Oracle Ebusiness Suite Project Charter - PowerPoint by pdr21450


More Info
									Achieving Sustainable
Business Benefits with Web
Services Standards
Patrick Gannon
President & CEO

XML Web Services Symposium
Web Services Initiative - Japan
San Francisco, 28 February 2005
Open Standards for
Building Automation

   Vision for Service Oriented Architecture
   Business Benefits from Open Standards
   Key Directions in Web Services Standards
   What your company can do
Vision for Future
Global eBusiness
built on a Service
Oriented Architecture
The Dawn of a New Era Built on
Service Oriented Architecture
Vision of a Service-Oriented
   A place where services are ubiquitous
    and organically integrated into the way we
    think and work.
   A place where both users and providers of
    information interact through a common
    focus on services.
   A world where technology is implemented
    within industry frameworks that operate
    on a global scale, enabled by open,
    interoperable standards.
A Common Web Service
Framework Is Essential
   To provide a sustainable foundation,

   That will allow end-user companies to
    achieve the payback they require,

   To invest widely in the service-oriented
Achieving Sustainable Business Benefits
through a Open Standards for Web Services

    In this post-dot-com era, end user
    companies are expecting more
    liquidity and longevity of their assets.
    To achieve the ROI, Cost Reduction
    and Service Expansion benefits
    expected; the widespread deployment
    of standards-based Web services is
Fundamental Issues that
Must Be Addressed
 A common framework for Web service
  interactions based on open standards
  must occur.

 An agreed set of vocabularies and
  interactions for specific industries or
  common functions must be adopted.
Business Benefits
for Open Standards
Why do standards matter?
ROI for e-commerce
   Normalizing data, processes and users costs time and
   ROI can come from operational savings and outweigh
    the costs, if those savings are stable and persistent
   This requires
       Stable versioning
       Reliable, fixed terms of availability (some protection
        against withdrawal or embrace-and extend)
       INTEROPERABLE standards
       CONVERGING standards
What is an Open Standard?
An open standard is:
 publicly available in stable, persistent versions

 developed and approved under a published,

  transparent process
 open to public input: public comments, public

  archives, no NDAs
 subject to explicit, disclosed IPR terms

 See the US, EU, WTO governmental & treaty

  definitions of “standards”

Anything else is proprietary:
Delphi Group Research on the
Value of Open Software Standards
       Greatest benefit to support open standards
    •     Increases the value of existing and future
          investments in information systems
    •     Provides greater software re-usability
    •     Enables greater data portability

       Factors driving participation in standards
    •     Vendor neutral environment
    •     Access to a community of developers
    •     Membership comprised of both end-users and
          software developers
Open Standards Process:
Essential to WS Adoption
   Enables collaboration
   Assures fairness
   Provides for transparency
   Embraces full participation
   Ensures a level playing field for all
   Prevents unfair first-to-market advantage
    for any one participant
   Meets government requirements
Standard Adoption
    To be successful, a standard must be used
    Adoption is most likely when the standard is
        Freely accessible
        Meets the needs of a large number of adopters
        Flexible enough to change as needs change
        Produces consistent results
        Checkable for conformance, compatibility
        Implemented and thus practically available
    Sanction and traction both matter
Leading the Adoption of
Web Services Standards
OASIS Mission
   OASIS drives the
   convergence and
     of e-business
Current Members

   Software vendors
   User companies
   Industry organisations
   Governments
   Universities and Research centres
   Individuals

   And co-operation with other
    standards bodies
OASIS Members Represent
the Marketplace

            OASIS Member Organizations
       U sers &
                                     Go vernment &
     Inf luencers
                                      U niversit y
          3 5%

                    T echno lo g y
                     Pro vid ers
                        50 %
International Representation
         Total OASIS Members - 2000
                                 4%       13%


         Asia-Pacific   Europe    North America

                                                        Total OASIS Members - 2004


                                                         Asia-Pacific   Europe         North America
   OASIS is a member-led, international non-profit
    standards consortium concentrating on
    structured information and global e-business
   Over 650 Members of OASIS are:
      Vendors, users, academics and governments

      Organizations, individuals and industry

   Best known for web services, e-business,
    security and document format standards.
   Supports over 65 committees producing royalty-
    free and RAND standards in an open process.
Key Directions in
OASIS Standards for
Web Services
Approved OASIS Standards
for Web Services
   UDDI: Universal Description, Discovery & Integration
       Defining a standard method for enterprises to dynamically
        discover and invoke Web services.
   WSRP: Web Services for Remote Portlets
       Standardizing the consumption of Web services in portal front
   WS-Reliability
       Establishing a standard, interoperable way to guarantee
        message delivery to applications or Web services.
   WSS: Web Services Security
       Delivering a technical foundation for implementing integrity and
        confidentiality in higher-level Web services applications.

