SlideShare una empresa de Scribd logo

Umit Yalcinalp Contracts Services And Policies

SOA Symposium
SOA Symposium
TecnologíaEducación
1 de 19
Descargar para leer sin conexión
22-10-2008 This Presentation Courtesy of the International SOA Symposium October 7-8, 2008 Amsterdam Arena www.soasymposium.com info@soasymposium.com Founding Sponsors Platinum Sponsors Gold Sponsors Silver Sponsors Contracts Policies and Services Oh My SYSTEMATIC THOUGHT LEADERSHIP FOR INNOVATIVE BUSINESS Ümit Yalçinalp, Ph.D. SAP Labs, Palo Alto umit.yalcinalp@sap.com 1
22-10-2008 Outline  Basics: Policies as a contract  PolicySpecifications  Concepts in WS-Policy  Useful Patterns for Providers and Consumers  Gotchas  Conclusions October, 2008 SOA Symposium 3  This talk is about principles  Why is it this way? What is it good for? Not lots of pointy brackets  Best Practices and some gotchas  Overview of Policy chapters in WS-Contract Design and Versioning Book  Cheat sheet for understanding the reasoning behind the specs 2
22-10-2008 Policies in SOA  Critical component of SOA  Consumers may not be able to use services without explicit policies  Service providers may not be able – provide QoS without policies – enforce behaviors from consumers – deploy services  Defined as an expression of constraints and capabilities  Result in a set of behaviors for providers and consumers  Apply typically to interactions with a service October, 2008 SOA Symposium 5 Importance of Understanding Policy Frameworks  Providers – Define the policies for their services, specifically QoS – Determine the policies that may apply – Decide whether multiple policies may apply to the same set of messages – Should support the alternatives if provided  Consumers – Determine whether they can use the service based on a contract – Likely to have their own policies – Must determine which policies will apply when they use a service – Choose among alternative ways of using a service October, 2008 SOA Symposium 6 3
22-10-2008 You may be a provider, a consumer or be in both roles You may be designing new expressions or new policy vocabularies The capabilities and limitations help in  Designing better contracts  Avoiding pitfalls in policy design October, 2008 SOA Symposium 8 4
22-10-2008 Two Prominent Players  WS-Policy  SCA Policy Framework October, 2008 SOA Symposium 9 WS-Policy Framework  Crucial component of a contract using Web Services  Expression syntax  Compositions with expressions  Help define where to use policies  Defines how to use with WSDL  Guidelines for Authoring Policies  Established set of specifications http://www.w3.org/2002/ws/policy/  Targets WS-*, for defining and using concrete policies  Focus in this talk October, 2008 SOA Symposium 10 5
22-10-2008 Basics of WS-Policy: Assertion  It is a QName <umit:speakEnglish> <umit:takesnotes>  Basic block in for a policy expression  Has specific semantics  Has specific schema  Define a behavior  Defined by a governance body, specification, a company, department...  May contain other assertions by nesting other assertions  Typically defined in a document + schema  Specifies where it can be used as a contract (in WSDL)  May specify related behaviors, compositional behavior October, 2008 SOA Symposium 11 Standardized Policy Assertions  WS-Addressing Metadata (w3c) http://www.w3.org/TR/ws-addr-metadata  WS-Security Policy 1.2 (OASIS) http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.2/ws- securitypolicy.html  WS-Reliable Exchange (OASIS) v1.1 and v1.2 http://docs.oasis-open.org/ws-rx/wsrmp/200702/wsrmp-1.1-spec-os-01-e1.html http://docs.oasis-open.org/ws-rx/wsrmp/200702  WS-Atomic Transaction (OASIS) http://docs.oasis-open.org/ws-tx/wstx-wsat-1.1-spec-errata-os/wstx-wsat-1.1-spec-errata- os.html Commonality:  Describe wire-level protocols  Target message exchanges with endpoints October, 2008 SOA Symposium 12 6
22-10-2008 Basics of WS-Policy: Policy Expressions  Operators for conjunctions (wsp:All) and disjunctions (wsp:ExactlyOne) <wsp:All> <umit:speakEnglish> <umit:takesnotes> </wsp:All> <wsp:ExactlyOne> <umit:speakEnglish/> <umit:speakGerman/> </wsp:ExactlyOne>  Are used to construct an expression using multiple assertions October, 2008 SOA Symposium 13 WS-Policy Policy Expressions Equivalence  Expressions can be composed or simplified with applying operators  Idempotent  Symmetic  Distributive (wsp:All over wsp:ExactlyOne)  Full Calculus: Chapter 10 October, 2008 SOA Symposium 14 7
22-10-2008 Policy Alternative  A set of policy assertions is an alternative  Example: Two alternatives <wsp:ExactlyOne> <wsp:All><umit:speakEnglish/></wsp:All> <wsp:All><umit:speakGerman/></wsp:All> </wsp:ExactlyOne> October, 2008 SOA Symposium 15 wsp:optional attribute  Shorthand for creating alternatives in an expression <umit:speakEnglish wsp:optional=“true”/>  Is equivalent to <wsp:ExactlyOne> <wsp:All><umit:speakEnglish/></wsp:All> <wsp:All/> </wsp:exactlyone>  Implies two alternatives, thus two different behaviors  an alternative where umit speaks English  an alternative where there are no behaviors implied  This is a pattern to indicate a capability supported but not required October, 2008 SOA Symposium 16 8
22-10-2008 Assertion Nesting  A relatively new concept for WS-Policy  A policy assertion may be nested in another assertion  Byincluding it in a policy expression as its child  Expression is created by wrapping with wsp:Policy element  Its semantics depend or qualify the parent assertion  Itis usually defined by governance body that specifies the parent assertion October, 2008 SOA Symposium 17 Example: WS-Addressing Metadata  wsam:Addressing  wsam:AnonymousResponses  wsam:NonAnonymousResponses  You can use one or the other child assertion, not both <wsam:Addressing> <wsp:Policy> <wsam:AnonymousResponses/> </wsp:Policy> </wsam:Addressing> October, 2008 SOA Symposium 18 9
22-10-2008 Parametric Assertions: An assertion with embedded content Compare with <wsp:Policy> <wsp:Policy> <umit:Speaks> <umit:Speaks> <umit:language>English <wsp:Policy> </umit:language> <umit:EnglishLanguage/> </wsp:Speaks> </wsp:Policy> </wsp:Policy> </umit:Speaks> </wsp:Policy> The content of a parametric assertion is NOT guaranteed to be understood by all frameworks!  More details in Chapter 16 October, 2008 SOA Symposium 19 Associating Policies with WSDL  Policy Subjects: Collective Attachment points in WSDL 1. Service (wsdl11:service or wsdl20:service element) 2. Endpoint (wsdl11:binding or wsdl20:binding wsdl11:port or wsdl20:endpoint elements, wsdl11:portType or wsdl20:interface element) 3. Operation (operation elements in binding, operation elements in wsdl11:portType or wsdl20:interface elements) 4. Message (wsdl11:message element or input|output|fault elements in operation elements)  4 different effective policies that may simultaneously apply October, 2008 SOA Symposium 20 10
22-10-2008 Assertions specify their attachment points Example: wsam:Addressing  Can be attached to wsdl11:binding/wsdl20:binding or wsdl11:port/wsdl20:endpoint elements  Can not be attached to wsdl11:portType or wsdl20:interface elements Discussion: Why can’t we put this assertions in the portType or interface? October, 2008 SOA Symposium 21 Some Points to Consider  The design of WSDL + 4 simultanous effective policies  Service Effective Policy governs all endpoints and protocols  Endpoint Effective Policy govern all messages for an endpoint  Policy for a portType or interface – must be applicable to all endpoints – must be abstract  Avoid attaching incompatible policies in a hierarchy  Avoid breaking the contract definition itself  Most standardized protocol assertions apply to Endpoint Policy Subject  Do not use them with portType or interface when not abstract October, 2008 SOA Symposium 22 11
