|
TABLE OF CONTENTS |
7 |
|
|
ENDORSEMENTS |
11 |
|
|
ABOUT THE SERIES |
13 |
|
|
Series Editors |
14 |
|
|
FOREWORD |
17 |
|
|
PREFACE |
21 |
|
|
ABOUT THIS BOOK |
25 |
|
|
Audience |
26 |
|
|
What This Book Is Not! |
26 |
|
|
How to Use This Book |
27 |
|
|
Motivation for Writing This Book |
28 |
|
|
Disclaimer |
28 |
|
|
About the Authors |
29 |
|
|
ACKNOWLEDGEMENTS |
31 |
|
|
ABOUT THE REVIEWERS |
33 |
|
|
Argentina |
33 |
|
|
Australia |
33 |
|
|
Belgium |
33 |
|
|
Canada |
34 |
|
|
Finland |
34 |
|
|
Germany |
34 |
|
|
India |
34 |
|
|
Israel & Palestine |
34 |
|
|
Pakistan |
34 |
|
|
Scotland |
34 |
|
|
Singapore |
34 |
|
|
Ukraine |
35 |
|
|
United Kingdom |
35 |
|
|
United States |
35 |
|
|
1 UNDERSTANDING SERVICE- ORIENTED ARCHITECTURE |
36 |
|
|
1. Introducing Service-Oriented Architectures |
40 |
|
|
1.1. Web Services |
40 |
|
|
1.1.1. Enterprise IT and Web Services |
41 |
|
|
1.1.2. WSDL and SOAP |
43 |
|
|
1.1.3. UDDI |
47 |
|
|
1.1.4. The Beginnings of Enterprise Service Orientation |
50 |
|
|
1.2. Enterprise Service-Oriented Architecture |
52 |
|
|
2. Service-Based Collaboration through Federation |
54 |
|
|
2.1. A Federation Is … |
54 |
|
|
2.2. Federation and Mature CBSE |
58 |
|
|
2.3. The Federation Spectrum |
59 |
|
|
2.4. The Spectrum as a Service Taxonomy |
63 |
|
|
2.5. Federation Example |
65 |
|
|
2 COMPONENT-BASED SERVICES |
84 |
|
|
1. Component-Based Software Engineering ( CBSE) |
86 |
|
|
1.1. Understanding CBSE |
87 |
|
|
2. A Component De.nition |
90 |
|
|
2.1. The UML2 Component |
91 |
|
|
2.2. The Enterprise Component |
95 |
|
|
2.3. Network-Style Interfaces |
96 |
|
|
3. Component Granularity |
99 |
|
|
3.1. Distribution Domains and Tiers |
100 |
|
|
3.1.1. Looking at the Big Picture |
100 |
|
|
3.1.2. Distribution Domains and Tiers |
102 |
|
|
3.1.3. The BPM Domain |
104 |
|
|
3.2. Granularity Scheme |
105 |
|
|
3.2.1. The Distributed Component (DC) |
106 |
|
|
3.2.2. The Business Component (BC) |
108 |
|
|
3.2.3. The Application Component (AC) |
111 |
|
|
3.3. Dependency Management |
114 |
|
|
3.3.1. Inter-Tier Interactions |
114 |
|
|
3.3.2. Business Function Layers |
115 |
|
|
4. From Requirements to Design |
116 |
|
|
4.1. Requirements |
117 |
|
|
4.1.1. Business Elements |
118 |
|
|
4.1.2. Processes and Resources |
118 |
|
|
4.2. Business Element Analysis |
119 |
|
|
4.2.1. Resource Business Element (RBE) |
120 |
|
|
4.2.2. The Service Business Element (SBE) |
123 |
|
|
4.2.3. Delivery Business Element (DBE) |
126 |
|
|
4.3. Mapping to Components |
127 |
|
|
5. Summary |
129 |
|
|
3 ORCHESTRATION |
130 |
|
|
1. Work.ow and Business Process Management |
132 |
