Secure E-Business: AA Blueprints, E-Government Solution ...
description
Transcript of Secure E-Business: AA Blueprints, E-Government Solution ...
U.S. General Services Administration
Secure E-Business::AA BlueprintsE-Government Solution Architecture CSF
George ThomasGSA OCIO Enterprise Architecture
Group
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
2
What is a Service Oriented Architecture?
• SOA emphasizes trans-enterprise interoperability of loosely coupled distributed components whose orchestrated XML message choreographies use open Internet standard transports and protocols.
– Also referred to as Service Based Architectures– Web Services Standards enable SOA
• SOA is the foundation for an IT infrastructure framework utilizing the Enterprise Service Bus, based on a logical Publish/Find/Bind/Execute processing model.
– An ESB is also referred to as a Data Bus
• ebXML is a practical example of SOA.– All WS ‘standards’ work toward providing secure,
reliable messaging workflows
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
3
The emergence of SOA – Application View, part 1 of 3
• 1st and 2nd generation IT architectures – standalone systems followed by tightly coupled stovepipes; yields brittle interfaces and redundant yet missing data, leads to costly enhancements and maintenance.
App Data
App Data App Data
App Data
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
4
The emergence of SOA – Application View, part 2 of 3
• 3rd generation IT architectures centralize data and segregate per LOB - data freshness and application agility are typical problems here, leading us back to where we started…
DataWarehouse
DataMart1
DataMart3
DataMart2
App1
App2
App3
Data
Data
Data
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
5
The emergence of SOA – Application View, part 3 of 3
• 4th generation IT architectures utilize EAI/MOM tools, solving data periodicity and integration problems within the enterprise, but what about external business partners?
DataWarehouse
Integration Broker
App1DB
App1 App2DB
App2 App3DB
App3
firewall
BPN
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
6
The emergence of SOA – Network View
HTTP
XML
SOA
eGov
ISO Stack - 1984
- 1994- 1998
- (2000) 2003!
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
7
5th Generation IT Architectures
• Assume cross enterprise business process integration and interoperability via HTTP/SOAP message exchanges containing XSI and binary (e.g. a bitmap of a signed document) payloads.
– OMG’s formalizes this notion with EDOC, a UML ‘Profile’ that is the foundation for the Model Driven Architecture approach to business models that are independent of technology implementations (PIM/PSM)
– Web Services Framework standards formalize mechanisms for security, transactions, policy, and constituent choreography
– Enabling this approach is a legacy system and application environment liberation, and a COTS competitive imperative
• Message exchanges can be brokered in synchronous request/reply, or asynchronous queue style.
– RPC or MOM like– P2P, B2B, G2C, all are accommodated and are encapsulated
by ‘Any to Any’ (A2A)
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
8
A Brief History of Time
Physical1
Data Link2
Inter-Networking3
Transport4
Session5
Presentation6
Application7
IP
TCP
MIME
Mail Server
Mail Client
SMTP POP
Any network that supports TCP/IP – ATM over Fibre,
Ethernet over coax, etc.
One to Many, Asynchronous
Any network that supports TCP/IP – ATM over Fibre,
Ethernet over coax, etc.
IP
TCP
HTML
Web Server
Web Browser
HTTP
Many to One, Synchronous
The Web
Any network that supports TCP/IP – ATM over Fibre,
Ethernet over coax, etc.