22-10-2008 Attachment Patterns with WSDL  Inclusion patterns with WSDL: Insert policy expressions in attachment points directly as extensibility <binding> … <operation name=“simpleCommunicate”>...<input>… </operation> <wsp:Policy><wsam:Addressing/></wsp:Policy> <binding> October, 2008 SOA Symposium 23 Use partial centralization Define named policies in wsdl11:descriptions or wsdl20:definitions elements <wsdl20:definitions> … <wsp:Policy wsu:Id=“communicationsPolicy”/> <wsam:Addressing wsp:optional=“true”/> <myservice:LoggingEnabled/>… </wsp:Policy> </wsdl20:definitions>  Refer from attachment points <wsdl20:binding> … <wsdl20:operation name=“simpleCommunicate”>... </wsdl20:operation> <wsp:PolicyReference URI=“#communicationsPolicy/> </wsdl20:binding> October, 2008 SOA Symposium 24 12
22-10-2008 Policy Centralization Pattern  Decouple WSDLs from Policy Documents  Create (a) policy document(s) independent of WSDL  Use references to WSDL elements in the document to refer to attachment points  WSDL fragment identifiers (URIs) are used to refer where you want to attach  More details in Chapter 16 October, 2008 SOA Symposium 25 Comparison  Centralization decouples the contracts and assures reuse of WSDLs  Centralization allows evolution and change  Centralization require vendor specific solutions, repositories, independent management standards  Inclusion is easy for testing and standard  Be aware of what your toolkit supports October, 2008 SOA Symposium 26 13
22-10-2008 Why should you care as policy designers?  Design time policies ultimately affect runtime policies  Policies may be attached to different places in WSDL  Using a service is governed by endpoints/ports and the messages exchanged  Understanding “complete” policy that applies is necessary  A complex policy expression may be reduced to a simpler equivalent form  Compact form (written by users)  Normal form (utilized FOR runtime)  The rules of composition and rewriting ain’t that hard!  October, 2008 SOA Symposium 27 Three Amigos of Policy Expressions Help To Answer Which policies apply  Merging  Used to find the combined policy that will apply  Use wsp:All to combine different policy expressions  For finding the effective Policy  Normalization  Used to find distinct alternatives (choices) given an expression  Only one alternative will apply in a given situation  Create an expression with no nested alternatives  Essentially translates into disjunctive normal form  For finding the alternatives and determining which one ultimately applies  Intersection  Given two different normalized policy expressions, finds the common set of assertions  Compatibility of assertions is used to find the union of assertions that apply to both  For determining which alternative to use in an interaction October, 2008 SOA Symposium 28 14
22-10-2008 wsp:ignorable attribute  A behavior that is engaged by user of the assertion  Changes the way an intersection works with policies  Consumer interaction with service may not need to change due to policy  Consumers may decide not to use the service based on its presence  Implies single behavior <umit:TakesNotes wsp:ignorable=“true”/>  Ignorable and optional are not the same! October, 2008 SOA Symposium 29 More on Intersection  Regarded as guideline, not requirement toolkits  Can utilize lax or strict modes  Lax ignores the ignorable policy  Strict must consider the ignorable policy  Compatibility is based on QNames, not content  Parametric vs nested assertions play a role  Domain specific processing can change which assertions are compatible!  See Chapter 17 for more on the tree amigos October, 2008 SOA Symposium 30 15
22-10-2008 Service Provider: What is my overall policy in WSDL? Goal: Compute the policy for a message exchange Do:  Use Merge of the policies to obtain 4 effective policies  Normalize the effective policy  Make sure that runtime policy can be identified – Distinct alternatives may exist, only one will apply – Consumer should be able to use the alternative – Must be deterministic – If not, distinct ways of identification must be used – Use distinct ports or endpoints for each alternative – See chapter 16: Concurrent Policy Enabled Contract – No policy negotiation available with standards  Design time effects runtime !!! October, 2008 SOA Symposium 31 Service Consumer: How do I use the policy?  Problem: Can I use this service? If so, which of the policies can I use?  Determine to ignore or use providers ignorable policy (lax or strict intersection)  Compute an intersection with provider’s policy  If the intersection does yield zero alternatives, it fails  If multiple alternatives exist, choose one  Communicate with provider using the chosen policy  The determinism considerations apply here as there is no negotiation! October, 2008 SOA Symposium 32 16
22-10-2008 Define Your Own Assertion:  The Assertion document  Namespace  Semantics of the behavior – Protocol – Headers  XML Schema  Applicability  Roles – Both Parties: Protocol – Provider only  The interactions with others  Does it affect/contradict other assertions,  Guidelines in composition  The attachment points in a WSDL October, 2008 SOA Symposium 33 Existing Assertions  Protocol Specific  Enabling a Protocol or protocol capability (i.e. WS-Addressing)  May be a capability (with wsp:optional = “true”)  Most complicated is WS-Security Policy A good reference for security concerns Developer’s Guide to SAP NetWeaver Security http://www.sap-press.de/katalog/buecher/titel/gp/titelID-1656 October, 2008 SOA Symposium 34 17
22-10-2008 Gotchas  Parameterized Assertions  QName is used for compatibility testing, not XML contents <me:speak>English</me:speak> is compatible with <me:speak>German</me:speak> unless domain specific logic is applied  Policy calculus, transformation will need to be extended  Affects how you should define author your own policies  Avoid ambiguous runtime policy  Non-wire policies should utilize different endpoints  Do not assign protocol policies to abstract WSDL  Be Aware of Toolkit Limitations October, 2008 SOA Symposium 35 Emerging Policy Specification: SCA Policy Framework  Policy Framework for Service Component Architecture  An Emerging Specification in OASIS for SOA  Targets defining  Abstract policy vocabularies  Relationship of vocabularies to a set of policies  Independent of specific implementation mechanism of components and services (EJBs, WS, etc).  Addresses interactions and implementation policies  Concrete policies may materialize differently depending on deployment  Defers to WS-Policy or other policy languages for concrete realization October, 2008 SOA Symposium 36 18
22-10-2008 Conclusions  WS-Policy Framework is established  Contract designers should utilize guidelines and be aware of limitations  SCA Policy Framework is emerging  Thank You For Listening! October, 2008 SOA Symposium 37 Conclusion Ümit Yalçinalp SAP Research, Office of the CTO umit.yalcinalp@sap.com October, 2008 SOA Symposium 38 19

