WEb Services Standards for Financial Service
Download
Report
Transcript WEb Services Standards for Financial Service
Achieving Sustainable
Business Benefits with Web
Services Standards
Patrick Gannon
President & CEO
XML Web Services Symposium
Web Services Initiative - Japan
San Francisco, 28 February 2005
Open Standards for
Building Automation
Vision for Service Oriented Architecture
Business Benefits from Open Standards
Key Directions in Web Services Standards
What your company can do
Vision for Future
Global eBusiness
built on a Service
Oriented Architecture
The Dawn of a New Era Built on
Service Oriented Architecture
Vision of a Service-Oriented
Architecture
A place where services are ubiquitous
and organically integrated into the way we
think and work.
A place where both users and providers of
information interact through a common
focus on services.
A world where technology is implemented
within industry frameworks that operate
on a global scale, enabled by open,
interoperable standards.
A Common Web Service
Framework Is Essential
To provide a sustainable foundation,
That will allow end-user companies to
achieve the payback they require,
To invest widely in the service-oriented
architecture.
Achieving Sustainable Business Benefits
through a Open Standards for Web Services
In this post-dot-com era, end user
companies are expecting more
liquidity and longevity of their assets.
To achieve the ROI, Cost Reduction
and Service Expansion benefits
expected; the widespread deployment
of standards-based Web services is
essential.
Fundamental Issues that
Must Be Addressed
A common framework for Web service
interactions based on open standards
must occur.
An agreed set of vocabularies and
interactions for specific industries or
common functions must be adopted.
Business Benefits
for Open Standards
Why do standards matter?
ROI for e-commerce
Normalizing data, processes and users costs time and
money
ROI can come from operational savings and outweigh
the costs, if those savings are stable and persistent
This requires
Stable versioning
Reliable, fixed terms of availability (some protection
against withdrawal or embrace-and extend)
INTEROPERABLE standards
CONVERGING standards
What is an Open Standard?
An open standard is:
publicly available in stable, persistent versions
developed and approved under a published,
transparent process
open to public input: public comments, public
archives, no NDAs
subject to explicit, disclosed IPR terms
See the US, EU, WTO governmental & treaty
definitions of “standards”
Anything else is proprietary:
Delphi Group Research on the
Value of Open Software Standards
Greatest benefit to support open standards
•
•
•
Increases the value of existing and future
investments in information systems
Provides greater software re-usability
Enables greater data portability
Factors driving participation in standards
•
•
•
Vendor neutral environment
Access to a community of developers
Membership comprised of both end-users and
software developers
Open Standards Process:
Essential to WS Adoption
Enables collaboration
Assures fairness
Provides for transparency
Embraces full participation
Ensures a level playing field for all
Prevents unfair first-to-market advantage
for any one participant
Meets government requirements
Standard Adoption
To be successful, a standard must be used
Adoption is most likely when the standard is
Freely accessible
Meets the needs of a large number of adopters
Flexible enough to change as needs change
Produces consistent results
Checkable for conformance, compatibility
Implemented and thus practically available
Sanction and traction both matter
Leading the Adoption of
Web Services Standards
OASIS Mission
OASIS drives the
development,
convergence and
adoption
of e-business
standards.
Current Members
Software vendors
User companies
Industry organisations
Governments
Universities and Research centres
Individuals
And co-operation with other
standards bodies
OASIS Members Represent
the Marketplace
OASIS Member Organizations
U sers &
Inf luencers
3 5%
Go vernment &
U niversit y
15%
T echno lo g y
Pro vid ers
50 %
International Representation
Total OASIS Members - 2000
4%
13%
83%
Asia-Pacific
Europe
North America
Total OASIS Members - 2004
11%
66%
23%
Asia-Pacific
Europe
North America
OASIS is a member-led, international non-profit
standards consortium concentrating on
structured information and global e-business
standards.
Over 650 Members of OASIS are:
Vendors, users, academics and governments
Organizations, individuals and industry
groups
Best known for web services, e-business,
security and document format standards.
Supports over 65 committees producing royaltyfree and RAND standards in an open process.
