jim farmer, ja-sig collaborative 7 november 2002, tokyo japan education and research conference open...
TRANSCRIPT
Jim Farmer, JA-SIG Collaborative7 November 2002, Tokyo
Japan Education and Research Conference
Open Standards, The Next Wave
JER
C 2
00
2Permission to reproduce
Copyright ©2002 instructional media + magic, inc. All rights reserved.
This digital document may be reproduced and distributed to others provided that the above copyright notice and this paragraph are included in all such copies. This content itself may not be modified in any way. The limited permissions granted above are perpetual and will not be revoked by the author, or successors or assigns.
Standard permission incorporated into im+m presentations and documents.
JER
C 2
00
2Waves of Change
• 1981 – The IBM Personal Computer Standard hardware components
• 1981 – TCP/IP Protocols published Internet(1982 Sun Microsystems founded)
• 1993 – Mosaic browser, University of Illinois World Wide Web
JER
C 2
00
2The Web Services wave
• 1998 – XML specification Tagged data(1986 – ISO SGML specification)
• 1999 – SOAP data transport”Web Services” business messaging
JER
C 2
00
2Generations of systems
• Standalone applications Where we have been
• Enterprise systems (with portals) Where we are
• Distributed systems (with Web Services)Where we are going
Mark Resmer, Chief Technology Officer, eCollegeUniversity of California Education Technology
Standards Workshop, July 30, 2002
JER
C 2
00
2Successful technology
• Simple, limited capability• High benefit to cost• Leadership to “cross the chasm” to
widespread implementation• Persistence to maturity and industry
acceptance—years of effort______________________
1996 – Java Language Specification, first edition
JER
C 2
00
2Web services defined
“Web services are a set of standards for how systems connect to each other, and communicate information. It’s an extension of a distributed computing framework, which provides an open standard that most software vendors support.”
Chandra VekatapathMarket Manager, Web Services, IBM Corporation,
TheBusiness Integrator, Second Quarter 2002, pp. 5-11
JER
C 2
00
2Web services as standards
Tagged data XML
Data communications TCP/IP
Data transport SOAP
Discovery WSDL
Directory UDDI
Remote portal WSRP, JSR 168
Content feed RDF-based RSS
JER
C 2
00
2Why XML and SOAP?
“[XML and SOAP] will become a widely implemented ‘standard’ because they are simple.”
Barry WalshUniversity of Indiana
at the FSA CIO Update ConferenceArlington, Virginia May 8, 2002
JER
C 2
00
2XML “family”
• XHTML• XLink, XPath, XPointer• XForms• XSL, XSLT• XML Signature, XML Encryption, XML
Key Management• XML Query• XML Schema• RDF Metadata
JER
C 2
00
2SOAP data transport supports...
• Real-time data transport • HTTP or HTTPS• TCP or UDP using Microsoft’s proposed
WS-Routing• Batch data exchange
• FTP or Secure FTP• E-mail data exchange
• SMTPSee Jonathan Chawke,
“Making Apache SOAP Invocations using SMTP,”Apache Foundation, 9 March 2001
JER
C 2
00
2The market perspective
“Portals and Web Services are single greatest advance in terms of how we deploy technology and use it—that’s the rationalization behind the enormous interest in portals.”
Tom Koulopoulos, President, Delphi GroupApplication Development Trends: October, 2002
JER
C 2
00
2Web Services benefit
“The promise of Web services lies in its ability to resolve the differences among shared, networked applications. Applications from different vendors, of various vintages, written in different languages, running on disparate platforms, easily communicate and cooperate, resolving their differences to act in concert.”
Carl Jacobsen, University of Delaware EDUCAUSE Review March/April 2002
JER
C 2
00
2Components architecture
“Software has become so big that no company can do everything alone anymore.” “… the industry must adopt standards that would enable a variety of different software vendors to provide the parts needed to quickly build a sophisticated software system.”
Hasso Plattner, CEO SAP AG at the JavaOne Conference in San Francisco, March 2002, as reported by Reuters,
“Software's future is in components, SAP chief says,” March 27, 2002
JER
C 2
00
2The business case
Originally, the exchange of data with others.Now, integration between disparate application, disparate computer systems, disparate operating systems, disparate programming languages—the Enterprise Application Integration EAI bus.
