe Web servicesecurityisonlycredible ifitcanbe verified Verifying Security © CBDiForumLimited, May2002 Special cases include digital rights management and possible. However, no specific products or dates have escrow. For example, a web service may perform some been announced yet. work on a document or software artifact, and may For its part, IBM has already got off the starting blocks therefore require special provision to penetrate any on this one, and has put some security functionality into copy-protection attached to the artifact, or to access its Web Services Tool Kit (WSTK), available through the source code. Alphaworks. This provides developers with a “preview of functionality” – gives the ability to play with the Process mechanisms and run simple demos. We should expect a process to do at least the following While early adopters may build applications using this things. code, other customers will walk through the functionality a. Define a set of business security requirements. in WebSphere and other Tivoli products, thus providing b. Use the web services security architecture to design IBM with “multi-tiered feedback”. (Presumably this (some elements of) a security solution – at least for feedback relates both to the WS-Security specifications the web service elements of a business system. and to the IBM products that implement them.) c. Verify and monitor adherence to the business security WebSphere 4.0 (the web services hosting engine) already requirements, and detect any breaches. contains basic SOAPsec – IBM’s precursor to WS- d. Diagnose breaches – how did this intruder get in, Security – and this is already rolled out. According to how did this information leak out – and plan IBM, this will grow into a full-blown WS-Security appropriate corrective/preventive action. implementation within products such as WebSphere, IBM intends to provide Application Notes to help covering authentication, authorization and so on. This developers implement and use these technologies. For will be integrated with existing functionality – for example, its part, Microsoft regards the provision of implementation the Access Manager within WebSphere will become the guidance as beyond the scope of what they are trying “de-facto” authorization and authentication engine. to achieve, and sees such provision instead as an appropriate work package for WS-I. Final Commentary Concerns about security represent a continuing inhibitor Implementation Models to a thriving web service industry. Many companies WS-Security simply describes how web services tell wishing to make progress in this area remain to be one another their method(s) of security. It doesn’t convinced that it’s “safe to go into the water”. implement security. So implementation models are still The CBDi Forum will be looking to provide further required, though (assume WS-Security is successful)

detailed guidance in this area. As well as guidance on a inter they will need to present information to WS-Security to security engineering process for web services, we make it all work. intend to develop guidance about security-readiness... Both IBM and Microsoft have been working on detailed This will be an ongoing task, and we welcome input models for implementing security. Pat Helland of from vendors and members. Microsoft announced the Autonomous Computing model ... for different types of web service/more complex of security late last year. (This has been developed by scenarios ... WHICH pieces of the security architecture Roger Sessions of Object Watch into the Fortress need to be in place before this type of web service/ Security Model.) Meanwhile, IBM researchers in Zürich scenario can be safely undertaken ... and therefore have been developing an immune systems model WHEN can this be done ... and with WHAT residual risk? of security. Richard Veryard [email protected]

These strands of research may lead to innovative ways act of implementing the specifications. However, they are Further Information not expected to influence the specifications themselves Security in a Web Services World: A Proposed or other parts of the web services security architecture. Architecture and Roadmap (Joint White Paper from IBM Tool Support and Microsoft, April 2002) Microsoft sees this announcement as “opening the http://msdn.microsoft.com/library/default.asp?url=/ door” for developers to “begin creating solutions”, and library/en-us/dnwssecur/html/securitywhitepaper.asp has stated an intention to incorporate the specification http://www-106.ibm.com/developerworks/webservices/ into its development tools and products as soon as library/ws-secmap/?loc=dwmain

13 © CBDi Forum Limited, May 2002 Service Oriented Architecture Tools For Let’s start by spelling out what we mean by a Service Oriented Architecture or SOA. SOA is an approach that emphasizes the business process in the design and Service expresses each business process directly with an application method that can be re-used by more than one Oriented application. It decomposes a business system into a number of services that are then implemented in code. A direct relationship between the business model’s Architectures process and the software service improves the chances of re-use, creates an architecture that works with the business model and encourages encapsulation.

By Jonathan Stephenson XML Web Services takes this approach and adds two important ingredients: technology platform independence and location transparency. The service-driven approach to application development is XML Web Service Implementation Feature establishing itself as an important Component Platform SOAP/WSDL factor for delivering systems for Agnostic distributed and connected Transport Independent HTTP, SMTP, MQSeries, etc businesses. We believe that all Location transparency URL determines the new developments should be service location

service oriented and that some Distributed and Internet HTTP degree of new tools and methods Connected Dynamic, can be UDDI, WSIL are called for. It is unlikely that the discovered and interfaces on top of an existing published application, can simply be recast Contract is at a WSDL ++ business method level as ideal SOAP Web Services Open, i.e. public WS-I.ORG even if they were built using domain standards components. The market for Secure SSL, PKI

service-oriented tools is taking off As a result of the history of OO many component based and in this report we define the developments start off at the static class UML model and the services are then layered over the components. cbdiforum.com main product categories and In web oriented development the components are drill-down into our requirements designed with the assumption that the web pages (JSP, ASP) can access component interfaces directly, and in each one. components can be instantiated for the life of the script that ‘owns’ them. Services are by their nature less granular and less local to the web pages they serve.

Application development rarely starts from a blank sheet so there will always be a need to transform component interfaces into services through wrapping www. and aggregation. Many of the early Web Service tools

14 © CBDi Forum Limited, May 2002 inter to hit the market start by taking components and Client server development focused on Information exposing them as services and this approach may Modeling and GUI prototyping. It gave birth to RAD lead towards a bottom up approach where the methods such as DSDM that seemed to be totally methodology is: oriented towards getting the job done as soon as 1. What have we got that could be used to build possible and meeting the business user’s wildest a service? fantasies at all costs, i.e. quality and structure. It led to some pretty ropey code although users on the whole 2. How do we convert component interfaces to liked the user interfaces. The tools it bred for data web services? modeling are still in use today and graphical UI Increasingly we hope that development can be more development became about as easy as you could make top-down, where services are discovered and then it. ERwin for example still remains one of the best tools designed and built to order. This is where the new for managing large RDBMS schema and Visual Studio’s act methods and extensions to UML will be required. In our form designer is still the benchmark. The complete lack review of Bind Studio1 we saw how Bind Systems have of architecture in the code of early client-server was a incorporated the ebXML and WSDL into their models major factor in its fall from grace: to address this, from the Use Case model. object-orientation became the flavor of the day.