Recomendados

Andre Tost E S B Ref Arch
Andre Tost E S B Ref ArchAndre Tost E S B Ref Arch
Andre Tost E S B Ref ArchSOA Symposium
 
Dennis Wisnosky Cross Talk Presentation D Wiz 09262008 For Publication
Dennis Wisnosky Cross Talk Presentation D Wiz 09262008 For PublicationDennis Wisnosky Cross Talk Presentation D Wiz 09262008 For Publication
Dennis Wisnosky Cross Talk Presentation D Wiz 09262008 For PublicationSOA Symposium
 
Edwin Vd Sanden Composite Applications For Users
Edwin Vd Sanden Composite Applications For UsersEdwin Vd Sanden Composite Applications For Users
Edwin Vd Sanden Composite Applications For UsersSOA Symposium
 
Sandy Carter Understanding S O A And Web 2
Sandy Carter Understanding S O A And Web 2Sandy Carter Understanding S O A And Web 2
Sandy Carter Understanding S O A And Web 2SOA Symposium
 
Enrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T ServicesEnrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T ServicesSOA Symposium
 
Cesare Pautasso R E S T V1
Cesare Pautasso R E S T V1Cesare Pautasso R E S T V1
Cesare Pautasso R E S T V1SOA Symposium
 
Sven Hakan Olsson Composability Index V2
Sven Hakan Olsson Composability Index V2Sven Hakan Olsson Composability Index V2
Sven Hakan Olsson Composability Index V2SOA Symposium
 
Anne Thomas Manes S O A Fatigue
Anne Thomas Manes S O A FatigueAnne Thomas Manes S O A Fatigue
Anne Thomas Manes S O A FatigueSOA Symposium
 

Recomendados

Andre Tost E S B Ref Arch
Andre Tost E S B Ref ArchAndre Tost E S B Ref Arch
Andre Tost E S B Ref ArchSOA Symposium
 
Dennis Wisnosky Cross Talk Presentation D Wiz 09262008 For Publication
Dennis Wisnosky Cross Talk Presentation D Wiz 09262008 For PublicationDennis Wisnosky Cross Talk Presentation D Wiz 09262008 For Publication
Dennis Wisnosky Cross Talk Presentation D Wiz 09262008 For PublicationSOA Symposium
 
Edwin Vd Sanden Composite Applications For Users
Edwin Vd Sanden Composite Applications For UsersEdwin Vd Sanden Composite Applications For Users
Edwin Vd Sanden Composite Applications For UsersSOA Symposium
 
Sandy Carter Understanding S O A And Web 2
Sandy Carter Understanding S O A And Web 2Sandy Carter Understanding S O A And Web 2
Sandy Carter Understanding S O A And Web 2SOA Symposium
 
Enrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T ServicesEnrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T ServicesSOA Symposium
 
Cesare Pautasso R E S T V1
Cesare Pautasso R E S T V1Cesare Pautasso R E S T V1
Cesare Pautasso R E S T V1SOA Symposium
 
Sven Hakan Olsson Composability Index V2
Sven Hakan Olsson Composability Index V2Sven Hakan Olsson Composability Index V2
Sven Hakan Olsson Composability Index V2SOA Symposium
 
Anne Thomas Manes S O A Fatigue
Anne Thomas Manes S O A FatigueAnne Thomas Manes S O A Fatigue
Anne Thomas Manes S O A FatigueSOA Symposium
 
SOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationSOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationWSO2
 
