unclassified service oriented architecture, information sharing and the fea drm 23 january 2006...
DESCRIPTION
UNCLASSIFIED 3 At Each Tier of the Architecture, We Ask a Different Question What services does this person have access to? What functions within this service does this person have access to? Does this person (or service) have access to the requested business function? Is this person allowed to access the data needed by the function? Portal Web Server App Server Data Layer BrowserTRANSCRIPT
UNCLASSIFIED
UNCLASSIFIED
Service Oriented Architecture,Information Sharing and the FEA
DRM
23 January 2006Bryan AucoinDNI CIO Chief [email protected]
UNCLASSIFIED
2
UNCLASSIFIED
Everyone is Building ApplicationsMore or Less the Same Way…
This varies somewhat among organizations.
Provides the user interface
Organizes the services available to a user in readily accessible way
Manages presentation to the user of services.
Implements Business Logic
Performs data operations in accordance with data related business Logic
Portal
Web Server
App Server
Data Layer
Browser
UNCLASSIFIED
3
UNCLASSIFIED
At Each Tier of the Architecture,We Ask a Different Question
What services does this personhave access to?
What functions within this service does this person have access to?
Does this person (or service) haveaccess to the requested business function?
Is this person allowed to access thedata needed by the function?
Portal
Web Server
App Server
Data Layer
Browser
UNCLASSIFIED
UNCLASSIFIED
Web
Bro
wse
r
Web
Ser
ver
App
Ser
ver
Directory
Database
There are multiple rightways to do this…
…and therein lies theproblem, because…
Implementing a Typical Chain of Trust
(I’m leaving out the portal for simplicity.)
UNCLASSIFIED
5
UNCLASSIFIED
We’re Building a Web of TrustW
eb B
row
ser
PresentationService Object
ApplicationObject
Porta
lPresentationService ObjectPresentation
Service Object
PresentationService ObjectPresentation
Service ObjectPresentationService ObjectPresentation
Service Object
PresentationService Object
PresentationService ObjectPresentation
Service Object
DatabaseApplicationObject
ApplicationObjectApplication
ObjectApplicationObject
ApplicationObjectApplication
ObjectApplicationObject
Database
Database
Directory
UNCLASSIFIED
6
UNCLASSIFIED
Implications of a Web of Trust• Standards compliance is necessary, but not sufficient.
• Objects at any Layer of the Architecture will not be sharable if we do not establish a common framework for management.
Examples:– What identity does a Web Service pass to a Application Service?– What identity does a Application Service pass to a Database?– When do we use:
• Access managed by membership in groups within a Directory?• Access managed by applications using attributes in a Directory and “policies”?• Access managed by database roles?• Java Messaging Protocols or Web Services Protocols?
UNCLASSIFIED
7
UNCLASSIFIED
Today’s World
• Is built around network enclaves• Enclaves contain entire
application stack.• The Internet is used as
transport between enclaves.• Enclaves are protected by a
DMZ• Portals, and an increasing
number of services exposed through the enclave DMZs
UNCLASSIFIED
8
UNCLASSIFIED
One Emerging View…
. . .
Shared Services
Enclave(s)
Service enclaves
SharedTransport(s)
• Web & Web Service Interfaces
• Access managed at the enclave boundary
Segregation of Services
UNCLASSIFIED
9
UNCLASSIFIED
Basic Data Sharing Conceptsin the FEA DRM:
• Services provisioned depends on the type of data being exchanged.
• Data Sharing Services Types:– Data Exchange– Data Access
UNCLASSIFIED
10
UNCLASSIFIED
Basic Data Sharing Concepts:Provision Services for Data
• Types of Data Exchange Services:– Extract/Transform/Load– Publication– Entity/Relationship Extraction– Document Translation
• Types of Data Access Services– Context Awareness– Structural Awareness– Transactional Services– Data Query– Content Search and Discovery– Retrieval, Subscription and Notification
UNCLASSIFIED
11
UNCLASSIFIED
Service
Interface A•Operation 1•Operation 2•Operation 3•….
Interface B•Operation 1•Operation 2•Operation 3•….
Service Contract
Implementation
Business Logic Data
Introduction of new data assets or migration of legacy data assets
Data Access:Service Enabling Data Assets
UNCLASSIFIED
12
UNCLASSIFIED
Data and Data Services ConstructsTransactional DB Services
Context Awareness Interface Service Contract
Transactional DB Implementation
Business Logic Data
Structure Awareness Interface
Transaction InterfaceData Query Interface
ETL InterfacePublication Interface
Context Awareness Interface
Service Contract
Authoring System Repository Implementation
Business Logic Data
Structure Awareness Interface
Transaction InterfaceSearch & Discovery Interface
Retrieval InterfaceSubscription InterfaceNotification Interface
Authoring System Repository Services
ETL InterfacePublication Interface
Context Awareness InterfaceService Contract
Document Repository Implementation
Business Logic Data
Structure Awareness Interface
Search & Discovery InterfaceRetrieval Interface
Subscription InterfaceNotification Interface
Document Repository Services
E&R Extraction InterfaceDoc Translation Interface
Analytical DB Services
Context Awareness InterfaceService Contract
Analytical DB Implementation
Business Logic Data
Structure Awareness Interface
Transaction Interface
ETL Interface
E&R Extraction Interface
Data Query Interface
Publication Interface
UNCLASSIFIED
13
UNCLASSIFIED
Prospects
• Formalizing Services Definitions around the DRM Framework
• Vendor migration to “DRM Ready” products and services
• DRM Network Appliances?
UNCLASSIFIED
14
UNCLASSIFIED
A Higher LevelView the Evolution
An Hypothesis for the Phases of Concept Adoption:
Instantiation:• New ideas• Implementations
Aggregation:• Formation of
Communities
Codification &Reconciliation• Establish Rule Sets• Form Boundaries
Assimilation• Transition to
Infrastructure
NoGovernance
WeakGovernance
StrongGovernance
UNCLASSIFIED
UNCLASSIFIED
Questions?