Embed Size (px)
Citation preview
IT Arkitektur og Sikkerhed
SOA teori
Sidste uge
• I sidste uge gennemgik vi• Fortalte Jack Ekman om SOA erfaringerne fra PFA
2
Dagsorden
• I denne uge gennemgår vi– OASIS SOA Reference Model– Web Services– BPM– SOA Reference Architecture (from IBM)
3
Næste uge
• I næste uge gennemgår vi– Enterprise Arkitektur
4
OASIS SOA Reference Model
• OASIS– OASIS (Organization for the Advancement of Structured Information
Standards) is a nonprofit, international consortium whose goal is to promote the adoption of product-independent standards such as; OpenDocument, SAML, UDDI, WS-*
• Reference Model– Notion used in standard conceptual computing model. It is an abstract
representation of the entities and relationships involved in a problem space, and forms the conceptual basis for the development of more concrete models of the space, and ultimately implementations, in a computing context. Reference Architecture will be discussed in more details next week
5
OASIS SOA Reference Model
6
Architecture
• Service Oriented Architecture is a Architecture• SOA is NOT specific implementation• Definitions
– Architecture is the art and science of designing buildings and other physical structures. A wider definition often includes the design of the total built environment from the macro-level of also structure of how a building is builttown planning, urban design, and landscape architecture to the micro-level of construction details and, sometimes, furniture.
– A software architecture for a system is the structure or structures of the system, which consist of elements and their externally visible properties, and the relationships among them.
7
Service Oriented
• Is a paradigm (model) for software architecture• “Services” are the central concept; other concepts are present• SOA not currently defined other than a “common law” or
“defacto” perception of what it is• Perceptions for definition of SOA are vastly disparate and
every vendor have the exact definition, but they their definitions often differs :-)
8
The definition of a Service
• A service is a mechanism to enable access to one or more capabilities• A service is provided by an entity – the service provider – for use by
others, but the eventual consumers of the service may not be known to the service provider
• A service is accessed by means of a service interface, where the interface comprises the specifics of how to access the underlying capabilities
• The consequence of invoking a service is a realization of one or more real world effects;
1. information returned in response to a request for that information, 2. a change to the shared state of defined entities,3. some combination of (1) and (2).
9
The dynamic of a Service• Visibility
– For a service provider and consumer to interact with each other they have to be able to ‘see’ each other
• Awareness – The service consumer MUST have information that would lead him to know of the
Service Provider’s existence – Service awareness requires that the service description and policy – or at least a
suitable subset thereof – be available in such a manner and form that, directly or indirectly, a potential consumer is aware of the existence and capabilities of the service
• Willingness– Associated with all service interactions is intent – it is an intentional act to initiate and to
participate in a service interaction.
• Reachability– Reachability is the relationship between service participants where they are able to
interact; possibly by exchanging information
10
Service description
• The service description promotes visibility between the service consumer and provider. The description provides the elements required to determine the needs of the parties involved in the interaction
• A service description expresses the function of the service and the real world effects that result from it being invoked. This portion of the description has a vocabulary to accommodate translation between provider and consumer, in other words employing either a common vocabulary or one that can be translated
11
Service description
A service description includes the following specifics:1. That the service exists and is reachable2. That the service performs a certain function or set of functions3. That the service operates under a specified set of constraints and
policies4. That the service will (to some implicit or explicit extent) comply with
policies as prescribed by the service consumer;5. How to interact with the service in order to achieve the required
objectives, including the format and content of information exchanged between the service and the consumer and the sequences of information exchange that may be expected
12
Service policy
• A policy represents some constraint or condition on the use, deployment or description of an owned entity. Policies potentially apply to many aspects of SOA: security, privacy, manageability, Quality of Service and so on. Beyond such infrastructure-oriented policies, participants MAY also express business-oriented policies – such as hours of business, return policies and so on
• Whereas a policy is associated with the point of view of individual participants, a contract represents an agreement between two or more participants.
13
OASIS SOA Reference Model
14
Standards
• Today SOA is mainly implemented using Web Services. W3C have defined a web service as "a software system designed to support interoperable Machine to Machine interaction over a network."
• Core specifications– SOAP– Web Services Description Language (WSDL)– Universal Description Discovery and Integration (UDDI)
15
SOAP
• SOAP is a protocol for exchanging XML-based messages over computer networks, normally using HTTP/HTTPS. SOAP forms the foundation layer of the web services protocol stack providing a basic messaging framework upon which abstract layers can be built.
• SOAP once stood for 'Simple Object Access Protocol' but this acronym was dropped with Version 1.2 of the standard
16
SOAP structure
• SOAP requires a Body and a Envelope• Optionally a SOAP Header
17
WSDL
• The Web Services Description Language (WSDL) is an XML-based language that provides vital information that needs to be provided to use a specific web service - information such as where the service is located, how the service can be bound to, and similar information
• WSDL includes information about– The operations performed by the web service – The messages used by the web service – The data types used by the web service – The communication protocols used by the web service
18
WSDL• The person or company looking to run a
web service is called a service requestor. • In order to run a web service, a service
requestor first needs to locate the WSDL document that details how to run the services. Once the document is found, it's downloaded to the service requestor.
