1 / 48

Achieving Sustainable Business Benefits with Web Services Standards

Achieving Sustainable Business Benefits with Web Services Standards. Patrick Gannon President & CEO. XML Web Services Symposium Web Services Initiative - Japan San Francisco, 28 February 2005. Open Standards for Building Automation. Vision for Service Oriented Architecture

ralph
Download Presentation

Achieving Sustainable Business Benefits with Web Services Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Achieving Sustainable Business Benefits with Web Services Standards Patrick Gannon President & CEO XML Web Services Symposium Web Services Initiative - Japan San Francisco, 28 February 2005

  2. Open Standards for Building Automation • Vision for Service Oriented Architecture • Business Benefits from Open Standards • Key Directions in Web Services Standards • What your company can do

  3. Vision for Future Global eBusiness built on a Service Oriented Architecture

  4. The Dawn of a New Era Built on Service Oriented Architecture

  5. Vision of a Service-Oriented Architecture • A place where services are ubiquitous and organically integrated into the way we think and work. • A place where both users and providers of information interact through a common focus on services. • A world where technology is implemented within industry frameworks that operate on a global scale, enabled by open, interoperable standards.

  6. A Common Web Service Framework Is Essential • To provide a sustainable foundation, • That will allow end-user companies to achieve the payback they require, • To invest widely in the service-oriented architecture.

  7. Achieving Sustainable Business Benefits through a Open Standards for Web Services In this post-dot-com era, end user companies are expecting more liquidity and longevity of their assets. To achieve the ROI, Cost Reduction and Service Expansion benefits expected; the widespread deployment of standards-based Web services is essential.

  8. Fundamental Issues that Must Be Addressed • A common framework for Web service interactions based on open standards must occur. • An agreed set of vocabularies and interactions for specific industries or common functions must be adopted.

  9. Business Benefits for Open Standards

  10. Why do standards matter? ROI for e-commerce • Normalizing data, processes and users costs time and money • ROI can come from operational savings and outweigh the costs, if those savings are stableandpersistent • This requires • Stable versioning • Reliable, fixed terms of availability (some protection against withdrawal or embrace-and extend) • INTEROPERABLE standards • CONVERGING standards

  11. What is an Open Standard? An open standard is: • publicly available in stable, persistent versions • developed and approved under a published, transparent process • open to public input: public comments, public archives, no NDAs • subject to explicit, disclosed IPR terms • See the US, EU, WTO governmental & treaty definitions of “standards” Anything else is proprietary:

  12. Delphi Group Research on the Value of Open Software Standards • Greatest benefit to support open standards • Increases the value of existing and future investments in information systems • Provides greater software re-usability • Enables greater data portability • Factors driving participation in standards • Vendor neutral environment • Access to a community of developers • Membership comprised of both end-users and software developers

  13. Open Standards Process: Essential to WS Adoption • Enables collaboration • Assures fairness • Provides for transparency • Embraces full participation • Ensures a level playing field for all • Prevents unfair first-to-market advantage for any one participant • Meets government requirements

  14. Standard Adoption • To be successful, a standard must be used • Adoption is most likely when the standard is • Freely accessible • Meets the needs of a large number of adopters • Flexible enough to change as needs change • Produces consistent results • Checkable for conformance, compatibility • Implemented and thus practically available • Sanction and traction both matter

  15. Leading the Adoption of Web Services Standards

  16. OASIS Mission OASIS drives the development, convergence and adoption of e-business standards.

  17. Current Members • Software vendors • User companies • Industry organisations • Governments • Universities and Research centres • Individuals • And co-operation with other standards bodies

  18. OASIS Members Represent the Marketplace

  19. International Representation

  20. OASIS is a member-led, international non-profit standards consortium concentrating on structured information and global e-business standards. • Over 650 Members of OASIS are: • Vendors, users, academics and governments • Organizations, individuals and industry groups • Best known for web services, e-business, security and document format standards. • Supports over 65 committees producing royalty-free and RAND standards in an open process.

