UDDI Governance Strategy A Strawman Approach

1
UDDI Governance StrategyA Strawman Approach

• Dennis Lucas
• Computer Sciences Corporation
• March 27, 2006

2
Agenda

• The Need for Governance
• What Do We Mean by Governance?
• Why Do We Need Governance?

• Review of UDDI Concepts
• UDDI Operating Paradigm
• Classifying the EPA UDDI Registry

• Items Requiring Governance
• Access
• Taxonomies, Business Entity Definitions, Service
  Information, tModels

• Wrap-up
• Next Steps
• Questions/Comments/Discussion

3
The Need For Governance

• What do we mean by Governance?
• Governance is a combination of relationships,
  processes, and policies/guidance used to direct
  and control the use of an asset in order to
  achieve the enterprise's goals while minimizing
  risks and maximizing returns

4
The Need For Governance (Contd)

• Facets of UDDI Implementation
• Technology
• Product should be UDDI v3.0 compliant
• Compatible with planned host platforms
• Security
• Role-based security to prevent unauthorized
  metadata access
• Protection against DOS, hackers
• User Experience
• Application of Agency web standards to interfaces
• Infrastructure Operations
• Availability and continuity of service
• Procedures for publication of approved services
• Governance and Policy
• Definition of roles, permissions
• Deployment approvals
• MetaData Management
• Taxonomy Definition
• Limits chaos, ensures standardized
  categorizations to ease discovery
• Web Service Standards

Technology
Governance Policy
Security
User Experience
Meta Data
Infrastructure Operations
Todays Focus!
5
The Need For Governance

• Why Do We Need UDDI Governance?

• Information Security
• UDDI provides information, both in a direct and
  indirect way
• Service Descriptions and Metadata
• Result Data From Service Calls

• Some information may be sensitive
• Basic security principles require user
  accountability

• Use of some services may be specific to one
  group/project

• Quality of Service
• Consistency of Presentation
• Standards for Metadata and Service Descriptions
• Improved Categorization of services

• Availability of Services
• Relevant/Understandable Catalog
• Removal of Obsolete Services

6
Review of UDDI Concepts

• UDDIs Purpose -

• Allow Service Providers to Publish Information on
  their available services
• Repository is analogous to telephone directory
• White PagesContains list of service providers,
  i.e., businesses, business identifiers, and
  contact info
• Yellow Pages Contains business categories
  (classifications) NAICS, UN/SPSC, etc.
• Green PagesContains information about services
  and how to invoke them

Service Directory
Provider Directory
UDDI
Publish
Discover

• Promote Service Discovery and Integration
• Service Users/Requestors can find out who offers
  what services and examine their descriptions
• Service Users/Requestors can obtain service
  binding information (e.g., currently active
  endpoints)
• Users /Requestors can compare differences between
  services (GetAirData? vs GetAirQualityData?)

Service Provider
Service Requestor
Bind
7
Review of UDDI Concepts (Contd)
UDDI Operating Paradigm
Discovery
Publishing
UDDI.EPA.GOV
UDDI.EPACDXNODE.NET
Owners
Governance Point
Unapproved Content
Publishers
Discover
Approved Content
Web interface
Web or SOAP interface
SOAP interface
Discover/Bind
Service Consumers
Management Actions
Administrator
SOAP interface
Governance Point
Web interface
READ-ONLY
Approval Authority WSWG/Review Committee
Staging/Development Environment
Production Environment
8
Public or Private?
9
Public or Private? Classifying the UDDI Registry

• UDDI registries are usually classified as

• Public
• A registry that is open to all users without
  authentication
• Anyone can publish information and retrieve
  information from a public registry
• Examples UDDI Business Registries (UBRs) hosted
  by Microsoft and IBM

• Private
• A registry that is accessible to users in a
  company or organization
• A private registry is often behind firewalls, and
  provides very limited access to outside users