UDDI: The Registry Standard
Service Oriented Business

OASIS UDDI Specification Technical
What is UDDI
 1.               SW companies, standards
                  bodies, and programmers
                  populate the registry with
                  descriptions of different types
                  of services
                                                                      Marketplaces, search
                                                                      engines, and business
                                                                      apps query the registry to
 2.                                                                   discover services at other
                             UDDI Business Registry

                               Business         Service Type
Businesses                   Registrations      Registrations
the registry
                            UBR assigns a programmatically unique
with                                                                       Business uses this
                            identifier to each service and business
descriptions of                                                            data to facilitate
the services                                                               easier integration
they support                                                               with each other over
                                                                           the Web
The Registry Standard for Service
Oriented Business Applications
     “Universal Description, Discovery and
         UDDI v2 OASIS Standard: 2002
         UDDI v3 OASIS Standard: 31 Jan 05
         Broad vendor and enterprise adoption
     UDDI - a specification of
         APIs for publishing and searching for business services and
          service descriptions, and subscribing to changes to these
         A data model with built-in metadata extensibility to
          characterize business services according to enterprise needs
     The registry standard for visibility and reuse of
      SOBA components
     The registry standard for an adaptive enterprise -
      dynamic discovery and binding to SOBAs
            The service, service definition and
                 metadata “hub” for SOBAs
                                                                  Using a UDDI
  Reuse services
                   Business Analysts
                   Visibility of Business
                                             Manage Business
                   Service Portfolio         Services

                                                          Publish Service and Service

                   Registry                                                                    WSDL
                                            Points to service description

                                                         Points to service

                            Find service, its
                            description and its                                     Publish service
                            capabilities and                                        metadata

                   Service                                                                   Business
                                                               SOAP                           Service
.NET, Java, ISV
Runtime Binding
                                                      Communicates XML Messages

WSRP: Web Services for
Remote Portal
OASIS WSRP Technical Committee
WSRP Goals
   Enable the sharing of portlets (markup
    fragments) over the internet with a common
    => Cross vendor publishing and consuming of                        Client  Browser
    content                              Visual Component Pool  Internet

   V1 goal => aggregating

           Client  Text processor

                                                                        Client  Portal

WSDM: Web Services for
Distributed Management
OASIS WSDM Technical Committee
OASIS WSDM TC Specifications
   Management USING Web Services
        Management applications on a Web services
        Web services to describe and access
         manageability of resources
   Management OF Web Services (MOWS)
        An implementation of Management Using Web
         Services for the Web Service as the IT
OASIS Web Services
Infrastructure Work
14+ OASIS Technical Committees, including:

   ASAP: Asynchronous Service Access Protocol
    Enabling the control of asynchronous or long-running Web services.
   WSBPEL: Business Process Execution Language
    Enabling users to describe business process activities as Web
    services and define how they can be connected to accomplish
    specific tasks.
   WS-CAF: Composite Application Framework
    Defining an open framework for supporting applications that contain
    multiple Web services used in combination.
   WSDM: Distributed Management
    Defining Web services architecture to manage distributed resources.
OASIS Web Services
Infrastructure Work