___________________________________________
”Getting access to stove-piped data is the primary reason for implementing Web services.”
Uttam NasrsuGIGA Information Group
At the FSA CIO Update ConferenceArlington, Virginia, May 8, 2002
JER
C 2
00
2Value of Web services technology
Open standards Web service projects are taking one-fourth the time and costing one-fifth comparable projects using traditional technology. Performance is 2 to 10 times better than expected.• HFC Bank - IFX credit card application using XML,
SOAP and XSLT• Deutsche Bank Bauspar - FixML security
transaction integration using XML messages and XSL transformations
• Hypo Vereinsbank - Integration
Based on presentations at the XSLT [Invitational] Conference
Oxford, University, April 8-9, 2001
JER
C 2
00
2Web Services implemented
Converge Magazine Portal Symposium Oct 2002
Web Services: How does it do it?Web Services: How does it do it?
Loosely coupled – “forgiving” interfaces rather than traditionally strict integration requirement of our legacy systems, including our “new” legacy systems
Self-describing and self-announcing: all specifications related to the use and behavior of a service are part of the service itself
Applications may invoke remote processes or applications as if they were a part of the invoking application
Specific technologies to: build, publish,and relate business and learning components across the network
Barry Walsh, University of Indiana
JER
C 2
00
2Emerging strategy
• Java for applications, enterprise infrastructure
• “Web Services” for integration• Mixed environment• Between enterprises
JER
C 2
00
2
Aut
hent
icat
ion
Ser
vice
Aut
hori
zati
on S
ervi
ce
ER
P
Lib
rary
Lea
rnin
g M
anag
emen
t
Decomposition of legacy systems
Common Solutions Group, September 19, 2002
JER
C 2
00
2Reconstructed legacy
systems
Aut
hent
icat
ion
Ser
vice
Aut
hori
zati
on S
ervi
ce
ER
P
Lib
rary
Lea
rnin
g M
anag
emen
t
Common Solutions Group, September 19, 2002
JER
C 2
00
2Emerging practices
Standard Use Plan Wait
XMLSOAPWSDLUDDI
WS-SecurityWS-RoutingWS-ReferralWS-Attachments
JER
C 2
00
2Java and “Web Services”
Java“Web
Services”Functionality Rich Limited
Scope of use Enterprise In and between enterprises
Market acceptance
Divided Industry as acompromise
Support of “Web Services”
Complete Depends on software supplier
JER
C 2
00
2Web Services security
“Until we get key distribution and management schemes that people can understand and use, Web services security is speeding toward a brick wall.”
Jon Udell, “Dueling toolkits: Microsoft vs. IBM, InfoWorld, Sep 9, 200, Issue 36
JER
C 2
00
2The facets of security
• Confidentiality – communicated in secret
• Integrity – unaltered, genuine• Anonymity – having a name or
identity that is unknown or concealed.
• Non-repudiation – validity of identification of the parties and the date and time of the message, and integrity of the contents
JER
C 2
00
2Certificate Validation: XKMS• The X-KISS specification defines a protocol for a
Trust service that resolves public key information contained in XML-SIG elements. … The underlying PKI may be based upon … X.509/PKIX, SPKI or PGP.
• The X-KRSS specification defines a protocol for a web service that accepts registration of public key information.
• Both protocols are defined in terms of • XML Schema Language• (SOAP) v1.1• Web Services Definition Language v1.0 [WSDL].
XML Key Management Specification (XKMS 2.0), W3C Working Draft, March 18, 2002.
JER
C 2
00
2And now SAML
Security Assertion Markup LanguageThe set of specifications describing security assertions that are encoded in XML, profiles for attaching the assertions to various protocols and frameworks, the request/response protocol used to obtain the assertions, and bindings of this protocol to various transfer protocols (for example, SOAP and HTTP).
