The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises Karol Furdík 1, Marián Mach 2, Tomáš Sabol 2 1

The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked

Enterprises

Karol Furdík1, Marián Mach2, Tomáš Sabol2

1 InterSoft, a.s., Floriánska 19, 040 01 Košice, Slovakia2 Technical University of Košice, Letná 9, 042 00 Košice, Slovakia

FP7 ICT-217098

Contents

Znalosti 2009, FIT BUT Brno, February 4-6, 2009

K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises

SPIKE project description Basic facts, Consortium Objectives on organisational & technology levels Related research SPIKE Vision, Pilot applications

Architecture: Methodology, Scope

Context, Actors

Structure of functional components, Data elements

Technology frameworks proposed

Work done so far

Future work

2

Basic facts



SPIKE: Secure Process-oriented Integrative Service

Infrastructure for Networked Enterprises, www.spike-

project.eu

FP7 ICT EU project, FP7-2007-217098

FP7-ICT-Call1, Challenge 1 - Pervasive and Trusted Network

and Service Infrastructures, ICT in support of the networked

enterprise

Duration: 01/2008 – 12/2010 (36 months)

Budget: 2.8 mil. EUR, EC Contribution: 2 mil. EUR

Effort: 351 person-months

3

Consortium



8 partners from 5 different EU countries

3 academic institutions: Technical University of Košice (SK) University of Malaga (ESP) University of Regensburg (D) Coordinator

5 industrial partners: addIT Dienstleistungen GmbH & Co KG (A)

Citec Information Oy Ab (FIN)

Infineon Technolgies IT-Services GmbH (A)

InterSoft a.s. IS (SK)

IT Inkubator Ostbayern GmbH (D)

4

Objectives (1)



Main objective: Development of a software service platform for the easy,

secure, and fast start-up of short-term and project-based virtual business alliances.

Organisational objectives: Enable outsourcing of parts of the value chain to business

partners; Simplify collaboration between the members of participating

organizations through dynamically created and pre-defined

business processes and workflows; Achieve interoperability between organizations of all sizes; Offer generic solutions for inter-enterprise interoperability and

collaboration through reference scenarios and guidelines for

their use; Have a special focus on security and trust.

5

Objectives (2)



Technology objectives - design of the components: Semantic service bus for registering, discovering and contracting

services, as well as for service message routing and processing; Semantic BPM engine, handling customized processes, workflows

and distributed processes built from generic process fragments; Information flow control between members of the alliance: service

message and user context filtering according to specified policies; Security infrastructure: attribute management, authentication,

workflow and service access control, and auditing functionality; Repositories for processes and ontologies; Portal server extension for semantic context capturing and

communication; Portal-based interfaces and tools for user-friendly administration of

alliances, ad-hoc workflow modeling and process handling..

6

Related research



EU projects of particular interest for SPIKE: STASIS (FP6-034980, www.stasis-project.net): eEconomy

services, semantic interoperability; TrustCom (FP6-001945, www.eu-trustcom.com): framework

for Virtual Organisations; SeCSE (FP6-511680, www.secse-project.eu): support for

service-centric applications - specification, discovery, design and management of services;

OPUCE (FP6-034101, www.opuce.tid.es): service environment, infrastructure for collaborative and dynamic loosely coupled services;

SUPER (FP6-026850, www.ip-super.org): modular architecture for semantic BPM.

other projects and research groups focused on SWS, Security, Identity Management and Privacy, Process-Oriented Knowledge Management, etc.

7

SPIKE vision (1)



8

Networked Enterprise

SPIKE Conceptual Layer

SPIKE vision (2)



9

Networked Enterprise

SPIKE Conceptual Layer

SPIKE Service Layer

Pilot applications



1. Information hotel Controlling and automation of the supplier vs. client

documentation management processes and related sub-processes.

Use cases: uploading, sending, receiving docs from supplier, verifying uploaded docs, verifying received docs near deadline, sending reminder messages to suppliers, ...

2. Legacy applications Location of services of partners, integration into workflows. Use cases: maintenance of service providers, service information

and configuration, tracking services, contracting and ordering services,...

