Enviar búsqueda
Cargar
Designing a Language and System for REST-oriented service composition,as a service
•
0 recomendaciones
•
636 vistas
R
raniakhalaf
Seguir
Tutorial at the 2010 SSAIE Summer School in Crete, Greece
Leer menos
Leer más
Denunciar
Compartir
Denunciar
Compartir
1 de 70
Descargar ahora
Descargar para leer sin conexión
Recomendados
Bite: Workflow Composition for the Web. Presented at the ICSOC Conference 2007
Bite: Workflow Composition for the Web. Presented at the ICSOC Conference 2007
raniakhalaf
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
IMC Institute
Syer Monitoring Integration And Batch
Syer Monitoring Integration And Batch
Dave Syer
Integration of Web Service Stacks in an Esb
Integration of Web Service Stacks in an Esb
Wen Zhu
Where to use OSB
Where to use OSB
Edwin Biemond
Tripit Ajaxworld V5
Tripit Ajaxworld V5
rajivmordani
Introduction and Advanced Concepts of BPEL
Introduction and Advanced Concepts of BPEL
Denis Weerasiri
Spring 3 - An Introduction
Spring 3 - An Introduction
Thorsten Kamann
Recomendados
Bite: Workflow Composition for the Web. Presented at the ICSOC Conference 2007
Bite: Workflow Composition for the Web. Presented at the ICSOC Conference 2007
raniakhalaf
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
IMC Institute
Syer Monitoring Integration And Batch
Syer Monitoring Integration And Batch
Dave Syer
Integration of Web Service Stacks in an Esb
Integration of Web Service Stacks in an Esb
Wen Zhu
Where to use OSB
Where to use OSB
Edwin Biemond
Tripit Ajaxworld V5
Tripit Ajaxworld V5
rajivmordani
Introduction and Advanced Concepts of BPEL
Introduction and Advanced Concepts of BPEL
Denis Weerasiri
Spring 3 - An Introduction
Spring 3 - An Introduction
Thorsten Kamann
Soa & Bpel
Soa & Bpel
lakshmi isukapally
SOA for PL/SQL Developer (OPP 2010)
SOA for PL/SQL Developer (OPP 2010)
Lucas Jellema
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Guido Schmutz
Enterprise Service Bus and JBI
Enterprise Service Bus and JBI
Thanachart Numnonda
Oracle OSB Tutorial 2
Oracle OSB Tutorial 2
Rakesh Gujjarlapudi
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
Microsoft TechNet - Belgium and Luxembourg
SOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summary
Lucas Jellema
Soa bpel-123
Soa bpel-123
Priyanka Bansal
Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)
Guido Schmutz
Soa & Bpel With Web Sphere
Soa & Bpel With Web Sphere
lakshmi isukapally
To blob or not to blob
To blob or not to blob
Roberto Vazquez Delgado
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
2012 04-06-v2-tdp-1163-java e-evsspringshootout-final
2012 04-06-v2-tdp-1163-java e-evsspringshootout-final
Rohit Kelapure
Sqlsat154 maintain your dbs with help from ola hallengren
Sqlsat154 maintain your dbs with help from ola hallengren
Andy Galbraith
The Java Content Repository
The Java Content Repository
nobby
Asif
Asif
Shaik Asif
Frank Mantek Google G Data
Frank Mantek Google G Data
deimos
oracle-osb
oracle-osb
AbrarMoiz
Jdbc
Jdbc
haribee2000
A Flow Based Approach for End to End Mashups
A Flow Based Approach for End to End Mashups
raniakhalaf
A quick guide to dance
A quick guide to dance
shine02
ICCS_2015_Tavares_et_al
ICCS_2015_Tavares_et_al
rtares
Más contenido relacionado
La actualidad más candente
Soa & Bpel
Soa & Bpel
lakshmi isukapally
SOA for PL/SQL Developer (OPP 2010)
SOA for PL/SQL Developer (OPP 2010)
Lucas Jellema
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Guido Schmutz
Enterprise Service Bus and JBI
Enterprise Service Bus and JBI
Thanachart Numnonda
Oracle OSB Tutorial 2
Oracle OSB Tutorial 2
Rakesh Gujjarlapudi
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
Microsoft TechNet - Belgium and Luxembourg
SOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summary