  21. Key Directions in OASIS Standards for Web Services

  22. Approved OASIS Standards for Web Services • UDDI: Universal Description, Discovery & Integration • Defining a standard method for enterprises to dynamically discover and invoke Web services. • WSRP: Web Services for Remote Portlets • Standardizing the consumption of Web services in portal front ends. • WS-Reliability • Establishing a standard, interoperable way to guarantee message delivery to applications or Web services. • WSS: Web Services Security • Delivering a technical foundation for implementing integrity and confidentiality in higher-level Web services applications.

  23. www.oasis-open.org UDDI: The Registry Standard Service Oriented Business Services OASIS UDDI Specification Technical Committee

  24. 4. 1. SW companies, standards bodies, and programmers populate the registry with descriptions of different types of services Marketplaces, search engines, and business apps query the registry to discover services at other companies 2. UDDI BusinessRegistry 5. BusinessRegistrations Service Type Registrations Businesses populate the registry with descriptions of the services they support Business uses this data to facilitate easier integration with each other over the Web 3. UBR assigns a programmatically unique identifier to each service and business registration What is UDDI

  25. The Registry Standard for Service Oriented Business Applications • “Universal Description, Discovery and Integration” • UDDI v2 OASIS Standard: 2002 • UDDI v3 OASIS Standard: 31 Jan 05 • Broad vendor and enterprise adoption • UDDI - a specification of • APIs for publishing and searching for business services and service descriptions, and subscribing to changes to these • A data model with built-in metadata extensibility to characterize business services according to enterprise needs • The registry standard for visibility and reuse of SOBA components • The registry standard for an adaptive enterprise - dynamic discovery and binding to SOBAs The service, service definition and metadata “hub” for SOBAs

  26. Business Analysts Visibility of Business Service Portfolio UDDI Registry WSDL AdministratorsManage Business Services WSDL WSDL Publish Service and Service definitions Points to service Applications.NET, Java, ISV Runtime Binding Points to service description Find service, its description and its capabilities and constraints Publish service metadata Developers Reuse services Service Consumer Business Service SOAP Communicates XML Messages Using a UDDI Registry

  27. www.oasis-open.org WSRP: Web Services for Remote Portal OASIS WSRP Technical Committee

  28. Visual Component Pool  Internet Client  Browser Client  Text processor Client  Portal WSRP Goals • Enable the sharing of portlets (markup fragments) over the internet with a common interface=> Cross vendor publishing and consuming of content • V1 goal => aggregatingcontent

  29. www.oasis-open.org WSDM: Web Services for Distributed Management OASIS WSDM Technical Committee

  30. OASIS WSDM TC Specifications • Management USING Web Services (MUWS) • Management applications on a Web services platform • Web services to describe and access manageability of resources • Management OF Web Services (MOWS) • An implementation of Management Using Web Services for the Web Service as the IT resource

  31. OASIS Web Services Infrastructure Work 14+ OASIS Technical Committees, including: • ASAP: Asynchronous Service Access ProtocolEnabling the control of asynchronous or long-running Web services. • WSBPEL: Business Process Execution LanguageEnabling users to describe business process activities as Web services and define how they can be connected to accomplish specific tasks. • WS-CAF: Composite Application FrameworkDefining an open framework for supporting applications that contain multiple Web services used in combination. • WSDM: Distributed ManagementDefining Web services architecture to manage distributed resources.

  32. OASIS Web Services Infrastructure Work • WSN: NotificationAdvancing a pattern-based approach to allow Web services to disseminate information to one another. • WSRF: Resource FrameworkDefining an open framework for modeling and accessing stateful resources.

