Search and Find
Service
More of the content
Enterprise Service Oriented Architectures - Concepts, Challenges, Recommendations
TABLE OF CONTENTS
7
ENDORSEMENTS
11
ABOUT THE SERIES
13
Series Editors
14
FOREWORD
17
PREFACE
21
ABOUT THIS BOOK
25
Audience
26
What This Book Is Not!
26
How to Use This Book
27
Motivation for Writing This Book
28
Disclaimer
28
About the Authors
29
ACKNOWLEDGEMENTS
31
ABOUT THE REVIEWERS
33
Argentina
33
Australia
33
Belgium
33
Canada
34
Finland
34
Germany
34
India
34
Israel & Palestine
34
Pakistan
34
Scotland
34
Singapore
34
Ukraine
35
United Kingdom
35
United States
35
1 UNDERSTANDING SERVICE- ORIENTED ARCHITECTURE
36
1. Introducing Service-Oriented Architectures
40
1.1. Web Services
40
1.1.1. Enterprise IT and Web Services
41
1.1.2. WSDL and SOAP
43
1.1.3. UDDI
47
1.1.4. The Beginnings of Enterprise Service Orientation
50
1.2. Enterprise Service-Oriented Architecture
52
2. Service-Based Collaboration through Federation
54
2.1. A Federation Is …
54
2.2. Federation and Mature CBSE
58
2.3. The Federation Spectrum
59
2.4. The Spectrum as a Service Taxonomy
63
2.5. Federation Example
65
2 COMPONENT-BASED SERVICES
84
1. Component-Based Software Engineering ( CBSE)
86
1.1. Understanding CBSE
87
2. A Component De.nition
90
2.1. The UML2 Component
91
2.2. The Enterprise Component
95
2.3. Network-Style Interfaces
96
3. Component Granularity
99
3.1. Distribution Domains and Tiers
100
3.1.1. Looking at the Big Picture
100
3.1.2. Distribution Domains and Tiers
102
3.1.3. The BPM Domain
104
3.2. Granularity Scheme
105
3.2.1. The Distributed Component (DC)
106
3.2.2. The Business Component (BC)
108
3.2.3. The Application Component (AC)
111
3.3. Dependency Management
114
3.3.1. Inter-Tier Interactions
114
3.3.2. Business Function Layers
115
4. From Requirements to Design
116
4.1. Requirements
117
4.1.1. Business Elements
118
4.1.2. Processes and Resources
118
4.2. Business Element Analysis
119
4.2.1. Resource Business Element (RBE)
120
4.2.2. The Service Business Element (SBE)
123
4.2.3. Delivery Business Element (DBE)
126
4.3. Mapping to Components
127
5. Summary
129
3 ORCHESTRATION
130
1. Work.ow and Business Process Management
132
1.1. Intra-Enterprise Work.ows
135
1.2. Interoperability Concerns
136
2. The Business Process Execution Language ( BPEL)
136
2.1. Relationship to XPath
138
2.2. Variables
138
2.3. De.ning Business Relationships
140
2.4. Message Correlation
142
2.5. Activities
147
2.5.1.
148
2.5.2.
150
2.5.3.
151
2.5.4.
152
2.5.5.
152
2.5.6.
153
2.5.7.
153
2.5.8.
154
2.5.9. <.ow>
154
2.5.10.
157
2.5.11.
159
2.5.12.
159
2.5.13.
160
2.5.14.
161
2.5.15.