Lucas Jellema
Soa bpel-123
Soa bpel-123
Priyanka Bansal
Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)
Guido Schmutz
Soa & Bpel With Web Sphere
Soa & Bpel With Web Sphere
lakshmi isukapally
To blob or not to blob
To blob or not to blob
Roberto Vazquez Delgado
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
2012 04-06-v2-tdp-1163-java e-evsspringshootout-final
2012 04-06-v2-tdp-1163-java e-evsspringshootout-final
Rohit Kelapure
Sqlsat154 maintain your dbs with help from ola hallengren
Sqlsat154 maintain your dbs with help from ola hallengren
Andy Galbraith
The Java Content Repository
The Java Content Repository
nobby
Asif
Asif
Shaik Asif
Frank Mantek Google G Data
Frank Mantek Google G Data
deimos
oracle-osb
oracle-osb
AbrarMoiz
Jdbc
Jdbc
haribee2000
La actualidad más candente
(19)
Soa & Bpel
Soa & Bpel
SOA for PL/SQL Developer (OPP 2010)
SOA for PL/SQL Developer (OPP 2010)
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Enterprise Service Bus and JBI
Enterprise Service Bus and JBI
Oracle OSB Tutorial 2
Oracle OSB Tutorial 2
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
Exchange 2013 ABC's: Architecture, Best Practices and Client Access
SOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summary
Soa bpel-123
Soa bpel-123
Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)
Soa & Bpel With Web Sphere
Soa & Bpel With Web Sphere
To blob or not to blob
To blob or not to blob
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
2012 04-06-v2-tdp-1163-java e-evsspringshootout-final
2012 04-06-v2-tdp-1163-java e-evsspringshootout-final
Sqlsat154 maintain your dbs with help from ola hallengren
Sqlsat154 maintain your dbs with help from ola hallengren
The Java Content Repository
The Java Content Repository
Asif
Asif
Frank Mantek Google G Data
Frank Mantek Google G Data
oracle-osb
oracle-osb
Jdbc
Jdbc
Destacado
A Flow Based Approach for End to End Mashups
A Flow Based Approach for End to End Mashups
raniakhalaf
A quick guide to dance
A quick guide to dance
shine02
ICCS_2015_Tavares_et_al
ICCS_2015_Tavares_et_al
rtares
Will a Strategic Partnership Save Money for a Police Force
Will a Strategic Partnership Save Money for a Police Force
Gary Bandy
Ήπια Νοητική Διαταραχή
Ήπια Νοητική Διαταραχή
Dimitris Mandiliotis
CIPFA Audit Conference 2013: Keynote: Meeting the Performance Challenges
CIPFA Audit Conference 2013: Keynote: Meeting the Performance Challenges
Gary Bandy
Pilot Study Training
Pilot Study Training
Dimitris Mandiliotis
Destacado
(7)
A Flow Based Approach for End to End Mashups
A Flow Based Approach for End to End Mashups
A quick guide to dance
A quick guide to dance
ICCS_2015_Tavares_et_al
ICCS_2015_Tavares_et_al
Will a Strategic Partnership Save Money for a Police Force
Will a Strategic Partnership Save Money for a Police Force
Ήπια Νοητική Διαταραχή
Ήπια Νοητική Διαταραχή
CIPFA Audit Conference 2013: Keynote: Meeting the Performance Challenges
CIPFA Audit Conference 2013: Keynote: Meeting the Performance Challenges
Pilot Study Training
Pilot Study Training
Similar a Designing a Language and System for REST-oriented service composition,as a service
Introducing Alfresco Community Edition 3.2
Introducing Alfresco Community Edition 3.2
Alfresco Software
WebServices and Workflow technologies
WebServices and Workflow technologies
Nitin Pande
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
WSO2
Enterprise Software Architecture
Enterprise Software Architecture
rahmed_sct
IRJET- Rest API for E-Commerce Site
IRJET- Rest API for E-Commerce Site
IRJET Journal
soa1.ppt
soa1.ppt
ShanmugamS34
The New Enterprise Alphabet - .Net, XML And XBRL
The New Enterprise Alphabet - .Net, XML And XBRL
Jorgen Thelin
Can IBM i play with SOA?
Can IBM i play with SOA?