WSDL is an interface contract that can drive the design Object Orientation set out to solve the code problems and development. WSDL files assume a high profile in of structuring 3 GL code like Pascal and C. It was the specification of the component implementation and adopted by some client-server tools as a way of tidying need to be available, through the design repository, to up their own spaghetti and enforced some re-use. The each stage in the lifecycle. It is an added benefit to the main tools of the trade were Class Modeling tools and quality control team to be able to build a service test in the early days of the method wars there were plenty harness before a line of code is cut. to alternatives to choose from. System architects could now draw class diagrams in a variety of styles and in Tools for SOA will inevitably evolve from the tools in use some cases code was actually developed with a similar today. Some will be more applicable than others, so we structure; more often than not the code and the models start with a short historic round-up of what is generally soon went their separate ways. With OO the idea of a found on the shelves of the development office and business object became accepted and the concept of look at their usefulness for service development. 3-tier architectures soon evolved into a Component The Evolution Of The Tool Box architecture. Each phase of evolution from mainframes to XML Web Component Architectures took the best of OO and Services has seen a shift in the way we design and client-server and added file encapsulation and location model systems. The tool set has reflected the trend independence. The building-block concept promised to toward services: continues...

Service Focus Approach Typical practice concepts

Information Entity Entity Model, Engineering Process model Client/server UI UI Information 3 tier separation RAD model + tightly coupled application model OO whole object very fine grained class model UML model and business methods model separate CBD whole interface component Implementation first, component model interface second Web oriented UI UI No model UI and logic in web tier SOA Service Service service model WS-Service Service WSDL service model oriented

15 © CBDi Forum Limited, May 2002 ‘Tools For Service Oriented Architectures’ continued...

industrialize application development and aimed to Current approaches are often driven from bottom-up by make a plug-and-play software environment. However, the necessity of re-using existing components. One of the close-coupled nature of Java RMI or DCOM make it the important changes we see being driven by the very difficult to upgrade or change systems without a adoption of Web Services is the move towards using major re-compile of the whole project. Tools are evolving WSDL (and ebXML) as a deliverable from the business from the UML modeling stable to represent components design modeling process. The key benefits of SOA and their interactions rather than only working at the methods are: OO class diagram level. Process models remain rather 1. The service definition provides a common and separate from code implementation models and there rigorous view of business requirement. This will lead are too few tools for tracking the runtime behavior of to integration of business design into the overall components. Development tools are still generally delivery process. WSDL will be an important factor code-cutting environments and few allow you to here in capturing and communicating the business orchestrate component interactions at a business level. requirements. Repository technologies are one of the approaches to the management of large component-based 2. This will force a more top-down approach and drive development projects but the concept of the general, the implementation tools vendors to add more extensible repository has been slow to take off. The support for WSDL-driven implementation, testing specialized tools for component management all have and rollout. some sort of repository and where they are integrated 3. Will facilitate more code generation in modeling into the IDE they have found favor with developers. tools and also provide direct traceability between Despite the massive investment in DCOM, Microsoft requirements and implemented system. started moving away from close-coupled objects in the Service Oriented Architectures are relatively immature late 90s. Exchange of XML documents led to the and so we expect there to be a rapid growth in tools. BizTalk standard and we believe their experience with Component Based Development tools will grow BizTalk was a major factor in the conception of SOAP add-ons for services and process modeling tools will Web Services and .NET. become more service aware. What we believe will be Web Applications are generally built using a mixture of more useful would be shared repository approach that HTML, interpreted scripts and compiled components. plugs each tool into a service definition repository. At best they can be well structured, for example using OMG’s Meta Object Facility provides a standard for the STRUTS MVC2 framework and at worst the UI code describing meta models based on UML. Tools such as is mixed with business logic in the ASP/JSP pages. We NetBeans have already implemented support for a believe that service orientated methods are key to repository based on this set of standards. We expect building better web applications. other tools to follow this example.3

SOA Methodology Meta Object Facility (MOF): MOF provides the XML Service oriented methods are still in their infancy and standards required for Model Driven Architecture. It we have extensively discussed the topic in Interact. defines the interchange format XMI that allows a cbdiforum.com www. Figure 1: Shared Repository Approach

16 © CBDi Forum Limited, May 2002 subset of the UML model to be exchanged and shared requirements and/or flaws in the assumptions behind between development tool, modeling tools and so on. the system. L’Oreal, the French cosmetics retailer, recently released a very ‘glossy’ video to their workforce The SOA Toolbox showing how personal web services will be used in The following table is a quick survey of the types of future developments to forge closer relationships tools that are on the market today. Some include between sales reps, advisors and their clients. Apart specific service support, most do not; but they are all from being an advert for the whole web services capable of being pressed into service at some point in concept, the video illustrates a variety of business the lifecycle. processes in the form of a mini soap opera (pun not intended) that should get attention from all, from Service Definition shop floor sales persons to the board. In the Select Perspective process we featured in March Interact, the Modeling the business is an activity that many BPM phase was linked to a Web Page Design and from consider a luxury. However, an overview of the system this the service identification followed. There is generally under development serves several purposes. By a much closer link between Use Cases and business communicating the business goals and processes fully to stakeholders you inevitably uncover many additional continues...

SOA Toolkit

Activity Aims/Deliverables Methods Example Tools

Envisage/Scope Use Cases UMR, Select UML Case Tools Perspective, Crystal CSC Select Component Architect User Stories Extreme Service Discovery Identify services, interfaces and Select Perspective, Bindstudio and Modeling service collaboration Code Design UML static and dynamic UML Tools models Data Modeling Entity Relationship and IDEF, IE ErWin, StarTeam, Embarcado schema ERStudio, JDesigner inter Service Components with service J2EE, .NET, VisualAge,. Visual Studio Implementation interface CORBA .Net, Forte, BEA Workshop, JBuilder, JDeveloper, WebGain, CapeStudio, NetBeans Service Test Automatic unit and system Mercury Test, Rational SQA, test RedGate Service Release engineering specs WebSphere, WebLogic, Deployment and descriptions. Runtime Oracle9i, .Net, iPlanet, Iona, attributes Orbix

JBoss, JOnAS act Service Security, monitoring, service Talking Blocks, Flamenco, Management and implementation selection, Grand Central, WSBANG, management alerts Amberpoint mScape, Infravio, Service Re-configure services to XLANG, WSFL MQSeries Integrator, BizTalk, Re-factoring and provide new business Avinon,Bowstreat,Collaxa, orchestration functionality Cypresslogic Enterprise Provide SOAP access to legacy Most EAI tools Integration systems

17 © CBDi Forum Limited, May 2002 ‘Tools For Service Oriented Architectures’ continued...

Service Definition

Interface Definition WSDL

Pre-conditions Does this service rely on a previous step?