10
Classifying the EPA UDDI Registry (Contd)

• The EPA UDDI is neither a public or private
  registry
• Hosts sensitive Web Services that are for
  internal use only
• Key component of EPA SOA, not just data sharing
  mechanism
• Includes partners who are outside of EPAs
  private network
• e.g., State participants in the Exchange Network

• EPAs UDDI Is More Accurately a Protected
  Registry
• Key Characteristics of a Protected Registry
• User access is controlled (role-based security)
• All data publishing operations are controlled and
  can only be performed by authorized personnel
• All data elements in the UDDI registry are given
  a security classification
• Public users can only find/see public information
  in the registry
• Private parts of the registry are for
  authenticated and authorized users only
• Private data is hidden from public users
• Access control policies and rules are used to
  further limit access to portions of the protected
  data

11
The Governance Players
12
The Governance Players

• There are five key players in UDDI governance
• Business Owner (Trusted Partners)
• Responsible for their organizations service
  development, access, and functions
• Authorizes assignment of publishers to their
  business

• Publishers (Employees or Contractors of Trusted
  Partners)
• Maintains publishing information for business
  services
• By default, whoever publishes the data is the
  owner of the data, although the ownership/custody
  can be transferred to another publisher

• Administrator (Node Help Desk)
• Adds Publishers to Publishing Server with Owner
  approval
• Controls replication of approved content to
  Discovery server
• Manages approval item work flow and performs
  Change Management Functions

• Approval Authority (Web Services Working Group)
• Approves publishing of controlled content to
  Discovery Server
• Appoints subcommittee to approve items
  subcommittee consists of revolving group of WSWG
  members (representing owners, publishers,
  experts)
• Resolves disputes amongst owners

• Service Consumers
• People or Machines

13
The Governance ItemsUser AccessTaxonomyBusines
s EntitiesService InformationtModels
14
UDDI Governance Items

• User Access
• Access requests are made via exchange of e-Mails
  with the Publishing Administrator for non-public
  users
• Approved according to existing Exchange User
  approval protocol
• Approval of publishers can be delegated to
  business owners

• There are five basic operations that can be
  controlled using the UDDI access control rules
• Find Determines whether or not the subject can
  search the registry
• Get Determines whether or not the subject can
  get the details of any entity in the registry
• Save Determines whether or not the subject can
  update an entity
• Delete Determines whether or not the subject can
  delete an entity
• Create Determines whether or not the subject can
  add a new entity

• Users are assigned to groups, with each group
  member given the same permissions
• Many individual publishers may be assigned to one
  Business Owner group (e.g., Office of Water)

15
UDDI Governance Items (Contd)

• Taxonomies
• Taxonomies are the classification lists/systems
  for the published services
• Services may belong to many taxonomies
• By default the UDDI registry comes with 60
  taxonomies
• Dun Bradstreet (DB) Data Universal Numbering
  System (DUNS)
• Universal Standard Product and Service
  Classification (Product Taxonomy)

• UDDI has the capability of adding additional
  taxonomies if needed
• An EPA-specific taxonomy should be defined
• Likely based on EPA Organizational Structure,
  Environmental Terms

• For taxonomies, the following access control
  policies should be established
• Everyone should be able to see and search the
  taxonomies
• Private items in the taxonomy will not appear to
  non-trusted partners
• Taxonomies can only be expanded or removed by the
  administrator
• Taxonomy changes must be approved by WSWG

16
UDDI Governance Items (Contd)

• Taxonomies (Contd)
• Some examples of EPA-centric taxonomies that
  could be considered

17
UDDI Governance Items (Contd)

• Business Entities
• Business entities are the root data element in
  the UDDI data model. A service cannot exist
  without a business.
• Publishers must be assigned to one or more
  businesses
• Businesses will likely delegate maintenance to
  publishing contractors
• Publishers can belong to more than one business
• e.g., Contractor A could maintain services for
  both Office of Water (Business Owner) and Office
  of Air (Business Owner)