3. Identity federation Enable access to the inner infrastructure of partners within an

alliance to support effective collaboration. Use cases: collaboration setup and maintenance, role and

resource management10

Architecture design



11

Methodology:

spec. of viewpoints, perspectives, stakeholders

Scope - functional viewpoint, levels of collaboration: Collaborative processes: modeled by patterns - business

processes, incl. steps/activities, resources/artefacts, workflow structures, semantic description of processes.

Sharing services: environment for offering and contracting services, based on project-oriented workflow.

Identity federation: SPIKE as mediator to enable access to internal resources of/between alliance partners.

System context - actors



12

Human actors and software agents, as they were identified during the architecture design: concurrency and operational viewpoints, as well as in the usability perspective

Overall system architecture



13

SPIKE Service Bus

Interface Manager

Communication Manager

SPIKE System Core

SPIKE Portal Instance

SPIKE Administration, Reporting, and Monitoring

Alliance Manager

Report Manager

Wrapper Manager

Display Manager

Intra Portlet Manager

Session Manager

Content Manager

Rel. DB Data Storage RepositoriesIndex space OntologiesFile System

Security Manager

Identity Manager

Notification Manager

Service Manager

Process Manager

Search Manager

Semantic Manager

Platform Manager

Functional description of managers



14

17 managers have been broken down into 48 modules Description of each manager consists of:

Context of the manager Supported use cases Structure of the manager

Modules with their APIs and dependencies Interactions among manager’s modules

AllianceManager

DisplayManager

CommunicationManager

InterfaceManager

SecurityManager

WrapperManager

Intra PortletManager

SessionManager

ProcessManager

SemanticManager

SearchManager

ReportManager

NotificationManager

IdentityManager

ContentManager

PlatformManager

ServiceManager

Data elements



15

Technology (1)



Open Source, Java-based

BPMN/BPEL for BP modelling: Eclipse BPMN Modeller for visual BP modelling

Automatic transformation to the executable BPEL

sBPEL ontology for semantic representation of BPs

WSMO framework for semantic modelling: WSMOLite - basic conceptual framework

WSML ontology representation

WSMO Studio for general ontology maintenance

Annotation tool for semantic annotation of information resources

16

Technology (2)



ESB - Enterprise Service Bus: Java Business Integration (JBI) compliant

ESB Apache ServiceMIX

OpenESB

JBI components: BPEL – Apache ODE

(Orchestration Director Engine)

Portal integration layer: Intalio Tempo

Security: Single Sign On service & Authentication:

Simple Authentication and Security Layer (SASL), i.e. SASL-CA

Authorisation: PERMIS infrastructure17

Summary - work done so far



User requirements specified: Application cases for all the pilot applications defined Use cases for particular processes identified within the app. cases Information resources identified, guidelines for semantic mark-up of

the processes and resources provided

Architecture of the platform designed and described in detail: Architecture views and perspectives Actors interacting with the system

Functional components identified and described in their mutual interactions:

17 functional components / managers context, use cases, internal structure of services, class diagrams,

sequence diagrams; technology frameworks identified

1st project review (January 29, 2009) successfully accomplished

18

Future work



Platform design and implementation: Specification of components for portal system (02/09) Specification of components for service bus sub-system (02/09) Implementation of the 1st prototype (08/09)

Semantic BP modelling: Toolchain for semantic mark-up of business processes (04/09) Development of the resource ontologies (08/09)

Pilot applications: Specification of pilot applications for the 1st trial (04/09) 1st trial, validation of the SPIKE platform on the app. cases (09-

12/09) Forthcoming events:

SPIKE on CeBIT 2009 in Hannover, Germany (3.-8.3.09) SPIKE Workshop on „Technologies for the Networked

Enterprise“ (NetE‘09) as part of DEXA 2009 in Linz, Austria (31.8.-4.9.09) http://www-ifs.uni-r.de/nete09/

19

Questions?



20

More info: http://www.spike-project.eu

Documents

The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises Karol Furdík 1, Marián Mach 2, Tomáš Sabol 2 1