Post conditions What must happen next?

Dependencies Does this service call other services?

QoS Are there performance constraints or reliability issues this service must conform to?

Security Special security relating to this service

Business Issues Costs, SLAs

models and services than between static class models method declarations from WSDL (forward engineer). and services. CapeStudio is a good example of a tool that provides a range of WSDL engineering tools. Note that at this WSDL is just one element in defining a service; it defines stage we are not concerned with identification, the service name, parameter names and types including authorization, logging and monitoring, we believe that returns, calling protocol and URL. The protocol and these should be layered on top of services as a URL are irrelevant at the design stage unless you are deployment attribute. modeling an existing or external service, hence the extra arrow from the deployment tool to the repository. Our shared repository model requires that the The repository also needs to capture information relat- development tools are hooked into the service definition ing to the context of the service, QoS, security and so that code outlines can be created from WSDL files business issues, the table above summarizes some our and developers can view the full service model.

cbdiforum.com suggestions. The Java platform has provided developers with a In our opinion service discovery and definition has not collection of APIs for XML manipulation and using the been adequately addressed by the tools vendors who in APIs developers can code their service calls. A the main see it as an extension of CBD. We see service developer working to provide a business solution should implementation and management being addressed by a not have to deal with this level of infrastructure code number of tools but without any integration across the and so companies such as Epionet and Bowstreet, toolset. It will be up to the CASE tool vendors like Bind have provided a framework and tools to abstract the Systems to drive their top-down approach through the service code and allow developers to deliver business life-cycle. value. Ideally, the development environment should

www. provide graphical editors for XML and tools for serializing Service Identification should flow from the business and de-serializing binary objects into XML. process model. We will look for the features below. Mapping Java objects to relational databases has Service Implementation recently gained some publicity with the WebGain’s Implementation of services from scratch means building TopLink roadshow. Relational Databases are still the Java, CORBA, COM or .NET code. Our feature list predominant enterprise repository for business data here includes the ability to SOAP enable existing code and it is interesting to note the numerous failed efforts (reverse engineer) as well as the ability to generate of the Object Database proponents to displace them.

Service Identification Tools

Naming Service Naming and Description with links from BPM

XML Document Design Business Document Definition, XML Schema designer

Interface definition WSDL design and repository

Pattern identification Links to pattern catalogue and UML

Extended Service Design and registration of pre, post conditions, dependencies, QoS, security, etc Definition

18 © CBDi Forum Limited, May 2002 Service from/to method capability

Forward engineer: generate method declaration from WSDL

Reverse engineer: generate WSDL from public method (code)

Generate WSDL from binary components Development Tool Features

Client/server Disconnected result-sets

Batch update handling

Data Object Relational Mapping

XML XML editing and transformation tools

UI outliners Automatic code generation from WSDL, JSP, ASP.NET etc.

Service Support UDDI and WSIL browser

Automatic stub generation for services

Dynamic invocation of services

Framework for dynamic URL selection

SOAP header support Lifecycle and Repository Integration

Team Integration WSDL repository and change management

Re-use Code and component repository

Design Business Models

PM Project Management

QA Test result and feedback

In the Microsoft environment, business objects would introduces new problems, a) dynamic upgrade means inter typically write direct to the relational database API that new services can be introduced very easily, through ADO. ADO.NET is based on XML and provides b) different combinations of services or different service powerful disconnected result-set features, including a behavior can be used depending on context, c) the batch update facility that implements optimistic locking. service may be provided by a third party over which It is interesting to note the difference in emphasis there is little control. Testing, verification of certification between .NET’s ADO and Java’s Java Data Object of services will have to be a continual process. The (JDO). The new JDO specification is all about making test tools should be linked to the service specifications Java objects persistent – it makes the assumption that arrived at in the business model, and be capable of developers will work with Java objects and keep clear verifying the XML documents against the repository of of database technology. In contrast ADO.NET is directed schema. User acceptance is included as part of this at providing XML document representations of result step in the process and will inevitably involve some act sets and persisting them as relational data. re-development. One of the foundation blocks of the extreme approach to development is Automatic We have included in our table a list of features that would Regression Testing. This is one of the most important improve the productivity of the IDE when targeting SOA. factors in improving quality when teams are working in Service Testing a dynamic environment where requirements are changing. When services are part of the project Before deploying any service the QA department will deliverables we firmly believe that project quality will not only have to determine certify correct functionality, benefit from the standardized descriptions of interfaces but also the performance, reliability and scalability of and the ease of remote testing. In the past component each service. The dynamic nature of service use continues... 19 © CBDi Forum Limited, May 2002 ‘Tools For Service Oriented Architectures’ continued...

Testing

Functional Test Verified against service specifications

XML verified against DTD, etc

QoS Performance, with load simulation

Reliability

Scalability

Runtime Service failure resilience, performance characteristics,

SLA Assessment of fitness of purpose against SLAs in repository

Deployment Signoff and deployment management

testing required developer skills and QC teams would December’s Interact to which you should refer for more be more comfortable testing at the UI level. Web detail. Support for orchestration is included in the Services make the unit test phase much more possible. manager and also features in the Service Re-factoring toolset. Service Deployment At its simplest, deployment can be no more than copying Service Re-Factoring the WSDL file to the HTTP server and registering the This involves taking existing services and re-using them component. In .NET you compile your files with an to create new services through transformations and originator key and run the Global Assembly Cache Utility aggregation. Examples may be simple cases where an to register the component as a public method or use the alternative presentation of parameters is called for, [WebMethod] attribute to build and deploy the service. or a transformation of an XML document is required. Using Java RMI, the RMI registry is used to bind the Orchestration techniques are included here, and a object with a name. With current J2EE environments the workflow modeling language may be employed. steps used to deploy Java as a service are dependant Graphical tools allow the analyst to work with visual on the particular vendor’s toolkit. For example, the representations of services and specify branch conditions latest AXIS release of Tomcat allows you to save the and transformations. Java as a .JWS file and the Apache Tomcat servlet will Enterprise Application Integration detect and deploy the class as a SOAP service. For other tools, the process usually involves a wizard and EAI tools have an important function in the SOA. some copying of files to the HTTP server. They will increasingly work with SOAP to manage communications between applications. Their adaptors In all but the smallest developments, we believe that will continue to provide valuable connectors to the deployment should be a function of the Quality Control more obscure packages, but we see a gradual merging team, and so there will typically be a staging server of EAI with Service Management as reliable messaging where developers can install new services for testing. protocols become standardized. Our concept of a deployment tool includes the ability to selectively copy and re-target the WSDL to the The Web Service Technology Stack production server. This should be managed as part of Having sketched out a framework of tools for SOA, let the test and sign-off process. cbdiforum.com us now look at the web services standards stack and map the tool spaces to the existing and forthcoming Service Management XML standards. WSDL 1.1 has stabilized the service In our concept of the SOA, we have moved all issues of description layer at the technical level and we expect to security and trust, identity-driven functionality switching, see a rapid take-up of WSDL in case tools for service PKI management, etc. to the service management layer. discovery and developer tools. From the WSDL layer in In our model, a service is designed to provide a service, the SOAP technology stack up, the industry is still the manager says who can use it and when. We have working on standards. Tools that operate in these areas, written three reports on the Business Services Server and security, reliability, etc. will be affected most by the don’t intend to repeat it all here other than to catalogue forthcoming GXA initiatives. We have good reason to www. its functions. The following table is taken from believe that IBM and Microsoft are working on industry

