Web Services the technology is the easy part

jellytrickInternet και Εφαρμογές Web

10 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

94 εμφανίσεις

Web Services

the technology is the easy part

Mark Mara

Director, Advanced Technologies & Architectures

Cornell University


12/6/2004

2

Overview


Context


Basic evangelism


Case study


Lessons learned


Current status


Advanced evangelism

12/6/2004

3

Cornell University


Founded 1865 by Ezra Cornell and Andrew
Dickson



260 major buildings on 745 acres


Faculty


3,241


Staff


9,925


Undergraduate


13,655


Graduate/professional


6,679


7 undergraduate units & 4 graduate and

professional units in Ithaca


2 medical graduate and professional units in
New York City, and 1 in Doha, Qatar


A private endowed university and the federal
land
-
grant institution of New York State.


12/6/2004

4

What and Why Web Services?


The need for independent, and yet interoperable, pieces
leads us to a service oriented architecture (SOA) and the
changes we see beginning in application architecture.


Web Services let us meet the desire for direct user
interaction with systems via the web, taking advantage of:


Extensible Markup Language (XML)


Simple Object Access Protocol (SOAP)


Web Services Description Language (WSDL)


Universal Description, Discovery and Integration (UDDI).


Vendor
-
supplied interfaces


Web Service “wrappers”

12/6/2004

5

Two Views


Tactical


Reusable points of integration


Discovery


Granularity


One step father down the path to loose coupling


Strategic


Enabler of SOA


Not the technology, but the ubiquity


Integration becomes interoperation

Travel Application: A Case Study


Cornel Division of Financial Affairs (DFA) embarked on a
project to build an online Travel Reimbursement
application


Goals:


1) Reimburse employees, students, professors for their travel


2) Manage expenses associated with travel


3) Provide other useful functionality

Travel Application: Requirements


Integrate with DFA’s Payables system


Associate net ID to SSN to vendor record


Enforce Cornell University Travel policy


Policy places restrictions on certain types of individuals


Employee, foreign national, student, assistant, professor, executive

Travel Application: Options


Ask Travelers (Manual)


Travelers inputting sensitive information


Room for error



Data Feeds (Batch)


Secondary data stores in our environment


Redundant data


Sensitive data

Travel Application: Options Continued


Direct Connections (Real Time)


Several different mechanisms


Technical overhead
-

learning curves


Security implications



Web Service (Real Time)
P


A single solution for all data


Single input


net ID


Staff experienced with web services


Abstraction of details

12/6/2004

10

Hype Cycle?

Maturity

Visibility

Technology

Trigger

Peak of inflated

Expectations

Trough of

Disillusionment

Slope of

Enlightenment

Plateau of

Productivity

12/6/2004

11

Hype Cycle for Web Services

12/6/2004

12

AuthN/Z for Web Services

Mainframe

Databases

Webservice

One

Webservice

Two

Web

Application

Generic

Datastores

HTTP(S)

SideCar/

CUWebLogin

HTTPS

KPA

CUWebAuth

Custom

Protocols


Central Business Analyst Single point of contact


Sat down with us and gathered requirements


Worked with us to define what certain affiliations meant


interpretation of data


Coordinated further communication

Travel Application: DFA
-
CIT
Interaction

Get permission to extract data from several systems
and publish results inferred from that data.

12/6/2004

14

Policy


Data Stewardship and Custodianship


The university expects all stewards and custodians of
its administrative data to manage, access, and utilize
this data in a manner that is consistent with the
university's need for security and confidentiality.
Cornell University administrative functional areas must
develop and maintain clear and consistent procedures
for access to university administrative data, as
appropriate.


http://www.policy.cornell.edu/vol4_12.cfm

12/6/2004

15

Definitions


Custodian



An individual who possesses or has access to data, either
electronically or otherwise.


Functional Area



Alumni Affairs and Development, Facilities, Finance,
Human Resources, Information Technologies, Planning and Budget,
Sponsored Programs, and Student Services.


Legitimate Interest



A need for administrative functional area data
that arises within the scope of university employment and/or in the
performance of authorized duties.



Steward



An individual with the responsibility for coordinating the
implementation of this policy through


a) the establishment of definitions of the data sets available for access



b) the development of policies and/or access procedures for those data sets



University Administrative Data



Administrative functional area data,
in any form, including that stored centrally as well as in colleges and
departments.

12/6/2004

16

Down side of loose coupling


Abstraction


Architecture


Design goal


Independence from physical data repositories etc.


Policy


More than one data steward


Derivation


Architecture


Consistent business logic


Lower maintenance costs


Policy


Very complex stewardship


12/6/2004

17

Current Process

Data

Stewards

Functional

IT Directors

Meeting

Consensus

Production

Data

Stewards

Functional

IT Directors

Data

Stewards

Functional

IT Directors

Data

Stewards

Functional

IT Directors

Audit

Security

yes

no

Proposal

12/6/2004

18

Should the bar be higher for web services?


Higher


Inappropriate “republishing”


No direct control over the user experience


Lower


People will get their work done


Do we want to encourage shadow systems

12/6/2004

19

How do we move forward

Define a repeatable process

Monitor effectiveness

Modify as required


12/6/2004

20

Registering a Web Service


Make Info
available on our web site

Developer

CIT Data Admin

CIT WS Web Site

Web Form

ATA

Update site content

Request site content update


A provider external to CIT has developed a web service and would like
to register it. The WSDL is not hosted by CIT.

12/6/2004

21

Publishing a Web Service


CIT hosts the
WSDL

Developer

CIT Data Admin

CIT WS Web Site

Web Form

Migrate WSDL

WSDL Directory

WSDL Dir Mgr

Update site content


A provider external to CIT has developed a web service and would like
CIT to host the WSDL.

12/6/2004

22

Consume/Subscribe

to a Web Service

Developer

CIT Data Admin

CIT WS Web Site

Web Form

WS Owner

Data Stewards

Request

Grant access to WS

Request/Approval

Identity Management


A person would like to request access to an existing web
service.

Update site content

Contract

12/6/2004

23

Reference Implementations


Goal: Provide reference implementations for Web
services developed in the WebMethods and the
ColdFusion environments


Document and model “best practices” for these
environments


Provide template project plan for developing a Web service


Available to campus & central developers


Will not be binding on campus developers


But may be binding on CIT IS developers


Improve scalability/mobility of locally developed
systems

12/6/2004

24

Web Services at Cornell today


A several production services are deployed


Authentication and Authorization are integrated
into the Cold Fusion, webMethods, and Java
environments


Hosted environments available for Cold Fusion
and WebMethods


Process and reference projects underway

12/6/2004

25

Technical Challenges


Enabling more environments


Creating components with a wide range of re
-
usability


Choosing an appropriate level of granularity


Controlling duplication and overlap


Cataloging of services


Design and implementation of Web Services
authorization mechanisms

12/6/2004

26

Political Challenges


Design overhead issues


Trust


Distributed users accessing central data


Enhanced? Security/Audit/Logging


Joint stewardship


Separate issues of what data a Web Service may
see and what it may expose

12/6/2004

27

Where are we headed?


A business process is the basic unit


Executives managing portfolios of business processes


Business analysts automating business processes by
assembling web services.


Incremental addition of functionality morphs
into continuously evolving systems


Systems are becoming so complex and customers are
so reliant on them that implementing a new major
system is becoming a challenge both politically and
financially, although not technically.

12/6/2004

28

More information

Available


after January 1, 2005


http://webservices.cit.cornell.edu/