|
|
1.1. Intra-Enterprise Work.ows |
135 |
|
|
1.2. Interoperability Concerns |
136 |
|
|
2. The Business Process Execution Language ( BPEL) |
136 |
|
|
2.1. Relationship to XPath |
138 |
|
|
2.2. Variables |
138 |
|
|
2.3. De.ning Business Relationships |
140 |
|
|
2.4. Message Correlation |
142 |
|
|
2.5. Activities |
147 |
|
|
2.5.1. |
148 |
|
|
2.5.2. |
150 |
|
|
2.5.3. |
151 |
|
|
2.5.4. |
152 |
|
|
2.5.5. |
152 |
|
|
2.5.6. |
153 |
|
|
2.5.7. |
153 |
|
|
2.5.8. |
154 |
|
|
2.5.9. <.ow> |
154 |
|
|
2.5.10. |
157 |
|
|
2.5.11. |
159 |
|
|
2.5.12. |
159 |
|
|
2.5.13. |
160 |
|
|
2.5.14. |
161 |
|
|
2.5.15. |
161 |
|
|
2.6. Transactions |
162 |
|
|
3. A Worked Example of Web Services Orchestration |
163 |
|
|
4. Design-Time Demonstration |
164 |
|
|
4.1. Task De.nitions |
164 |
|
|
4.2. The ProcessOrderApplication Flow |
165 |
|
|
4.3. The PaymentAuthorization Sub-Task |
167 |
|
|
4.3.1. Testing the Sub-Task within the Design Tool |
169 |
|
|
4.4. Gluing Them Together |
173 |
|
|
4.5. Fault Handling |
178 |
|
|
4.6. The Entire Flow |
179 |
|
|
5. Run-Time Demonstration |
180 |
|
|
5.1. Tracking the Flow |
180 |
|
|
5.2. The Audit Trail |
183 |
|
|
6. Summary |
183 |
|
|
4 WORKING WITH REGISTRY AND UDDI |
186 |
|
|
1. Introducing the Registry |
187 |
|
|
1.1. Why Do I Need It? |
187 |
|
|
1.2. How Do I Use It? |
188 |
|
|
1.3. Registry vs Repository |
189 |
|
|
2. Universal Description, Discovery and Integration ( UDDI) |
189 |
|
|
2.1. Technical Overview |
190 |
|
|
2.2. Informational Structural Model |
192 |
|
|
2.2.1. Business Information: The BusinessEntity Element |
193 |
|
|
2.2.2. Service Information: The BusinessService element |
194 |
|
|
2.2.3. Specification Information: The BindingTemplate Element |
194 |
|
|
2.2.4. Technical Fingerprint: The TModel Element |
195 |
|
|
2.2.5. Relationships: The PublisherAssertion Element |
196 |
|
|
2.2.6. Operations Information: The OperationalInfo Element |
197 |
|
|
2.3. UDDI Keys |
197 |
|
|
2.3.1. UUID |
198 |
|
|
2.3.2. DomainKey |
198 |
|
|
2.3.3. DerivedKey |
199 |
|
|
2.4. Classification – Where Is My Data? |
199 |
|
|
2.4.1. Categorization |
200 |
|
|
2.4.2. Identifiers |
202 |
|
|
3. Programming UDDI |
204 |
|
|
3.1. Searching with UDDI |
204 |
|
|
3.1.1. Browse Pattern |
205 |
|
|
3.1.2. Drill-Down Pattern |
206 |
|
|
3.1.3. Invocation Pattern |
207 |
|
|
3.2. Publishing with UDDI |
208 |
|
|
3.3. Subscribing with UDDI |
208 |
|
|
3.3.1. Asynchronous Noti.cation |
212 |
|
|
3.3.2. Synchronous Noti.cation |
212 |
|
|
4. Internationalization |
214 |
|
|
4.1. Multilingual Descriptions, Names and Addresses |
214 |
|
|
4.2. Multiple Names in the Same Language |
