Achieving Sustainable Business Benefits with Web Services Standards

Patrick GannonPatrick Gannon

President & CEOPresident & CEOPatrick GannonPatrick Gannon

President & CEOPresident & CEO

Planning & Implementing Planning & Implementing

Service Oriented ArchitectureService Oriented Architecture

Sydney, 16 March 2005Sydney, 16 March 2005

Vision for Service Oriented Architecture

Business Benefits from Open Standards

Key Directions in Web Services Standards

What your company can do

Open Standards for Service Oriented Architecture

Vision for Future Global eBusiness built on a Service Oriented Architecture

The Dawn of a New Era Built on Service Oriented Architecture

Vision of a Service-Oriented Architecture A place where services are ubiquitous

and organically integrated into the way we think and work.

A place where both users and providers of information interact through a common focus on services.

A world where technology is implemented within industry frameworks that operate on a global scale, enabled by open, interoperable standards.

A Common Web Service Framework Is Essential

To provide a sustainable foundation,

That will allow end-user companies to

achieve the payback they require,

To invest widely in the service-oriented

architecture.

Achieving Sustainable Business Benefits through a Open Standards for Web Services

In this post-dot-com era, end user companies are expecting more liquidity and longevity of their assets.

To achieve the ROI, Cost Reduction and Service Expansion benefits expected; the widespread deployment of standards-based Web services is essential.

Fundamental Issues that Must Be Addressed

A common framework for Web service interactions based on open standards must occur.

An agreed set of vocabularies and interactions for specific industries or common functions must be adopted.

Business Benefits for Open Standards

Why do standards matter? ROI for e-commerce Normalizing data, processes and users costs time and

money ROI can come from operational savings and outweigh

the costs, if those savings are stable and persistent This requires

Stable versioning Reliable, fixed terms of availability (some protection

against withdrawal or embrace-and extend) INTEROPERABLE standards CONVERGING standards

What is an Open Standard?An open standard is: publicly available in stable, persistent versions developed and approved under a published,

transparent process open to public input: public comments, public

archives, no NDAs subject to explicit, disclosed IPR terms See the US, EU, WTO governmental & treaty

definitions of “standards”

Anything else is proprietary:

Delphi Group Research on the Value of Open Software Standards Greatest benefit to support open standards

• Increases the value of existing and future investments in information systems

• Provides greater software re-usability• Enables greater data portability

Factors driving participation in standards• Vendor neutral environment• Access to a community of developers• Membership comprised of both end-users and

software developers

Open Standards Process: Essential to WS Adoption Enables collaboration Assures fairness Provides for transparency Embraces full participation Ensures a level playing field for all Prevents unfair first-to-market advantage

for any one participant Meets government requirements

To be successful, a standard must be used

Adoption is most likely when the standard is Freely accessible

Meets the needs of a large number of adopters

Flexible enough to change as needs change

Produces consistent results

Checkable for conformance, compatibility

Implemented and thus practically available

Sanction and traction both matter

Standard Adoption

Leading the Adoption of

Web Services Standards

OASIS drives the OASIS drives the development, development,

convergence and convergence and adoption adoption

of e-business of e-business standards.standards. 

OASIS Mission

Current Members

Software vendors User companies Industry organisations Governments Universities and Research centres Individuals

And co-operation with other standards bodies

OASIS Members Represent the Marketplace

OASIS Member Organizations

Technology Providers

50%

Users & Influencers

35%

Government & University

15%

International RepresentationTotal OASIS Members - 2000

4% 13%

83%

Asia-Pacific Europe North America

Total OASIS Members - 2004

66%23%

11%

Asia-Pacific Europe North America

OASIS is a member-led, international non-profit standards consortium concentrating on structured information and global e-business standards.

Over 650 Members of OASIS are: Vendors, users, academics and governments Organizations, individuals and industry

groups Best known for web services, e-business,

security and document format standards. Supports over 65 committees producing royalty-

free and RAND standards in an open process.