LANSA
JavaOne 2009 - TS-5276 - RESTful Protocol Buffers
JavaOne 2009 - TS-5276 - RESTful Protocol Buffers
Matt O'Keefe
FATC UK - Real time collaborative Flex apps
FATC UK - Real time collaborative Flex apps
Michael Chaize
ESB and Mule ESB solution
ESB and Mule ESB solution
Swati Bansal
InduSoft Web Studio e Dream Report
InduSoft Web Studio e Dream Report
AVEVA
RESTful Data Services with the ADO.NET Data Services Framework
RESTful Data Services with the ADO.NET Data Services Framework
goodfriday
The Story of How an Oracle Classic Stronghold successfully embraced SOA
The Story of How an Oracle Classic Stronghold successfully embraced SOA
Lucas Jellema
WSO2Con USA 2015: WSO2 Integration Platform Deep Dive
WSO2Con USA 2015: WSO2 Integration Platform Deep Dive
WSO2
Differentiating between web APIs, SOA, & integration…and why it matters
Differentiating between web APIs, SOA, & integration…and why it matters
Kim Clark
Convertigo Mobile Application Development platform for Enterprises
Convertigo Mobile Application Development platform for Enterprises
Convertigo | MADP & MBaaS
Introduction of WebServices
Introduction of WebServices
Khasim Saheb
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise
Kasun Indrasiri
Enterprise service bus
Enterprise service bus
Upul Doluweera
Similar a Designing a Language and System for REST-oriented service composition,as a service
(20)
Introducing Alfresco Community Edition 3.2
Introducing Alfresco Community Edition 3.2
WebServices and Workflow technologies
WebServices and Workflow technologies
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
Enterprise Software Architecture
Enterprise Software Architecture
IRJET- Rest API for E-Commerce Site
IRJET- Rest API for E-Commerce Site
soa1.ppt
soa1.ppt
The New Enterprise Alphabet - .Net, XML And XBRL
The New Enterprise Alphabet - .Net, XML And XBRL
Can IBM i play with SOA?
Can IBM i play with SOA?
JavaOne 2009 - TS-5276 - RESTful Protocol Buffers
JavaOne 2009 - TS-5276 - RESTful Protocol Buffers
FATC UK - Real time collaborative Flex apps
FATC UK - Real time collaborative Flex apps
ESB and Mule ESB solution
ESB and Mule ESB solution
InduSoft Web Studio e Dream Report
InduSoft Web Studio e Dream Report
RESTful Data Services with the ADO.NET Data Services Framework
RESTful Data Services with the ADO.NET Data Services Framework
The Story of How an Oracle Classic Stronghold successfully embraced SOA
The Story of How an Oracle Classic Stronghold successfully embraced SOA
WSO2Con USA 2015: WSO2 Integration Platform Deep Dive
WSO2Con USA 2015: WSO2 Integration Platform Deep Dive
Differentiating between web APIs, SOA, & integration…and why it matters
Differentiating between web APIs, SOA, & integration…and why it matters
Convertigo Mobile Application Development platform for Enterprises
Convertigo Mobile Application Development platform for Enterprises
Introduction of WebServices
Introduction of WebServices
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise
Enterprise service bus
Enterprise service bus
Designing a Language and System for REST-oriented service composition,as a service
1.
IBM TJ Watson
Research Center, Component Systems Group Designing a Language and System for REST-oriented service composition, as a service Rania Khalaf rkhalaf@us.ibm.com 2010 SSAIE Summer School, Crete, Greece © 2010 IBM Corporation
2.
Outline
Developing a REST-friendly flow language, Bite. Core concepts and design points of the Bite process model Understanding the Bite runtime engine Incorporating Bite into a hosted BPM as a Service system The overall system Issues and concerns when hosting such a system in the cloud Conclusion 2 © 2010 IBM Corporation
3.
The Bite language Creating
a lightweight workflow language Expand the reach of flow oriented development An attractive high level development model Large pool of potential consumers Approach: Web centric, lightweight, flexible Leverage process-centric composition in SOA to deliver composition directly for the Web What is the opportunity Extend use of workflow as a development model of choice for interactive, Web centric applications Able to on-ramp to high QoS process engines through automatic model conversion: BPEL, XPDL 3 © 2010 IBM Corporation
4.
The Bite language Unified
flow model Targeting two flow usage scenarios: Data flows, where aggregation of feeds is the main model. Interactive flows, where a flow drives a set of Web centric interactions Any combination of the two – we believe it does make sense to combine data and interaction flows 4 © 2010 IBM Corporation
5.
The Bite language Highlights
Deep Integration with the Web Processes as Active Resources Dynamic Data Types Extensible Activity Set Lightweight Process Model Flat Graph Model Workflow Scripting: • Use implies definition for variables • Convention over configuration • Reduction of redundancy, indirection, and the need for multiple files (by comparison with BPEL) Flexible configurability: • Values of variables may be set outside the process itself, similar to Java properties. • Allows late binding to service URLs, turning paths of the process on/off. 5 © 2010 IBM Corporation
6.
The Bite language Lightweight
and flexible Lightweight model Compatible subset of BPEL execution semantics Forgiving, script like approach – up and running in seconds Lightweight infrastructure: Direct deployment to runtime through REST interaction with server Runs on Web platform: IBM WebSphere sMash, servlet container, etc. Flexibility: Extensible activities Allow community defined steps with first class XML support within the language Defined in Java, Groovy, or any of a set of supported scripting languages Example: <xquery query=“…”/>, <twitter …/> Flexibility: Pluggable data model and expression languages Data and documents, content-type aware: XML, JSON, form-encoded, other mime types Pluggable scripting capabilities: Javascript, XPath, Groovy… Short and long running flows, persistence provided transparently 6 © 2010 IBM Corporation
7.