Provider/Consumer Description

Service Provider User authentication User permissions URL redirection (UDDI maintenance) and service switching Service switching on user ID Service use logs, audit trails and alerts Performance metrics and reporting act Billing Performance and load balancing Service Consumer User permissions URL redirection Failure redirection Consumer Logging and alerts Performance metrics and reporting Billing reconciliation and dept. budgeting Shared Services Transformation Aggregation of services PKI, Encryption, Signature, Authentication Persistent session context Orchestration Support for orchestration standards such as WSFL and XLANG standards that will provide a comprehensive platform Development IDEs that understand the web service on which services can be deployed at enterprise level. concept will improve productivity and cut down the learning curve, and having developed your service a Conclusion Business Services Server approach to deploying and SOAs demand a subtle but substantial re-think of running a service should be considered. methods and tools. If you have been working in the Jonathan Stephenson [email protected]

UML-dominated OO environment you will be skewed 1. INTERACT April 2002 - Business Process Modeling for Web Services, toward class hierarchies and inheritance and if working A Product Report on BindStudio http://www.cbdiforum.com/secure/ interact/2002-04/business.php3 in the client-server area, toward user interfaces and 2. http://jakarta.apache.org/struts/index.html components. Either way, if the next project is to be a 3. OMG, meta object facility: http://xml.coverpages.org/omg-mda.html successful service oriented development you will need tools and techniques optimized for Service Discovery and Interface Design. A full understanding of the characteristics of a good web service and its deployment architecture are essential from the inception right through to deployment. Existing tools can be adapted but may not fully support this type of approach. Figure 2: Tool Spaces on the Standards Stack

21 © CBDi Forum Limited, May 2002 Introduction Product Report - Wilde Technologies is a Dublin-based company that has grown out of the research projects of Trinity College, Dublin. They have been operating since 2000 Wilde Technologies and have grown to about 15 people, mostly developers. Wilde version 1.0 has been in beta since August 2001 and is now ready for commercial release. As a Visual Architecture Studio Integration Partner, Wilde has targeted the first product at the Microsoft platform, supporting COM, Implementation .NET and SOAP Web Services. The business benefits of Wilde are reduced development costs and agility. The product spans the lifecycle, Platform starting with UML design, implementation, deployment and execution. UML models are used by business analysts, system architects and developers to ensure Wilde Technologies has created a that delivered code is well structured. However, the platform for implementing current tools treat design and implementation as separate processes and that often means that the components and services where design documents and the code drift their separate ways. Wilde Technologies has created a UML-driven the system architecture becomes tool that puts the Design at the center of development the execution environment. The and in so doing creates an ideal environment for component re-use, modeling and deployment. relationships between components Wilde delivers its functionality in three main areas: as specified in the UML design Design-centric development. become a framework into which The UML component model is used not only to specify the services and components fit the component implementation but also to create an execution environment that retains the UML model and like pieces in a puzzle. We have ensures that the design and the implementation named a new market space to conform. Using Wilde to design and execute a project will guarantee that there is a UML design for all its describe this capability, i.e. components. “Architecture Implementation Component re-use and management Platform”. The benefits of this Components combined into applications are traditionally ‘hard wired’ together in the code to create fundamental re-think of how interdependences that are hard to track and that make components interact are numerous. re-use difficult. Wilde moves the ‘wiring up’ of components out of the component and into the Wilde It makes component re-use much execution environment so that components become independent building blocks that can be combined in cbdiforum.com more feasible, it ensures that different ways to create new applications.

UML designs don’t get lost in the Components can be re-configured for new projects implementation, and it makes for and new components registered with the repository and dropped onto the new UML design canvass. a much more agile application Distributed execution management infrastructure where components The physical deployment of components on the network can be quickly re-architected to can be modeled and components deployed to each server using the graphical tools.

www. create new applications.

22 © CBDi Forum Limited, May 2002 inter design that then looks nothing like what thedesigner carefully laid out and a time consuming layout process ensues. When the maintenance phase kicks in the programmers will work at the code level and will be suspicious of UML designs that may be out of sync. act Not the ideal situation but not uncommon.

There are two possible Figure 1: Wilde Product Scope approaches to this. First, Product Architecture make the design and develop tools more integrated so With its combination of design, implementation and that design and code are kept in step by the developers execution Wilde uses a simple component repository to as the project evolves, and second, embed the design coordinate UML type information and components and in the implementation so that the components will run services. In the current version, the repository maintains only if they conform to the design. The second approach the library of components and the Wilde design data is what the Wilde Technologies product does, they call ties them together at runtime. There are potentially it WYDIWYG, “what you design is what you get”. This many different areas Wilde Technologies could take puts the design in the driving seat and couples the their product, but the theme would be to make the design and implementation at runtime. system design into the hub of the process. Links with The design document is an XML file in the standard process models, enterprise integration and project XMI format, and the execution system uses this to management are all possibilities for future directions. create the runtime environment for the components. Design-centric Development If you come back to the system later in the lifecycle to do some maintenance, the design can be viewed and To appreciate Wilde Technologies philosophy to put the relied upon to be accurate and from it you can design at the heart of the development process we re-engineering or integrate the system. This release of start by looking at what can go wrong with established Wilde tackles the design and execution phases of tools and methods. Static UML models are used to the lifecycle and later releases will provide more for draw the classes and components of a system. In developers and process modelers. traditional UML development the design can either be used as a communication tool so that developers can Components and Re-use understand the scope and business object relationships before implementing code and/or as a blueprint for the Companies with an existing portfolio of components actual implementation. If the UML is followed through to will understand that re-using components is heavily an implementation design there is an iterative engineer/ dependent on the quality of the documentation. reverse engineer process where the code is used to continues... update the design. In many cases, the design and implementation code part company at some point and the UML design becomes shelf-ware. The problem with reverse engineering code is often that the auto-layout of the classes creates a Figure 2: Design Centric Development

