With the adoption of SOAs moving beyond pilot stages, underlying Web services standards are also maturing.
The e-business standards consortium Organization for the Advancement of Structured Information Standards is working on two initiatives to promote service-oriented architectures, based on business process development and messaging security.
OASIS last week announced that Capgemini Group donated to the OASIS SOA Adoption Blueprints Technical Committee a business-notation language designed to link business users and IT, according to Miko Matsumura, chairman of the committee and vice president of technology standards at Infravio Inc.
OASIS also announced the formation of a technical committee to develop specifications around WS-SX (Web Services Secure Exchange).
The Capgemini methodology, part of the consulting companys Integrated Architecture Framework, gives users a uniform way to describe business requirements for SOA, according to Matsumura. “It forces the architectural discipline of noting what the positive and negative constraints are that youre building against, so the result will be more closely aligned business and IT,” said Matsumura in Cupertino, Calif.
OASIS plans to review Capgeminis business notation and use it in blueprint scenarios. The goal is to develop a library of blueprints that can help users implement SOAs.
OASIS has already developed one such horizontal blueprint, called Generico, which shows how to use SOA to implement an internal enterprise employee portal. The blueprint aggregates data from human resources and ERP (enterprise resource planning) systems and binds them into a secure portal. Microsoft Corp., BEA Systems Inc., Oracle Corp. and Sun Microsystems Inc., in conjunction with Diamelle Corp., have each built implementations of the original Generico blueprint.
“Once you start thinking about SOA blueprints, the question of methodology comes to mind,” said Reza Shafii, principal consultant with the Canadian division of BEA, in Ottawa, and a member of the Blueprints Technical Committee.
Separately, the WS-SX Technical Committee is developing a set of specifications for secure Web services messaging. The committee plans to define extensions to the OASIS WS-Security standard to enable the exchange of multiple SOAP (Simple Object Access Protocol) messages and define security policies around the messages.
The initial WS-Security specification handles basic things such as SSL (Secure Sockets Layer) transactions and HTTPS (HTTP Secure). As users get more sophisticated applications of policy, they need a single treatment that can cover all services, according to Matsumura.
“You need a single treatment that can cover all the services,” said Matsumura. “So if there are 600 services in an SOA, you dont want 600 implementations [of security policies]. You want all those policies handled by a bus or an intermediary that ought to have the knowledge of a bunch of standards that can transparently manage all those preference standards.”