Rich Feeds for RESCUE and

PALMSAn Integration Story

Barry DemchakCalifornia Institute for Telecommunications and Information Technology (Calit2)

July 8, 2008

RESCUE Project

• Calit2 at UC San Diego

• Gather, maintain, leverage, present emergency information

• Serve emergency response networks and general public

• Save lives and infrastructure, return to normalcy

Rich Feeds for RESCUE

• Captures, preserves, integrates, and exposes

• Unconventional and emergent data feeds

• Real time or archivally

• Serve emergency response networks and general public

Rich Feeds Objectives and Challenges• Acquisition of data feeds from (disinterested) producers

Heterogeneous data sources Possibly uncooperative producers

• Distribution of data feeds to arbitrary consumers (agencies or public) for domain integration, historical analysis, ??? Data must be purveyed as received Multiple data access paths

• Data feed intermediaries can add new feeds, determine who can add data, who can consume data, … Policy driven authorizations Authentication of all users Policy definition infrastructure

• Long term archiving Database with schemas

• Access by external systems

Research Feeds

Calit2 Traffic Incidents Calit2 Tracked Assets

User View

• Today’s Data Feeds– Traffic– Trackable Objects– UCSD Police Cameras– CalIT2 Cameras

• Today’s Visualizations– Google Maps– Google Earth (soon)

Network

Policy System

Logging System

Database

Research Feeds

Traffic

Tracked Objects

Cameras

Sensors

Network Ops

Visualizations

Internet Browsers

Yahoo Pipes

ODBC

Internet Explorer, FireFox, etc

Excel, Crystal Reports, etc

Preview• Integration Architecture and Methodology

• Visualizations

• Operating in the Real World

Messenger

Router/Interceptor

Policy

Ser

vice

/Dat

aC

onne

ctor

Messenger

Router/Interceptor

Failure Manager

...

<<Rich Service>> S

Ser

vice

/Dat

aC

onne

ctor

...<<Rich Service>> S.n

Service/DataConnector }<<

Rich Infrastructure

Services>>

EncryptionService/DataConnector

LoggingService/Data

Connector

Failure Manager

Service/DataConnector

...

Service/DataConnector

S.1

Service/DataConnector

S.2

Service/DataConnector

}

<<Rich

Application Services

>>

S.n.2

Service/DataConnector

S.n.m

Service/DataConnector

}

<<Rich

Application Services

>>

S.n.1

Service/DataConnector

Service/DataConnector

Logging

Service/DataConnector

Encryption

Service/DataConnector

Policy ...

Service/DataConnector

Service/DataConnector

<<Rich

Infrastructure Services

>>}Rich Services Virtual Network

Rich ServicesRAS4

Services

Service S1

Roles

U1

U2

U3

U4

U5

Use Case Graph

ConcernsC1 C2 C3

C4CC1

CC2CC3

Domain Model

R1 R2

R3 R4

R5 R6

R1 R2

msg

R3

CC1CC2

Role Domain Model

R1 R2

R3 R4

R5 R6

CC1 CC2 CC3

Router/Interceptor

Messenger/Communicator

RAS1 RAS2

CC1 CC4 CC5

Router/Interceptor

Messenger/Communicator

RAS5 RAS6RAS3

S/D

S/D

RIS:

RIS:

Serv

ice

Elic

itatio

nR

ich

Serv

ice

Arc

hite

ctur

e

RAS7

System of Systems Topology

H1 H2

H3

H5

H6

H7

H8

H9H4

RAS1 RAS2 RAS3

RAS5 RAS6 RAS7

Infrastructure Mapping

H1:RAS1 H2:RAS2

H3:CC1

H5:RAS2

H6:RAS5

H7:RAS7H8:RAS7

H9:RAS6

H4:RAS3

Opt

imiz

atio

n ImplementationRAS1 RAS2

RAS3 RAS4

RAS5 RAS6

RAS7 CC1

CC2 CC3

CC4 CC5

Ana

lysi

s

Syn

thes

is

Ana

lysi

s

Iden

tific

atio

n

Def

initi

on

Con

solid

atio

n

Refinement

Hierarchic composition

Refinement

Logical Model

Syst

em A

rchi

tect

ure

Def

initi

on

Logical Architecture Loop

Deployment Loop

Our View: Systems of Systems Integration

• Bottom up• Unintrusive to producer

Policy

Integration System

Consumer SystemsProducer SystemsDatabase

• Quick• Ripe for Services and SOA

Rich Services Architectural Pattern

Messenger

Router/Interceptor

Policy

Ser

vice

/Dat

aC

onne

ctor

Messenger

Router/Interceptor

Failure Manager

...

<<Rich Service>> S

Ser

vice

/Dat

aC

onne

ctor

...

<<Rich Service>> S.n

Service/DataConnector }<<

Rich Infrastructure

Services>>

EncryptionService/Data

Connector

LoggingService/Data

Connector

Failure Manager

Service/DataConnector

...

Service/DataConnector

S.1

Service/DataConnector

S.2

Service/DataConnector

}<<

Rich Application Services

>>

S.n.2

Service/DataConnector

S.n.m

Service/DataConnector

}

<<Rich

Application Services

>>

S.n.1

Service/DataConnector

Service/DataConnector

Logging

Service/DataConnector

Encryption

Service/DataConnector

Policy ...

Service/DataConnector

Service/DataConnector

<<Rich

Infrastructure Services

>>}

From tightly to l o o s e l y coupled systems

a hierarchically decomposed structure supporting“horizontal” and “vertical” service integration

Rich Feeds Logical Architecture

• Scales to support large numbers of users• Storage that scales• Processing and DB intensive data analysis• Integration with GIS systems and databases• Appropriate visualization methods

Authorization Monitor

Authentication Monitor

Integration System

ODBC Adapter

Database

Logging System

Service / Data

Connector

Visualizer Client

Consumer Adapter

Consumer Systems

Service / Data

Connector

Producer Adapter

Experiment Server

Producer Systems

System of Systems

Deployment Architecture

• Scales to support large numbers of users• Storage that scales• Processing and DB intensive data analysis• Integration with GIS systems and databases• Appropriate visualization methods

Mule ESB with ActiveMQ

Authentication Monitor

Authorization Monitor

Integration System

ODBC Adapter

POJO Interface+

Consumer Adapter

POJO Interface+

Provider Adapter

POJO Interface+

MySQL Database

Logging System

Traffic Server

Tracked Object Server

Browser, Javascript,

Google Maps

Internet

Producers Consumers

Internet

Rich Feeds Web Visualization• UC San Diego Active Shooter Drill

– October 2007– Demonstrated Gizmo moving with embedded camera image

• San Diego Firestorms – October 2007– Demonstrated addition of Calit2 Webcams (2 hours)

• San Diego Metropolitan Medical Strike Team Drill – January 2008– Demonstrated policy exclusion of UCSD Police Webcams

Rich Services Development Process

Rich Services Virtual Network

Rich ServicesRAS4

Services

Service S1

Roles

U1

U2

U3

U4

U5

Use Case Graph

ConcernsC1 C2 C3

C4CC1

CC2CC3

Domain Model

R1 R2

R3 R4

R5 R6

R1 R2

msg

R3

CC1CC2

Role Domain Model

R1 R2

R3 R4

R5 R6

CC1 CC2 CC3

Router/Interceptor

Messenger/Communicator

RAS1 RAS2

CC1 CC4 CC5

Router/Interceptor

Messenger/Communicator

RAS5 RAS6RAS3

S/D

S/D

RIS:

RIS:

Serv

ice

Elic

itatio

nR

ich

Serv

ice

Arc

hite

ctur

e

RAS7

System of Systems Topology

H1 H2

H3

H5

H6

H7

H8

H9H4

RAS1 RAS2 RAS3

RAS5 RAS6 RAS7

Infrastructure Mapping

H1:RAS1 H2:RAS2

H3:CC1

H5:RAS2

H6:RAS5

H7:RAS7H8:RAS7

H9:RAS6

H4:RAS3

Opt

imiz

atio

n ImplementationRAS1 RAS2

RAS3 RAS4

RAS5 RAS6

RAS7 CC1

CC2 CC3

CC4 CC5

Ana

lysi

s

Syn

thes

is

Ana

lysi

s

Iden

tific

atio

n

Def

initi

on

Con

solid

atio

n

Refinement

Hierarchic composition

Refinement

Logical Model

Syst

em A

rchi

tect

ure

Def

initi

on

Logical Architecture Loop

Deployment Loop

Logging System

RESCUE

ODBC Adapter

Visualization Tool

Research Data FeedDatabase

Logical Architecture

Logical Architecture w/Policy

Policy System

RESCUE

ODBC Adapter

Data

Fe

ed

P

rod

uce

r

Au

the

ntic

atio

n

S/D Connector

Vis

ua

liza

toin

T

oo

l

Au

the

ntic

atio

n

S/D Connector

Da

taba

se

Ob

ligatio

n

Pro

cess

ing

S/D Connector

Request + Identity Certificate (X.509 or SAML)Request + Obligations

(Identity Attributes) x Policy = [Decision, Obligations]Logging

System

PERMIS Organization

PERMIS Sequencing

Subject PEPUser Subject PDP Credential Issue Svc

Attribute Authority * Target PEPIdentity SOA

Target PEP Master Target PDP Target PDP * Certificate

Authority Obligation Svc

Execute(action, target, identity)

Valiidate(identity)

Exportable Attribute List

GetAttributeList(target)

GetCredentials(attributeList, identity)

SignCredential(attribute)

SignedCredential

Execute(action, target, identity, credentialList)

CredentialList

AttributeList

Subject

Target

Valiidate(identity)

Credential Issue Svc

Attribute Authority *

Valiidate(credentialList)

GetCredentialis(attributeList, identity)SignCredential

(attribute)SignedCredential

CredentialListValidation, ValidatedAttributeList

Integrate(attributeList, subjectEnvironment)

DecideAccess(attributeList)

Credential Validation Svc

DecideAccess(attributeList)

Decision, Obligations

PerformObligations(action, target, obligationList)

Target

ResultExecute(result)

Integrate(decisions, obligations)

Result

Valiidate(credemtial)Result

Integrate(validatedAattributeList, targetEnvironment)

Decision, Obligations

PALMS

User View

Analysis Engine

Analysis Engine

Network

Access Policies

Event Logger

Data Repository

HIPAA Policies

Research Feeds

Blood Pressure

GeoTracker

Camera

CO2

Sensor

TextMessage

Visualizations

Internet Browsers

Geo Display

Export

Internet Explorer, FireFox, etc

Excel, Crystal Reports, etc

Analysis Engine

Subject Registry

Logical Architecture

Event Logger Access Policies

PALMS Integration System

Integration Adapter

Data Repository

HIPAA Policies

Service/ Data

Connector

ViewerViewer Adapter

Consumer Systems

Service/ Data

Connector

Sensor AdapterSensor

Producer Systems

Subject Repository

Analysis Engine

Analysis Engine

Analysis Engine

System of Systems

• Scales to support large numbers of users• Storage that scales• SMS and sensor messaging that scales• Processing and DB intensive data analysis• Integration with GIS systems and databases• Appropriate visualization methods

Deployment Architecture

• Enterprise Service Bus (ESB)• ESRI Database• MySQL Database• PERMIS Policy Engine• Analytics Engines

Mule ESB with ActiveMQ

PERMIS Policy Engine

Logging System

PALMS

Integration Adapter

VisualizersData Collectors

ESRI Database

HIPAA Policy Engine

Sensors CamerasBrowsers,

Geoviewers, Exporters

Internet

Failure Detection/Mitigation

MySQL Database

Analysis Engines

Text Messages

Use Case

Rich Services to the RESCUE

“To boldly go where no service has gone before”.