OpenStack Keystone Stein Project Update
OpenStack Keystone Stein Project UpdateOpenStack Keystone Stein Project Update
OpenStack Keystone Stein Project UpdateLance Bragstad
 
Dynamic modelling best practice recommendation for the SID
Dynamic modelling best practice recommendation for the SIDDynamic modelling best practice recommendation for the SID
Dynamic modelling best practice recommendation for the SIDgtilton
 
Umit Yalcinalp Enterprise Mashupsfor S O A
Umit Yalcinalp Enterprise Mashupsfor S O AUmit Yalcinalp Enterprise Mashupsfor S O A
Umit Yalcinalp Enterprise Mashupsfor S O ASOA Symposium
 
Standards 2010: Prospects and Challenges for Standards Development in the Nex...
Standards 2010: Prospects and Challenges for Standards Development in the Nex...Standards 2010: Prospects and Challenges for Standards Development in the Nex...
Standards 2010: Prospects and Challenges for Standards Development in the Nex...Chuck Allen
 
On Reconciliation of Contractual Concerns of Web Services
On Reconciliation of Contractual Concerns of Web ServicesOn Reconciliation of Contractual Concerns of Web Services
On Reconciliation of Contractual Concerns of Web ServicesHong-Linh Truong
 
DDS-TSN OMG Request for Proposals (RFP)
DDS-TSN OMG Request for Proposals (RFP)DDS-TSN OMG Request for Proposals (RFP)
DDS-TSN OMG Request for Proposals (RFP)Gerardo Pardo-Castellote
 
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]yuhana
 
Soa amsterdam-restws-pautasso-talk
Soa amsterdam-restws-pautasso-talkSoa amsterdam-restws-pautasso-talk
Soa amsterdam-restws-pautasso-talkAravindharamanan S
 
Services (SOA) Oriented Integration SOI
Services (SOA) Oriented Integration SOIServices (SOA) Oriented Integration SOI
Services (SOA) Oriented Integration SOIStephen Lahanas
 
Hoffman and Rajan "Metadata: The Importance of Interoperability, and Factors ...
Hoffman and Rajan "Metadata: The Importance of Interoperability, and Factors ...Hoffman and Rajan "Metadata: The Importance of Interoperability, and Factors ...
Hoffman and Rajan "Metadata: The Importance of Interoperability, and Factors ...National Information Standards Organization (NISO)
 
WSO2 Governance Registry - Product Overview
WSO2 Governance Registry - Product OverviewWSO2 Governance Registry - Product Overview
WSO2 Governance Registry - Product OverviewWSO2
 
Design Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through ImplementationDesign Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through ImplementationTechWell
 
Togaf 9 template Preliminary Phase architecture principles
Togaf 9 template Preliminary Phase architecture principlesTogaf 9 template Preliminary Phase architecture principles
Togaf 9 template Preliminary Phase architecture principlesSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Sca bpel-1.1-spec
Sca bpel-1.1-specSca bpel-1.1-spec
Sca bpel-1.1-specVibhor Rastogi
 
Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Jamie Clark
 
16 bealer
16 bealer16 bealer
16 bealerSociety for Scholarly Publishing
 
W3C Data Exchange Working Group - an update
W3C Data Exchange Working Group - an updateW3C Data Exchange Working Group - an update
W3C Data Exchange Working Group - an updatePeterWinstanley1
 
Ibt Soa Babson Talk V8
Ibt Soa Babson Talk V8Ibt Soa Babson Talk V8
Ibt Soa Babson Talk V8Prashant Sarode
 
Soa session 1 part 1(2)
Soa session 1 part 1(2)Soa session 1 part 1(2)
Soa session 1 part 1(2)Shilpi Jain
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsSOA Symposium
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsSOA Symposium
 

Más contenido relacionado

Similar a Umit Yalcinalp Contracts Services And Policies

SOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationSOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationWSO2
 
OpenStack Keystone Stein Project Update
OpenStack Keystone Stein Project UpdateOpenStack Keystone Stein Project Update
OpenStack Keystone Stein Project UpdateLance Bragstad
 
Dynamic modelling best practice recommendation for the SID
Dynamic modelling best practice recommendation for the SIDDynamic modelling best practice recommendation for the SID
Dynamic modelling best practice recommendation for the SIDgtilton
 
Umit Yalcinalp Enterprise Mashupsfor S O A
Umit Yalcinalp Enterprise Mashupsfor S O AUmit Yalcinalp Enterprise Mashupsfor S O A
Umit Yalcinalp Enterprise Mashupsfor S O ASOA Symposium
 
Standards 2010: Prospects and Challenges for Standards Development in the Nex...
Standards 2010: Prospects and Challenges for Standards Development in the Nex...Standards 2010: Prospects and Challenges for Standards Development in the Nex...
Standards 2010: Prospects and Challenges for Standards Development in the Nex...Chuck Allen
 
On Reconciliation of Contractual Concerns of Web Services
On Reconciliation of Contractual Concerns of Web ServicesOn Reconciliation of Contractual Concerns of Web Services
On Reconciliation of Contractual Concerns of Web ServicesHong-Linh Truong
 
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]yuhana
 
Soa amsterdam-restws-pautasso-talk
Soa amsterdam-restws-pautasso-talkSoa amsterdam-restws-pautasso-talk
Soa amsterdam-restws-pautasso-talkAravindharamanan S
 
Services (SOA) Oriented Integration SOI
Services (SOA) Oriented Integration SOIServices (SOA) Oriented Integration SOI
Services (SOA) Oriented Integration SOIStephen Lahanas
 
WSO2 Governance Registry - Product Overview
WSO2 Governance Registry - Product OverviewWSO2 Governance Registry - Product Overview
WSO2 Governance Registry - Product OverviewWSO2
 
Design Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through ImplementationDesign Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through ImplementationTechWell
 
Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Jamie Clark
 
W3C Data Exchange Working Group - an update
W3C Data Exchange Working Group - an updateW3C Data Exchange Working Group - an update
W3C Data Exchange Working Group - an updatePeterWinstanley1
 
