Service Oriented Architecture for Net Centric Operations based on Open Source Technology Sanjiva Weerawarana, Ph.D. Founder, Chairman & CEO, WSO2 Founder, Director & Chief Scientist, Lanka Software Foundation Member, Apache Software Foundation Emeritus Board Member, Open Source Initiative Visiting Lecturer, Univ. of Moratuwa, Sri Lanka IONS Technical Seminar. May 21, 2009. Colombo, Sri Lanka.
About me IBM Research from 1997 to 2005 Co authored most of the key Web services specifications WSDL, WS Eventing, BPEL4WS,... Contributor to Apache Web services Contributor to Apache SOAP, Apache Axis, Apache Axis2, Apache WSIF, Apache Neethi, Apache Axiom,... Member of Apache Software Foundation Founder & Chief Scientist, Lanka Software Foundation (Emeritus) Board Member of Open Source Initiative Founder, Chairman & CEO of WSO2 Open source SOA platform company Page 2
Agenda SOA & its implications Open source and its implications Open standards Interoperability framework for net centric operations US DoD SOA activities Open source SOA for defence applications Summary Page 3
What is SOA? An approach for building large scale systems where functionality is bundled as interoperable services Details of how the service is implemented are not important Consumer operates against a service contract that defines the business interface and qualities of service Services interact with each other by sending messages in an interoperable standard Service metadata is often registered for easy discovery and governance Page 4
SOA? Page 5
Typical business SOA picture Page 6
SOA in Sri Lanka government: LankaGate Citizens Businesses Visitors Government Open Standards Multiple Access Channels (eg. Web, Mobile, Email, etc.) Other Applications Sri Lanka Country Portal SOA Architecture CMS portlet GIC portlet e Gov Service 1 portlet e Gov Service m portlet Other portlets Lanka Interoperability Exchange Enabling Web 2.0 Concepts Identity Mgt. Services Directory Mobile Payment Gateway Service 1 (eg. e RL) Service n Services Providers Page 7
Advantages of SOA Localized management of information and data (Think of object orientation taken to the next level) Decentralized deployment Owner of information runs the service that exposes the data 100% securable Complete security platform available Total focus on interoperability While maintaining proper authentication & authorization Open ended, decentralized customization and localization Scalable for a single country or a coalition Page 8
Open source Open source fundamentally about source code being available Under license terms that allow you to improve & redistribute Collaborative development paradigm Enabled by the Internet Does not necessarily mean free of charge Support often costs money Free software vs. open source software Free & open source software (FOSS) Page 9
Advantages of FOSS Freedom to innovate Try before you buy Lower cost of entry Better security Page 10
FOSS software? Anything! Everything from server/desktop/embedded system operating systems to all middleware to desktop apps to enterprise apps Very often FOSS builds on other FOSS Standing on the shoulders of giants Culture of easy license compatible dependency taking EVERY software vendor now has FOSS in some form, inside or shipping No longer a niche concept Page 11
FOSS & SOA You can't buy SOA, you have to build it Closed source SOA products are complex, non agile and expensive Deployment of SOA always requires a lot of customization Especially in military context, does not provide the framework for the military organization to take control of the software Build local skill and knowledge and reduce external dependency Opportunity to fork Page 12
Open standards Standards are critical for interoperability Open standard means has wide adoption and support Critical for long term data protection Critical for interoperability between friendly nations Page 13
Interoperability framework vs. architecture framework for net centric operations Traditional thinking on building large scale systems is to have an architecture framework Does not provide sufficient room for innovation within local contexts Local can range from national level to different military branches to different parts of a single organization Key criteria is interoperability Documented data standards Use of interoperable message protocols and standards Use of interoperable security protocols and standards Opportunity to share code across units, branches, nations Page 14
SOA in an SOA (in an SOA...) MoD MoD Common Services Navy Page 15
Security in SOA SOA technology platform provides complete security story Message level security Scalable authentication Fine grained authorization Audit / Non repudiation Even enemies can share the same technology platform and use policy driven security to ensure proper access and protection End to end security is now possible Page 16
US DoD SOA activities DoD Net Centric Enterprise Services (NCES) Common services for the DoD SOA platform SOA Symposium in Washington, DC in March 500+ attendees from all branches of military CIOs, senior IT officers Focused on education of SOA concepts Very large complex problem for US DoD 3.5m people in organization Incredible amount of legacy to deal with Complex procurement processes that are inherently designed around enterprise systems (Which have repeatedly proven to not deliver on time or on budget!) Page 17
Forge.mil US DoD effort to start an open source community around their requirements (initiated in 2009) Sharing code, data standards, protocols, documents: Enable cross program sharing of software, system components, and services Promote early and continuous collaboration among all stakeholder (e.g., developers, material providers, testers, operators, and users) throughout the development life cycle Rapidly deliver effective and efficient development and test capabilities for DoD technology development efforts Help protect the operational environment from potentially harmful systems and services Encourage modularity so that large programs to be developed, fielded, and operated as a set of independent components that can evolve and mature at their own rates Eliminate duplicative testing and improve dependability by adopting common test and evaluation criteria supported by standard testing tools and methods SoftwareForge now operational Meant for US military use primarily Page 18
FOSS for defence Software is underpinning everything from weapons systems to vessels to operational aspects Depending on external software technology providers only is a huge national security risk Exposes one to external threats FOSS allows one to not only consume, but also PRODUCE software assets Which can become currency in global relationship management On a grander national scale, help develop local IT expertise and industry E.g.: US DoD has been catalyst for much innovation Opportunity to leapfrog! Page 19
Recommendations Each country DoD needs to set up their own SOA platform Using FOSS products to give maximum flexibility Each country needs to set up its own equivalent of Forge.mil Set up shared registry of data standards E.g.: Definitions of various types of vessels and their characteristics (Not mandatory to use, but enable serendipitous reuse when possible) Set up shared data centers using (FOSS) cloud computing technology for use within branches of the military as well as across Make military software technology a strategic weapon for the country & allies Page 20
Summary Service Oriented Architectures (SOA) is now the accepted approach for building very large scale systems that actually work SOA enables scalable, strategic sharing of information in net centric operations Free & Open Source Software (FOSS) provides a superb platform for building SOA solutions FOSS provides intrinsic strategic advantages to the country It can be done local expertise is already there in every country Look for it, enable it, sponsor it, nurture it Page 21