SOA Best Practices

From AMWA

Contents 1 Introduction 2 Business-related Best Practices 2.1 Fundamental Business Precepts 2.1.1 Keep messaging networks separate from networks that move video and audio 2.2 SOA Goals 2.2.1 Business Agility 2.2.2 Eliminate Silos 2.2.3 Bridge Business and IT 2.2.4 Reusability 2.2.5 Loose coupling 2.2.6 Composability 2.3 Service identification 2.3.1 Decomposition techniques 2.3.2 Decomposition approaches 2.3.3 Names of services, operations and messages 2.3.4 Service Litmus Test 2.3.5 Interface and semantics 2.3.6 Policies 2.3.7 Security 2.4 Service Governance 2.5 Modeling/Documentation 3 Technology- and standards-related Best Practices 3.1 Service Description 3.2 Service Semantics 3.3 Service Discovery 3.4 Service Interactions - MEPs (Message Exchange Patterns) 3.5 Business Processes / Composite Services 3.6 Business Rules 3.7 Adapter/Bus approaches 3.8 Policies / Contracts 3.9 Security 3.10 Transactions 3.11 Data Model 3.12 Service Management 3.13 User interface 3.14 I18N and L10N 3.15 Modeling/Documentation

Introduction

The document is organized along some major SOA concepts and themes that relate both to the business aspects of SOA and to its enablement via existing technologies and standards. Even though these concepts and themes are generic to various industries, the expectation is that this document will focus only on examples, use cases, practices and technologies that specifically relate to the M&E industry.

This document will initially address only one particular focus area within the M&E industry, as identified by the AMWA Group. As other areas of interest get identified by the Group in the future, it might be decided that different Best Practices documents are needed for those different areas. In that case, this original single document might get subdivided by:

Industries (broadcast networks vs. cable networks vs. film industry) Targeted users (consumer vs. professional) Functional areas (production, asset management, post-production, distribution) Business scope (intra-department vs. intra-company vs. cross-company) Geographic scope (domestic vs. international)

Text in italics provides directions for completing a particular item in the document

Business-related Best Practices

Fundamental Business Precepts

Keep messaging networks separate from networks that move video and audio

It is critical that messages be sent over a separate network from the network that moves video. There are several reasons for this. First, the characteristics of messages are fundamentally different from the characteristics of video files. Messages are usually one to several packets long - video files are transmitted over millions (billions?) of packets. Because messages are relatively light-weight, they do not require special networking architecture. Depending upon the facility, it may be the case that a separate video network is built from very high-speed, highly managed networking components with limited connectivity to the outside world. For this reason, if you combine messaging on the same network as video transfer, you may have limited visibility of those messages to the broader organization, and this is contrary to the fundamental goals of SOA to support the business process. Second, if you use a single network and the network becomes congested, messages could be discarded as a result of fundamental behaviours of queues in routers. This would be a Bad Thing. Third, it is not uncommon to encounter different security policies on video files transferred across a network compared to security policies which are applied to business networks.

SOA Goals

Business Agility

• Typical examples of situations requiring business agility.
• Major obstacles encountered in achieving agility.
• Areas of prioritization.

Eliminate Silos

• Typical examples of silos, both at the product level and the application level, specifying functionality and data not made accessible and being duplicated.
• Best approaches to breaking existing silos: wrapping, componentizing, rewriting, etc.

Bridge Business and IT

• Areas where the separation between business and IT is most severe.
• Examples of different approaches, tools and languages adopted in the two domains.
• Different approaches and tools to bridge the gap.

Reusability

• Areas providing best opportunities of reuse.
• Reusability within the same domain vs. reusability across domains.

Loose coupling

• Examples of loose coupling enabling reusability and business agility.
• Which coupling dimensions are more critical: platform, time, location, state, etc.

Composability

• Identify various levels of abstraction.
• Provide examples of services at a particular layer which are composed from services from a lower layer.
• Dividing line between business processes and business services.
• Dividing line between business services and infrastructure services.
• Identify “atomic” services.
• Role of business rules

Service identification

Decomposition techniques

• Domain decomposition
• Existing systems analysis
• Goals-Services Graph

Decomposition approaches

• Top-down
• Bottom-up
• Middle-out

Names of services, operations and messages

References to existing nomenclatures

Service Litmus Test

• Goals alignment - see Goals section above
• Granularity of services and messages
• Trade-offs between granularity and reusability
• Functional coherence
• Chattiness

Interface and semantics

• Identify best ways to describe service interface and semantics.

When a time critical operation is being defined (e.g. "start recording"), it is recommended that such logical operation actually consist of two separate actual operation (e.g. "get ready to record", shortly followed by "record now"). Because of issues like latency and difficulty in guaranteeing that service requester and provider are set exactly on the same time, this approach is more accurate than the one where only one operation is used to achieve the desired effect.