Key Directions in
OASIS Standards for
Web Services
Approved OASIS Standards
for Web Services
UDDI: Universal Description, Discovery & Integration
WSRP: Web Services for Remote Portlets
Standardizing the consumption of Web services in portal front
ends.
WS-Reliability
Defining a standard method for enterprises to dynamically
discover and invoke Web services.
Establishing a standard, interoperable way to guarantee
message delivery to applications or Web services.
WSS: Web Services Security
Delivering a technical foundation for implementing integrity and
confidentiality in higher-level Web services applications.
www.oasis-open.org
UDDI: The Registry Standard
Service Oriented Business
Services
OASIS UDDI Specification Technical
Committee
What is UDDI
1.
SW companies, standards
bodies, and programmers
populate the registry with
descriptions of different types
of services
2.
UDDI Business Registry
Businesses
populate
the registry
with
descriptions of
the services
they support
Business
Registrations
3.
Service Type
Registrations
UBR assigns a programmatically unique
identifier to each service and business
registration
4.
Marketplaces, search
engines, and business
apps query the registry to
discover services at other
companies
5.
Business uses this
data to facilitate
easier integration
with each other over
the Web
The Registry Standard for Service
Oriented Business Applications
“Universal Description, Discovery and
Integration”
UDDI - a specification of
UDDI v2 OASIS Standard: 2002
UDDI v3 OASIS Standard: 31 Jan 05
Broad vendor and enterprise adoption
APIs for publishing and searching for business services and
service descriptions, and subscribing to changes to these
A data model with built-in metadata extensibility to
characterize business services according to enterprise needs
The registry standard for visibility and reuse of
SOBA components
The registry standard for an adaptive enterprise dynamic discovery and binding to SOBAs
The service, service definition and
metadata “hub” for SOBAs
Developers
Reuse services
Business Analysts
Visibility of Business
Service Portfolio
Administrators
Manage Business
Services
Using a UDDI
Registry
Publish Service and Service
definitions
UDDI
Registry
Points to service description
WSDL
WSDL
WSDL
Points to service
Find service, its
description and its
capabilities and
constraints
Service Consumer
Applications
.NET, Java, ISV
Runtime Binding
Publish service
metadata
SOAP
Communicates XML Messages
Business Service
www.oasis-open.org
WSRP: Web Services for
Remote Portal
OASIS WSRP Technical Committee
WSRP Goals
Enable the sharing of portlets (markup
fragments) over the internet with a common
interface
=> Cross vendor publishing and consuming of
Client Browser
content
Visual Component Pool Internet
V1 goal => aggregating
content
Client Text processor
Client Portal
www.oasis-open.org
WSDM: Web Services for
Distributed Management
OASIS WSDM Technical Committee
OASIS WSDM TC Specifications
Management USING Web Services
(MUWS)
Management applications on a Web services
platform
Web services to describe and access
manageability of resources
Management OF Web Services (MOWS)
An implementation of Management Using Web
Services for the Web Service as the IT
resource
OASIS Web Services
Infrastructure Work
14+ OASIS Technical Committees, including:
ASAP: Asynchronous Service Access Protocol
Enabling the control of asynchronous or long-running Web services.
WSBPEL: Business Process Execution Language
Enabling users to describe business process activities as Web
services and define how they can be connected to accomplish
specific tasks.
WS-CAF: Composite Application Framework
Defining an open framework for supporting applications that contain
multiple Web services used in combination.
WSDM: Distributed Management
Defining Web services architecture to manage distributed resources.
OASIS Web Services
Infrastructure Work
WSN: Notification
Advancing a pattern-based approach to
allow Web services to disseminate
information to one another.
WSRF: Resource Framework
Defining an open framework for modeling
and accessing stateful resources.
Standardizing Web Services
Implementations
For communities and across industries:
ebSOA: e-Business Service Oriented Architecture
Advancing an eBusiness architecture that builds on ebXML and other Web
services technology.
SOA-RM: Service Oriented Architecture Reference Model.
Delivering a Reference Model to encourage the continued growth of specific
and different SOA implementations whilst preserving a common layer that
can be shared and understood between those or future implementations.