161
2.6. Transactions
162
3. A Worked Example of Web Services Orchestration
163
4. Design-Time Demonstration
164
4.1. Task De.nitions
164
4.2. The ProcessOrderApplication Flow
165
4.3. The PaymentAuthorization Sub-Task
167
4.3.1. Testing the Sub-Task within the Design Tool
169
4.4. Gluing Them Together
173
4.5. Fault Handling
178
4.6. The Entire Flow
179
5. Run-Time Demonstration
180
5.1. Tracking the Flow
180
5.2. The Audit Trail
183
6. Summary
183
4 WORKING WITH REGISTRY AND UDDI
186
1. Introducing the Registry
187
1.1. Why Do I Need It?
187
1.2. How Do I Use It?
188
1.3. Registry vs Repository
189
2. Universal Description, Discovery and Integration ( UDDI)
189
2.1. Technical Overview
190
2.2. Informational Structural Model
192
2.2.1. Business Information: The BusinessEntity Element
193
2.2.2. Service Information: The BusinessService element
194
2.2.3. Specification Information: The BindingTemplate Element
194
2.2.4. Technical Fingerprint: The TModel Element
195
2.2.5. Relationships: The PublisherAssertion Element
196
2.2.6. Operations Information: The OperationalInfo Element
197
2.3. UDDI Keys
197
2.3.1. UUID
198
2.3.2. DomainKey
198
2.3.3. DerivedKey
199
2.4. Classification – Where Is My Data?
199
2.4.1. Categorization
200
2.4.2. Identifiers
202
3. Programming UDDI
204
3.1. Searching with UDDI
204
3.1.1. Browse Pattern
205
3.1.2. Drill-Down Pattern
206
3.1.3. Invocation Pattern
207
3.2. Publishing with UDDI
208
3.3. Subscribing with UDDI
208
3.3.1. Asynchronous Noti.cation
212
3.3.2. Synchronous Noti.cation
212
4. Internationalization
214
4.1. Multilingual Descriptions, Names and Addresses
214
4.2. Multiple Names in the Same Language
215
4.3. Internationalized Address Format
216
4.4. Language-Dependent Collation
217
4.5. Federation of Registries
217
4.6. Private Test Registry
218
4.7. Shared Registry
219
4.8. Security
221
5. Summary
222
5 UNDERSTANDING ENTERPRISE SECURITY
224
1. Need for a Message Level Security Solution
226
1.1. Point-to-Point vs End-to-End Security
226
1.2. Application Independence
227
1.3. Technology Independence
228
2. Security Concepts
228
2.1. Authentication – Who Is It?
229
2.2. Authorization – What Can They Do?
229
2.3. Integrity – Ensure That Information Is Intact
230
2.4. Con.dentiality – You Can’t Read
230
2.5. Non-Repudiation – You Sent It, I Got Proof
230
2.6. Single Signon – How Many Times Do I Have to Tell You?
231
2.7. Key Management – Give Me a Key Chain
231
3. Security Technologies
231
3.1. Authenticaton and Security Tokens
232
3.1.1. Username/Password
233
3.1.2. PKI through X.509 Certi.cates
234
3.1.3. Kerberos
234
3.2. Integrity and Signing
234
3.3. XML Signature
236
3.3.1. Generate Certi.cate
239
3.3.2. Signing
240
3.3.3. Veri.cation
242
3.4. Canonicalization
243
3.5. Con.dentiality and Encryption
244
3.5.1. Symmetric Encryption
245
3.5.2. Asymmetric Encryption
246
3.6. XML Encryption
247
3.6.1. Encryption
249
3.6.2. Decryption
249
3.7. Authorization
250
3.8. Extensible Access Control Markup Language ( XACML)
250
3.8.1. Key Concepts
250
3.9. Top-Level Constructs: Policy and PolicySet
251
3.10. Key Management
251
3.11. XML Key Management Speci.cation ( XKMS)
252
3.11.1. XML Key Information Service Specification ( XKISS)
252
3.11.2. XML Key Registration Service Specification ( XKRSS)
252
3.12. Single Sign-On
253
3.13. Identity Management
255
3.14. Liberty Alliance Project
255
3.15. Security Assertion Markup Language ( SAML)
258
4. Web Services Security (WSS)
260
4.1. Security Tokens
261
4.2. Signature
262
4.3. Encryption
263
5. WS-Policy
265
6. WS-Trust
266
7. WS-Privacy
267
8. WS-SecureConversation
267
9. WS-Federation
268
10. WS-Authorization
268
11. Summary
268
6 SOA MANAGEMENT
270
1. Problem Space
271
1.1. Management Scenarios
275
2. Systems Management
279
2.1. Logging
280
2.2. Auditing
282
2.3. Monitoring
283
3. Alerting
285
3.1. Round Trip
285
3.2. Transaction Size
285
3.3. System Fault
286
3.4. Trending
286
4. Provisioning
287
5. Leasing
