Title: Web Services the technology is the easy part
1Web Servicesthe technology is the easy part
- Mark Mara
- Director, Advanced Technologies Architectures
- Cornell University
2Overview
- Context
- Basic evangelism
- Case study
- Lessons learned
- Current status
- Advanced evangelism
3Cornell University
- Founded 1865 by Ezra Cornell and Andrew Dickson
- 260 major buildings on 745 acres
- Faculty 3,241
- Staff 9,925
- Undergraduate 13,655
- Graduate/professional 6,679
- 7 undergraduate units 4 graduate
andprofessional units in Ithaca - 2 medical graduate and professional units in New
York City, and 1 in Doha, Qatar - A private endowed university and the federal
land-grant institution of New York State.
4What and Why Web Services?
- The need for independent, and yet interoperable,
pieces leads us to a service oriented
architecture (SOA) and the changes we see
beginning in application architecture. - Web Services let us meet the desire for direct
user interaction with systems via the web, taking
advantage of - Extensible Markup Language (XML)
- Simple Object Access Protocol (SOAP)
- Web Services Description Language (WSDL)
- Universal Description, Discovery and Integration
(UDDI). - Vendor-supplied interfaces
- Web Service wrappers
5Two Views
- Tactical
- Reusable points of integration
- Discovery
- Granularity
- One step father down the path to loose coupling
- Strategic
- Enabler of SOA
- Not the technology, but the ubiquity
- Integration becomes interoperation
6Travel Application A Case Study
- Cornel Division of Financial Affairs (DFA)
embarked on a project to build an online Travel
Reimbursement application - Goals
- 1) Reimburse employees, students, professors for
their travel - 2) Manage expenses associated with travel
- 3) Provide other useful functionality
7Travel Application Requirements
- Integrate with DFAs Payables system
- Associate net ID to SSN to vendor record
- Enforce Cornell University Travel policy
- Policy places restrictions on certain types of
individuals - Employee, foreign national, student, assistant,
professor, executive
8Travel Application Options
- Ask Travelers (Manual)
- Travelers inputting sensitive information
- Room for error
- Data Feeds (Batch)
- Secondary data stores in our environment
- Redundant data
- Sensitive data
9Travel Application Options Continued
- Direct Connections (Real Time)
- Several different mechanisms
- Technical overhead - learning curves
- Security implications
- Web Service (Real Time) P
- A single solution for all data
- Single input net ID
- Staff experienced with web services
- Abstraction of details
10Hype Cycle?
Peak of inflated Expectations
Visibility
Plateau of Productivity
Slope of Enlightenment
Trough of Disillusionment
Technology Trigger
Maturity
11Hype Cycle for Web Services
12AuthN/Z for Web Services
Custom Protocols
Mainframe
Web Application
Webservice One
Generic Datastores
Databases
HTTP(S) SideCar/ CUWebLogin
HTTPS KPA CUWebAuth
Webservice Two
13Travel Application DFA-CIT Interaction
- Central Business Analyst Single point of contact
- Sat down with us and gathered requirements
- Worked with us to define what certain
affiliations meant interpretation of data - Coordinated further communication
Get permission to extract data from several
systems and publish results inferred from that
data.
14Policy
- Data Stewardship and Custodianship
- The university expects all stewards and
custodians of its administrative data to manage,
access, and utilize this data in a manner that is
consistent with the university's need for
security and confidentiality. Cornell University
administrative functional areas must develop and
maintain clear and consistent procedures for
access to university administrative data, as
appropriate. - http//www.policy.cornell.edu/vol4_12.cfm
15Definitions
- Custodian An individual who possesses or has
access to data, either electronically or
otherwise. - Functional Area Alumni Affairs and Development,
Facilities, Finance, Human Resources, Information
Technologies, Planning and Budget, Sponsored
Programs, and Student Services. - Legitimate Interest A need for administrative
functional area data that arises within the scope
of university employment and/or in the
performance of authorized duties. - Steward An individual with the responsibility
for coordinating the implementation of this
policy through - a) the establishment of definitions of the data
sets available for access - b) the development of policies and/or access
procedures for those data sets - University Administrative Data Administrative
functional area data, in any form, including that
stored centrally as well as in colleges and
departments.
16Down side of loose coupling
- Abstraction
- Architecture
- Design goal
- Independence from physical data repositories etc.
- Policy
- More than one data steward
- Derivation
- Architecture
- Consistent business logic
- Lower maintenance costs
- Policy
- Very complex stewardship
17Current Process
Proposal
Audit
Security
Data Stewards
Data Stewards
Data Stewards
Meeting
Data Stewards
Production
Functional IT Directors
Functional IT Directors
Consensus
Functional IT Directors
no
yes
Functional IT Directors
18Should the bar be higher for web services?
- Higher
- Inappropriate republishing
- No direct control over the user experience
- Lower
- People will get their work done
- Do we want to encourage shadow systems
19How do we move forward
Define a repeatable process
Monitor effectiveness
Modify as required
20Registering a Web Service Make Info available
on our web site
- A provider external to CIT has developed a web
service and would like to register it. The WSDL
is not hosted by CIT.
Developer
ATA
21Publishing a Web Service CIT hosts the WSDL
- A provider external to CIT has developed a web
service and would like CIT to host the WSDL.
Developer
Migrate WSDL
WSDL Directory
22Consume/Subscribe to a Web Service
- A person would like to request access to an
existing web service.
WS Owner
Request
Contract
Grant access to WS
23Reference Implementations
- Goal Provide reference implementations for Web
services developed in the WebMethods and the
ColdFusion environments - Document and model best practices for these
environments - Provide template project plan for developing a
Web service - Available to campus central developers
- Will not be binding on campus developers
- But may be binding on CIT IS developers
- Improve scalability/mobility of locally developed
systems
24Web Services at Cornell today
- A several production services are deployed
- Authentication and Authorization are integrated
into the Cold Fusion, webMethods, and Java
environments - Hosted environments available for Cold Fusion and
WebMethods - Process and reference projects underway
25Technical Challenges
- Enabling more environments
- Creating components with a wide range of
re-usability - Choosing an appropriate level of granularity
- Controlling duplication and overlap
- Cataloging of services
- Design and implementation of Web Services
authorization mechanisms
26Political Challenges
- Design overhead issues
- Trust
- Distributed users accessing central data
- Enhanced? Security/Audit/Logging
- Joint stewardship
- Separate issues of what data a Web Service may
see and what it may expose
27Where are we headed?
- A business process is the basic unit
- Executives managing portfolios of business
processes - Business analysts automating business processes
by assembling web services. - Incremental addition of functionality morphs into
continuously evolving systems - Systems are becoming so complex and customers are
so reliant on them that implementing a new major
system is becoming a challenge both politically
and financially, although not technically.
28More information
- Available after January 1, 2005
- http//webservices.cit.cornell.edu/