ARCH-08 A Common Business Service Approach to Application Development Anthony Swindells Progress Fellow

ARCH-08A Common Business Service Approach to Application Development

Anthony SwindellsProgress Fellow

2 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation

Agenda

What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge™ to help Next steps


D I S C L A I M E R

Under Development

This talk includes information about potential future products and/or product enhancements.

What I am going to say reflects our current thinking, but the information contained herein is preliminary and subject to change. Any future products we ultimately deliver may be materially different from what is described here.

D I S C L A I M E R


Common Business Services

Non-domain specific related functions that provide the common infrastructure for a modern application

Standard behavior, features and functionality independent of any specific application requirements

Their combined presence determines the nature and style of applications supported

Typically pre-started and always available

Definition


Common Business ServicesSome examples

“My application needs to restrict client access to its operations and

data”

“My application is subject to regulatory compliance

“My customers / partners need to customize my application without losing the ability to adopt future releases”


Common Business Services

Reduced learning curve– Simplify domain specific code

– Focus on “what” not “how” Reduced cost in medium to long term Obtain not build option Improved quality & standards Maximize scalability and performance

– Core capabilities built into architecture

Key benefits of the approach


A layered view

Common Business Services and the OpenEdge Reference Architecture

Separated presentation

and integration layers

Data accessabstracted from

storage

Common business logic with

advanced models

Users Users

Presentation Layer

Business Servicing Layer

Data Access Layer

Managed Data Stores

Managed Data Stores

Unmanaged Data Stores

Unmanaged Data Stores

Enterprise Services

Enterprise Services

Integration Layer

Com

mon

Bu

sin

ess

Ser

vice

s

Non-domain specific

functionality abstracted

from application


Application Support Service

Manager

Common Business Services Supporting TerminologyLet’s talk the same language

Core Business Service

Manager exposed externally as a service

through service interface

User coded 4GL

implementation

OpenEdge platform implementation


What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge to help Next steps

Agenda


Common Business ServicesTypical application challenges

“My application needs to restrict client access to its operations and

data”


AuthenticationManager

AuthenticationManager

Authentication and Authorization Process

LoginCredentials

LoginCredentials

Principal

Authenticate

AuthenticationSystem

AuthenticationSystem

User AccountsUser Accounts

Account Check

Get Account Data

Application ResourcesApplication ResourcesAccessControl

Data

AccessControl

Data

AuthorizationManager

AuthorizationManager

Application Server

Client



“My application is subject to regulatory compliance and I must report on

attempted break-ins or fraud.

I must prove that audit data has not been tampered with”


Candidate Managers: Auditing

OfflineAuditData

OfflineAuditData

ArchiveDaemon

Arc

hiv

eM

anag

er

Audit EventManager(schema triggers)

AuditReport

Rep

ort

Man

ager A

pp

lica

tio

n

Dat

a

App DBAudit Data Manager

Audit Data

Audit Policy ManagerA

PI

Policy Data



“My Application needs to scale to potentially thousands of concurrent users in a distributed environment”


Context Manager

Authenticated Session

Candidate: Context Management

Login Credentials SessionInformation Business Task

User

Context DB

ContextData

ID

Application

Session ID

AppServerConnect

AppServerConnect

ClientSession

Managing state



“All my applications require storage and management of address data”


Candidate:Address Management?

Zip code / post code lookup International address formatting Address validation Address type management Address usage Address form management Address storage & retrieval

Core / generic address functions only



Agenda


Server Side

Client Side

Managers Accessed Locally or Through Service Interface

Service Proxy

Service Interface

Presentation Container

Service Container

Fn()Fn()

Order Mgmt

…

Session

/Con

text Man

agemen

t

Au

then

tication &

Au

thorization


Manager Design Considerations

Typically pre-started as single instances Implemented as black boxes with well defined

public API Encapsulate distributed architecture complexities

– Manager is layer aware (e.g. client cache) Separate deployment / configuration functionality

from runtime functionality Avoid dependencies

– Plug and play architecture


Clearly Define Manager Roles and Responsibilities

Authentication manager manages authenticated credentials– Must manually pass credentials around, e.g.

between client and server Context manager manages any type of context If BOTH are present

– Register credentials as context

– Credentials automatically available when needed Cache manager does caching

– No cache manager, no caching!