• The WSDL document is then examined, and based on what is found in it, a SOAP request or requests is sent out to the web service provider. That service then sends the information requested using the SOAP protocol.
19
UDDI
• UDDI is a platform-independent framework for describing services, discovering businesses, and integrating business services by using the Internet.– UDDI stands for Universal Description, Discovery and Integration– UDDI is a directory for storing information about web services– UDDI is a directory of web service interfaces described by WSDL– UDDI communicates via SOAP
• UDDI can be located internally in the company, or on the Internet
20
21
22
23
24
OIO InfrastructureBase
25
All coming together
26
SOA in progress
27
.. And so what
• SOA Governance is a concept used for activities related to exercising control over services in an SOA. – Compliance to standards or laws: IT systems require auditing to prove
their compliance to regulations like [Sarbanes-Oxley]– Change management: changing a service often has unforeseen
consequences as the service consumers are unknown to the service providers
– Ensuring quality of services: The flexibility of SOA to add new services requires extra attention for the quality of these services. This concerns both the quality of design and the quality of service
28
BPM
• Business Process Management (BPM) is a systematic approach to improving an organization's business processes.
• A business process is a set of coordinated tasks and activities, conducted by both people and equipment, that will lead to accomplishing a specific organizational goal
• BPM activities seek to make business processes more effective, and more capable of adapting to an ever-changing environment
29
BPMN
• Business process modeling notation (BPMN) is a standard notation for graphically communicating business processes.
• The primary goal is to provide a standard notation that is readily understandable by all business stakeholders. - These business stakeholders include the business analysts who create and
refine the processes, - The technical developers responsible for implementing the processes, and the - Business managers who monitor and manage the processes
• Consequently BPMN is intended to serve as common language to bridge the communication gap that frequently occurs between business process design and implementation
• BPMN alternatives; IDEF0, IDEF3, UML
30
BPMN
• A diagram in BPMN is assembled from a small set of core elements, making it easy for technical and non-technical observers to understand the processes involved.
31
BPEL
• Business process execution language (BPEL) is a language for specifying business process behavior based on web services.
• The scope of what BPEL includes is:– The sequencing of process activities, especially web service interactions– Data transformation– Recovery behavior in case of failures and exceptional conditions
• There is no standard graphical notation for WS-BPEL, so many are using BPMN as graphical front-end to capture BPEL process descriptions. But there are problems translating from BPMN to BPEL and back.
32
Reference Architecture
33
Reference Architecture
34
Reference Architecture• 1 Operational layer
– This layer includes all custom or packaged application assets in the application portfolio running in an IT operating environment, supporting business activities
• 2 Service component layer– This layer contains software components, each of which provide the implementation for,
realization of, or operation on a service, which is why it's called a service component. Service components reflect the definition of a service, both in its functionality and its quality of service
• 3 Service layer– This layer consists of all the services defined within the SOA. For the purposes of this
reference architecture, a service is considered to be an abstract specification of a collection of (one or more) business-aligned IT functions. The specification provides consumers with sufficient detail to invoke the business functions exposed by a provider of the service; ideally this is done in a platform-independent manner
– The service layer can further be defined into the following groups
35
Reference Architecture• 1 Operational layer
– This layer includes all custom or packaged application assets in the application portfolio running in an IT operating environment, supporting business activities
• 2 Service component layer– This layer contains software components, each of which provide the implementation for,
realization of, or operation on a service, which is why it's called a service component. Service components reflect the definition of a service, both in its functionality and its quality of service
36
Reference Architecture• 3 Service layer
– This layer consists of all the services defined within the SOA. For the purposes of this reference architecture, a service is considered to be an abstract specification of a collection of (one or more) business-aligned IT functions. The specification provides consumers with sufficient detail to invoke the business functions exposed by a provider of the service; ideally this is done in a platform-independent manner
– The service layer can further be defined into the following groups
37
Reference Architecture• 4 Business process layer
– Compositions and choreographies of services exposed in layer 3 are defined in this layer. We use service composition to combine groups of services into flows, or we choreograph services into flows, thereby establishing applications out of services. These applications support specific use cases and business processes. To do this, visual flow composition tools can be used for design of application flows.
38
Reference Architecture• 5 Consumer layer
– The consumer layer, or the presentation layer, provides the capabilities required to deliver IT functions and data to end users to meet specific usage preferences. This layer can also provide an interface for application to application communication. The consumer layer of the SOA solution stack provides the capability to quickly create the front end of business processes and composite applications to respond to changes in user needs through channels, portals, rich clients, and other mechanisms. It enables channel-independent access to those business processes supported by various application and platforms. It is important to note that SOA decouples the user interface from the components.
39
Anden vigtig information
• WS-I står for Web Services Interoperability Organization og har ansvar for at sikre interoparbilitet indenfor web services
• WS-I udarbejder Implementerings guidelines, sample applikationer, samt test værktøjer til at verificere overholdelse af standarder.
• WS-I: http://www.ws-i.org• WS-I for vigtige udbud efter software og konsulentydelser
40
OPGAVER
41
