Mixing the menu

 

Connecting state and local government leaders

If there were ever a technology that seemed tailored to the needs of government, it's service-oriented architecture. With thousands of disparate systems needing to share information across organizational boundaries'particularly homeland security information'SOA offers agencies an attractive shortcut to their data-sharing goals.

If there were ever a technology that seemed tailored to the needs of government, it's service-oriented architecture. With thousands of disparate systems needing to share information across organizational boundaries'particularly homeland security information'SOA offers agencies an attractive shortcut to their data-sharing goals.SOA is a method by which organizations can share the data within (and the business logic of) their applications with other applications, either within the same organization or across divisions, by publishing them as Web services. Because these services can use the same protocol used by Web applications (HTTP or Secure HTTP), they can also be configured for use behind the firewall or across firewalls.Because it uses a standard set of protocols, defined by organizations such as the Organization for the Advancement of Structured Information Standards (Oasis) and the Web Services Interoperability Organization (WS-I), SOA can be used to tie together the functionality and data from widely disparate applications. Agencies can use tools from a number of software companies to connect Web services to nearly any existing information system, including mainframe 'green-screen' applications. Market analysts at Gartner Inc. in Stamford, Conn., estimate that by 2008, 80 percent of all new software projects will be based on SOA.The Defense Department, through its Defense Information Systems Agency, has begun to move forward with a significant cross-service SOA, Net-Centric Enterprise Services. NCES is part of DOD's Global Information Grid effort, and will, as DISA describes it, 'empower the edge user to pull information from any available source, with minimal latency, to support the mission.''There are many different drivers in the federal government for SOA,' said Ian Bruce, director of marketing of Systinet Corp., an SOA management tools vendor whose products are being used in the NCES effort by integrator Merlin Technical Solutions Inc. of Greenwood Village, Colo. Systinet recently merged with Mercury Interactive Corp. of Mountain View, Calif.'The primary driver is information sharing,' Bruce said. 'After 9/11, there was a lot of introspection about what we could do better. With NCES' net-centric data strategy, we have the ability to make data visible [to everyone who needs it], and have everyone at the edge pull instead of having data pushed to a select few.'Fulfilling that goal requires the reliability, security and flexibility to connect to a wide range of data sources and clients. In many respects NCES is the perfect fit for an SOA.But regardless of your mission and your resources, SOA is not a silver bullet. While SOA does ease many integration issues, key standards that would speed its adoption within government'especially surrounding security'are still emerging.Although a general lack of consistent standards makes SOA interoperability less than automatic, the current generation of tools is breathing new life into applications that might otherwise have been roadblocks to an integrated enterprise architecture.'Over the last year, we've seen a lot of increased maturity in the standards,' Bruce said. 'There's been a lot less concern about [interoperability] today than there was a year or two ago. Now the issues are around lifecycle management and governance.'At the most basic level, an SOA consists of a set of Web services based on a standard protocol such as Simple Object Access Protocol or ebXML (Electronic Business using eXtensible Markup Language). These services are registered in a directory based on the Universal Description, Delivery and Integration standard that identifies the services and includes information on how to connect to the services using the Web Services Definition Language.In theory, an agency could publish an interface to one of its applications on a shared UDDI directory, and others could use the WSDL to connect their applications to that interface without having to know what operating system or environment the application was running in.But many SOA solutions go further, using business process logic, such as the Business Process Execution Language, to combine multiple Web services together behind a single interface. Software AG, Oracle and other vendors use BPEL to pull together collections of services into whole new services. In the case of Software AG's new Crossvision SOA suite, those orchestrated services can even be pulled into interactive Web applications based on the emerging Ajax development language.SOA suite vendors generally also provide tools to not only deploy these services, but manage their lifecycles. Beyond just serving up information on what services are available, these software tools ensure that service providers don't make changes to underlying services that break the applications that 'consume' the services.But although there are plenty of standards to help guide the creation of Web services, there's a lot of work to be done in the way of interoperability between the products of 'standard-compliant' vendors. While the standards coming out of groups such as WS-I and Oasis are certainly more mature than they were a few years ago, progress on many of the standards is slow.'I will concede that it is taking longer than I might like to drive the specifications through the standards process,' said Chris Ferris, chairman of the WS-I Basic Working group (and a senior IBM technical staffer), in a recent blog posting. Ferris was responding to comments about the poor interoperability of some Web services implementations.'However,' Ferris continued, 'the reality is that standards take time to mature and vendors rarely implement until the standard is established...and the market pressures are brought to bear.'One of the weakest links in those standards is security. While a number of vendors have implemented Oasis and WS-I's WS-Security standards, those implementations aren't necessarily interoperable'or even secure, for that matter.'Most Web services implementations are inside the firewall,' said Jeremy Epstein, senior director of product security for WebMethods Inc. of Fairfax, Va. 'And people are incorrectly assuming that they're safe'even though we know, statistically, that most attacks on services come from inside the firewall.'And for outside the firewall, people are saying, 'I'll encrypt with SSL and only deal with trusted partners,' ' Epstein said. 'That's something of a sticking-head-in-the-sand approach. If a partner gets compromised, you're compromised as well.'Even when Web services are running 'securely' with a WS-Security-compliant system, current SOA standards aren't designed to handle things like multilevel security. The WS-Security Exchange working group is currently discussing ways to implement Security Assertion Markup Language as part of that emerging standard, but for now security still needs to be managed at the application level on both ends, or through some other hardware or software product.So far, few SOA integration products have received security certification themselves. WebMethods' Fabric 6.5 was the first, earning a Common Criteria EAL2 certification from the National Information Assurance Partnership. WebMethods uses Entrust's FIPS-140-2-certified cryptography for its SSL and S/MIME encrypted messaging.One security solution that many SOA vendors and integrators are turning to is a secure application gateway for Web services, also known as Web services firewalls. Last fall IBM acquired one of the leading vendors of those gateways, DataPower Technology Inc. of Cambridge, Mass. DataPower's SOA appliances are hardware-based products that filter, route and encrypt Web services messages.Reactivity Inc. of Belmont, Calif., and Vordel Ltd. of Dublin, Ireland, also offer SOA security appliances, which can be deployed in front of Web services hosts and clients to enforce security of message traffic.And Software AG has partnered with Forum Systems Inc. of Sandy, Utah, another major SOA gateway provider, to package its firewall with Software AG's SOA tools. Forum offers a mix of software-based and appliance-based products. Its Sentry product is a hardware-software combination designed to add WS-Security to Web services without having to modify applications.Software AG's Crossvision software itself is aimed primarily at addressing another weakness of Web services and SOA: the issue of managing services once they're deployed, both in terms of maintaining service levels to consumers and managing changes that could break consuming applications. SOA offerings from WebMethods, Tibco Software Inc. of Palo Alto, Calif., Systinet, IBM and Oracle, also place a premium on Web services management.Because different Web services implementations often vary in terms of which WS-I specifications they've implemented, multiple versions of a Web service must often be deployed to account for the differences. And organizations must track the interdependencies of various Web service consumers. 'If you don't have that, you may not know who the users are, what they're doing to it, and what will break if a Web service changes,' said Systinet's Bruce.At this point in the evolution of SOA, broken Web services may simply be a fact of life. But as the tools get better and agencies gain more experience deploying services, they'll change the way groups share data and resources'for the better.








Data as driver



















Lifecycle management









The weakest link











The Web services gateway











X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.