  33. Standardizing Web Services Implementations For communities and across industries: • ebSOA: e-Business Service Oriented Architecture Advancing an eBusiness architecture that builds on ebXML and other Web services technology. • SOA-RM: Service Oriented Architecture Reference Model. Delivering a Reference Model to encourage the continued growth of specific and different SOA implementations whilst preserving a common layer that can be shared and understood between those or future implementations. • FWSI: Framework for WS ImplementationDefining implementation methods and common functional elements for broad, multi-platform, vendor-neutral implementations of Web services for eBusiness applications. • oBIX: Open Building Information XchangeEnabling mechanical and electrical systems in buildings to communicate with enterprise applications. • Translation WS Automating the translation and localization process as a Web service.

  34. Security for Web Services • Most e-business implementations require a traceable, auditable, bookable level of assurance when data is exchanged • IT operations demand “transactional” level of reliable functionality, whether it’s an economic event (booking a sale) or a pure information exchange • Dealings between divisions often need security and reliability as much as deals between companies

  35. Approved OASIS Standards for Security • AVDL: Application VulnerabilityStandardizing the exchange of information on security vulnerabilities of applications exposed to networks. • SAML: Security Services Defining the exchange of authentication and authorization information to enable single sign-on. • SPML: Provisioning ServicesProviding an XML framework for managing the allocation of system resources within and between organizations. • XACML: Access ControlExpressing and enforcing authorization policies for information access over the Internet. • XCBF: Common Biometric FormatProviding a standard way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. • WSS: Web Services SecurityAdvancing a technical foundation for implementing integrity and confidentiality in higher-level Web services applications.

  36. OASIS Security Work • DSS: Digital Signature Services Defining an XML interface to process digital signatures for Web services and other applications. • PKI: Public Key Infrastructure Advancing the use of digital certificates as a foundation for managing access to network resources and conducting electronic transactions. • WAS: Web Application SecurityCreating an open data format to describe Web application security vulnerabilities, providing guidance for initial threat and risk ratings.

  37. Web Services security • Most e-business implementations require a traceable, auditable, bookable level of assurance when data is exchanged • IT operations demand “transactional” level of reliable functionality, whether it’s an economic event (booking a sale) or a pure information exchange • Dealings between divisions often need security and reliability as much as deals between companies

  38. Security: function by function • Identity authentication • Encryption and protection against interception • Control of access and authority

  39. Identity authentication The latest e-business security standards implement the next generation of identity deployment • In the 1990’s, PKI assumed a universal network of official certification authorities • Newer federated / distributed identity models permit identity certification to be decentralized and shared among service providers and existing registrars • SAML • WS-Security • XCBF

  40. Encryption and protection against interception & intrusion • A key problem with encrypted messages travelling over a shared or public network: if you encrypt the wrong bits, it doesn’t arrive, or the recipient can’t process it • Shared and automated methods for managing security require a shared vocabulary about security weaknesses and risks • DSS • PKI TC • AVDL • WAS

  41. Control of access and authority • In transactional information exchanges, you often must apply • access lists, • directories of recipients, • levels of authority, and • access policies • So that you know who gets what, and who should get it • XACML • SPML

  42. What should your company be doing?

  43. Reducing Risk in new e-business technologies • Avoid reinventing the wheel • Stay current with emerging technologies • Influence industry direction • Ensure consideration of own needs • Realize impact of interoperability and network effects • Reduce development cost & time • savedevelopment on new technologies • share cost/time with other participants

  44. What can your company do? • Participate • Understand the ground rules • Contribute actively Or… • Be a good observer In any case… • Make your needs known • Use cases, functions, platforms, IPR, priorities, availability, tooling • Be pragmatic: standardization is a voluntary process

  45. Business Benefits of Participation in OASIS

  46. Membership Benefits • Influence • Information • Participation • Education • Co-ordination • Creadibility • Visibility • Openess

  47. OASIS Value • Sanctionx Traction = Adoption • Ten years demonstrated success • Neutral and independent • Technical and procedural competence • Worldwide visibility and outreach • Close coordination with peer standards organizations on a global level • Relevance, Openness, Implement-ability

  48. Contact Information: Patrick Gannon President & CEO patrick.gannon@oasis-open.org +1.978.761.3546 • www.oasis-open.org • www.xml.org • www.xml.coverpages.org

More Related