288
6. Billing
289
7. Pricing/Chargeback Models
290
7.1. Per Transaction
291
7.2. Fixed Fee/Subscription
291
7.3. Lease/License
291
7.4. Business Partnership/Percentage of Revenue
292
7.5. Registration
292
8. Lifecycle Management
292
8.1. Routing
294
8.2. Versioning and Deprecation
295
8.3. Transformation
297
8.4. Provisioning
300
8.5. Quality Assurance
302
8.6. Business Processes
303
8.7. Message Prioritization
304
8.8. Business Activity Monitoring
304
9. Management Architecture
306
9.1. Gateways
306
9.2. Agents
307
9.3. Centralized Policies
308
9.4. Operational Rules
308
9.5. Components
310
9.6. Persistent Storage
311
10. Policy Architecture
312
10.1. Policy Execution
313
11. Framework Vendors
314
12. Summary
315
7 TRANSACTIONS
316
1. What Are ACID Transactions?
316
1.1. The Synchronization Protocol
320
1.2. Optimizations to the Protocol
321
1.3. Non-Atomic Transactions and Heuristic Outcomes
322
2. Why ACID Is Too Strong for Web Services
323
3. A Brief History of Web Services Transactions
325
4. The Coordination Frameworks
326
4.1. Coordination Architecture
328
4.2. Creating a Coordinator
329
4.3. The Context
330
4.4. Registering Participants
331
4.5. Terminating the Coordinator
334
5. Web Services Transactions
334
5.1. Atomic Transaction
336
5.1.1. Supported Protocols
337
5.2. Business Activity
340
5.2.1. WS-BusinessActivity
342
5.2.2. Long Running Action
342
5.3. Business Process Model
345
6. Security Implications
347
7. Interoperability Considerations
349
8. Summary
350
8 EVENT-DRIVEN ARCHITECTURE
352
1. Overview
354
2. Events
355
2.1. Descriptive
355
2.2. Prescriptive
355
2.3. Factual
356
2.4. Assumptive
356
2.5. Business Rules
356
3. Agents
358
3.1. Service Design
361
3.2. Pools
362
4. Threads
364
4.1. Thread per Request
364
4.2. Thread Pools
366
5. Alternative Pattern-Based Approaches
367
5.1. Strategy Pattern
368
5.2. Chain of Responsibility Pattern
368
5.3. Interpreter Pattern
370
5.4. Flyweight Pattern
371
5.5. Memento Pattern
372
6. Language Specific Constructs
373
6.1. Soft References
374
6.2. Forking
375
6.3. Non-Blocking I/O
375
6.4. Enterprise Service Bus
376
6.5. Callbacks
379
7. Finite State Machines
379
8. Event Notification
382
8.1. Brokered Notification
384
8.2. Security Concerns
385
8.3. Message Order Alteration
385
8.4. Availability Attacks
386
8.5. Replay Attacks
386
8.6. Redirection Attacks
386
9. Practical Considerations
387
9.1. Return on Investment
388
9.2. Canonical Form
388
9.3. Integration
389
9.4. Retirement
389
10. Summary
390
OUTTRO
392
APPENDIX A: UNDERSTANDING DISTRIBUTED COMPUTING
394
1. Distributed Computing
395
1.1. Anatomy of a Distributed Application
396
1.1.1. Understanding the Network Layer
397
1.1.2. Building the Application Layer
399
1.1.3. Operating System Components
401
1.2. Interprocess Communication
403
1.3. Communications Infrastructure
405
1.4. Remote Procedure Calls (RPC)
406
1.5. Object Request Brokers (ORB)
406
1.6. Transaction Processing Monitors
408
1.7. Message-Oriented Middleware ( MOM)
410
1.8. Service Description
411
1.9. Versioning
412
1.10. Operations
413
1.10.1. One-Way
414
1.10.2. Request/Response
414
1.10.3. Solicit/Response
415
1.10.4. Noti.cation
415
1.11. Service Discovery
416
1.12. Application Services
417
1.12.1. Stateless Services
418
1.12.2. Conversational Services
418
1.12.3. Cached Services
419
1.12.4. Singleton Services
419
2. Practical Considerations
420
3. Summary
420
APPENDIX B: QUALITY ATTRIBUTES
422
1. System Qualities
422
1.1. Availability
422
1.2. Manageability
424
1.3. Performance
424
1.4. Scalability
425
1.5. Security
426
2. Design vs Run-Time
426
APPENDIX C: REFERENCES
430
Books
430
Magazines
432
Docs
432
Web Sites
434
Presentations
436
APPENDIX D: ADDITIONAL READING
438
APPENDIX E: UPCOMING BOOKS
440
Agile Enterprise Architecture – Fall 2006
440
Enterprise Portal Architecture – Fall 2006
441
Enterprise Open Source – Spring 2007
442
Enterprise BPM Patterns – Summer 2007
443
All prices incl. VAT