Soa session 1 part 1(2)
Soa session 1 part 1(2)Soa session 1 part 1(2)
Soa session 1 part 1(2)Shilpi Jain
 

Similar a Umit Yalcinalp Contracts Services And Policies (20)

SOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationSOA Pattern : Policy Centralization
SOA Pattern : Policy Centralization
 
OpenStack Keystone Stein Project Update
OpenStack Keystone Stein Project UpdateOpenStack Keystone Stein Project Update
OpenStack Keystone Stein Project Update
 
Dynamic modelling best practice recommendation for the SID
Dynamic modelling best practice recommendation for the SIDDynamic modelling best practice recommendation for the SID
Dynamic modelling best practice recommendation for the SID
 
Umit Yalcinalp Enterprise Mashupsfor S O A
Umit Yalcinalp Enterprise Mashupsfor S O AUmit Yalcinalp Enterprise Mashupsfor S O A
Umit Yalcinalp Enterprise Mashupsfor S O A
 
Standards 2010: Prospects and Challenges for Standards Development in the Nex...
Standards 2010: Prospects and Challenges for Standards Development in the Nex...Standards 2010: Prospects and Challenges for Standards Development in the Nex...
Standards 2010: Prospects and Challenges for Standards Development in the Nex...
 
On Reconciliation of Contractual Concerns of Web Services
On Reconciliation of Contractual Concerns of Web ServicesOn Reconciliation of Contractual Concerns of Web Services
On Reconciliation of Contractual Concerns of Web Services
 
DDS-TSN OMG Request for Proposals (RFP)
DDS-TSN OMG Request for Proposals (RFP)DDS-TSN OMG Request for Proposals (RFP)
DDS-TSN OMG Request for Proposals (RFP)
 
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]
Rule Responder Nccu Taipei Mar2008 Talk [Compatibility Mode]
 
Soa amsterdam-restws-pautasso-talk
Soa amsterdam-restws-pautasso-talkSoa amsterdam-restws-pautasso-talk
Soa amsterdam-restws-pautasso-talk
 
Services (SOA) Oriented Integration SOI
Services (SOA) Oriented Integration SOIServices (SOA) Oriented Integration SOI
Services (SOA) Oriented Integration SOI
 
Hoffman and Rajan "Metadata: The Importance of Interoperability, and Factors ...
Hoffman and Rajan "Metadata: The Importance of Interoperability, and Factors ...Hoffman and Rajan "Metadata: The Importance of Interoperability, and Factors ...
Hoffman and Rajan "Metadata: The Importance of Interoperability, and Factors ...
 
WSO2 Governance Registry - Product Overview
WSO2 Governance Registry - Product OverviewWSO2 Governance Registry - Product Overview
WSO2 Governance Registry - Product Overview
 
Design Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through ImplementationDesign Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through Implementation
 
Togaf 9 template Preliminary Phase architecture principles
Togaf 9 template Preliminary Phase architecture principlesTogaf 9 template Preliminary Phase architecture principles
Togaf 9 template Preliminary Phase architecture principles
 
Sca bpel-1.1-spec
Sca bpel-1.1-specSca bpel-1.1-spec
Sca bpel-1.1-spec
 
Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008
 
16 bealer
16 bealer16 bealer
16 bealer
 
W3C Data Exchange Working Group - an update
W3C Data Exchange Working Group - an updateW3C Data Exchange Working Group - an update
W3C Data Exchange Working Group - an update
 
Ibt Soa Babson Talk V8
Ibt Soa Babson Talk V8Ibt Soa Babson Talk V8
Ibt Soa Babson Talk V8
 
Soa session 1 part 1(2)
Soa session 1 part 1(2)Soa session 1 part 1(2)
Soa session 1 part 1(2)
 

Más de SOA Symposium

Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsSOA Symposium
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsSOA Symposium
 
Natasja Paulssen S A P M D M And E S O A At Philips
Natasja Paulssen S A P M D M And E S O A At PhilipsNatasja Paulssen S A P M D M And E S O A At Philips
Natasja Paulssen S A P M D M And E S O A At PhilipsSOA Symposium
 
Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureSOA Symposium
 
David Chappel S O A Grid
David Chappel S O A GridDavid Chappel S O A Grid
David Chappel S O A GridSOA Symposium
 
Johan Kumps Federal E S B
Johan Kumps Federal E S BJohan Kumps Federal E S B
Johan Kumps Federal E S BSOA Symposium
 
Laurent Tarin B P M Ilog
Laurent Tarin B P M IlogLaurent Tarin B P M Ilog
Laurent Tarin B P M IlogSOA Symposium
 
Jim Webber Guerrilla S O A With Web Services
Jim Webber Guerrilla S O A With Web ServicesJim Webber Guerrilla S O A With Web Services
Jim Webber Guerrilla S O A With Web ServicesSOA Symposium
 
Robert Schneider What Every Developer
Robert Schneider What Every DeveloperRobert Schneider What Every Developer
Robert Schneider What Every DeveloperSOA Symposium
 
Robert Schneider 10 Strategies
Robert Schneider 10 StrategiesRobert Schneider 10 Strategies
Robert Schneider 10 StrategiesSOA Symposium
 
Thomas Rischbeck Real Life E S B
Thomas Rischbeck Real Life E S BThomas Rischbeck Real Life E S B
Thomas Rischbeck Real Life E S BSOA Symposium
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalSOA Symposium
 
Paul Brown Org Man Issues
Paul Brown Org Man IssuesPaul Brown Org Man Issues
Paul Brown Org Man IssuesSOA Symposium
 
Arnaud Simon Flight Data Processing
Arnaud Simon Flight Data ProcessingArnaud Simon Flight Data Processing
Arnaud Simon Flight Data ProcessingSOA Symposium
 
Paul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachPaul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachSOA Symposium
 