Combine managers to provide value


Design Assistance

Implementing the OpenEdge Reference Architecture on PSDN

Check back often…

http://psdn.progress.com/library/white_papers/oera/

index.ssp



Agenda


OpenEdge Core Business Services Vision Statement

“Provide a comprehensive set of

common business services that provide

the core feature support

of a modern SOA based application

modeled on the

OpenEdge Reference Architecture”


OpenEdge Core Business Services

Auditing (10.1A) Authentication and

authorization (10.1A, 10.x) Session and context

management (10.x) Configuration and connection

management Localization, personalization,

customization Tighter integration with sonic

ESB and services

Co

re S

ervic

es

OpenEdge 10.1A

Auditing


OpenEdge Database Schema-Trigger Based Auditing

4GL

Clie

nt

Audit PolicyTools

Application Code

Ap

pli

cati

on

D

ata

App DB

OfflineAuditData

OfflineAuditData

ArchiveDaemon

Arc

hiv

eM

anag

erAudit Data

Archive DB

Audit EventManager(schema triggers)

Audit Data

Audit Data Manager

Audit Policy ManagerA

PI

Policy Data

Sec

uri

ty M

anag

er

AuditReport

Rep

ort

Man

ager

SQ

L C

lien

t

Application Code


Auditing Architecture Overview4G

L C

lien

t

DB Tools & Utilities

Open Tools

Audit Policy Tools (APMT)

Application Code

SQ

L C

lien

t

Application Code

Audit Data A

pp

lica

tio

n

Dat

a

Policy Data

App DB

Audit Data

Archive DB

Audit EventSubsystem

Audit EventSubsystem

Dat

abas

e

Inte

rnal

Ap

pli

cati

on

Sec

uri

ty S

ub

syst

emS

ecu

rity

Su

bsy

stem

Audit Data Subsystem

Audit Data Subsystem

OfflineAuditData

OfflineAuditData

AuditReport

Audit Policy Subsystem

Audit Policy SubsystemA

PI

ArchiveDaemon A

rch

ivin

g S

ub

syst

em

Arc

hiv

ing

Su

bsy

stem

Rep

ort

Man

ager


Auditing in OpenEdge 10.1A Key Value-Add

Common built-in auditing for both SQL/4GL clients Flexible audit policy management Secure audit data, policy and utilities

– Separation of duty– Purposed audit permissions– Verified user identity

– Secure utilities and sealed data Internal audit events (utilities, schema changes, etc.) Performance, performance, performance High performance archiving – for enterprise only Multi-platform

Why use it in place of own solution?


Audit Data A

pp

lica

tio

n

Dat

a

includes

includes

includes

record reads on

record deletes on

record updates onrecord creates on

is controlled by

_aud-audit-policy

_Audit-policy-guid

_Audit-policy-name (AK1.1)_Audit-policy-description (IE1.1)_Audit-data-security-level_Audit-custom-detail-level_Audit-policy-active (IE2.1)

_aud-file-policy

_Audit-policy-guid (FK)_File-Name (IE1.1)_Owner (IE1.2)

_Audit-create-level_Audit-create-criteria_Audit-update-level_Audit-update-criteria_Audit-delete-level_Audit-delete-criteria_Audit-read-level_Audit-read-criteria_Create-event-id (FK) (IE2.1)_Update-event-id (FK) (IE3.1)_Delete-event-id (FK) (IE4.1)_Read-event-id (FK) (IE5.1)

_aud-field-policy

_Audit-policy-guid (FK)_File-Name (FK) (IE1.1)_Owner (FK) (IE1.2)_Field-Name (IE1.3)

_Audit-create-level_Audit-update-level_Audit-delete-level_Audit-read-level_Audit-identifying-field

_aud-event-policy

_Audit-policy-guid (FK)_Event-id (FK) (IE1.1)

_Event-level_Event-criteria

_aud-event

_Event-id

_Event-type (IE1.1)_Event-name (IE1.2)_Event-description (IE2.1)

Multiple active policies

Control by table / CUD operation

Reference Slide Only! Audit Policy MetaSchema

Override individual fieldsInternal & application defined audit events

Control by event Id

Policy Data


created

consists of

_client-session

_Client-session-uuid

_Client-name_User-id (IE1.1)_Authentication-date-time (IE2.1)_Server-uuid_Authentication-domain-type_Authentication-domain-name_Db-guid (FK) (IE3.1)_Session-custom-detail_Audit-data-security-level_Data-seal

_aud-audit-data

_Audit-data-guid

_Database-connection-id (IE1.1)_Client-session-uuid (FK) (IE1.2)_User-id (IE2.1)_Audit-date-time (IE5.1)_Audit-event-group (IE3.1)_Db-guid (FK) (IE3.2)_Transaction-id (IE3.3)_Transaction-sequence (IE3.4)_Event-id (FK) (IE4.1)_Event-context (IE6.1)_Application-context-id (IE7.1)_Event-detail_Audit-custom-detail_Audit-data-security-level_Data-seal