Key Directions in OASIS Standards for Web Services

Approved OASIS Standards for Web Services

UDDI: Universal Description, Discovery & Integration Defining a standard method for enterprises to dynamically

discover and invoke Web services.

WSRP: Web Services for Remote Portlets Standardizing the consumption of Web services in portal front

ends.

WS-Reliability Establishing a standard, interoperable way to guarantee

message delivery to applications or Web services.

WSS: Web Services Security Delivering a technical foundation for implementing integrity and

confidentiality in higher-level Web services applications.

UDDI: The Registry Standard Service Oriented Business Services

OASIS UDDI Specification Technical Committee

www.oasis-open.org

What is UDDI

UDDI Business Registry

3. UBR assigns a programmatically unique identifier to each service and business registration

Marketplaces, search engines, and business apps query the registry to discover services at other companies

4.

Service TypeRegistrations

SW companies, standards bodies, and programmers populate the registry withdescriptions of different types of services

1.

BusinessRegistrationsBusinesses

populate the registry withdescriptions of the services they support

2.

Business uses this data to facilitate easier integration with each other over the Web

5.

The Registry Standard for Service Oriented Business Applications

“Universal Description, Discovery and Integration”

UDDI v2 OASIS Standard: 2002 UDDI v3 OASIS Standard: 31 Jan 05 Broad vendor and enterprise adoption

UDDI - a specification of APIs for publishing and searching for business services and

service descriptions, and subscribing to changes to these A data model with built-in metadata extensibility to

characterize business services according to enterprise needs The registry standard for visibility and reuse of

SOBA components The registry standard for an adaptive enterprise -

dynamic discovery and binding to SOBAs

The service, service definition and The service, service definition and metadata “hub” for SOBAsmetadata “hub” for SOBAs

Using a UDDI Registry

UDDIRegistry

Points to service description

Points to service

SOAP

Communicates XML Messages

Business Service

Service Consumer

Find service, its description and its capabilities and constraints

Applications.NET, Java, ISVRuntime Binding

Business AnalystsVisibility of Business Service Portfolio

DevelopersReuse services

AdministratorsManage Business Services

Publish Service and Service definitions

WSDLWSDLWSDL

Publish service metadata

WSRP: Web Services for Remote Portal

OASIS WSRP Technical Committee

www.oasis-open.org

WSRP Goals Enable the sharing of portlets (markup

fragments) over the internet with a common interface=> Cross vendor publishing and consuming of content

V1 goal => aggregatingcontent

Client Text processor

Client Browser

Client Portal

Visual Component Pool Internet

WSDM: Web Services for Distributed Management

OASIS WSDM Technical Committee

www.oasis-open.org

OASIS WSDM TC Specifications Management USING Web Services

(MUWS) Management applications on a Web services

platform Web services to describe and access

manageability of resources Management OF Web Services (MOWS)

An implementation of Management Using Web Services for the Web Service as the IT resource

OASIS Web Services Infrastructure Work14+ OASIS Technical Committees, including:

ASAP: Asynchronous Service Access Protocol Enabling the control of asynchronous or long-running Web services.

WSBPEL: Business Process Execution LanguageEnabling users to describe business process activities as Web services and define how they can be connected to accomplish specific tasks.

WS-CAF: Composite Application FrameworkDefining an open framework for supporting applications that contain multiple Web services used in combination.

WSDM: Distributed Management Defining Web services architecture to manage distributed resources.

OASIS Web Services Infrastructure Work

WSN: Notification Advancing a pattern-based approach to allow Web services to disseminate information to one another.

WSRF: Resource FrameworkDefining an open framework for modeling and accessing stateful resources.

Standardizing Web Services Implementations For communities and across industries: ebSOA: e-Business Service Oriented Architecture

Advancing an eBusiness architecture that builds on ebXML and other Web services technology.