Keeping track of the relationships between components toolbars, as you would expect. You click a tool and is a particular challenge. Systems built using Wilde then click on the drawing area to create subsystems. have the advantage that the UML design forms part of From each subsystem you can drill down to another the deployed application so a maintenance engineer window where the components, classes, interfaces and always has accurate models to work from. Existing relationships are drawn. Each design element has a components can be registered with the Wilde repository tabbed property window where you set the attributes. and then dropped onto new UML designs. For an executable component this includes an Execution tab where you specify the implementation The dependence of one component on another normally platform, DCOM, .NET or Web Service. Classes have means that a component relies on another and can’t be the methods and attributes property sheets and the re-used without its ‘friend’. Wilde’s philosophy is to resulting diagram is color-coded blue for attributes and move that ‘wiring’ into the execution environment by red for methods. The design windows are very intercepting the object instantiation calls and managing interactive and easy to use; each class can be expanded the creation of the object. The design knows about the or collapsed to show attributes and/or methods just by relationships between the components and so has the clicking an icon on the design element. Because of ability to add the related objects to the design canvas the richness of the design palette and design window as components are registered with Wilde. This has the menu bar is sparse, so apart from the import/export numerous benefits, for example, the objects can be from Rose most functions are on the toolbar or the wired together in new ways using the UML designer design window. and the runtime can manage the remote creation of The wiring up of the design elements using design objects to handle the distribution of applications over element associations is probably more critical than in multiple servers. the traditional UML designer because the execution of From the point of view of component reuse, this the design will use relationships to expose interfaces ‘wiring’ layer means that the promise of plug and play and instantiate objects. components is much closer to reality than with the As the design builds up, the Model Browser window standard Microsoft (and non-Microsoft) platforms. shows you the tree view of the design and provides a The Repository Browser window is like Microsoft’s further navigation path around your application. Object Browser window providing a tree view of the binary components used by the application. You can UML Support In Wilde re-use existing components, or new components built Wilde supports a subset of UML, namely the package, from the design specification, using the Repository deployment and collaboration diagrams. These diagrams Import function. Once in the repository tree you simply provide developers with the class typing information drag the components onto the design window and and relationships between objects. Exchange of XMI incorporate them into your design. files allows you to integrate with other design tools, in particular Rational Rose. Using Wilde Rational Rose Support We reviewed a beta version of Wilde and were generally An XMI file can be exchanged with ROSE to transfer impressed by its ease of use and the attention to detail the typing information, but not the diagram, between in the user interface. We looked specifically at the the two systems. UML design tools but we should state that there was no attempt to benchmark the application execution Implementation environment. The Wilde execution environment uses the relationships cbdiforum.com between classes to manage the instantiation of objects Design Phase at runtime and into this the components plug like building Wilde is targeted at .NET Studio users but also runs blocks. Interfaces exposed from the application at stand-alone. The philosophy of putting the Design at runtime are designed into the UML model; you choose the center of the development process is a goal that whether to use SOAP web services, .NET or COM. The will strike a chord with UML designers and Wilde does components and services are developed using tools this by embedding the UML design in the deployed like Visual Studio using any language that is capable of application to create an execution framework. building one of the three supported interfaces.

The designer is very easy to use. If using the Visual Wilde Version 1.1 implements a code generator that www. Studio version, tools can be docked on the .NET Studio builds a .NET assembly for each component consisting

24 © CBDi Forum Limited, May 2002 interact 25 [email protected] System Architects who need to control the delivery who need to control System Architects of components and of applications and the reuse level services at an architectural more Designers who need to make their designs central to the development process existing portfolio of Companies with a large see the benefits components who want to really of re-use Systems integrators who need to re-use applications components in different .NET Studio users Creating greater visibility of the application greater Creating of what This builds on visibility architecture. it to support in use by extending components are visibility of component designs, subsystems, applications and eventually the enterprise application portfolio. of the over implementation control Improving every phase of and design throughout architecture development lifecycle. the software agile business systems. The more Creating can enterprise has better impact analysis and to get them to where changes required the control horizon they need to be. Further a smaller change manner, can be implemented in a cost effective potentially in a very short timescale. ● ● ● ● ● ● ● ● Their vision of placing design at the heart of the over the coming will be realized development process twelve months as the new versions build on their first Code outliners and closer developer integration release. Partnership with the productivity. will further improve that Wilde will ensure .NET Studio team in Microsoft sits comfortably on the .NET platform and users can .NET Server platforms. the comprehensive benefit from Wilde will appeal to: Jonathan Stephenson information: http://www.wildetechnologies.com/ More Summary to a new market niche an original idea and Wilde has of moving the challenge The technical pioneer. objects, interface i.e. the calls between ‘plumbing’, object instantiation, should not be implementation and that this is just another If you believe underestimated. have missed the point completely! UML design tool you issues of component management serious are There to be solved by this technology and application delivery UML diagrams: that go beyond drawing Business process support Business process level architecture EAI enhancements through application-to-application (A2A) integration Managed application change through architecture Managed application change through Enterprise application repository lines, spanning multiple product for Architectures projects ● ● ● ● ● The feedback from architects and code designers over and code architects The feedback from of the product. the next months will shape the direction © CBDi Forum Limited, May 2002 Futures includes a short-term plan to The Wilde roadmap the developer support with code outliners and improve 2 Studio integration. For the Version enhanced Visual we at the end of year and subsequent releases release can expect enterprise life cycle capabilities that include: on the relevant servers, the runtime is designed to on the relevant make only a minimal impact on performance. minimized. Once the components have been instantiated minimized. Once the components have Complex deployments using several application servers, Complex deployments having from web servers and database servers benefit UML design. a graphical overview maintained in the model the physical deployment of assemblies by You designer and then dropping Nodes in the Wilde creating the from the code assemblies into each node. Apart nodes you could keep an and Production usual Test servers and the enterprise model of all the application has a close components used on each one. Wilde their that that ensures with Microsoft relationship the clustering, transaction is compatible with approach handling and .NET scalability issues. of your The Wilde philosophy is to get in the way the performance executing code as little as possible so is impact of running in the Wilde server environment of a base class and an interface. This eliminates any This eliminates class and an interface. of a base and implementation of a mismatch between possibility component includes popup menu for each design. A the references option. The developer the ‘generate’ base Studio to inherit the Visual .NET DLL and uses compiling the the interface before class and implement component. Distributed Execution and the components complete are Once your designs button you can hit the Go imported into the repository Distributed systems can be and run up the application. Wilde designer and components modeled using the server nodes in the model. deployed on the various This opportunity has been widely discussed for many Product Report - years, and has resulted in numerous conferences, websites and books in which patterns have been ObjectVenture’s exchanged and published. Patterns represent units of reusable best practice. Some may be generally valid for any software design, while Object Assembler - others are locally applicable to particular industries, applications, organizations or even individual projects.

