Secure E-Business: AA Blueprints, E-Government Solution ...

U.S. General Services Administration

Secure E-Business::AA BlueprintsE-Government Solution Architecture CSF

George ThomasGSA OCIO Enterprise Architecture

Group

GSA OCIO Enterprise Architecture Group

Apr 10, 2023

2

What is a Service Oriented Architecture?

• SOA emphasizes trans-enterprise interoperability of loosely coupled distributed components whose orchestrated XML message choreographies use open Internet standard transports and protocols.

– Also referred to as Service Based Architectures– Web Services Standards enable SOA

• SOA is the foundation for an IT infrastructure framework utilizing the Enterprise Service Bus, based on a logical Publish/Find/Bind/Execute processing model.

– An ESB is also referred to as a Data Bus

• ebXML is a practical example of SOA.– All WS ‘standards’ work toward providing secure,

reliable messaging workflows


Apr 10, 2023

3

The emergence of SOA – Application View, part 1 of 3

• 1st and 2nd generation IT architectures – standalone systems followed by tightly coupled stovepipes; yields brittle interfaces and redundant yet missing data, leads to costly enhancements and maintenance.

App Data

App Data App Data

App Data


Apr 10, 2023

4


• 3rd generation IT architectures centralize data and segregate per LOB - data freshness and application agility are typical problems here, leading us back to where we started…

DataWarehouse

DataMart1

DataMart3

DataMart2

App1

App2

App3

Data

Data

Data


Apr 10, 2023

5


• 4th generation IT architectures utilize EAI/MOM tools, solving data periodicity and integration problems within the enterprise, but what about external business partners?

DataWarehouse

Integration Broker

App1DB

App1 App2DB

App2 App3DB

App3

firewall

BPN


Apr 10, 2023

6

The emergence of SOA – Network View

HTTP

XML

SOA

eGov

ISO Stack - 1984

- 1994- 1998

- (2000) 2003!


Apr 10, 2023

7

5th Generation IT Architectures

• Assume cross enterprise business process integration and interoperability via HTTP/SOAP message exchanges containing XSI and binary (e.g. a bitmap of a signed document) payloads.

– OMG’s formalizes this notion with EDOC, a UML ‘Profile’ that is the foundation for the Model Driven Architecture approach to business models that are independent of technology implementations (PIM/PSM)

– Web Services Framework standards formalize mechanisms for security, transactions, policy, and constituent choreography

– Enabling this approach is a legacy system and application environment liberation, and a COTS competitive imperative

• Message exchanges can be brokered in synchronous request/reply, or asynchronous queue style.

– RPC or MOM like– P2P, B2B, G2C, all are accommodated and are encapsulated

by ‘Any to Any’ (A2A)


Apr 10, 2023

8

A Brief History of Time

Physical1

Data Link2

Inter-Networking3

Transport4

Session5

Presentation6

Application7

IP

TCP

MIME

Mail Server

Mail Client

SMTP POP

Any network that supports TCP/IP – ATM over Fibre,

Ethernet over coax, etc.

One to Many, Asynchronous

Email



IP

TCP

HTML

Web Server

Web Browser

HTTP

Many to One, Synchronous

The Web



IP

TCP

Web Server

Web Browser

SOAP / HTTP

Syntax Semantics

Any to Any, BOTH

5th Gen Arch


Apr 10, 2023

9

The Universe in a Nutshell

• The Any to Any Scenario– Your request is handled by a Managed Web services

cloud (proxy), which rewrites and/or redirects you (location transparency) to an available endpoint (contract driven or registry discovered) satisfying the versioned implementation of the aggregated or derived service you require

– A Trading Partner Agreement (contract) that fulfills your request exists, or may require adaptive composition of functionally discreet components (which either executes or creates a mutually binding TPA) that are enacted on for the lifetime of that service requirement

– Ultimately, a receiving (endpoint) message handler operates on the payload, returning results to the ‘next actor’ or reporting back to a coordinator to complete its role in the TPA sequence, or choreography