   WSN: Notification
    Advancing a pattern-based approach to
    allow Web services to disseminate
    information to one another.
   WSRF: Resource Framework
    Defining an open framework for modeling
    and accessing stateful resources.
Standardizing Web Services
For communities and across industries:
   ebSOA: e-Business Service Oriented Architecture
    Advancing an eBusiness architecture that builds on ebXML and other Web
    services technology.
   SOA-RM: Service Oriented Architecture Reference Model.
    Delivering a Reference Model to encourage the continued growth of specific
    and different SOA implementations whilst preserving a common layer that
    can be shared and understood between those or future implementations.
   FWSI: Framework for WS Implementation
    Defining implementation methods and common functional elements for
    broad, multi-platform, vendor-neutral implementations of Web services for
    eBusiness applications.
   oBIX: Open Building Information Xchange
    Enabling mechanical and electrical systems in buildings to communicate with
    enterprise applications.
   Translation WS
    Automating the translation and localization process as a Web service.
Security for Web Services
   Most e-business implementations require
    a traceable, auditable, bookable level of
    assurance when data is exchanged
   IT operations demand “transactional” level
    of reliable functionality, whether it’s an
    economic event (booking a sale) or a pure
    information exchange
   Dealings between divisions often need
    security and reliability as much as deals
    between companies
Approved OASIS Standards for Security
   AVDL: Application Vulnerability
    Standardizing the exchange of information on security vulnerabilities of
    applications exposed to networks.
   SAML: Security Services
    Defining the exchange of authentication and authorization information to enable
    single sign-on.
   SPML: Provisioning Services
    Providing an XML framework for managing the allocation of system resources
    within and between organizations.
   XACML: Access Control
    Expressing and enforcing authorization policies for information access over the
   XCBF: Common Biometric Format
    Providing a standard way to describe information that verifies identity based on
    human characteristics such as DNA, fingerprints, iris scans, and hand geometry.
   WSS: Web Services Security
    Advancing a technical foundation for implementing integrity and confidentiality in
    higher-level Web services applications.
OASIS Security Work
   DSS: Digital Signature Services
    Defining an XML interface to process digital signatures for Web
    services and other applications.
   PKI: Public Key Infrastructure
    Advancing the use of digital certificates as a foundation for
    managing access to network resources and conducting electronic
   WAS: Web Application Security
    Creating an open data format to describe Web application security
    vulnerabilities, providing guidance for initial threat and risk ratings.
Web Services security
   Most e-business implementations require
    a traceable, auditable, bookable level of
    assurance when data is exchanged
   IT operations demand “transactional” level
    of reliable functionality, whether it’s an
    economic event (booking a sale) or a pure
    information exchange
   Dealings between divisions often need
    security and reliability as much as deals
    between companies
Security: function by function
   Identity authentication
   Encryption and protection
    against interception
   Control of access and
Identity authentication
The latest e-business security standards
implement the next generation of identity
   In the 1990’s, PKI assumed a universal

    network of official certification authorities
   Newer federated / distributed identity

    models permit identity certification to be
    decentralized and shared among service
    providers and existing registrars
     • SAML       • WS-Security • XCBF
Encryption and protection against
interception & intrusion
   A key problem with encrypted messages
    travelling over a shared or public network: if
    you encrypt the wrong bits, it doesn’t arrive, or
    the recipient can’t process it
    • DSS                  • PKI TC
   Shared and automated methods for managing
    security require a shared vocabulary about
    security weaknesses and risks
    • AVDL                 • WAS
Control of access and authority
   In transactional information
    exchanges, you often must apply
       access lists,
       directories of recipients,
       levels of authority, and
       access policies
   So that you know who gets what, and
    who should get it
    • XACML                • SPML
What should your company be
Reducing Risk in new
e-business technologies
   Avoid reinventing the wheel
       Stay current with emerging technologies
   Influence industry direction
       Ensure consideration of own needs
   Realize impact of interoperability and
    network effects
   Reduce development cost & time
       save development on new technologies
       share cost/time with other participants
What can your company do?
    Participate
        Understand the ground rules
        Contribute actively
  Be a good observer

 In any case…
  Make your needs known

        Use cases, functions, platforms, IPR, priorities,
         availability, tooling
    Be pragmatic: standardization is a
     voluntary process
Business Benefits
of Participation in
Membership Benefits
   Influence
   Information
   Participation
   Education
   Co-ordination
   Creadibility
   Visibility
   Openess
   Sanction x Traction = Adoption
   Ten years demonstrated success
   Neutral and independent
   Technical and procedural competence
   Worldwide visibility and outreach
   Close coordination with peer standards
    organizations on a global level
   Relevance, Openness, Implement-ability
Contact Information:
Patrick Gannon
President & CEO

                     

To top