Security Services Technical Committee, Glossary for the OASIS Security Assertion Markup Language
(SAML), Draft, January 10, 2002
JER
C 2
00
2Industry content standards
Industry Standards
Financial ServicesFinancial Reporting
ebXML compliant IFXXBRL
Student loansFinancial aid
CommonLine XMLCommon Record
Human Resources HR-XML
Academic Records PESC and CaliforniaCommunity Colleges
Library (In discussion)
JER
C 2
00
2Process content standards
SAMLXACML
Security AssertionsSecurity Access Control
WSUIPresentation
WSRPRemote Portlet
WSFL and WfMLWork flow
StandardFunction
JER
C 2
00
2“Best of Breed” strategy
“With Web services, best of breed becomes more feasible.”“Web services will make best of breed more cost effective.”
Rick Bergquist, CTO of PeopleSoftas quoted by Heather Harreld and Mark Jones in “Chasing suite success,” InfoWorld, Nr. 24, June
17, 2002.
JA-SIG CollaborativeWill it make a difference?
JER
C 2
00
2JA-SIG
• Java In AdministrationSpecial Interest Group• www.jasig.org
• Conferences biannually• Clearing house
• https://www.mis4.udel.edu/JasigCH/
• Collaborative projects
JER
C 2
00
2JA-SIG goals
• uPortal will support open standards applications
• JA-SIG channels (portlets) will run in open standards portals
• Content is transferable between application systems, especially learning objects and digital library holdings
JER
C 2
00
2uPortal with Tree / Column
JER
C 2
00
2Portal with RSS channels
JER
C 2
00
2uPortal with eTranscript
JER
C 2
00
2University of Nagoya uPortal
JER
C 2
00
2JA-SIG’s uPortal and Web Services
• XML-based• Separate data from representation
Use XSL transformations
• Support authentication and authorization API (MIT’s OKI +)• Kerberos, SAML, Liberty, Shibboleth? PKI?
• Distributed content management• Remote channel (portlet)
• WSRP, JSR 168
• SOAP/WS-Security/SAML channels• University to government student loans• California community colleges eTranscript
JER
C 2
00
2JA-SIG uPortal installations
JA-SIG uPortal SitesPreliminary survey Oct 2002
0
10
20
30
40
Production Development Evaluation
Num
ber
of I
nsta
llatio
ns
JER
C 2
00
2JA-SIG uPortal installations
Location of uPortal InstallationsPreliminary survey October 2002
0 10 20 30 40 50 60 70
United States
Canada
United Kingdom
Australia
Sweden
Japan
Hong Kong
Number of Installations
JER
C 2
00
2JA-SIG uPortal installations
JA-SIG uPortal InstallationsPreliminary survey October 2002
0 20 40 60 80 100
Primary
Secondary
Postsecondary
Commercial
Government
Number of Installations
JER
C 2
00
2Gleason’s “Transitive Trust”
SAML Assertions
JER
C 2
00
2Authentication and authorization
Access Provider Data Provider
Login & Password
TLSAuthentication
SAML Assertion
College Target
ebXML Security Profile 3
Non-persistent confidentiality and non-persistent authentication
JER
C 2
00
2Why not open standards?
• Investment in change• Risk of error in standard selection
• Unavailability of needed business functionality
JER
C 2
00
2Why open standards?
• Preserves future options; choices of software tools
• Sharply reduces software maintenance
• Leads to commodity pricing• Facilitates data exchanges with
others• Lowers training costs
JER
C 2
00
2Early adopters are now …
• Implementing open-standards infrastructure
• Integrating legacy and new applications only using Web Services technology
• Requiring or giving preference to new applications that comply with standards
• Encouraging current software suppliers to produce Web Services enabled applications
• Supporting the development of standards
JER
C 2
00
2Observations
Successful portal/Web Services implementations typically have:• Top level commitment to simultaneously
reduce unit cost of administration and improve on-line services.
• CIO sharply aligned with business objectives.
• Re-engineered business processes.• IT staff retrained in the new technologies.
Based on presentations by the Universities of British Columbia
and Nottingham, and comments about Linkoping University reported from the June 27-28, 2002
Swedish Higher Education Portals Conference at Portals 2002, Nottingham, United Kingdom, July 1, 2002
The end
JER
C 2
00
2
JER
C 2
00
2
JER
C 2
00
2
JER
C 2
00
2