Apr 10, 2023

10

ebXML – an SOA Implementation

• ebXML is based on a Reference Architecture much like FEAF, and grew out of the EDI community in light of XML based SOA’s.– UBL/BIE

• Universal Business Language Business Information Entities, XSD data model that extend and contextualize ‘Core (data) Components’

– HTTP/SOAP• Ubiquitous transport bindings and messaging envelope

– RIM• ebXML Registry Information Model, merging with UDDI

– MSH• Describes SOAP Message Service Handlers, which are service

endpoint transceivers that operate on message payloads– BPSS

• Expresses the choreography of business processes, analogous to BPEL and BPML

– CPP/CPA• Service providers publish role definitions as a Collaboration

Protocol Profile, and execute the contract (SLA) between a service Consumer/Provider via the Collaboration Protocol Agreement.


Apr 10, 2023

11

The great thing about Standards…

• Web Service Framework Standards:– XML/XSD

• Syntax for messages and data types

– HTTP/SOAP• Transport and syntax for synchronous/asynchronous messaging

– WSDL• Syntax for service interface definitions

– UDDI• Registry model supporting ‘publish, find, bind, execute’

– BPEL, BPML• Syntax for expressing semantics of Trading Partner Agreements

(TPA)

– WS-Security, WS-Transaction, WS-Coordination• Syntax for reliable messaging, signed/encrypted payloads, multi-

party TPA sequence management

– WS-Federation, WS-Secure Conversation, WS-Trust, WS-Policy• Syntax for expressing contract of value chain constituent

Federation


Apr 10, 2023

12

The Publish-Find-Bind-Execute Model

• Each Agency / Service / Enterprise / LOB is both a service provider and a service consumer.

Provider Consumer

Registry

Contract

1. Provider publishes service

interface descriptio

n(s)

2. Consumer queries Registry and finds a service that fulfills a requirement

3. Provider and Consumer bind to a contract, Consumer executes Providers' hosted service


Apr 10, 2023

13

Publish to the Registry

Agency 1

Agency 1

Agency 2

Agency N

A1:S1 A1:S2

A2:S1

Service Registry 1

AN:S1

• Location transparent component implementations are distributed across Agencies, separately managed and maintained. They are language (J2EE/.NET) and platform (Linux/Unix/Windows) independent.


Apr 10, 2023

14

Find, Bind and Execute

Agency 1

Agency 1

Agency 2

Agency N

A1:S1 A1:S2

A2:S1

Service Registry 1

AN:S1

• Agencies can find any published service component in the Registry. Here, Agency 1 binds to Agency N’s Service, and executes the message and data exchange described by the interface definition in the Registry.


Apr 10, 2023

15

Extending the Value Chain

A1:S1 A1:S2

A2:S1

Service Registry 1

AN:S1

• Agency X creates an activity from a set of sub-functions, negotiates distinct contracts that new partner Agencies Y and Z bind to - which utilize distributed components from other Agencies (1, 2, and N) behind the scenes.

publishes new choreography

Agency X

Service Registry 2

AX:C1Agency Y

Agency Z

creates composite

process


Apr 10, 2023

16

Extending the Data Model

XSD1 XSD2

XSD3

Data Schema

Registry 1

XSD4

• UBL/BIE - Agency X creates a data schema required for a business process by using core components expressed as XSD’s. Agency Y uses this BIE to validate XSI data in message payloads exchanged with Agency Z.

Publishes new XSD

Agency X

Data Schema

Registry 2BIE:UUID

Agency Y

Agency Z

creates compound

schema


Apr 10, 2023

17

What exactly is a ‘Registry’ then?

• An XML Document Object Database, or Repository– Implemented using a ‘Native XML DB’, Registries are

Object/Document agnostic, as everything is an XML Document/Object!

• A Federation of value chain constituent Registries at the network edge will emerge on the ESB, with a specific role in the business process.– Directory, Identity, cluster management, data schemas,

collaboration contracts, trust/privacy policies, multi-channel trans-coding style-sheets, etc.