The Bite language First
class support for Web interactions First class primitives for REST interaction Web client and server capabilities (GET, PUT, POST) E-mail, forms ATOM lifecycle model Deployed flow seen as a collection of flow instances New flow instances created as initial request is posted to collection Flow instances as resources Support for many flavors of Web applications Feed aggregation Form based people flows Synchronous and asynchronous interactions (HTTP, email) 7 © 2010 IBM Corporation
8.
The Bite language Interaction
support Well defined interaction activities Pluggable/adaptable protocol selection: Incoming: • REST(HTTP, with any content: XML, JSON, etc) Outgoing: • REST(HTTP, with any content), E-mail, etc • Binding of addresses is inline. Late binding possible through: - Variables, which may be ‘customized’ Local: Java, scripts, … Support for asynchronous, human centric interactions Support for long running sessions 8 © 2010 IBM Corporation
9.
The Bite language Operational
semantics Basics: Activities and Links Data links: <receivePOST name="orderRcv" Carry single data item by value url=“initiateCase" /> Implies control and data dependency <sendMail name="sendToManager" Control links address=…/> <input value=“orderRcv”/> When a dependency is not associated with data passing </sendMail> •E.g. manager approval requirement <receive-replyGET name=“MgrApproval”> Have a transition condition, default is ‘or’ <control value=“sendToManager/> BPEL like execution semantics </receive-replyGET/> Graph style <sendMail name="sendToSupplier" Dead path elimination and associated address="orderRcv_Output.mfrEmail[0]" …> restrictions Variables <control value="MgrApproval"/> Variables: <input value="orderRcv"/> </sendMail> Each activity gets default output and exception variables: •[activity_name]_Output •[activity_name]_Exception 9 © 2010 IBM Corporation
10.
The Bite language Other
aspects of the Bite model Extensible activities Community defined action types, with dedicated high level XML syntax can be linked as part of a Splice flow Optional metadata for human readable description and tool enablement Simple model with minimal pre-reqs: Does not require writing XML Schema, fancy tools, etc. Architected for dynamic content type metadata support, pluggable expression languages Architected for Web style dynamic content-type exchange Multiple data access languages supported: JS, XPath 1.0 Rest-based Management API 10 © 2010 IBM Corporation
11.
The Bite language APP
inspired lifecycle: runtime and deployment A deployed process as a logical collection whose members are process instances. The process as a collection whose URL address corresponds to the start-able receive of the process Runtime “Implicit factory” model: POST to a base URI creates a new process instance. • A new URI is created and associated with the new instance. The newly created instance URI is returned to caller in the HTTP Location header. • It identifies a “process instance resource”, Subsequent calls are to the process instance URL followed by a segment with the relative URL of a nested resource (ie: receive activity) • A request to a URI containing the process id leads to lookup for the instance Process instance termination is usually implicit when process execution completes Rest-based Deployment Lifecycle Currently using just GET (get state) /POST (create instance) /DELETE (explicit termination) Deployment simply results in placing a file in the file system on the server Additional management service includes retrieving deployed process URLs, next available URLs per instance per user, etc. 11 © 2010 IBM Corporation
12.
The Bite language Relation
to BPEL Started with BPEL BPEL is powerhouse workflow language and standard, able to handle enterprise situations We were after a script-like lightweight model to bring workflow to bring workflow to situational application developers: • Looked at BPEL sources of complexity, trimmed the syntax and the capabilities • Added capabilities needed for Web apps Ideas for what to keep and what to live without? 12 © 2010 IBM Corporation
13.
The Bite language Relation
to BPEL Started with BPEL BPEL is powerhouse workflow language and standard, able to handle enterprise situations We were after a script-like lightweight model to bring workflow to bring workflow to situational application developers: • Looked at BPEL sources of complexity, trimmed the syntax and the capabilities • Added capabilities needed for Web apps Removed: Scopes, including fault, compensation and event handlers Ability to combine structured and flat graph based processes, choosing the flat graph model as more intuitive. Think back to FDL. Dependency on WS-* stack, especially requiring a-priori creation of WSDL, Schemas, etc. Added: Error links Shortcut combining data and control link Ability to handle Web data types natively REST primitives for interaction Default variables 13 Inline expressions, bindings. © 2010 IBM Corporation
14.