Mark Little Web Services And Transactions
Mark Little Web Services And TransactionsMark Little Web Services And Transactions
Mark Little Web Services And TransactionsSOA Symposium
 
S Ven Hakan Olsson Compos Index
S Ven Hakan Olsson Compos IndexS Ven Hakan Olsson Compos Index
S Ven Hakan Olsson Compos IndexSOA Symposium
 
Art Ligthart Service Identification Techniques
Art Ligthart Service Identification TechniquesArt Ligthart Service Identification Techniques
Art Ligthart Service Identification TechniquesSOA Symposium
 
Paul C Brown S O A Governance
Paul C Brown S O A GovernancePaul C Brown S O A Governance
Paul C Brown S O A GovernanceSOA Symposium
 
Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1SOA Symposium
 

Más de SOA Symposium (20)

Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design Patterns
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A Pitfalls
 
Natasja Paulssen S A P M D M And E S O A At Philips
Natasja Paulssen S A P M D M And E S O A At PhilipsNatasja Paulssen S A P M D M And E S O A At Philips
Natasja Paulssen S A P M D M And E S O A At Philips
 
Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business Architecture
 
David Chappel S O A Grid
David Chappel S O A GridDavid Chappel S O A Grid
David Chappel S O A Grid
 
Johan Kumps Federal E S B
Johan Kumps Federal E S BJohan Kumps Federal E S B
Johan Kumps Federal E S B
 
Laurent Tarin B P M Ilog
Laurent Tarin B P M IlogLaurent Tarin B P M Ilog
Laurent Tarin B P M Ilog
 
Jim Webber Guerrilla S O A With Web Services
Jim Webber Guerrilla S O A With Web ServicesJim Webber Guerrilla S O A With Web Services
Jim Webber Guerrilla S O A With Web Services
 
Robert Schneider What Every Developer
Robert Schneider What Every DeveloperRobert Schneider What Every Developer
Robert Schneider What Every Developer
 
Robert Schneider 10 Strategies
Robert Schneider 10 StrategiesRobert Schneider 10 Strategies
Robert Schneider 10 Strategies
 
Thomas Rischbeck Real Life E S B
Thomas Rischbeck Real Life E S BThomas Rischbeck Real Life E S B
Thomas Rischbeck Real Life E S B
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A Operational
 
Paul Brown Org Man Issues
Paul Brown Org Man IssuesPaul Brown Org Man Issues
Paul Brown Org Man Issues
 
Arnaud Simon Flight Data Processing
Arnaud Simon Flight Data ProcessingArnaud Simon Flight Data Processing
Arnaud Simon Flight Data Processing
 
Paul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachPaul Butterworth Policy Based Approach
Paul Butterworth Policy Based Approach
 
Mark Little Web Services And Transactions
Mark Little Web Services And TransactionsMark Little Web Services And Transactions
Mark Little Web Services And Transactions
 
S Ven Hakan Olsson Compos Index
S Ven Hakan Olsson Compos IndexS Ven Hakan Olsson Compos Index
S Ven Hakan Olsson Compos Index
 
Art Ligthart Service Identification Techniques
Art Ligthart Service Identification TechniquesArt Ligthart Service Identification Techniques
Art Ligthart Service Identification Techniques
 
Paul C Brown S O A Governance
Paul C Brown S O A GovernancePaul C Brown S O A Governance
Paul C Brown S O A Governance
 
Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1
 

Último

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Umit Yalcinalp Contracts Services And Policies