215 |
|
|
4.3. Internationalized Address Format |
216 |
|
|
4.4. Language-Dependent Collation |
217 |
|
|
4.5. Federation of Registries |
217 |
|
|
4.6. Private Test Registry |
218 |
|
|
4.7. Shared Registry |
219 |
|
|
4.8. Security |
221 |
|
|
5. Summary |
222 |
|
|
5 UNDERSTANDING ENTERPRISE SECURITY |
224 |
|
|
1. Need for a Message Level Security Solution |
226 |
|
|
1.1. Point-to-Point vs End-to-End Security |
226 |
|
|
1.2. Application Independence |
227 |
|
|
1.3. Technology Independence |
228 |
|
|
2. Security Concepts |
228 |
|
|
2.1. Authentication – Who Is It? |
229 |
|
|
2.2. Authorization – What Can They Do? |
229 |
|
|
2.3. Integrity – Ensure That Information Is Intact |
230 |
|
|
2.4. Con.dentiality – You Can’t Read |
230 |
|
|
2.5. Non-Repudiation – You Sent It, I Got Proof |
230 |
|
|
2.6. Single Signon – How Many Times Do I Have to Tell You? |
231 |
|
|
2.7. Key Management – Give Me a Key Chain |
231 |
|
|
3. Security Technologies |
231 |
|
|
3.1. Authenticaton and Security Tokens |
232 |
|
|
3.1.1. Username/Password |
233 |
|
|
3.1.2. PKI through X.509 Certi.cates |
234 |
|
|
3.1.3. Kerberos |
234 |
|
|
3.2. Integrity and Signing |
234 |
|
|
3.3. XML Signature |
236 |
|
|
3.3.1. Generate Certi.cate |
239 |
|
|
3.3.2. Signing |
240 |
|
|
3.3.3. Veri.cation |
242 |
|
|
3.4. Canonicalization |
243 |
|
|
3.5. Con.dentiality and Encryption |
244 |
|
|
3.5.1. Symmetric Encryption |
245 |
|
|
3.5.2. Asymmetric Encryption |
246 |
|
|
3.6. XML Encryption |
247 |
|
|
3.6.1. Encryption |
249 |
|
|
3.6.2. Decryption |
249 |
|
|
3.7. Authorization |
250 |
|
|
3.8. Extensible Access Control Markup Language ( XACML) |
250 |
|
|
3.8.1. Key Concepts |
250 |
|
|
3.9. Top-Level Constructs: Policy and PolicySet |
251 |
|
|
3.10. Key Management |
251 |
|
|
3.11. XML Key Management Speci.cation ( XKMS) |
252 |
|
|
3.11.1. XML Key Information Service Specification ( XKISS) |
252 |
|
|
3.11.2. XML Key Registration Service Specification ( XKRSS) |
252 |
|
|
3.12. Single Sign-On |
253 |
|
|
3.13. Identity Management |
255 |
|
|
3.14. Liberty Alliance Project |
255 |
|
|
3.15. Security Assertion Markup Language ( SAML) |
258 |
|
|
4. Web Services Security (WSS) |
260 |
|
|
4.1. Security Tokens |
261 |
|
|
4.2. Signature |
262 |
|
|
4.3. Encryption |
263 |
|
|
5. WS-Policy |
265 |
|
|
6. WS-Trust |
266 |
|
|
7. WS-Privacy |
267 |
|
|
8. WS-SecureConversation |
267 |
|
|
9. WS-Federation |
268 |
|
|
10. WS-Authorization |
268 |
|
|
11. Summary |
268 |
|
|
6 SOA MANAGEMENT |
270 |
|
|
1. Problem Space |
271 |
|
|
1.1. Management Scenarios |
275 |
|
|
2. Systems Management |
279 |
|
|
2.1. Logging |