SOA-RM: Service Oriented Architecture Reference Model.Delivering a Reference Model to encourage the continued growth of specific and different SOA implementations whilst preserving a common layer that can be shared and understood between those or future implementations.

FWSI: Framework for WS Implementation Defining implementation methods and common functional elements for broad, multi-platform, vendor-neutral implementations of Web services for eBusiness applications.

oBIX: Open Building Information Xchange Enabling mechanical and electrical systems in buildings to communicate with enterprise applications.

Translation WS Automating the translation and localization process as a Web service.

Security for Web Services Most e-business implementations require

a traceable, auditable, bookable level of assurance when data is exchanged

IT operations demand “transactional” level of reliable functionality, whether it’s an economic event (booking a sale) or a pure information exchange

Dealings between divisions often need security and reliability as much as deals between companies

Approved OASIS Standards for Security AVDL: Application Vulnerability

Standardizing the exchange of information on security vulnerabilities of applications exposed to networks.

SAML: Security Services Defining the exchange of authentication and authorization information to enable single sign-on.

SPML: Provisioning Services Providing an XML framework for managing the allocation of system resources within and between organizations.

XACML: Access Control Expressing and enforcing authorization policies for information access over the Internet.

XCBF: Common Biometric Format Providing a standard way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry.

WSS: Web Services Security Advancing a technical foundation for implementing integrity and confidentiality in higher-level Web services applications.

OASIS Security Work

DSS: Digital Signature Services Defining an XML interface to process digital signatures for Web services and other applications.

PKI: Public Key Infrastructure Advancing the use of digital certificates as a foundation for managing access to network resources and conducting electronic transactions.

WAS: Web Application Security Creating an open data format to describe Web application security vulnerabilities, providing guidance for initial threat and risk ratings.

Web Services security Most e-business implementations require

a traceable, auditable, bookable level of assurance when data is exchanged

IT operations demand “transactional” level of reliable functionality, whether it’s an economic event (booking a sale) or a pure information exchange

Dealings between divisions often need security and reliability as much as deals between companies

Security: function by function

Identity authentication Encryption and protection

against interception Control of access and

authority

Identity authentication

The latest e-business security standards implement the next generation of identity deployment

In the 1990’s, PKI assumed a universal network of official certification authorities

Newer federated / distributed identity models permit identity certification to be decentralized and shared among service providers and existing registrars

• SAML • WS-Security • XCBF

Encryption and protection against interception & intrusion A key problem with encrypted messages

travelling over a shared or public network: if you encrypt the wrong bits, it doesn’t arrive, or the recipient can’t process it

Shared and automated methods for managing security require a shared vocabulary about security weaknesses and risks

• DSS • PKI TC

• AVDL • WAS

Control of access and authority In transactional information

exchanges, you often must apply access lists, directories of recipients, levels of authority, and access policies

So that you know who gets what, and who should get it• XACML • SPML

What should your company be doing?

Reducing RiskReducing Risk in new e-business technologies

Avoid reinventing the wheel Stay current with emerging technologies

Influence industry direction Ensure consideration of own needs

Realize impact of interoperability and network effects

Reduce development cost & time save development on new technologies share cost/time with other participants

What can your company do? Participate

Understand the ground rules Contribute actively

Or… Be a good observer

In any case… Make your needs known

Use cases, functions, platforms, IPR, priorities, availability, tooling

Be pragmatic: standardization is a voluntary process

Business Benefits of Participation in OASIS

Membership Benefits Influence Information Participation Education Co-ordination Creadibility Visibility Openess

OASIS Value

Sanction x Traction = Adoption

Ten years demonstrated success

Neutral and independent

Technical and procedural competence

Worldwide visibility and outreach

Close coordination with peer standards organizations on a global level

Relevance, Openness, Implement-ability

Contact Information:

Patrick Gannon

President & CEO

patrick.gannon@oasis-open.org

+1.978.761.3546

www.oasis-open.org www.xml.org www.xml.coverpages.org