IP
TCP
Web Server
Web Browser
SOAP / HTTP
Syntax Semantics
Any to Any, BOTH
5th Gen Arch
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
9
The Universe in a Nutshell
• The Any to Any Scenario– Your request is handled by a Managed Web services
cloud (proxy), which rewrites and/or redirects you (location transparency) to an available endpoint (contract driven or registry discovered) satisfying the versioned implementation of the aggregated or derived service you require
– A Trading Partner Agreement (contract) that fulfills your request exists, or may require adaptive composition of functionally discreet components (which either executes or creates a mutually binding TPA) that are enacted on for the lifetime of that service requirement
– Ultimately, a receiving (endpoint) message handler operates on the payload, returning results to the ‘next actor’ or reporting back to a coordinator to complete its role in the TPA sequence, or choreography
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
10
ebXML – an SOA Implementation
• ebXML is based on a Reference Architecture much like FEAF, and grew out of the EDI community in light of XML based SOA’s.– UBL/BIE
• Universal Business Language Business Information Entities, XSD data model that extend and contextualize ‘Core (data) Components’
– HTTP/SOAP• Ubiquitous transport bindings and messaging envelope
– RIM• ebXML Registry Information Model, merging with UDDI
– MSH• Describes SOAP Message Service Handlers, which are service
endpoint transceivers that operate on message payloads– BPSS
• Expresses the choreography of business processes, analogous to BPEL and BPML
– CPP/CPA• Service providers publish role definitions as a Collaboration
Protocol Profile, and execute the contract (SLA) between a service Consumer/Provider via the Collaboration Protocol Agreement.
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
11
The great thing about Standards…
• Web Service Framework Standards:– XML/XSD
• Syntax for messages and data types
– HTTP/SOAP• Transport and syntax for synchronous/asynchronous messaging
– WSDL• Syntax for service interface definitions
– UDDI• Registry model supporting ‘publish, find, bind, execute’
– BPEL, BPML• Syntax for expressing semantics of Trading Partner Agreements
(TPA)
– WS-Security, WS-Transaction, WS-Coordination• Syntax for reliable messaging, signed/encrypted payloads, multi-
party TPA sequence management
– WS-Federation, WS-Secure Conversation, WS-Trust, WS-Policy• Syntax for expressing contract of value chain constituent
Federation
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
12
The Publish-Find-Bind-Execute Model
• Each Agency / Service / Enterprise / LOB is both a service provider and a service consumer.
Provider Consumer
Registry
Contract
1. Provider publishes service
interface descriptio
n(s)
2. Consumer queries Registry and finds a service that fulfills a requirement
3. Provider and Consumer bind to a contract, Consumer executes Providers' hosted service
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
13
Publish to the Registry
Agency 1
Agency 1
Agency 2
Agency N
A1:S1 A1:S2
A2:S1
Service Registry 1
AN:S1
• Location transparent component implementations are distributed across Agencies, separately managed and maintained. They are language (J2EE/.NET) and platform (Linux/Unix/Windows) independent.
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
14
Find, Bind and Execute
Agency 1
Agency 1
Agency 2
Agency N
A1:S1 A1:S2
A2:S1
Service Registry 1
AN:S1
• Agencies can find any published service component in the Registry. Here, Agency 1 binds to Agency N’s Service, and executes the message and data exchange described by the interface definition in the Registry.
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
15
Extending the Value Chain
A1:S1 A1:S2
A2:S1
Service Registry 1
AN:S1
• Agency X creates an activity from a set of sub-functions, negotiates distinct contracts that new partner Agencies Y and Z bind to - which utilize distributed components from other Agencies (1, 2, and N) behind the scenes.
publishes new choreography
Agency X
Service Registry 2
AX:C1Agency Y
Agency Z
creates composite
process
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
16
Extending the Data Model
XSD1 XSD2
XSD3
Data Schema
Registry 1
XSD4
• UBL/BIE - Agency X creates a data schema required for a business process by using core components expressed as XSD’s. Agency Y uses this BIE to validate XSI data in message payloads exchanged with Agency Z.
Publishes new XSD
Agency X
Data Schema
Registry 2BIE:UUID
Agency Y
Agency Z
creates compound
schema
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
17
What exactly is a ‘Registry’ then?
• An XML Document Object Database, or Repository– Implemented using a ‘Native XML DB’, Registries are
Object/Document agnostic, as everything is an XML Document/Object!