Patterns are not merely useful for designing individual Standards Based components or services in isolation. One of the key issues for the design of components and services is their interoperability – and this is where the use of Pattern patterns seems to offer significant advantages. A pattern typically represents a proven solution to a common requirement for interoperability – and thus a good Management pattern well used should enhance interoperability.

But until now the pattern breakthrough has been more Management Summary talked-about than realized. One reason for this is that ObjectVenture is a start-up company with significant the use of patterns has itself required considerable skill ambitions. It is by no means the first company to and experience, and this has significantly inhibited the tackle the challenge of software reuse, but it is pio- adoption of patterns as part of mainstream software neering an important step forward, which the CBDi development – even in relatively trendy areas like Java Forum can report to its members. programming and web services.

ObjectVenture’s main product is a design and Perhaps the main restriction to the widespread development tool called ObjectAssembler. This prod- dissemination of patterns has been the form in which uct has evolved from a simple EJB development tool they are documented and transmitted. Most patterns into a pattern management tool. Pattern manage- are expressed as a combination of text and diagrams, ment requires a standard way of storing and dissem- plus sample program code. Under these conditions, a inating patterns – preferably in a non-proprietary designer is limited to using the patterns he is personally way. ObjectVenture has developed a Pattern and familiar with, or those he can find in a rapid search Component Markup Language (PCML)(1), which it is through the available books and websites. putting forward as a proposed industry standard for Furthermore, since a pattern may be used in many exchanging patterns. different ways, the use of a pattern may not be PCML offers several interesting possibilities for the detectable in the finished product. The designer or automation of patterns. The CBDi Forum has long programmer may insert comments to indicate the use argued the benefits of self-describing components. of a particular pattern, but such documentation is PCML would allow a component to declare the pat- notoriously unreliable – in both directions. Conscientious tern (or patterns) with which it is prepared to interact but inexperienced designers may document the use with other components. Thus this innovation repre- of a pattern without managing to use it correctly. sents not merely an attractive solution to the prob- Meanwhile, most designers will err in the other cbdiforum.com lem of reuse, but also a possible solution to the direction, and neglect to record any use of patterns. problem of dynamic interoperability. Furthermore, patterns may be inadvertently destroyed or unwittingly created by subsequent maintenance. As Patterns a means of identifying and tracing the use of patterns in software artifacts, therefore, documentation provides a As we have discussed on previous occasions, the fair number of false positives as well as innumerable use of software patterns represents an opportunity false negatives. to take a leap forwards in software engineering – both as a way of enhancing the productivity of expe- The management of patterns is further complicated by rienced developers, and as a way of guiding less the uncontrolled proliferation and diversity of patterns. www. experienced developers.

26 © CBDi Forum Limited, May 2002 inter Two patterns with different names from different sources, Think of two fax machines or modems, bleeping at described in different ways, may turn out on close each other before agreeing the transmission speed. inspection to be identical in structure. A component may describe its own pattern, but that To overcome difficulties such as these, and to hold out doesn’t mean that it always has to implement the whole any hope of decent automation for software patterns, pattern. The description may indicate what further the software industry needs a standard way of methods have to be generated by the designer in order describing and manipulating patterns. to complete the pattern. Self-description may therefore be valuable at design time as well as at run time. ObjectVenture has taken a bold initiative in pattern management, and has developed a Pattern and Patterns and Strategies Component Markup Language (PCML), which is being proposed as a possible industry standard. PCML is When patterns are presented as chunks of program act essentially a pattern interchange format, based on XML, code, this binds the pattern to the particular program which allows the representation of patterns. language. While there are indeed Java patterns that are not usable in any other language, there are also patterns ObjectVenture’s own product, ObjectAssembler, is the that are valid across many different programming only tool currently supporting PCML. PCML allows languages and platforms. patterns to be described and interchanged between designers using ObjectAssembler. In particular, it allows PCML makes a useful distinction here between pattern a systems architect within a large software organization and strategy. A pattern is platform independent, while to define a set of approved patterns for use within the a strategy shows how the pattern looks on a particular organization, and to monitor their use. platform. Each pattern may therefore have many different strategies. See Table 1. PCML can be used to identify patterns within a design model, or within a software artifact. Furthermore, PCML Patterns and strategies may be composed into more can be used by a component or service as a way of complex patterns and strategies. Patterns can be woven declaring a pattern or framework within which it is together to form frameworks – where a framework is a prepared to interact with other components. This compound pattern with additional properties. therefore represents a useful step towards self-describing components. Pattern Management ObjectVenture envisages a range of pattern-driven The CBDi Forum has long championed component tools and repositories, from multiple vendors, based self-description as providing a form of connectivity that around PCML. is at a higher level of abstraction than simple interfaces. continues...

Patterns Strategy

A pattern defines a context, a problem and a general A strategy may define one of many possible solution. A solution here is an abstract description implementations of a pattern solution. that is not tied to any particular implementation. A strategy defines one or more roles that may be A pattern defines participants and describes how they mapped to concrete components and their elements. interact to provide a solution. A strategy provides a mechanism for constraining A pattern may reference other patterns or external which components and elements may fill each role. artifacts. Patterns are often composed of other patterns. A Some patterns are not amenable to solutions that strategy addresses this “pattern nesting” by being may be implemented. composed of other strategies. This scalability allows Therefore, a pattern is not required to have any the description of large component collaborations or strategies. frameworks. A strategy is not required to be associated with a pattern. It may instead serve as a building block for other strategies or as an idiom.

Table 1: Patterns and Strategies in PCML

Patterns can be arranged into subsystems, so that a pattern framework can be pulled into the application you are building – or the whole subsystem can be pulled out and replaced. This takes us closer to the notion of plug and play for components and component subassemblies.

ObjectVenture also uses the concept of a catalog and palette – as a temporary container for a set of components or patterns – as a neat way for the designer to organize components prior to use.

Figure 1: Patterns May be Arranged in Catalogs

Proper management of patterns would include the commercial sale and licensing of patterns, and due protection of intellectual property rights. It would also include version management, potentially allowing patterns to be withdrawn, replaced or upgraded.