280 |
|
|
2.2. Auditing |
282 |
|
|
2.3. Monitoring |
283 |
|
|
3. Alerting |
285 |
|
|
3.1. Round Trip |
285 |
|
|
3.2. Transaction Size |
285 |
|
|
3.3. System Fault |
286 |
|
|
3.4. Trending |
286 |
|
|
4. Provisioning |
287 |
|
|
5. Leasing |
288 |
|
|
6. Billing |
289 |
|
|
7. Pricing/Chargeback Models |
290 |
|
|
7.1. Per Transaction |
291 |
|
|
7.2. Fixed Fee/Subscription |
291 |
|
|
7.3. Lease/License |
291 |
|
|
7.4. Business Partnership/Percentage of Revenue |
292 |
|
|
7.5. Registration |
292 |
|
|
8. Lifecycle Management |
292 |
|
|
8.1. Routing |
294 |
|
|
8.2. Versioning and Deprecation |
295 |
|
|
8.3. Transformation |
297 |
|
|
8.4. Provisioning |
300 |
|
|
8.5. Quality Assurance |
302 |
|
|
8.6. Business Processes |
303 |
|
|
8.7. Message Prioritization |
304 |
|
|
8.8. Business Activity Monitoring |
304 |
|
|
9. Management Architecture |
306 |
|
|
9.1. Gateways |
306 |
|
|
9.2. Agents |
307 |
|
|
9.3. Centralized Policies |
308 |
|
|
9.4. Operational Rules |
308 |
|
|
9.5. Components |
310 |
|
|
9.6. Persistent Storage |
311 |
|
|
10. Policy Architecture |
312 |
|
|
10.1. Policy Execution |
313 |
|
|
11. Framework Vendors |
314 |
|
|
12. Summary |
315 |
|
|
7 TRANSACTIONS |
316 |
|
|
1. What Are ACID Transactions? |
316 |
|
|
1.1. The Synchronization Protocol |
320 |
|
|
1.2. Optimizations to the Protocol |
321 |
|
|
1.3. Non-Atomic Transactions and Heuristic Outcomes |
322 |
|
|
2. Why ACID Is Too Strong for Web Services |
323 |
|
|
3. A Brief History of Web Services Transactions |
325 |
|
|
4. The Coordination Frameworks |
326 |
|
|
4.1. Coordination Architecture |
328 |
|
|
4.2. Creating a Coordinator |
329 |
|
|
4.3. The Context |
330 |
|
|
4.4. Registering Participants |
331 |
|
|
4.5. Terminating the Coordinator |
334 |
|
|
5. Web Services Transactions |
334 |
|
|
5.1. Atomic Transaction |
336 |
|
|
5.1.1. Supported Protocols |
337 |
|
|
5.2. Business Activity |
340 |
|
|
5.2.1. WS-BusinessActivity |
342 |
|
|
5.2.2. Long Running Action |
342 |
|
|
5.3. Business Process Model |
345 |
|
|
6. Security Implications |
347 |
|
|
7. Interoperability Considerations |
349 |
|
|
8. Summary |
350 |
|
|
8 EVENT-DRIVEN ARCHITECTURE |
352 |
|
|
1. Overview |
354 |
|
|
2. Events |
355 |
|
|
2.1. Descriptive |
355 |
|
|
2.2. Prescriptive |
355 |
|
|
2.3. Factual |
356 |
|
|
2.4. Assumptive |
356 |
|
|
2.5. Business Rules |
356 |
|
|
3. Agents |
358 |
|
|
3.1. Service Design |
361 |
|
|
3.2. Pools |
362 |
|
|
4. Threads |
364 |
|
|
4.1. Thread per Request |
364 |
|
|
4.2. Thread Pools |
366 |
|
|
5. Alternative Pattern-Based Approaches |
367 |
|
|
5.1. Strategy Pattern |
368 |
|
|