  • 1. 22-10-2008 This Presentation Courtesy of the International SOA Symposium October 7-8, 2008 Amsterdam Arena www.soasymposium.com info@soasymposium.com Founding Sponsors Platinum Sponsors Gold Sponsors Silver Sponsors Contracts Policies and Services Oh My SYSTEMATIC THOUGHT LEADERSHIP FOR INNOVATIVE BUSINESS Ümit Yalçinalp, Ph.D. SAP Labs, Palo Alto umit.yalcinalp@sap.com 1
  • 2. 22-10-2008 Outline  Basics: Policies as a contract  PolicySpecifications  Concepts in WS-Policy  Useful Patterns for Providers and Consumers  Gotchas  Conclusions October, 2008 SOA Symposium 3  This talk is about principles  Why is it this way? What is it good for? Not lots of pointy brackets  Best Practices and some gotchas  Overview of Policy chapters in WS-Contract Design and Versioning Book  Cheat sheet for understanding the reasoning behind the specs 2
  • 3. 22-10-2008 Policies in SOA  Critical component of SOA  Consumers may not be able to use services without explicit policies  Service providers may not be able – provide QoS without policies – enforce behaviors from consumers – deploy services  Defined as an expression of constraints and capabilities  Result in a set of behaviors for providers and consumers  Apply typically to interactions with a service October, 2008 SOA Symposium 5 Importance of Understanding Policy Frameworks  Providers – Define the policies for their services, specifically QoS – Determine the policies that may apply – Decide whether multiple policies may apply to the same set of messages – Should support the alternatives if provided  Consumers – Determine whether they can use the service based on a contract – Likely to have their own policies – Must determine which policies will apply when they use a service – Choose among alternative ways of using a service October, 2008 SOA Symposium 6 3
  • 4. 22-10-2008 You may be a provider, a consumer or be in both roles You may be designing new expressions or new policy vocabularies The capabilities and limitations help in  Designing better contracts  Avoiding pitfalls in policy design October, 2008 SOA Symposium 8 4
  • 5. 22-10-2008 Two Prominent Players  WS-Policy  SCA Policy Framework October, 2008 SOA Symposium 9 WS-Policy Framework  Crucial component of a contract using Web Services  Expression syntax  Compositions with expressions  Help define where to use policies  Defines how to use with WSDL  Guidelines for Authoring Policies  Established set of specifications http://www.w3.org/2002/ws/policy/  Targets WS-*, for defining and using concrete policies  Focus in this talk October, 2008 SOA Symposium 10 5
  • 6. 22-10-2008 Basics of WS-Policy: Assertion  It is a QName <umit:speakEnglish> <umit:takesnotes>  Basic block in for a policy expression  Has specific semantics  Has specific schema  Define a behavior  Defined by a governance body, specification, a company, department...  May contain other assertions by nesting other assertions  Typically defined in a document + schema  Specifies where it can be used as a contract (in WSDL)  May specify related behaviors, compositional behavior October, 2008 SOA Symposium 11 Standardized Policy Assertions  WS-Addressing Metadata (w3c) http://www.w3.org/TR/ws-addr-metadata  WS-Security Policy 1.2 (OASIS) http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.2/ws- securitypolicy.html  WS-Reliable Exchange (OASIS) v1.1 and v1.2 http://docs.oasis-open.org/ws-rx/wsrmp/200702/wsrmp-1.1-spec-os-01-e1.html http://docs.oasis-open.org/ws-rx/wsrmp/200702  WS-Atomic Transaction (OASIS) http://docs.oasis-open.org/ws-tx/wstx-wsat-1.1-spec-errata-os/wstx-wsat-1.1-spec-errata- os.html Commonality:  Describe wire-level protocols  Target message exchanges with endpoints October, 2008 SOA Symposium 12 6
  • 7. 22-10-2008 Basics of WS-Policy: Policy Expressions  Operators for conjunctions (wsp:All) and disjunctions (wsp:ExactlyOne) <wsp:All> <umit:speakEnglish> <umit:takesnotes> </wsp:All> <wsp:ExactlyOne> <umit:speakEnglish/> <umit:speakGerman/> </wsp:ExactlyOne>  Are used to construct an expression using multiple assertions October, 2008 SOA Symposium 13 WS-Policy Policy Expressions Equivalence  Expressions can be composed or simplified with applying operators  Idempotent  Symmetic  Distributive (wsp:All over wsp:ExactlyOne)  Full Calculus: Chapter 10 October, 2008 SOA Symposium 14 7
  • 8. 22-10-2008 Policy Alternative  A set of policy assertions is an alternative  Example: Two alternatives <wsp:ExactlyOne> <wsp:All><umit:speakEnglish/></wsp:All> <wsp:All><umit:speakGerman/></wsp:All> </wsp:ExactlyOne> October, 2008 SOA Symposium 15 wsp:optional attribute  Shorthand for creating alternatives in an expression <umit:speakEnglish wsp:optional=“true”/>  Is equivalent to <wsp:ExactlyOne> <wsp:All><umit:speakEnglish/></wsp:All> <wsp:All/> </wsp:exactlyone>  Implies two alternatives, thus two different behaviors  an alternative where umit speaks English  an alternative where there are no behaviors implied  This is a pattern to indicate a capability supported but not required October, 2008 SOA Symposium 16 8
  • 9. 22-10-2008 Assertion Nesting  A relatively new concept for WS-Policy  A policy assertion may be nested in another assertion  Byincluding it in a policy expression as its child  Expression is created by wrapping with wsp:Policy element  Its semantics depend or qualify the parent assertion  Itis usually defined by governance body that specifies the parent assertion October, 2008 SOA Symposium 17 Example: WS-Addressing Metadata  wsam:Addressing  wsam:AnonymousResponses  wsam:NonAnonymousResponses  You can use one or the other child assertion, not both <wsam:Addressing> <wsp:Policy> <wsam:AnonymousResponses/> </wsp:Policy> </wsam:Addressing> October, 2008 SOA Symposium 18 9
  • 10. 22-10-2008 Parametric Assertions: An assertion with embedded content Compare with <wsp:Policy> <wsp:Policy> <umit:Speaks> <umit:Speaks> <umit:language>English <wsp:Policy> </umit:language> <umit:EnglishLanguage/> </wsp:Speaks> </wsp:Policy> </wsp:Policy> </umit:Speaks> </wsp:Policy> The content of a parametric assertion is NOT guaranteed to be understood by all frameworks!  More details in Chapter 16 October, 2008 SOA Symposium 19 Associating Policies with WSDL  Policy Subjects: Collective Attachment points in WSDL 1. Service (wsdl11:service or wsdl20:service element) 2. Endpoint (wsdl11:binding or wsdl20:binding wsdl11:port or wsdl20:endpoint elements, wsdl11:portType or wsdl20:interface element) 3. Operation (operation elements in binding, operation elements in wsdl11:portType or wsdl20:interface elements) 4. Message (wsdl11:message element or input|output|fault elements in operation elements)  4 different effective policies that may simultaneously apply October, 2008 SOA Symposium 20 10
  • 11. 22-10-2008 Assertions specify their attachment points Example: wsam:Addressing  Can be attached to wsdl11:binding/wsdl20:binding or wsdl11:port/wsdl20:endpoint elements  Can not be attached to wsdl11:portType or wsdl20:interface elements Discussion: Why can’t we put this assertions in the portType or interface? October, 2008 SOA Symposium 21 Some Points to Consider  The design of WSDL + 4 simultanous effective policies  Service Effective Policy governs all endpoints and protocols  Endpoint Effective Policy govern all messages for an endpoint  Policy for a portType or interface – must be applicable to all endpoints – must be abstract  Avoid attaching incompatible policies in a hierarchy  Avoid breaking the contract definition itself  Most standardized protocol assertions apply to Endpoint Policy Subject  Do not use them with portType or interface when not abstract October, 2008 SOA Symposium 22 11