The Bite language Bite:
Core Language Constructs Interaction activities Notes <receiveGET>, <replyGET>, Also *POST. Receiving and replying to messages coming over HTTP. Contain a relative URL attribute used to match an incoming message. <receiveReplyGET> <GET> <PUT> Sending HTTP requests <POST> <DELETE> Non-interactive activities <action> Call local code <assign> Copy data <wait> <empty> <terminate> Utility activities Control primitives <while> <foreach> Iteration. The only structured activities. Have an implicit ‘counter’ variable <pick> External choice. Flattened BPEL pick. The output variable contains a ‘message’ and a ‘choice’ <control> Control link. <input> Data dependency that serves as a control link as well if the value is an activity name 14 © 2010 IBM Corporation
15.
The Bite language Feed
aggregation GET FEED GET FEED Fetch price and Fetch customized availability updates catalog Customized catalog and prices A document pipeline model 15 © 2010 IBM Corporation
16.
The Bite language Adding
interaction capabilities 16 © 2010 IBM Corporation
17.
The Bite language Plus
primitives to encode business logic Data flow Control flow 17 © 2010 IBM Corporation
18.
The Bite language Feed
Aggregator Example receive fetchYahooFeed fetchBBCFeed aggregate sort reply 18 © 2010 IBM Corporation
19.
The Bite language Feed
Aggregator Example <process name="sortSample"> <receivePOST name="rssRcv" url="getFeeds"/> rssRcv <GET name="getYahooFeed“ target="'http://newsrss.bbc.co.uk/rss/newsonline_uk_edition/world/rss.xml'"> <control source="rssRcv"/> </GET> <GET name="getBBCFeed" getYahooFeed getBBCFeeed target="'http://rss.news.yahoo.com/rss/topstories'"> <control source="rssRcv"/> </GET> aggregate <aggregate name="aggregate"> <input value="getBBCFeed"/> <input value="getYahooFeed"/> </aggregate> sort <sort name="sort"> <input value="aggregate"/> </sort> rssRply <replyPOST name="rssRply" url="getFeeds"> <input value="sort"/> </replyPOST> </process> 19 © 2010 IBM Corporation
20.
Deploying and Calling
the Feed Aggregator Example Deploy by POSTing the flow file to the deployment service This places the file in its own directory (under Web-apps for a servlet container). If the engine is local, deployment can be done by simply copying the file manually Let’s assume it is now in …/flows/aggregatorSample/index.flow To call the process, send an HTTP POST to: http://[host-name]:[port]/bite/runtime/flows/aggregatorSample/getFeeds runtime base url path to resource starting receive relative URL 20 © 2010 IBM Corporation
21.
The Bite language Interactive
Flow Scenario A customers requests a clothing item that needs to be ordered specially. A task flow is created: Request by employee to manager that item can be ordered without pre-payment Employee puts call into designer to place order Reminders are send via email to employee reminding them weekly to follow-up on order When item is received, the “complete task” can be activated which sents am email notifying the customer and cc’ing the employee. 21 © 2010 IBM Corporation
22.
The Bite language Interactive
Flow Scenario 22 © 2010 IBM Corporation
23.
The Bite language
Receive form data (HTTP post) Interactive Flow Scenario Send email Send back HTTP response Control dependency Take data from a prior activity Iteration Choice based on an event Conditional branching 23 © 2010 IBM Corporation
24.
The Bite language
Interactive Flow Scenario <receivePOST name="orderRcv" url=“initiateCase" /> orderRcv <sendMail name="sendToMgr“ address="orderRcv_Output.mgrEmail[0] …> sendToMgr … </sendMail> <replyPOST name="replyToInitiate" url="initiateCase"> reply … </replyPOST> response FromMgr responseFromMgr=”yes” <sendMail name="sendToMfr" sendToDes address="orderRcv.mfrEmail[0]" …> <control source="responseFromMgr" …/> <pick name="pick"> <input value="orderRcv_Output"/> <choice name="confirmation" url="confirm“/> while !confirmed </sendMail> <choice name="reminderInterval" for="'P7D'"/> pick1 </pick> confirmation: confirm reminderInterval: for 7 days pick1.choice=='confirmation' pick1.choice=='reminderInterval' <while name="loop" condition=“$:pick.choice!=‘confirmation’"> replyToEmployee, remindEmployee confirm … </while> <replyGET name="replyToEmployee" url="confirm"> <control value="pick" notify Customer transitionCondition= “$:pick_Output.choice=='confirmation'"/> … </replyGET> 24 © 2010 IBM Corporation
25.
The Bite language 25
© 2010 IBM Corporation
26.
The Bite language Extensibility
in the runtime Bite extensions are resolved at runtime: At parse-time: • Unknown XML elements in the definition are deemed extensions At runtime, when an extension activity is reached in the navigation • The Bite extension registery is searched for the extension implementation module. • The registry is simply of element name to module mappings. Upon navigating to an extension activity: The engine navigator hands control and necessary data to the implementation module. Once the module completes, it hands control and output data back to the navigator. The navigator places the data in the activity's output variable, marks the extension activity complete, and continues. Macros are also enabled A macro is a special extension whose implementation is a Bite fragment The engine fires monitoring events as it executes a flow instance. 26 © 2010 IBM Corporation
27.