5.2. Chain of Responsibility Pattern |
368 |
|
|
5.3. Interpreter Pattern |
370 |
|
|
5.4. Flyweight Pattern |
371 |
|
|
5.5. Memento Pattern |
372 |
|
|
6. Language Specific Constructs |
373 |
|
|
6.1. Soft References |
374 |
|
|
6.2. Forking |
375 |
|
|
6.3. Non-Blocking I/O |
375 |
|
|
6.4. Enterprise Service Bus |
376 |
|
|
6.5. Callbacks |
379 |
|
|
7. Finite State Machines |
379 |
|
|
8. Event Notification |
382 |
|
|
8.1. Brokered Notification |
384 |
|
|
8.2. Security Concerns |
385 |
|
|
8.3. Message Order Alteration |
385 |
|
|
8.4. Availability Attacks |
386 |
|
|
8.5. Replay Attacks |
386 |
|
|
8.6. Redirection Attacks |
386 |
|
|
9. Practical Considerations |
387 |
|
|
9.1. Return on Investment |
388 |
|
|
9.2. Canonical Form |
388 |
|
|
9.3. Integration |
389 |
|
|
9.4. Retirement |
389 |
|
|
10. Summary |
390 |
|
|
OUTTRO |
392 |
|
|
APPENDIX A: UNDERSTANDING DISTRIBUTED COMPUTING |
394 |
|
|
1. Distributed Computing |
395 |
|
|
1.1. Anatomy of a Distributed Application |
396 |
|
|
1.1.1. Understanding the Network Layer |
397 |
|
|
1.1.2. Building the Application Layer |
399 |
|
|
1.1.3. Operating System Components |
401 |
|
|
1.2. Interprocess Communication |
403 |
|
|
1.3. Communications Infrastructure |
405 |
|
|
1.4. Remote Procedure Calls (RPC) |
406 |
|
|
1.5. Object Request Brokers (ORB) |
406 |
|
|
1.6. Transaction Processing Monitors |
408 |
|
|
1.7. Message-Oriented Middleware ( MOM) |
410 |
|
|
1.8. Service Description |
411 |
|
|
1.9. Versioning |
412 |
|
|
1.10. Operations |
413 |
|
|
1.10.1. One-Way |
414 |
|
|
1.10.2. Request/Response |
414 |
|
|
1.10.3. Solicit/Response |
415 |
|
|
1.10.4. Noti.cation |
415 |
|
|
1.11. Service Discovery |
416 |
|
|
1.12. Application Services |
417 |
|
|
1.12.1. Stateless Services |
418 |
|
|
1.12.2. Conversational Services |
418 |
|
|
1.12.3. Cached Services |
419 |
|
|
1.12.4. Singleton Services |
419 |
|
|
2. Practical Considerations |
420 |
|
|
3. Summary |
420 |
|
|
APPENDIX B: QUALITY ATTRIBUTES |
422 |
|
|
1. System Qualities |
422 |
|
|
1.1. Availability |
422 |
|
|
1.2. Manageability |
424 |
|
|
1.3. Performance |
424 |
|
|
1.4. Scalability |
425 |
|
|
1.5. Security |
426 |
|
|
2. Design vs Run-Time |
426 |
|
|
APPENDIX C: REFERENCES |
430 |
|
|
Books |
430 |
|
|
Magazines |
432 |
|
|
Docs |
432 |
|
|
Web Sites |
434 |
|
|
Presentations |
436 |
|
|
APPENDIX D: ADDITIONAL READING |
438 |
|
|
APPENDIX E: UPCOMING BOOKS |
440 |
|
|
Agile Enterprise Architecture – Fall 2006 |
440 |
|
|
Enterprise Portal Architecture – Fall 2006 |
441 |
|
|
Enterprise Open Source – Spring 2007 |
442 |
|
|
Enterprise BPM Patterns – Summer 2007 |
443 |
|