While general purpose patterns would probably be Figure 2 - Patterns May be Arranged in shared freely, there may be a lucrative market in domain- Temporary Palettes specific patterns, addressing particular high-value business problems. Summary Source Code Management Having developed an initial proposal for PCML, ObjectVenture aims to deliver a comprehensive pattern/ At the source code level, ObjectVenture has developed component development environment, with the first a second language, called SCML – Source Code Macro component framework that leverages these standards. Language. This is an XML-based macro language used to automatically generate source code when you apply It is now up to the standards bodies, and to other a pattern. vendors, to develop the requirements and proposals further, and to look at alternative implementations.

Tool Offering Richard Veryard [email protected]

ObjectAssembler is a new product from ObjectVenture, More information at: http://www.objectventure.com/ which takes the first steps towards automatic pattern 1. Not to be confused with the Program Call Markup Language, also support and management. Version 2.0, to be released called PCML. Unfortunately, in this industry, such clashes of initials are almost unavoidable. shortly, contains a catalog of patterns (with Java strategies) for the designer to select and use. The designer – or architect – can also create and import patterns and strategies. cbdiforum.com ObjectAssembler's features include: ● State of the art enterprise Java development tool ● Visual, interactive J2EE development ● Real-time validation and code synchronization ● Supports leading Java IDEs and J2EE application servers ● Extensible architecture for 3rd party support www.

28 © CBDi Forum Limited, May 2002 Introduction Next Generation From a narrow technological perspective web services are actually a rather straightforward evolution of software component architectures, IDL, middleware, messaging EAI and RPC transaction management. However it is a big mistake to view web services as simply a linear A Update on Grand extrapolation of current thinking, because the (relatively) small step for the technologist translates into a Central Communications potentially significant opportunity for the architect and business manager. EAI technologies and markets are The need for a change in approaches to integration can be seen in the archetypal EAI implementation, which commencing a period of great has typically been established as a tactical action to change as a direct result of the integrate (application) endpoints that were never XML based interoperability intended to interoperate. This often resulted in hard- wiring otherwise incompatible application endpoints to standards and web services form integrations. This mindset leads every business to concepts. This evolution in consider themselves as being at the center of the universe. Therefore every business needs to implement interoperability technology is a an entire infrastructure that allows control over all breakthrough that enables new aspects of their B2B transactions. Quite apart from the ways of collaborating. But this is cost of building (and evolving) this infrastructure, there is a question of complexity and scalability. As the num- more than just a simple upgrade in ber of partners and partner transactions grows the interoperability technology. There (management) complexity grows at an exponential rate will be profound changes in both and the ability to adapt declines inversely. technical architectures and Conventional EAI architectures are about “integration”, which increases the complexity of the overall system, business models because of creates larger units of management and typically universal acceptance of the increases the impact horizon of change. Figure 1 illustrates the problem. With integration architectures inter standards and ease of use. It will every participant typically creates private hubs that become dramatically easier to use each communicate with multiple other hubs, either external services, and to establish directly, or indirectly via other hubs. The management of semantics, versions, messages and transaction federated networks rather than integrity inevitably becomes a significant inhibitor to integrated architectures. Of course both growth and change. In contrast using the web this applies equally to technical service approach we implement a federated architecture where a service is published that can be used directly and business services, and in this by all participants in the process. We have referred to report we revisit the network this as turning your business inside out! services provided by Grand Central Web Service Network Topologies act Communications, a company Web services enable federated networks that avoid many that provides a simple way to of the challenges of the typical EAI implementation. The principle of federation is that the participants are wholly integrate enterprises via web independent, but make agreements for specific purposes services standards, and wants to that require the minimum necessary dependency that is revolutionize the way you manage defined as a formal contractual obligation. This is an inherently more flexible arrangement that allows your integration. continues...

Of course in many environments, where common platform policies are implemented, or where transaction management and integrity is straightforward, a heterogeneous, distributed endpoint management platform will be viable. As we illustrate in Table 1, there is an important decision to Figure 1: From Integration to Federation be made on network management topology. And in cases where participants to engage or disengage as required with heterogeneous endpoints are involved, a centralized the minimum implementation costs and time. approach has some considerable advantages whilst The key characteristic of the web service protocols is standards remain volatile. that they permit endpoint independence, removing the requirement that all applications and infrastructures Grand Central Solution participating in integrations be identical. The basic XML We reported on Grand Central Communications in August web service protocols, SOAP, WDSL and UDDI are now 2001. Founded in May 2000, Grand Central support large becoming increasingly well understood, and there are and small businesses in simple one-to-one and complex many toolkits available that enable web service based many-to-many scenarios. The key to Grand Central’s interactions. However while the basic protocols address approach is to transfer most of the infrastructure the content and transport of an interaction, they do not requirement necessary for inter-enterprise integration provide any management or process choreography. from “behind” to “between” the firewalls, where it can And almost every serious business interaction needs be available on a shared, utility basis providing a some management functions that ensure security and comprehensive set of services for inter-enterprise integrity of the exchange. Whilst there are initiatives to integration. Applications connect and utilize these establish standards and protocols for QoS, transaction integration services by connecting themselves to Grand management, security and process choreography, they Central via their SOAP interface, or by creating a SOAP are currently at a very early and immature stage. connection using any of the toolkits available from companies like Microsoft, IBM or Sun. The issue for many will be that, while the content and transport protocols allow end point independence, The Grand Central approach is to provide a deep, practical security, trust, integrity and process centralized stack that provides comprehensive management issues may drive organizations to functionality that can support complex interactions in standardize on common endpoint management platforms. ways that impose as little burden as posible on any of This will be the case at least in the short/medium term the enterprises participating in the integration. Since we until there is wider agreement on management protocols. reported on Grand Central last year the stack has been

Centralized Management Distributed Management

cbdiforum.com Consistency of management over the end to end Requires common protocols and or platform process

Provides common standards for process May require tactical solution which pre-empts choreography industry standards

Minimizes requirement for local capability, increases Distributed heterogeneous platforms applicable to flexibility of partners and services provided/consumed lower integrity, criticality situations in medium term

Minimizes skills and management overhead Applicable where common platform policy can be implemented www. Table 1: Choice of Web Service Topology