The Bite language Anatomy
of the Bite Runtime ... GET /PUT / POST / EMail DELETE [ Activity ] interpreter manager navigator handler ... Process context XPath / XML *. flow files XPath /JSON Javascript / JSON Javascript /XML Navigation Process Expression state variables evaluator 27 © 2010 IBM Corporation
28.
The Bite language Process
Context Contains all state information for a particular process instance, such as: Variable values Activity states Pending events queue Instance identifier Only one thread is allowed to navigate a process instance at a time. Events that come while the context is in use are added to a queue. 28 © 2010 IBM Corporation
29.
The Bite language Process
Manager Process deployment. Maintains tables of deployed processes. Maintains a table of instances for each process. Each instance context consists of tables of tables containing all instance state. Message routing. For each incoming message, it locates the process and the process’s instance. It requests the navigator handle the message (incoming event), passing it the message and the process context using a thread from the manager’s thread pool. … … Handles external invocation requests from a process Uses a thread from its thread pool to perform external invocation 29 © 2010 IBM Corporation
30.
The Bite language Process
Navigator Contains generic process navigation logic. Given a process, a process context, and an event queue: It executes as many activities of the process and as many events in from the queue as it can, in a single thread. It returns if: the process has completed, or there are no more activities that can be executed, and there are no events in the queue that can be consumed. 30 © 2010 IBM Corporation
31.
The Bite language Navigation
Example (3) s (5) (7) (1) (2) (4) receive receive receive assign assign assign receive receive invoke receive invoke receive invoke assign reply reply reply reply reply reply (6) receive invoke (8) reply reply 31 © 2010 IBM Corporation
32.
Recap
So far: Explained Bite’s characteristics and core design points Showed several example of its usage Delved into syntax and semantics A few surprises in the last 3 years A very small percentage of the processes created have required the use of non-default variables. Nearly none have required the use of the separate <variable/> element Nearly no processes use a non-default transition condition Nearly no processes use error links The extension mechanism has been widely popular Next: Into the cloud we go ☺ 32 © 2010 IBM Corporation
33.
… and now,
‘as a Service’ Simple: REST APIs for the Bite Engine: Deployment service Monitoring registration service Also enable security handlers Complex: Complete BPM system with visual editor, monitoring capabilities, built in forms integrations 33 © 2010 IBM Corporation
34.
Lightweight BPM as
a Service: Business Mashups Presentation Mashups • Aggregate visual content with internal/external services and feeds Data Mashups • Combine internal/external feeds into new feeds Designer Business Mashups • Combine internal/external business services, information and collaboration services … 3rd Party REST Activities Database Services Bluehouse Store & Email Share Forms 34 Feeds © 2010 IBM Corporation
35.
Our System 35
© 2010 IBM Corporation
36.
Design considerations of
such a system Ideas? 36 © 2010 IBM Corporation
37.
Design considerations of
such a system Some that we highlight include: Distributed execution Security concerns Malicious processes and liability Social BPM: Leveraging the community 37 © 2010 IBM Corporation
38.
Distributed Execution
Load Balancing, routing, instance migration and persistence The execution model provides partial support separation of navigation logic from instance state Requires complex support for routing, maintaining and replicating state. In its simplest form, one engine per process with appropriate use of engine placemeent and routing tables. 38 © 2010 IBM Corporation
39.
Security concerns 39
© 2010 IBM Corporation
40.
Security concerns Problems and
motivation 1. Secure inbound and One needs to be able to: outbound interactions with the flow 2.Perform calls 3. Associate activities on behalf of a user with users/groups 40 40 18-Mar-13 © 2010 IBM Corporation
41.
Security concerns Motivating example:
interview scheduling mashup 41 © 2010 IBM Corporation
42.
Security concerns Security Challenges
for Business Mashups The environment is not a traditional enterprise setting (Server side) Mashups attempt to leverage services offered from multiple domains Different domains use different authentication protocols Service access is registered to users, not the flow engine Users have different identities on different domains Moreover, Multiple users in a typical (collaborative) business mashup Simplified user and development experiences are critical to maintaining the mashup value proposition Hard-coding authentication is not an option Storing credentials in the mashup server is not appropriate 42 © 2010 IBM Corporation
43.
