UNCLASSIFIED

UNCLASSIFIED

Service Oriented Architecture,Information Sharing and the FEA

DRM

23 January 2006Bryan AucoinDNI CIO Chief Architect703.874.8501bryanja@odci.gov

UNCLASSIFIED

2

UNCLASSIFIED

Everyone is Building ApplicationsMore or Less the Same Way…

This varies somewhat among organizations.

Provides the user interface

Organizes the services available to a user in readily accessible way

Manages presentation to the user of services.

Implements Business Logic

Performs data operations in accordance with data related business Logic

Portal

Web Server

App Server

Data Layer

Browser

UNCLASSIFIED

3

UNCLASSIFIED

At Each Tier of the Architecture,We Ask a Different Question

What services does this personhave access to?

What functions within this service does this person have access to?

Does this person (or service) haveaccess to the requested business function?

Is this person allowed to access thedata needed by the function?

Portal

Web Server

App Server

Data Layer

Browser

UNCLASSIFIED

UNCLASSIFIED

Web

Bro

wse

r

Web

Ser

ver

App

Ser

ver

Directory

Database

There are multiple rightways to do this…

…and therein lies theproblem, because…

Implementing a Typical Chain of Trust

(I’m leaving out the portal for simplicity.)

UNCLASSIFIED

5

UNCLASSIFIED

We’re Building a Web of TrustW

eb B

row

ser

PresentationService Object

ApplicationObject

Porta

lPresentationService ObjectPresentation

Service Object

PresentationService ObjectPresentation

Service ObjectPresentationService ObjectPresentation

Service Object

PresentationService Object

PresentationService ObjectPresentation

Service Object

DatabaseApplicationObject

ApplicationObjectApplication

ObjectApplicationObject

ApplicationObjectApplication

ObjectApplicationObject

Database

Database

Directory

UNCLASSIFIED

6

UNCLASSIFIED

Implications of a Web of Trust• Standards compliance is necessary, but not sufficient.

• Objects at any Layer of the Architecture will not be sharable if we do not establish a common framework for management.

Examples:– What identity does a Web Service pass to a Application Service?– What identity does a Application Service pass to a Database?– When do we use:

• Access managed by membership in groups within a Directory?• Access managed by applications using attributes in a Directory and “policies”?• Access managed by database roles?• Java Messaging Protocols or Web Services Protocols?

UNCLASSIFIED

7

UNCLASSIFIED

Today’s World

• Is built around network enclaves• Enclaves contain entire

application stack.• The Internet is used as

transport between enclaves.• Enclaves are protected by a

DMZ• Portals, and an increasing

number of services exposed through the enclave DMZs

UNCLASSIFIED

8

UNCLASSIFIED

One Emerging View…

. . .

Shared Services

Enclave(s)

Service enclaves

SharedTransport(s)

• Web & Web Service Interfaces

• Access managed at the enclave boundary

Segregation of Services

UNCLASSIFIED

9

UNCLASSIFIED

Basic Data Sharing Conceptsin the FEA DRM:

• Services provisioned depends on the type of data being exchanged.

• Data Sharing Services Types:– Data Exchange– Data Access

UNCLASSIFIED

10

UNCLASSIFIED

Basic Data Sharing Concepts:Provision Services for Data

• Types of Data Exchange Services:– Extract/Transform/Load– Publication– Entity/Relationship Extraction– Document Translation

• Types of Data Access Services– Context Awareness– Structural Awareness– Transactional Services– Data Query– Content Search and Discovery– Retrieval, Subscription and Notification

UNCLASSIFIED

11

UNCLASSIFIED

Service

Interface A•Operation 1•Operation 2•Operation 3•….

Interface B•Operation 1•Operation 2•Operation 3•….

Service Contract

Implementation

Business Logic Data

Introduction of new data assets or migration of legacy data assets

Data Access:Service Enabling Data Assets

UNCLASSIFIED

12

UNCLASSIFIED

Data and Data Services ConstructsTransactional DB Services

Context Awareness Interface Service Contract

Transactional DB Implementation

Business Logic Data

Structure Awareness Interface

Transaction InterfaceData Query Interface

ETL InterfacePublication Interface

Context Awareness Interface

Service Contract

Authoring System Repository Implementation

Business Logic Data

Structure Awareness Interface

Transaction InterfaceSearch & Discovery Interface

Retrieval InterfaceSubscription InterfaceNotification Interface

Authoring System Repository Services

ETL InterfacePublication Interface

Context Awareness InterfaceService Contract

Document Repository Implementation

Business Logic Data

Structure Awareness Interface

Search & Discovery InterfaceRetrieval Interface

Subscription InterfaceNotification Interface

Document Repository Services

E&R Extraction InterfaceDoc Translation Interface

Analytical DB Services

Context Awareness InterfaceService Contract

Analytical DB Implementation

Business Logic Data

Structure Awareness Interface

Transaction Interface

ETL Interface

E&R Extraction Interface

Data Query Interface

Publication Interface

UNCLASSIFIED

13

UNCLASSIFIED

Prospects

• Formalizing Services Definitions around the DRM Framework

• Vendor migration to “DRM Ready” products and services

• DRM Network Appliances?

UNCLASSIFIED

14

UNCLASSIFIED

A Higher LevelView the Evolution

An Hypothesis for the Phases of Concept Adoption:

Instantiation:• New ideas• Implementations

Aggregation:• Formation of

Communities

Codification &Reconciliation• Establish Rule Sets• Form Boundaries

Assimilation• Transition to

Infrastructure

NoGovernance

WeakGovernance

StrongGovernance

UNCLASSIFIED

UNCLASSIFIED

Questions?