  • 12. 22-10-2008 Attachment Patterns with WSDL  Inclusion patterns with WSDL: Insert policy expressions in attachment points directly as extensibility <binding> … <operation name=“simpleCommunicate”>...<input>… </operation> <wsp:Policy><wsam:Addressing/></wsp:Policy> <binding> October, 2008 SOA Symposium 23 Use partial centralization Define named policies in wsdl11:descriptions or wsdl20:definitions elements <wsdl20:definitions> … <wsp:Policy wsu:Id=“communicationsPolicy”/> <wsam:Addressing wsp:optional=“true”/> <myservice:LoggingEnabled/>… </wsp:Policy> </wsdl20:definitions>  Refer from attachment points <wsdl20:binding> … <wsdl20:operation name=“simpleCommunicate”>... </wsdl20:operation> <wsp:PolicyReference URI=“#communicationsPolicy/> </wsdl20:binding> October, 2008 SOA Symposium 24 12
  • 13. 22-10-2008 Policy Centralization Pattern  Decouple WSDLs from Policy Documents  Create (a) policy document(s) independent of WSDL  Use references to WSDL elements in the document to refer to attachment points  WSDL fragment identifiers (URIs) are used to refer where you want to attach  More details in Chapter 16 October, 2008 SOA Symposium 25 Comparison  Centralization decouples the contracts and assures reuse of WSDLs  Centralization allows evolution and change  Centralization require vendor specific solutions, repositories, independent management standards  Inclusion is easy for testing and standard  Be aware of what your toolkit supports October, 2008 SOA Symposium 26 13
  • 14. 22-10-2008 Why should you care as policy designers?  Design time policies ultimately affect runtime policies  Policies may be attached to different places in WSDL  Using a service is governed by endpoints/ports and the messages exchanged  Understanding “complete” policy that applies is necessary  A complex policy expression may be reduced to a simpler equivalent form  Compact form (written by users)  Normal form (utilized FOR runtime)  The rules of composition and rewriting ain’t that hard!  October, 2008 SOA Symposium 27 Three Amigos of Policy Expressions Help To Answer Which policies apply  Merging  Used to find the combined policy that will apply  Use wsp:All to combine different policy expressions  For finding the effective Policy  Normalization  Used to find distinct alternatives (choices) given an expression  Only one alternative will apply in a given situation  Create an expression with no nested alternatives  Essentially translates into disjunctive normal form  For finding the alternatives and determining which one ultimately applies  Intersection  Given two different normalized policy expressions, finds the common set of assertions  Compatibility of assertions is used to find the union of assertions that apply to both  For determining which alternative to use in an interaction October, 2008 SOA Symposium 28 14
  • 15. 22-10-2008 wsp:ignorable attribute  A behavior that is engaged by user of the assertion  Changes the way an intersection works with policies  Consumer interaction with service may not need to change due to policy  Consumers may decide not to use the service based on its presence  Implies single behavior <umit:TakesNotes wsp:ignorable=“true”/>  Ignorable and optional are not the same! October, 2008 SOA Symposium 29 More on Intersection  Regarded as guideline, not requirement toolkits  Can utilize lax or strict modes  Lax ignores the ignorable policy  Strict must consider the ignorable policy  Compatibility is based on QNames, not content  Parametric vs nested assertions play a role  Domain specific processing can change which assertions are compatible!  See Chapter 17 for more on the tree amigos October, 2008 SOA Symposium 30 15
  • 16. 22-10-2008 Service Provider: What is my overall policy in WSDL? Goal: Compute the policy for a message exchange Do:  Use Merge of the policies to obtain 4 effective policies  Normalize the effective policy  Make sure that runtime policy can be identified – Distinct alternatives may exist, only one will apply – Consumer should be able to use the alternative – Must be deterministic – If not, distinct ways of identification must be used – Use distinct ports or endpoints for each alternative – See chapter 16: Concurrent Policy Enabled Contract – No policy negotiation available with standards  Design time effects runtime !!! October, 2008 SOA Symposium 31 Service Consumer: How do I use the policy?  Problem: Can I use this service? If so, which of the policies can I use?  Determine to ignore or use providers ignorable policy (lax or strict intersection)  Compute an intersection with provider’s policy  If the intersection does yield zero alternatives, it fails  If multiple alternatives exist, choose one  Communicate with provider using the chosen policy  The determinism considerations apply here as there is no negotiation! October, 2008 SOA Symposium 32 16
  • 17. 22-10-2008 Define Your Own Assertion:  The Assertion document  Namespace  Semantics of the behavior – Protocol – Headers  XML Schema  Applicability  Roles – Both Parties: Protocol – Provider only  The interactions with others  Does it affect/contradict other assertions,  Guidelines in composition  The attachment points in a WSDL October, 2008 SOA Symposium 33 Existing Assertions  Protocol Specific  Enabling a Protocol or protocol capability (i.e. WS-Addressing)  May be a capability (with wsp:optional = “true”)  Most complicated is WS-Security Policy A good reference for security concerns Developer’s Guide to SAP NetWeaver Security http://www.sap-press.de/katalog/buecher/titel/gp/titelID-1656 October, 2008 SOA Symposium 34 17
  • 18. 22-10-2008 Gotchas  Parameterized Assertions  QName is used for compatibility testing, not XML contents <me:speak>English</me:speak> is compatible with <me:speak>German</me:speak> unless domain specific logic is applied  Policy calculus, transformation will need to be extended  Affects how you should define author your own policies  Avoid ambiguous runtime policy  Non-wire policies should utilize different endpoints  Do not assign protocol policies to abstract WSDL  Be Aware of Toolkit Limitations October, 2008 SOA Symposium 35 Emerging Policy Specification: SCA Policy Framework  Policy Framework for Service Component Architecture  An Emerging Specification in OASIS for SOA  Targets defining  Abstract policy vocabularies  Relationship of vocabularies to a set of policies  Independent of specific implementation mechanism of components and services (EJBs, WS, etc).  Addresses interactions and implementation policies  Concrete policies may materialize differently depending on deployment  Defers to WS-Policy or other policy languages for concrete realization October, 2008 SOA Symposium 36 18
  • 19. 22-10-2008 Conclusions  WS-Policy Framework is established  Contract designers should utilize guidelines and be aware of limitations  SCA Policy Framework is emerging  Thank You For Listening! October, 2008 SOA Symposium 37 Conclusion Ümit Yalçinalp SAP Research, Office of the CTO umit.yalcinalp@sap.com October, 2008 SOA Symposium 38 19