Web Services

the technology is the easy part

Mark Mara

Director, Advanced Technologies & Architectures

Cornell University

12/6/2004 2

Overview

Context Basic evangelism Case study Lessons learned Current status Advanced evangelism

12/6/2004 3

Cornell University

Founded 1865 by Ezra Cornell and Andrew Founded 1865 by Ezra Cornell and Andrew Dickson Dickson

260 major buildings on 745 acres260 major buildings on 745 acres

Faculty – 3,241Faculty – 3,241

Staff – 9,925Staff – 9,925

Undergraduate – 13,655Undergraduate – 13,655

Graduate/professional – 6,679Graduate/professional – 6,679

7 undergraduate units & 4 graduate and7 undergraduate units & 4 graduate andprofessional units in Ithaca professional units in Ithaca

2 medical graduate and professional units in 2 medical graduate and professional units in New York City, and 1 in Doha, QatarNew York City, and 1 in Doha, Qatar

A private endowed university and the federal A private endowed university and the federal land-grant institution of New York State.land-grant institution of New York State.

12/6/2004 4

What and Why Web Services?

The need for independent, and yet interoperable, pieces leads us to a service oriented architecture (SOA) and the changes we see beginning in application architecture.

Web Services let us meet the desire for direct user interaction with systems via the web, taking advantage of:

• Extensible Markup Language (XML)

• Simple Object Access Protocol (SOAP)

• Web Services Description Language (WSDL)

• Universal Description, Discovery and Integration (UDDI).

• Vendor-supplied interfaces

• Web Service “wrappers”

12/6/2004 5

Two Views

Tactical• Reusable points of integration

• Discovery

• Granularity

• One step father down the path to loose coupling

Strategic• Enabler of SOA

• Not the technology, but the ubiquity

• Integration becomes interoperation

Travel Application: A Case StudyTravel Application: A Case Study

Cornel Division of Financial Affairs (DFA) Cornel Division of Financial Affairs (DFA) embarked on a project to build an online Travel embarked on a project to build an online Travel Reimbursement applicationReimbursement application

Goals:Goals:

– 1) Reimburse employees, students, professors for their 1) Reimburse employees, students, professors for their traveltravel

– 2) Manage expenses associated with travel2) Manage expenses associated with travel

– 3) Provide other useful functionality3) Provide other useful functionality

Travel Application: RequirementsTravel Application: Requirements

Integrate with DFA’s Payables systemIntegrate with DFA’s Payables system

– Associate net ID to SSN to vendor recordAssociate net ID to SSN to vendor record

Enforce Cornell University Travel policyEnforce Cornell University Travel policy

– Policy places restrictions on certain types of individualsPolicy places restrictions on certain types of individuals

Employee, foreign national, student, assistant, professor, Employee, foreign national, student, assistant, professor, executiveexecutive

Travel Application: OptionsTravel Application: Options

Ask Travelers (Manual)Ask Travelers (Manual)– Travelers inputting sensitive informationTravelers inputting sensitive information– Room for errorRoom for error

Data Feeds (Batch)Data Feeds (Batch)– Secondary data stores in our environmentSecondary data stores in our environment– Redundant dataRedundant data– Sensitive dataSensitive data

Travel Application: Options Travel Application: Options ContinuedContinued

Direct Connections (Real Time)Direct Connections (Real Time)– Several different mechanismsSeveral different mechanisms– Technical overhead - learning curvesTechnical overhead - learning curves– Security implicationsSecurity implications

Web Service (Real Time) Web Service (Real Time) – A single solution for all dataA single solution for all data– Single input – net IDSingle input – net ID– Staff experienced with web servicesStaff experienced with web services– Abstraction of detailsAbstraction of details

12/6/2004 10

Hype Cycle?

Maturity

Visibility

TechnologyTrigger

Peak of inflatedExpectations

Trough ofDisillusionment

Slope ofEnlightenment

Plateau ofProductivity

12/6/2004 11

Hype Cycle for Web Services

12/6/2004 12

AuthN/Z for Web Services

Mainframe

Databases

WebserviceOne

WebserviceTwo

WebApplication

GenericDatastores

HTTP(S)SideCar/

CUWebLogin

HTTPSKPA

CUWebAuth

CustomProtocols

Central Business Analyst Single point of Central Business Analyst Single point of contactcontact

– Sat down with us and gathered requirementsSat down with us and gathered requirements

– Worked with us to define what certain affiliations Worked with us to define what certain affiliations meant – interpretation of datameant – interpretation of data

– Coordinated further communicationCoordinated further communication

Travel Application: DFA-CIT Travel Application: DFA-CIT InteractionInteraction

Get permission to extract data from several systems and publish results inferred from that data.