_aud-audit-data-value

_Audit-data-guid (FK)_Field-name (IE1.1)_Continuation-sequence

_Data-type-code_Old-string-value_New-string-value_Old-blob-value_New-blob-value_Old-clob-value_New-clob-value_Audit-data-security-level_Data-seal

Ap

pli

cati

on

D

ata

Policy Data

Reference Slide Only! Audit Data MetaSchema

Record client session information

Configurable automated audit data with optional

context & grouping

Optional old/new value recording

Audit Data


You Could Prepare Now

Move to schema design on previous slides– Develop custom tools– Develop custom reports

Implement audit events with schema triggers for now– Wrapper code in include files

Insert hooks for setting / resetting audit context Consider where you could use application events and

insert hooks When 10.1A ships

– Continue to use custom reports and tools– Remove code in schema triggers for 10.1A clients– Migrate data to official tables


OpenEdge 10.1A Authentication in Support of Auditing

Trusted authentication systems / domains– Assert verified identity of real application user

– not dependent on _user records Ability to share a single user authentication Set the current user-id for

– The 4GL Application

– A Progress database connection [ & permissions]

– Progress Auditing Records


OpenEdge 10.1A Authorization

Leverage asserted authenticated user for database CAN-* permissions

Optional runtime CAN-* permission checking

New schema ready for future roles support


10.1A Security Schema for Roles

is granted to

is limited to

_sec-role

_Role-name

_Role-description (IE1.1)_Role-creator (IE2.1)_Custom-role-detail

_sec-granted-role

_Granted-role-guid

_Grantee (IE1.1)_Role-name (FK) (IE2.1)_Grant-rights_Grantor (IE3.1)_Custom-grant-detail

_sec-granted-role-condition

_Granted-role-guid (FK)_Conditional-attribute (IE1.1)_Logical-operator_Conditional-value

_Custom-condition-detail

Role definition

User or role granted use of role

Conditional role allocation


Future OpenEdgeAuthentication & Authorization

Support for external authentication systems for 4GL and SQL

Plug-in Authentication Modules:– Write your own

– Progress supplied modules: Progress _user table 4GL LDAP/Active Directory

4GL Access Control Lists (ACLs) Role support


Reference Slide Only! Proposed ACL Schema

_sec-access-control-entry

_ACE-guid

_Grantee (IE1.1)_ACE-type (IE2.1)_Resource-type (IE2.2)_Resource-prefix (IE3.1)_Resource-name-part1 (IE4.1)_Resource-name-part2 (IE5.1)_Resource-name-part3 (IE6.1)_Resource-name-part4 (IE7.1)_Deny_Action-name_Grant-rights_Grantor (IE8.1)_Custom-ace-detail


You Could Prepare Now

Leverage role schema design on previous slides– Develop custom tools– Develop custom reports

Encapsulate security checks into APIs for easy replacement– Leverage include files

Move to ACL model for authorization– Encapsulate checking for easy replacement

When functionality available in OpenEdge– Replace interface internals


OpenEdge 10.x Context Management

Allow context to be shared across application servers and agents

Provide configurable mechanism to persist context – new meta-schema tables

Seamlessly pass context between client and server – by reference or value– Just available when needed, e.g. client principal

Configurable management of context lifecycle, e.g. scope, expiration, etc.

Best practices and guidelines

Current thinking


OpenEdge 10.1A Language Changes Relevant to Common Business Services

Support for globally unique ids (guids)– Useful for context management!– See PSDN for interim solution

Pass TEMP-TABLES and LONGCHARS BY-REFERENCE – Remove overhead of managing complex manager

data– Remove overhead of customization layers

Object orientated language enhancements– Implement managers as classes – Use interfaces to define public API / compile time

checking



Agenda


Prepare for What’s Coming

Leverage include files– Central replacement when new core functionality

available Prioritize your effort

– Avoid duplication where possible Avoid hard-coded references

– Use logical to physical mapping Avoid direct references to physical schema

– Use consistent schema model as far as possible Consider API’s

– Design generic interface for easy replacement


In Summary

Embrace common business services concept– Reduce application complexity

– Increase functionality Don’t wait – start now

– OpenEdge 10.1 and future releases will just make things easier

Design for change– New common business services are planned – so

prepare now to simplify later adoption


Don’t Miss These BOFs…

Common Business Services Birds of a Feather

Tue 6:00pm Auditing Birds of a Feather

Wed 8:00am


Questions?


Thank you for your time!


Documents

ARCH-08 A Common Business Service Approach to Application Development Anthony Swindells Progress Fellow