• Business entity names must be established
  according to a standard policy
• Prevents confusion about actual owning
  organizations
• Businesses can have multiple names
• Secondary names are sometime an abbreviated name
  or alias
• Environmental Protection Agency / EPA
• Allows for easier discovery

• States participating in the Exchange Network are
  using the following convention
• Full state name, abbreviated state name, and a
  prefix of State of.
• Colorado / CO / State of Colorado

18
UDDI Governance Items (Contd)

• Business Entities (Contd)
• For general business entities, the following
  policies should be established
• Everyone (Public) should be able to find and get
  the business information
• Only the owner or custodian can update the
  business information
• Only one designated person of that organization
  can create the business
• Business entities must be approved by WSWG
• Only the administrator can delete the business

19
UDDI Governance Items (Contd)

• Service Information
• Services must belong to a business entity
• Services need not be Web Services
• Web Feature Services

• Service names and descriptions are usually
  controlled through standards
• Avoids duplication/misinterpretation of service
  names and functions
• Services can have optional aliases for the
  service name
• Used for making searches easier
• The name or alias need not be unique

• Other items usually contained in the Service
  Information
• Access point
• This is the SOAP address where requests can be
  sent to.
• Associated tModel name or key
• For network nodes, the tModel name should be
  Network Node 1.1. A Web service can have more
  than one tModel.
• List of taxonomy categories in which the service
  fits
• Security requirements for the service, such as
  access control rules, if the service information
  needs to be protected

20
UDDI Governance Items (Contd)

• Service Information (Contd)
• For Service Information, the following policies
  should be established

• Only the owner (or his custodians) can publish or
  update a Web service under their organization
• Only the owner or custodians can delete the
  service from the Publishing server
• Removal of Service Information from the Discovery
  Server needs to be coordinated with the
  Publishing Administrator

• Everyone should be able to search and get public
  services
• Only authenticated users can search or get
  information on protected services
• Only special group of authenticated users can
  access private services

21
UDDI Governance Items (Contd)

• Technical Models (tModels)
• A tModel is a data structure providing details of
  a service type (a generic representation of one
  or many registered services)
• Web Service tModels should have a WSDL file
  associated with them
• A WSDL file is a machine readable form of the
  interface description
• tModels should contain the following information
• The name and description of the tModel
• There may be multiple descriptions of a tModel
• An overview URL pointing to the full description
  of the tModel.
• This should be the WSDL file address for Web
  services
• May be any kind of document for other type of
  services
• An optional list of taxonomy categories for the
  tModel
• Access control requirements if the tModel needs
  to be protected

22
More about tModels
23
Even More about tModels
24
UDDI Governance Items (Contd)

• Technical Models (tModels)
• For tModels, the following policies should be
  established
• tModels will be accessible according to their
  security model
• Private tModels or items in the tModel will not
  appear to non-trusted partners
• tModels can be freely changed by an authorized
  publisher
• Re-publication (or removal) of tModels on
  Discovery server needs to be coordinated through
  Administrator
• Must be approved by WSWG

25
The Governance Workflow
26
The Governance Workflow
27
Wrap-up and Closure
28
Wrap-up and Closure

• Next Steps
• Define necessary policies, standards, guidelines
• Agree on Guidelines for Business/Organizational
  Names
• Establish MetaData Content Guidelines/Standards
• Establish EPA-specific Taxonomies
• Questions/Comments/Discussion

29
UDDI URLs

• URLs for Accessing UDDI
• via Web
• Inquiry and Publishing
• https//uddi.epacdxnode.net443/uddi/web
• via SOAP
• Inquiry (Publishing)
• https//uddi.epacdxnode.net443/uddi/inquiry
• Publishing (Publishing)
• https//uddi.epacdxnode.net443/uddi/publishing
• Inquiry (Discovery)
• https//uddi.epa.gov443/uddi/inquiry