• A Federation of value chain constituent Registries at the network edge will emerge on the ESB, with a specific role in the business process.– Directory, Identity, cluster management, data schemas,
collaboration contracts, trust/privacy policies, multi-channel trans-coding style-sheets, etc.
• Registries enable dynamic discovery of published services, but are not necessarily required for static execution of an established service contract.
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
18
What is stored in a Registry?
• Data Models, expressed in XML Schema (XSD) for validating data instances– UBL/BIE’s representing individual process customized,
compound data types• N number of XSI’s (XSD ‘instances’) representing;
– Persistent or transient data objects, such as UBL/BIE instance data
– WSDL docs that describe component interfaces, messages and payloads by their endpoints (URI’s)
– XSLT docs that adapt and/or transform data sets• Aggregation and/or segregation of message data instances per
application, activity, function, etc.
• Many other conceivable XML document/object types!– A document expressing Policy or Trust – A component to component or Agency to Agency contract– A summary report of financial management data and an
accompanying XSLT transform for creating a GUI– An instance document containing data representing the
state of a business process in progress
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
19
TCP/IPThe
Internet
TCP/IPThe
Internet
5th Gen SOA, Logical Service Execution
• The Orchestration Server governs the consumer/provider contract and fulfillment of its business process, and may also manage the SLA providing appropriate QoS.
.NET App ServerMS Managed Code
COM
Provider Agency
SOAP transceiver
MSMQ
Coordinator Agency
eGov Orchestration Server
SOAP transceiver
J2EE App ServerJMX Managed Code
Consumer Agency
JCASOAP transceiver
EJBMDBJMS
Agency Z
SAPPeopleSoftSOAP transceiver
JMS
Contract N
<soap> <execute/> <contract id=‘N’/> <command> <ping/> </command></soap>
<soap> <execute/> <contract id=‘N’/> <command> <ping/> </command></soap>
<soap> <begin/> <contract id=‘N’/> <command> <ping/> </command></soap>
<soap> <begin/> <contract id=‘N’/> <command> <ping/> </command></soap>
<soap> <begun/> <contract id=‘N’/>
…
</soap>
<soap> <begun/> <contract id=‘N’/>
…
</soap>
<soap> <response/> <contract id=‘N’/> <pong/>…
</soap>
<soap> <response/> <contract id=‘N’/> <pong/>…
</soap>
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
20
Core Concepts, Key Take-Aways
• SOA externalizes EAI and OO-DBC disciplines, best expressed by OMG’s EDOC UML Profile for MDA’s.
• Web Services open standards are the foundation for SOA, moving the focus of IT interoperability from applications to message streams.
• SOA framework implies an infrastructure supporting contractual choreography compositions and executions, representing any sequence in a business value chain interaction.
• SOA provides a unified approach to simplifying the federation of a globally interoperable heterogeneous distributed component marketplace, flexibly serving diverse business processes across enterprise partner boundaries.
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
21
References
• Oasis-UN/CEFACT and ebXML• MS GXA Specs• OMG MDA and EDOC
• Contact – [email protected]
GSA OCIO Enterprise Architecture Group
Apr 10, 2023
22
Bio
• George Thomas is an Enterprise Architect at the GSA, working on Financial Management IT projects. Formerly a Technical Director in the J2EE Practice at Dimension Data/Proxicom, George lead large teams of engineers implementing KM, STP, Portfolio Life-cycle Management, and custom Portals for Putnam and TRowe Price. George has also held Chief Technologist positions at Luminant Worldwide, and VP of Professional Services for XMLSolutions. His experiences spans Fortune 500 companies in virtually every industry sector.
• George holds IBM Certifications including ‘E-Business Solutions Technologist’ and ‘XML and Related Technologies’. George received a BA in Interdisciplinary Arts from the University of Maryland and a Masters of Music in Computer Music from the Peabody Conservatory of the Johns Hopkins University.