Security concerns Approach for
Business Mashups Security Bite Integration Language/Model Extension: • A way to declare security in a flow (Syntax) • Managing and propagating multiple security contexts in a flow Security Handler • Decides if/when to contact the Secure Authentication Services (SAS) • Handles communication with SAS Secure Authentication Service (SAS) Authentication & Authorization (explicitly ask user for permission) Follows and implements OAuth (extended with attributes) Assumption: lives in a trusted environment 43 43 18-Mar-13 © 2010 IBM Corporation
44.
Security concerns Architecture Overview
Multi-protocol Language and engine support architecture extensions Interactive user authentication with trusted SAS 44 © 2010 IBM Corporation
45.
Security concerns Requesting user
credentials: Synchronous vs. asynchronous Asynchronous is directly supported as stated before Notification receiver information is used to contact appropriate user, direct to SAS for authentication Synchronous is trickier: Must have an open HTTP connection to get back to the user Assumption is that an “open receive” is outstanding and a “reply” activity is available that has not been executed Moreover, it must “belong” to the right user: must have a “matching user” value • if not available, follow asynch. redirect procedure, if provided, or fault is thrown Special processing is provided for that reply activity: • Enters “awaiting redirection” state • HTTP response is sent back with redirection to SAS • When SAS authentication is completed, HTTP response from SAS redirects user to process instance 45 © 2010 IBM Corporation
46.
Security concerns User Authentication
Sequence Authentication step: after providing credentials user must authorize service access Authentication dialog on SAS redirect: user selects link, authentication form pops up 46 © 2010 IBM Corporation
47.
Security concerns Secure Authentication
Service (SAS) Operation Extended OAuth SAS supports different security mechanisms for calling out to services SAS exposes itself using an OAuth interface Extension headers have been defined to support each authentication types SAS operates in a secure and trusted area within the company network Trusted area/party Or operated by a trusted 3rd party 47 © 2010 IBM Corporation
48.
Malicious Processes and
Liability 48 © 2010 IBM Corporation
49.
Malicious Processes and
Liability The Challenge of Deploying Processes in the Cloud Processes, in general, may have modeling problems Processes in the cloud are especially vulnerable: Users are charged according to how much resources they consume, so need to avoid surprise charges Cloud providers have to manage the resource pool Cloud providers are (usually) liable for DoS or other attacks initiated from hardware they own and operate, even if the software that causes this his written by an external party. 49 © 2010 IBM Corporation
50.
Malicious Processes and
Liability Techniques to Address Cloud Process Deployment Challenges It may not be possible to detect and reject/suspend all cases, but some mitigation techniques include: Restrictions in the process language E.g.: BPEL and Bite have DPE and cannot deadlock itself Static Checking of (1) the model, (2) expressions in the process, (3) extension activities At design time by the tool At deployment time by the process engine or extension deployment module Runtime Clamping Monitoring of resources consumed by the process and checking against thresholds Monitoring of URLs called by process owned by the same user to detect potential DoS 50 © 2010 IBM Corporation
51.
Social BPM: Leveraging
the Community 51 © 2010 IBM Corporation
52.
Social Enablement of
a Workflow System Aim to enable social production and Collaboration in a workflow system focusing on three areas Extension Activities Workflow Models Workflow Instances Two key aspects: Method and Technical Enablement Business and Security Aspects 52 © 2010 IBM Corporation
53.
Social BPM: Leveraging
the Community End Users Interact with Flow Instance End User End User End User Workflow Instance 53 © 2010 IBM Corporation
54.
Social BPM: Leveraging
the Community Recruiting Scenario Design Career Fair Workflow Ted: Brainshare Inc. employee 54 © 2010 IBM Corporation
55.
Social BPM: Leveraging
the Community Recruiting Scenario Design Invite Dean to Career Fair Collaborate Workflow on Design Ted: Brainshare Inc. employee 55 © 2010 IBM Corporation
56.
Social BPM: Leveraging
the Community Recruiting Scenario How about a student brochure design contest? Also, resumes are Design Invite Dean to in LotusLive Files. Career Fair Collaborate Workflow on Design Collaborate Ted: Dean of Brainshare McGrath Inc. employee University 56 © 2010 IBM Corporation
57.
Social BPM: Leveraging
the Community Recruiting Scenario How about a student brochure design contest? Also, resumes are Design Invite Dean to in LotusLive Files. Career Fair Collaborate Workflow on Design Collaborate Ted: Dean of Brainshare McGrath Inc. employee University Update Flow. Look for Files Extension to Get Resumes Earlier that year… Create and Share Extension Activity for LotusLive Files Service Carol: LotusLive Developer 57 © 2010 IBM Corporation
58.
Social BPM: Leveraging
the Community Recruiting Scenario How about a student brochure design contest? Also, resumes are Design Invite Dean to in LotusLive Files. Career Fair Collaborate Workflow on Design Collaborate Ted: Dean of Brainshare McGrath Inc. employee University Look for Files Find and Add Extension to Carol’s Get Resumes Extension. Update Flow. Earlier that year… Create and Share Extension Activity for LotusLive Files Service Carol: LotusLive Developer 58 © 2010 IBM Corporation
59.