• Message-oriented vs. RPC style.
• Avoid leakage of implementation details.
• Service should evolve without breaking existing contracts (as much as possible)

Policies

Which server policies are most relevant: performance (real-time or not), security, reliability, availability, scalability, etc.

Security

• Identity (authentication)
• Authority (authorization)
• Confidentiality (encryption)
• Integrity (certificates)
• Non-repudiation

Service Governance

• Design principles
• Preferred design patterns
• Application-factoring rules
• Naming conventions
• Metadata requirements
• Documentation
• Preferred products
• Product selection guidelines
• Preferred domain standards
• Preferred industry standards
• Methods for dealing with regulatory requirements
• Methods for assessing security risks
• Methods for implementing security based on risk factor
• Methods for ensuring reliability and transaction integrity
• Service testing
• New service deployment and staging
• Service registration
• Service classification
• Service provisioning
• Service configuration
• Service monitoring
• Client provisioning
• Service modification
• Service versioning
• Impact analysis
• Service level agreement (SLA) compliance tracking
• Error tracking and resolution

Modeling/Documentation

• Informal
• BPMN
• UML
• State transition diagrams
• Taxonomy of services and processes

Technology- and standards-related Best Practices

Service Description

• WSDL (1.1, 2.0)
• Process model (Abstract BPEL 2.0)

• Static location (WSDL service address)
• Dynamic location (routing, discovery, WS-Addressing)

• Versioning

Service Semantics

• Natural language documentation
• WSDL comments
• Taxonomy terms
• Ontologies (RDF/OWL)
• Semantics Annotations for WSDL (http://www.w3.org/2002/ws/sawsdl/)

Service Discovery

• Registry/Repository (UDDI 3.0, UDDI+extensions, reg/rep)
• Design-time vs. run-time - yellow pages vs. white pages
• Dynamic search (WS-MetadataExchange - http://www-128.ibm.com/developerworks/library/specification/ws-mex/)
• Notification

Service Interactions - MEPs (Message Exchange Patterns)

• Point-to-point one-way
• Point-to-point request-response
• Broadcast
• Publish/Subscribe, brokered or not (JMS, MSMQ)
• Event-based (WS-Eventing)

• RPC-style messaging (SOAP 1.2)
• Document-based messaging (SOAP 1.2)
• Resource-oriented messaging (REST)

• Message schemas/vocabularies/formats (XML Schema)
• Message semantics

• Header information vs. body information

• Synchronous messaging
• Asynchronous messaging, correlation handling (WS-Addressing)
• Business-level correlation IDs vs. system-level correlation IDs
• Polling
• Store-and-forward

• Message reliability (WS-ReliableMessaging, JMS Transport)

• HTTP transport
• JMS transport
• RMI transport
• No transport (e.g. direct Java to Java)

• In-band data transfers
• Message attachments (SOAP 1.2 MTOM/XOP)
• Out-of-band data transfers (FTP, proprietary)

• Essence transfer vs. metadata transfer

Business Processes / Composite Services

• Composition
• Orchestration (BPEL 2.0, Java)
• Choreography (WS-CDL)
• Human workflow (BPEL4people)

• BPMN diagrams
• UML Activity Diagrams
• Proprietary diagrams (e.g. IBM Process Modeler diagrams, IBM WID Process Editor diagrams)

Business Rules

• Code-based
• Business rules engine (RuleML, Rule Interchange Format)

Adapter/Bus approaches

• Canonical format/protocol approach (adapters)
• One-to-one transformations (ESB)

• Routing (static/dynamic)
• Failover
• Load balancing

• Mediations (transcoding, data/media validation/transformation/enrichment, protocol conversion, logging, authentication, authorization, etc.)

Policies / Contracts

• WS-Policy
• WS-SecurityPolicy

Security

• Point-to-point (SSL)
• End-to-end (WS-Security, WS-SX)

Transactions

• Atomic (WS-TX AT)
• Long running (failure management, manual compensation, WS-TX BA)

Data Model

• ETL (Extract, transform and load)
• EII (Enterprise Information Integration)
• MDM (Master data management)

• Data-on-the-inside vs. data-on-the-outside

Service Management

• Configuration Management
• Accounting Management
• Performance Management
• Security Management

• Monitoring

• Life cycle

• Versioning

User interface

• Client application - thick client
• Forms client (XForms)
• Browser client / Ajax
• Portal

• Portal server (portlets, WSRP)

I18N and L10N

• W3C Internationalization Web Services Task Force (at http://www.w3.org/International/ws/ and http://www.w3.org/TR/ws-i18n/)
• OASIS Translation Web Services TC (at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=trans-ws)
• OASIS XML Localization Interchange File Format (XLIFF) TC (at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xliff)

Modeling/Documentation

• Informal
• WSDL, Abstract BPEL, WS-CDL
• BPMN
• UML
• SCA