• Registries enable dynamic discovery of published services, but are not necessarily required for static execution of an established service contract.


Apr 10, 2023

18

What is stored in a Registry?

• Data Models, expressed in XML Schema (XSD) for validating data instances– UBL/BIE’s representing individual process customized,

compound data types• N number of XSI’s (XSD ‘instances’) representing;

– Persistent or transient data objects, such as UBL/BIE instance data

– WSDL docs that describe component interfaces, messages and payloads by their endpoints (URI’s)

– XSLT docs that adapt and/or transform data sets• Aggregation and/or segregation of message data instances per

application, activity, function, etc.

• Many other conceivable XML document/object types!– A document expressing Policy or Trust – A component to component or Agency to Agency contract– A summary report of financial management data and an

accompanying XSLT transform for creating a GUI– An instance document containing data representing the

state of a business process in progress


Apr 10, 2023

19

TCP/IPThe

Internet

TCP/IPThe

Internet

5th Gen SOA, Logical Service Execution

• The Orchestration Server governs the consumer/provider contract and fulfillment of its business process, and may also manage the SLA providing appropriate QoS.

.NET App ServerMS Managed Code

COM

Provider Agency

SOAP transceiver

MSMQ

Coordinator Agency

eGov Orchestration Server

SOAP transceiver

J2EE App ServerJMX Managed Code

Consumer Agency

JCASOAP transceiver

EJBMDBJMS

Agency Z

SAPPeopleSoftSOAP transceiver

JMS

Contract N

<soap> <execute/> <contract id=‘N’/> <command> <ping/> </command></soap>

<soap> <execute/> <contract id=‘N’/> <command> <ping/> </command></soap>

<soap> <begin/> <contract id=‘N’/> <command> <ping/> </command></soap>

<soap> <begin/> <contract id=‘N’/> <command> <ping/> </command></soap>

<soap> <begun/> <contract id=‘N’/>

…

</soap>

<soap> <begun/> <contract id=‘N’/>

…

</soap>

<soap> <response/> <contract id=‘N’/> <pong/>…

</soap>

<soap> <response/> <contract id=‘N’/> <pong/>…

</soap>


Apr 10, 2023

20

Core Concepts, Key Take-Aways

• SOA externalizes EAI and OO-DBC disciplines, best expressed by OMG’s EDOC UML Profile for MDA’s.

• Web Services open standards are the foundation for SOA, moving the focus of IT interoperability from applications to message streams.

• SOA framework implies an infrastructure supporting contractual choreography compositions and executions, representing any sequence in a business value chain interaction.

• SOA provides a unified approach to simplifying the federation of a globally interoperable heterogeneous distributed component marketplace, flexibly serving diverse business processes across enterprise partner boundaries.


Apr 10, 2023

21

References

• Oasis-UN/CEFACT and ebXML• MS GXA Specs• OMG MDA and EDOC

• Contact – [email protected]


Apr 10, 2023

22

Bio

• George Thomas is an Enterprise Architect at the GSA, working on Financial Management IT projects. Formerly a Technical Director in the J2EE Practice at Dimension Data/Proxicom, George lead large teams of engineers implementing KM, STP, Portfolio Life-cycle Management, and custom Portals for Putnam and TRowe Price. George has also held Chief Technologist positions at Luminant Worldwide, and VP of Professional Services for XMLSolutions. His experiences spans Fortune 500 companies in virtually every industry sector.

• George holds IBM Certifications including ‘E-Business Solutions Technologist’ and ‘XML and Related Technologies’. George received a BA in Interdisciplinary Arts from the University of Maryland and a Masters of Music in Computer Music from the Peabody Conservatory of the Johns Hopkins University.

Secure E-Business: AA Blueprints, E-Government Solution ...

Documents

Transcript of Secure E-Business: AA Blueprints, E-Government Solution ...