12/6/2004 14

Policy

Data Stewardship and Custodianship

• The university expects all stewards and custodians of its administrative data to manage, access, and utilize this data in a manner that is consistent with the university's need for security and confidentiality. Cornell University administrative functional areas must develop and maintain clear and consistent procedures for access to university administrative data, as appropriate.

• http://www.policy.cornell.edu/vol4_12.cfm

12/6/2004 15

Definitions Custodian – An individual who possesses or has access to data, either

electronically or otherwise.

Functional Area – Alumni Affairs and Development, Facilities, Finance, Human Resources, Information Technologies, Planning and Budget, Sponsored Programs, and Student Services.

Legitimate Interest – A need for administrative functional area data that arises within the scope of university employment and/or in the performance of authorized duties.

Steward – An individual with the responsibility for coordinating the implementation of this policy through

• a) the establishment of definitions of the data sets available for access

• b) the development of policies and/or access procedures for those data sets

University Administrative Data – Administrative functional area data, in any form, including that stored centrally as well as in colleges and departments.

12/6/2004 16

Down side of loose coupling

Abstraction• Architecture

• Design goal

• Independence from physical data repositories etc.

• Policy

• More than one data steward

Derivation• Architecture

• Consistent business logic

• Lower maintenance costs

• Policy

• Very complex stewardship

12/6/2004 17

Current Process

DataStewards

FunctionalIT Directors

Meeting

Consensus

Production

DataStewards

FunctionalIT Directors

DataStewards

FunctionalIT Directors

DataStewards

FunctionalIT Directors

Audit Security

yesno

Proposal

12/6/2004 18

Should the bar be higher for web services?

Higher• Inappropriate “republishing”

• No direct control over the user experience

Lower• People will get their work done

• Do we want to encourage shadow systems

12/6/2004 19

How do we move forward

Define a repeatable process

Monitor effectiveness

Modify as required

12/6/2004 20

Registering a Web Service – Make Info available on our web site

Developer

CIT Data AdminCIT WS Web Site

Web Form

ATA

Update site content Request site content update

A provider external to CIT has developed a web service and would like to register it. The WSDL is not hosted by CIT.

12/6/2004 21

Publishing a Web Service – CIT hosts the WSDL

Developer

CIT Data AdminCIT WS Web Site

Web Form

Migrate WSDL

WSDL Directory

WSDL Dir Mgr

Update site content

A provider external to CIT has developed a web service and would like CIT to host the WSDL.

12/6/2004 22

Consume/Subscribe to a Web Service

Developer

CIT Data AdminCIT WS Web Site

Web Form

WS Owner

Data Stewards

Request

Grant access to WS

Request/Approval

Identity Management

A person would like to request access to an existing web service.

Update site content

Contract

12/6/2004 23

Reference Implementations

Goal: Provide reference implementations for Web services developed in the WebMethods and the ColdFusion environments

• Document and model “best practices” for these environments

• Provide template project plan for developing a Web service

Available to campus & central developers

• Will not be binding on campus developers

• But may be binding on CIT IS developers

Improve scalability/mobility of locally developed systems

12/6/2004 24

Web Services at Cornell today

A several production services are deployed Authentication and Authorization are integrated

into the Cold Fusion, webMethods, and Java environments

Hosted environments available for Cold Fusion and WebMethods

Process and reference projects underway

12/6/2004 25

Technical Challenges

Enabling more environments

Creating components with a wide range of re-usability

• Choosing an appropriate level of granularity

Controlling duplication and overlap

• Cataloging of services

Design and implementation of Web Services authorization mechanisms

12/6/2004 26

Political Challenges

Design overhead issues

Trust

• Distributed users accessing central data

• Enhanced? Security/Audit/Logging

Joint stewardship

Separate issues of what data a Web Service may see and what it may expose

12/6/2004 27

Where are we headed?

A business process is the basic unit• Executives managing portfolios of business processes

• Business analysts automating business processes by assembling web services.

Incremental addition of functionality morphs into continuously evolving systems• Systems are becoming so complex and customers are so

reliant on them that implementing a new major system is becoming a challenge both politically and financially, although not technically.

12/6/2004 28

More information

Available – after January 1, 2005

http://webservices.cit.cornell.edu/