Social BPM: Leveraging
the Community Recruiting Scenario How about a student brochure design contest? Also, resumes are Design Invite Dean to in LotusLive Files. Career Fair Collaborate Workflow on Design Collaborate Ted: Dean of Brainshare McGrath Inc. employee University Look for Files Find and Add Extension to Carol’s Great! Get Resumes Extension. Review Update Flow. Earlier that year… Create and Share Extension Activity for LotusLive Files Service Carol: LotusLive Developer 59 © 2010 IBM Corporation
60.
Social BPM: Leveraging
the Community Development and Deployment Life-Cycle 1. Community of developers easily build and share custom extension activities 2. Process Designers easily include community extension activities into flow applications 3. Flow applications are deployed in a secure, multi-user execution environment 4. Sharing and collaboration are enabled for flow models and instances 5. Flow applications execute in a hosted environment 60 © 2010 IBM Corporation
61.
Social BPM: Leveraging
the Community Creating, Sharing, and Using Extension Activities • Hosted Platform - Nothing to install • Example Scenarios • Forms based approval (e.g. vacation request) • Collaborative web-based ad-hoc workflows • Main Components • Flows Editor and Flows Runtime • Forms Editor and Forms Runtime • Catalog and Repository of Extension Activities Workflow • Workflow Model and Instance Sharing Designer Discover and use extension activities IT Developer Development Environment of choice Catalog of Extension Activities 61 © 2010 IBM Corporation
62.
Some of the
extensions we’ve incorporated so fars Customized extensions for verticals: We integrated the system in IBM’s LotusLive collaboration platform As a result, created extensions for integrating into their collaboration services, such as: • File sharing • Lotus Activity lifecycle Community provided extensions Teams across IBM provided new extensions for services they needed: • Twitter, Google Calendar, Lotus Forms, MQ. 62 © 2010 IBM Corporation
63.
Social BPM: Leveraging
the Community Recall: Our BPM as a Service System 63 © 2010 IBM Corporation
64.
Social BPM: Leveraging
the Community Sharing Workflows Workflow Models Access controls are enforced on different workflow models A per-user dashboard shows models the user may view and/or edit. Enable sharing created workflow models with others Workflow Instances Design time access controls are possible on all of a flow’s entry points. For instances, leverage Bite’s process lifecycle model: • A deployed workflow model becomes accessible at a base URL which acts as an instance factory. • Users targetting the base URL create a new instance with a newly created instance URL • Subsequent flow instance entry points are relative to the instance URL By sharing base/instance URls, we enable different users to: • Kick off a new instance • Access different entry points on one instance 64 © 2010 IBM Corporation
65.
Social BPM: Leveraging
the Community Designer Shares Flow Model with Others Workflow Designer How about …? 65 © 2010 IBM Corporation
66.
Social BPM: Leveraging
the Community Designer Provides Flow to End Users Workflow Designer Designer provides Process entry point URL to end users 66 © 2010 IBM Corporation
67.
Social BPM: Leveraging
the Community End Users Interact with Flow Instance End Users Workflow Instance 67 © 2010 IBM Corporation
68.
Summary
A lightweight workflow model for the Web environment A hosted BPM as a service system for quickly and easily creating and running Web applications using a flow paradigm. Created by a mashup of IBM teams ☺: Developed in internal open source Contributors: • Across IBM: Research, Software Group, Global Business Services • Across geos: US, Japan, Israel, Canada, and China 68 © 2010 IBM Corporation
69.
Videos • Video 1:
Creating and running a process • Video 2: Extensibility demo 69 © 2010 IBM Corporation
70.
Where can I
get more information on …? Bite: A version is the flow language in IBM Project Zero (WebSphere sMash) http://projectzero.org ICSOC 2007 XIME-P Workshop at ACM SIGMOD 2008 Bite and Collaborative Flows IEEE Internet Computing, Special Issue on Services Mashups 2008 BPM as a service system: Devoxx 2008 - presentation by Christina Lau, ‘BPMZero’ Composer in LotusLiveLabs (http://lotuslive.com), deployment disabled IBM BPM BlueWorks, design time only Detecting Potential for Undesirable Behavior from Business Processes Deployed in the Cloud IBM Research Report by Douglas Lovell, to appear. End-to-End Security ICSOC 2009 (patent filed) Extensibility and Sharing Workshop on Business Process Management and Social Software, BPM 2009 Anything else? 70 rkhalaf@us.ibm.com © 2010 IBM Corporation
Descargar ahora