Web Services the technology is the easy part

1
Web Servicesthe technology is the easy part

• Mark Mara
• Director, Advanced Technologies Architectures
• Cornell University

2
Overview

• Context
• Basic evangelism
• Case study
• Lessons learned
• Current status
• Advanced evangelism

3
Cornell University

• Founded 1865 by Ezra Cornell and Andrew Dickson
• 260 major buildings on 745 acres
• Faculty 3,241
• Staff 9,925
• Undergraduate 13,655
• Graduate/professional 6,679
• 7 undergraduate units 4 graduate
  andprofessional units in Ithaca
• 2 medical graduate and professional units in New
  York City, and 1 in Doha, Qatar
• A private endowed university and the federal
  land-grant institution of New York State.

4
What and Why Web Services?

• The need for independent, and yet interoperable,
  pieces leads us to a service oriented
  architecture (SOA) and the changes we see
  beginning in application architecture.
• Web Services let us meet the desire for direct
  user interaction with systems via the web, taking
  advantage of
• Extensible Markup Language (XML)
• Simple Object Access Protocol (SOAP)
• Web Services Description Language (WSDL)
• Universal Description, Discovery and Integration
  (UDDI).
• Vendor-supplied interfaces
• Web Service wrappers

5
Two Views

• Tactical
• Reusable points of integration
• Discovery
• Granularity
• One step father down the path to loose coupling
• Strategic
• Enabler of SOA
• Not the technology, but the ubiquity
• Integration becomes interoperation

6
Travel Application A Case Study

• Cornel Division of Financial Affairs (DFA)
  embarked on a project to build an online Travel
  Reimbursement application
• Goals
• 1) Reimburse employees, students, professors for
  their travel
• 2) Manage expenses associated with travel
• 3) Provide other useful functionality

7
Travel Application Requirements

• Integrate with DFAs Payables system
• Associate net ID to SSN to vendor record
• Enforce Cornell University Travel policy
• Policy places restrictions on certain types of
  individuals
• Employee, foreign national, student, assistant,
  professor, executive

8
Travel Application Options

• Ask Travelers (Manual)
• Travelers inputting sensitive information
• Room for error
• Data Feeds (Batch)
• Secondary data stores in our environment
• Redundant data
• Sensitive data

9
Travel Application Options Continued

• Direct Connections (Real Time)
• Several different mechanisms
• Technical overhead - learning curves
• Security implications
• Web Service (Real Time) P
• A single solution for all data
• Single input net ID
• Staff experienced with web services
• Abstraction of details

10
Hype Cycle?
Peak of inflated Expectations
Visibility
Plateau of Productivity
Slope of Enlightenment
Trough of Disillusionment
Technology Trigger
Maturity
11
Hype Cycle for Web Services
12
AuthN/Z for Web Services
Custom Protocols
Mainframe
Web Application
Webservice One
Generic Datastores
Databases
HTTP(S) SideCar/ CUWebLogin
HTTPS KPA CUWebAuth
Webservice Two
13
Travel Application DFA-CIT Interaction

• Central Business Analyst Single point of contact
• Sat down with us and gathered requirements
• Worked with us to define what certain
  affiliations meant interpretation of data
• Coordinated further communication

Get permission to extract data from several
systems and publish results inferred from that
data.
14
Policy

• Data Stewardship and Custodianship
• The university expects all stewards and
  custodians of its administrative data to manage,
  access, and utilize this data in a manner that is
  consistent with the university's need for
  security and confidentiality. Cornell University
  administrative functional areas must develop and
  maintain clear and consistent procedures for
  access to university administrative data, as
  appropriate.
• http//www.policy.cornell.edu/vol4_12.cfm

15
Definitions

• Custodian An individual who possesses or has
  access to data, either electronically or
  otherwise.
• Functional Area Alumni Affairs and Development,
  Facilities, Finance, Human Resources, Information
  Technologies, Planning and Budget, Sponsored
  Programs, and Student Services.
• Legitimate Interest A need for administrative
  functional area data that arises within the scope
  of university employment and/or in the
  performance of authorized duties.
• Steward An individual with the responsibility
  for coordinating the implementation of this
  policy through
• a) the establishment of definitions of the data
  sets available for access
• b) the development of policies and/or access
  procedures for those data sets
• University Administrative Data Administrative
  functional area data, in any form, including that
  stored centrally as well as in colleges and
  departments.

16
Down side of loose coupling

• Abstraction
• Architecture
• Design goal
• Independence from physical data repositories etc.
  
• Policy
• More than one data steward
• Derivation
• Architecture
• Consistent business logic
• Lower maintenance costs
• Policy
• Very complex stewardship

17
Current Process
Proposal
Audit
Security
Data Stewards
Data Stewards
Data Stewards
Meeting
Data Stewards
Production
Functional IT Directors
Functional IT Directors
Consensus
Functional IT Directors
no
yes
Functional IT Directors
18
Should the bar be higher for web services?

• Higher
• Inappropriate republishing
• No direct control over the user experience
• Lower
• People will get their work done
• Do we want to encourage shadow systems

19
How do we move forward
Define a repeatable process
Monitor effectiveness
Modify as required
20
Registering a Web Service Make Info available
on our web site

• A provider external to CIT has developed a web
  service and would like to register it. The WSDL
  is not hosted by CIT.

Developer
ATA
21
Publishing a Web Service CIT hosts the WSDL

• A provider external to CIT has developed a web
  service and would like CIT to host the WSDL.

Developer
Migrate WSDL
WSDL Directory
22
Consume/Subscribe to a Web Service

• A person would like to request access to an
  existing web service.

WS Owner
Request
Contract
Grant access to WS
23
Reference Implementations

• Goal Provide reference implementations for Web
  services developed in the WebMethods and the
  ColdFusion environments
• Document and model best practices for these
  environments
• Provide template project plan for developing a
  Web service
• Available to campus central developers
• Will not be binding on campus developers
• But may be binding on CIT IS developers
• Improve scalability/mobility of locally developed
  systems

24
Web Services at Cornell today

• A several production services are deployed
• Authentication and Authorization are integrated
  into the Cold Fusion, webMethods, and Java
  environments
• Hosted environments available for Cold Fusion and
  WebMethods
• Process and reference projects underway

25
Technical Challenges

• Enabling more environments
• Creating components with a wide range of
  re-usability
• Choosing an appropriate level of granularity
• Controlling duplication and overlap
• Cataloging of services
• Design and implementation of Web Services
  authorization mechanisms

26
Political Challenges

• Design overhead issues
• Trust
• Distributed users accessing central data
• Enhanced? Security/Audit/Logging
• Joint stewardship
• Separate issues of what data a Web Service may
  see and what it may expose

27
Where are we headed?

• A business process is the basic unit
• Executives managing portfolios of business
  processes
• Business analysts automating business processes
  by assembling web services.
• Incremental addition of functionality morphs into
  continuously evolving systems
• Systems are becoming so complex and customers are
  so reliant on them that implementing a new major
  system is becoming a challenge both politically
  and financially, although not technically.

28
More information

• Available after January 1, 2005
• http//webservices.cit.cornell.edu/