30 © CBDi Forum Limited, May 2002 interact 31 continues... to or from potentially many to or from partners. By syndicating an interactive application (or form) the syndicating organi- a wide- zation can reach loosely connected spread, (business and technology) constituency for a range of applications including price product quotation, ordering, configuration, inventory data feed and many others. Hubs Process Vertical A pattern we have that as an identified previously integration, Grand Central see demand chain or channel integration, Grand Central see demand patternintegration as being a particularly important for patterntheir centralized service model. The generalized between behavior is enabling two-way conversations instance a channel partner systems. Grand Central number of examples including lead management, and price yield management demand forecasting, quotation/order. Service Syndication A rather obvious use for a centralized model is syndication, either collecting input or distributing data Chemical, a Grand Central customer that has a Grand Central customer Chemical, the Grand Central an application using implemented to obtain specific, allow their distributors network to data. The key pricing and catalog customized for a very lightweight and flexible was requirement which allows new solution for the distributors, and also and running very rapidly, consumers to be up rights to the views of and access to allow different catalog for each distributor. Organizational Federation of B2B as inter business, the Whilst we tend to think business exchange is extremely for intra requirement is of course that many businesses common. The problem in terms of technology, heterogeneous, fundamentally are and semantics. Whether this situation business process and acquisitions, or has arisen because of mergers is politics, the problem simply because of organizational pervasive. In this pattern the centralized network is a platform and IT good answer to the issue of different on the policies, that can easily and rapidly harmonize together with a service based base standards, management platform. Demand Chain Integration chain Rather than talk about the ubiquitous supply authentication using VeriSign’s Digital Trust Services Digital Trust authentication using VeriSign’s to framework. This capability allows servers augmenting authenticate themselves to each other, by to server capabilities offered the browser traditional certificates. notification of errors Exception alerts that provide including errors in service execution arising from and business routing network and protocol, logic. process Management capabilities that transparently add that transparently Management capabilities and reporting control, authentication, access services, also without Web monitoring to existing how the service is created any modification in or used. services certificates for Web Bi-directional WSDL messaging capability that transparently capability that WSDL messaging of queued and transactionality adds the reliability WSDL-based Web messaging to an existing or any special software service, without requiring those consuming that service. skills on the part of ● ● ● ● © CBDi Forum Limited, May 2002 Figure 2: The Grand Central Stack Figure Application Patterns and Customer Usage Network Services So how does the Grand Central Web analysis of get used? As we have suggested in our there centralized vs distributed management networks key characteristics of the centralized some are differentiates management implementation that sharply their scenarios. Grand Central report distributed from network is used in a number of clearly identifiable patterns as follows: Content Publishing and Consumption In this example data is pushed to a number of partners in They instance Eastman and visible manner. secure developed and as shown in Figure 2, now covers a 2, and as shown in Figure developed the latest service In particular footprint. comprehensive includes: release www.cbdiforum.com web services. dependent onthebroader marketreadiness totrust model inthemediumterm,whichwillhoweverbe value transactions.We seethisasanimportant high integritynetworktosupportforexample low overheadintegration,butpotentiallyrequiring a many, verylooselyconnectedparties,requiring a aresuppliers etc.Againtheattributesofthispattern retailers, commonindustrydealers,component within averticalsector. Forexamplepharmaceutical provides valueaddedservicestoanecosystem is thecreation ofanindependentbroker, which obvious opportunityforwebservicebasedbusiness ‘Next GenerationEAI’continued... IMPORTANT NOTICE: decisions onchangesinITinfrastructure. Whether removes orpostponesthe needtotakemajor Third andperhapsmostimportant,GrandCentral move. relationship withVerisign seemstobeasensible to address thetrustissue, andestablishingaclose Second GrandCentralhasclearlymovedrapidly management infrastructure. required toestablishevenamodestwebservice US$150K, whichistrivialcompared totheinvestment that typicalengagementsare oftheorder of model isyoupayasgo.GrandCentralindicate up front investment.Theessenceoftheservice Central enablestheircustomerstoavoidsignificant this isexactlywhatGrandCentraldoes.First those issuescanbeoutsourced toathird party. And longer inhibitorsiftheresponsibility formanaging these issuesare inhibitors toinvestment,theyare no position toinfluencethemarket.Whilstmanyof In thiscontextGrandCentralisinaninteresting issues referred toearlierinthisreport. interoperability) standards relating tomanagement the immaturityofhigherorder (transactionaland in products andtechnologies, andlastnotleast security andtrust,thehighlevelofchangeoccurring position andITinvestmentreadiness,over concerns for this,includingthegeneralmacro economic currently relatively slow. There are numerous reasons plans forwebservices,practicaldeploymentis services, andwhilstmostenterprisesare making general marketacceptanceanduptakeofweb Grand Centralwillnaturallybehighlyreliant on Market Positioning implementation of, orreliance upon,theinformation containedinthispublication. in thispublicationforyourpurposes andexcludestothefullestextentpossibleanyliabilityincontract, tortorhowsoever aboutthesuitabilityofmaterials CBDi ForumLimitedexpressly orimplied) excludesanyrepresentation orwarranty(express The informationavailableinthis publication isgiveningoodfaithandbelievedtobereliable. MORE INFORMATION AT: http://www.grandcentral.com/ David Sprott clearly havestartedtoexecuteonthis. medium andlongerterm.Theyhavethevision, a muchlarger proportion ofthemarketin web servicesmarketthatwillallowthemtoaddress brand andreputation during theearlyphasesof Grand Centralistoestablishthecustomerbase, network topology. Howevertheopportunityfor thatarepatterns anaturalfitforthecentralized positioned toaddress many businessandtechnical As themarketmatures Grand Centralwillbewell models. investment andbusinessreliance onnewtechnology would otherwisecauseorganizations topostpone that because itaddresses many oftheconcerns this contextGrandCentralactuallystandstogain, to happenacross manydifferent dimensions.In technology andbestpracticesdevelopmentthathas services markettoachievematuritybecauseof It willtakelongerthanmostpeoplethinkfortheweb Summary technological climateseemshighlyattractive. bets, whichintheprevailing economicand protection, thatallowsorganizations tohedgetheir model. Italsoprovides ahighdegree ofinvestment are highlyapplicabletothecentralizednetwork that deliver certainbusinessandtechnicalpatterns provides more thanjustaneffective mechanismto So inthiscontexttheGrandCentraloffering protocols today. mediates betweendifferent communications between standards, muchasthephonenetwork issue asitcanmediatebetweenincompatibilities Grand Centralhelpsminimizetheimpactofthis to eitherlivewithproprietary protocols orreinvest. own standards andrecognizing thattheymayhave many organizations are movingahead,settingtheir functionality integrationbehavior?Andofcourse applications thatcantakeadvantageofhigher most enterprisesiswhentomoveonbusiness those highlevelareas ofthestack,questionfor layers, orthatthere willneverbeconsensuson will eventuallyberatifiedforallthevariousstandards you believethatXMLwebservicebasedstandards [email protected] for