FWSI: Framework for WS Implementation
Defining implementation methods and common functional elements for
broad, multi-platform, vendor-neutral implementations of Web services for
eBusiness applications.
oBIX: Open Building Information Xchange
Enabling mechanical and electrical systems in buildings to communicate with
enterprise applications.
Translation WS
Automating the translation and localization process as a Web service.
Security for Web Services
Most e-business implementations require
a traceable, auditable, bookable level of
assurance when data is exchanged
IT operations demand “transactional” level
of reliable functionality, whether it’s an
economic event (booking a sale) or a pure
information exchange
Dealings between divisions often need
security and reliability as much as deals
between companies
Approved OASIS Standards for Security
AVDL: Application Vulnerability
Standardizing the exchange of information on security vulnerabilities of
applications exposed to networks.
SAML: Security Services
Defining the exchange of authentication and authorization information to enable
single sign-on.
SPML: Provisioning Services
Providing an XML framework for managing the allocation of system resources
within and between organizations.
XACML: Access Control
Expressing and enforcing authorization policies for information access over the
Internet.
XCBF: Common Biometric Format
Providing a standard way to describe information that verifies identity based on
human characteristics such as DNA, fingerprints, iris scans, and hand geometry.
WSS: Web Services Security
Advancing a technical foundation for implementing integrity and confidentiality in
higher-level Web services applications.
OASIS Security Work
DSS: Digital Signature Services
Defining an XML interface to process digital signatures for Web
services and other applications.
PKI: Public Key Infrastructure
Advancing the use of digital certificates as a foundation for
managing access to network resources and conducting electronic
transactions.
WAS: Web Application Security
Creating an open data format to describe Web application security
vulnerabilities, providing guidance for initial threat and risk ratings.
Web Services security
Most e-business implementations require
a traceable, auditable, bookable level of
assurance when data is exchanged
IT operations demand “transactional” level
of reliable functionality, whether it’s an
economic event (booking a sale) or a pure
information exchange
Dealings between divisions often need
security and reliability as much as deals
between companies
Security: function by function
Identity authentication
Encryption and protection
against interception
Control of access and
authority
Identity authentication
The latest e-business security standards
implement the next generation of identity
deployment
In the 1990’s, PKI assumed a universal
network of official certification authorities
Newer federated / distributed identity
models permit identity certification to be
decentralized and shared among service
providers and existing registrars
• SAML
• WS-Security • XCBF
Encryption and protection against
interception & intrusion
A key problem with encrypted messages
travelling over a shared or public network: if
you encrypt the wrong bits, it doesn’t arrive, or
the recipient can’t process it
• DSS
• PKI TC
Shared and automated methods for managing
security require a shared vocabulary about
security weaknesses and risks
• AVDL
• WAS
Control of access and authority
In transactional information
exchanges, you often must apply
access lists,
directories of recipients,
levels of authority, and
access policies
So that you know who gets what, and
who should get it
• XACML
• SPML
What should your company be
doing?
Reducing Risk in new
e-business technologies
Avoid reinventing the wheel
Influence industry direction
Stay current with emerging technologies
Ensure consideration of own needs
Realize impact of interoperability and
network effects
Reduce development cost & time
save development on new technologies
share cost/time with other participants
What can your company do?
Participate
Understand the ground rules
Contribute actively
Or…
Be a good observer
In any case…
Make your needs known
Use cases, functions, platforms, IPR, priorities,
availability, tooling
Be pragmatic: standardization is a
voluntary process
Business Benefits
of Participation in
OASIS
Membership Benefits
Influence
Information
Participation
Education
Co-ordination
Creadibility
Visibility
Openess
OASIS Value
Sanction x Traction = Adoption
Ten years demonstrated success
Neutral and independent
Technical and procedural competence
Worldwide visibility and outreach
Close coordination with peer standards
organizations on a global level
Relevance, Openness, Implement-ability
Contact Information:
Patrick Gannon
President & CEO
[email protected]
+1.978.761.3546
www.oasis-open.org
www.xml.org
www.xml.coverpages.org