• an extension of the service notion, based on an architectural pattern• Dynamic adaptation

– new services can be introduced at runtime– no need to change or adapt the implementation of existing services

• Manage the complexity of a system-of-systems – decomposing into primary and crosscutting concerns– providing flexible encapsulation for these concerns– generating a model that can easily be leveraged into a deployment

• Workflow management– Service choreography at the infrastructure or application level

Roadmap

• Introduction to RESCUE and Rich Feeds

• Rich Feeds Objectives

• Unconventional and emergent data feeds

• SOA-based Systems of Systems Integration

• Rich Services applied to rapid integration

• Rich Feeds at Calit2/UCSD

Credits

• Funding– NSF RESCUE (#03311690)– NSF Responsphere (#0403433)– NSF ASOSA: Automotive Service-Oriented Software and Systems Engineering

(#CCF0702791)– California Institute for Telecommunications and Information Technology

(Calit2)

• Pictures– Barry Demchak (2008 MMST Drill at Coors Amphitheater)– San Diego County Firestorms After Action Report 2007 (

http://www.sdcounty.ca.gov/oes/ready/docs/2007_SanDiego_Fire_AAR_Main_Document_FINAL.pdf)

– MMST Exercise @ UCSD (http://mmstexercise.calit2.net/)– Wikipedia (http://en.wikipedia.org/wiki/Composite_pattern,

Backup Slides• Go back …

Logging System

RESCUE

ODBC Adapter

Visualization Tool

Research Data FeedDatabase

Logical Architecture

Logical Architecture w/Policy

Policy System

RESCUE

ODBC Adapter

Data

Fe

ed

P

rod

uce

r

Au

the

ntic

atio

n

S/D Connector

Vis

ua

liza

toin

T

oo

l

Au

the

ntic

atio

n

S/D Connector

Da

taba

se

Ob

ligatio

n

Pro

cess

ing

S/D Connector

Request + Identity Certificate (X.509 or SAML)Request + Obligations

(Identity Attributes) x Policy = [Decision, Obligations]Logging

System

PERMIS Organization

PERMIS Sequencing

Subject PEPUser Subject PDP Credential Issue Svc

Attribute Authority * Target PEPIdentity SOA

Target PEP Master Target PDP Target PDP * Certificate

Authority Obligation Svc

Execute(action, target, identity)

Valiidate(identity)

Exportable Attribute List

GetAttributeList(target)

GetCredentials(attributeList, identity)

SignCredential(attribute)

SignedCredential

Execute(action, target, identity, credentialList)

CredentialList

AttributeList

Subject

Target

Valiidate(identity)

Credential Issue Svc

Attribute Authority *

Valiidate(credentialList)

GetCredentialis(attributeList, identity)SignCredential

(attribute)SignedCredential

CredentialListValidation, ValidatedAttributeList

Integrate(attributeList, subjectEnvironment)

DecideAccess(attributeList)

Credential Validation Svc

DecideAccess(attributeList)

Decision, Obligations

PerformObligations(action, target, obligationList)

Target

ResultExecute(result)

Integrate(decisions, obligations)

Result

Valiidate(credemtial)Result

Integrate(validatedAattributeList, targetEnvironment)

Decision, Obligations

Services and SOA

• Manageability• Scalability• Dependability• Testability

Producer Database

OK

StoreData(xxx)

Tim

e

Producer Database

Message Bus

Sto

reD

ata(

xxx)

OK

Network Implementation

Single Server, Multiple Processes

Single Application, Linked Modules

Logical Deployment

• Malleability• Interoperability• Composition• Incremental

development

Patterns

Composite Pattern – Hierarchy (Vertical Integration)

Interceptor Pattern

Service 1

Service 1.2Service 1.1 Service 1.3

Service 1.3.1 Service 1.3.2

Service 2

Service 2.2Service 2.1

Interceptor Service

Message Pattern – Loose Coupling (Horizontal Integration)

Demonstrate Showing All Feeds

(Click on map)

Demonstrate Animation

(Click on map)