Convergence in Messaging Frameworks Pim van der Eijk
Managed public and private processes: B2B/G2G integration Enterprise Application Integration, Workflow Management Participation in e-business (e-Government) collaborations Public Process Rules Tier IBM Patterns for e-Business http://www-106.ibm.com/developerworks/patterns/
ebXML Technical and semantic interoperability Modular, cohesive set of standards developed from 1999 Open Standards (OASIS, ISO and UN/CEFACT) Initially over-hyped, now lacking visibility in the market place, despite some (very) large end user projects and increasing vendor support Advanced functionality for secure reliable messaging, choreographed business collaborations, partner agreements and management Focused on external integration (B2B, G2G) ISO 15000 standards since 2004
ebXML modules ebXML Messaging (ebMS) Secure, reliable business messaging Version 2, certified interoperable messaging since 2002 Version 3, OASIS standard since October 2007 Collaboration Protocol Agreements (CPA) Business service contract language Partner agreements, service profiles Business Process (ebBP) Choreography of service/action invocations Business Activity Monitoring (BAM) Registry Information Model and Services Core Components Information model for vocabularies and business documents
ebXML Messaging B2B application of Web and Internet standards: Leverages SOAP, MIME Attachments, HTTP bindings W3C XML Security and Encryption Generic Business Document Header Business Partners Services and Business Transaction Semantics ConversationId: Business Context Applicable “Business Contract” Payload information Reliable Message Delivery Once-and-Only message delivery Security W3C Digital Signature Payload Encryption
Public Sector Deployments of ebMS Norway, Social Security / Healthcare UK, Healthcare Netherlands Justice, Police, Youth protection OSB (“Government Service Bus”) ebMS profile Sweden, Public Procurement Hong Kong government
AS2 EDIINT EDIINT: EDI over the Internet Internet Engineering Task Force (IETF) “Applicability Statements” AS1: EDI using SMTP AS2: EDI using HTTP AS3: EDI using FTP Wal-Mart endorsement of AS2 in 2002: AS2 (RFC 4130) is now the de facto standard in electronic commerce AS2 also user-preferred protocol for new areas Data synchronization, tracking and tracing
How about public sector? G2G protocols OSCI “Online Service Computer Interface” German public sector standard SHS Swedish public sector standard, developed at Statskontoret (Swedish Agency for Public Management) eLINK EU Commission, IDA, November 2004 SuwiML transactiestandaard BKWI (Netherlands Social Security) eLink: http://ec.europa.eu/idabc/servlets/Doc?id=18685 OSCI http://www1.osci.de/sixcms/media.php/13/osci-specification_1_2_english.pdf SHS http://www.statskontoret.se/upload/804/shs-architecture.pdf SuwiML http://www.bkwi.nl/fileadmin/downloads/Suwinet/sgr/SuwiML_Transactiestandaard_v0200.pdf
Web Services, WS-* Core standards: Advanced functionality: SOAP, WSDL, UDDI Advanced functionality: Security: WS-Security, WS-Trust and WS-SecureConversation Reliability: WS-Reliability and WS-ReliableMessaging Transactionality: WS-Transactions WS-I interoperability profiles
Web Services Deployments Basic Web services profiles are widely used Denmark “RASP” WS-* profile France, PRESTO
Summary Today’s messaging environment is a mixed bag: Pre-Internet protocols EDIINT Simple XML over HTTP Government specific frameworks ebXML Messaging 2.0 Web Services variants Time for convergence? Requirements? SME(*) support, client-only endpoints Intermediaries Non-Repudiation of Receipt (NRR) Large message support (*) Including small-and-medium-size public sector agencies
ebXML Messaging 3.0 Web Services Convergence New features SOAP 1.1 or SOAP 1.2 SOAP with Attachments or MTOM WS-Security 1.0 or 1.1 WS-Reliability 1.1 or WS-ReliableMessaging 1.1 New features Message Pulling (client-only endpoints) Intermediaries Non-Repudiation of Receipt (NRR) Compression Compatible with WS-I profiles Basic Profile (BP), Basic Security Profile (BSP), Reliable Secure Profile (RSP)
ebMS3 - WS Protocol Convergence History of ebMS shows alignment with Web Services from the very beginning, with a large step toward convergence occurring with v3. Notice that in the period between v2 & v3, the SOAP stack has been standardized, the XML-based security mechanisms have been standardized and specialized for Web Services, and reliability functions have also reached (or are expected to any day now) OASIS Standard status. In the meantime, the WS-I has been developing profiles and testing tools to aid in ensuring easy interoperability of multiple implementations. The ebMS 3 message structure and protocol is fully compatible with the requirements of these profiles. SOAP 1.1 (May 2000) SOAP with Attachments (Dec 2000) SOAP 1.2 (Jun 2003) MTOM (Jan 2005) ebMS 1.0 (May 2001) ebMS 2.0 (Apr 2002) ebMS 3.0 (expected Aug 2007) XML Signature (Feb 2002) XML Encryption (Dec 2002) WS-Security 1.0 (Mar 2004) WS-Security 1.1 (Feb 2006) WS-Reliability 1.1 (Nov 2004) WS-ReliableMessaging (expected Jun 2007) BP 1.0 (First Final, Apr 2004) BP 1.1, SSP 1.0, AP 1.0 (First Final, Aug 2004) BP 1.2 (Board Approval Draft, Mar 2007) BSP 1.0 (Final, Mar 2007) BSP 1.1 (WG Approval Draft, Feb 2007) RSP 1.0 (in progress) Despite all these emergent standards, there is still a need to write a specification that composes them and adds the other functionality necessary for a complete XML-based messaging middleware that not only complies with current WS standards, but also provides the business- level messaging semantics and other advanced features that have always been central to ebXML Messaging. In the next few slides, we will describe some of the major new features that pertain to ebMS v3 only.
OASIS Standard Ballots in 2007, sorted descending by % positive votes ebXML Messaging Services version 3.0, Part 1, Core Features WS-BPEL (Business Process Execution Language) DSS (Digital Signature Services) WS-Trust WS-ReliableMessaging WS-SecureConversation WS-Transaction WS-Context Election Markup Language (EML) Content Assembly Mechanism (CAM) OpenDocument 1.1 WS-SecurityPolicy 1.2 SAML Metadata Extension for v2.0 and v.1.1 Darwin Information Typing Architecture (DITA) XML Localization Interchange File Format (XLIFF) 1.2
Requirement: client-only endpoints Assumption in early work on ebXML and Web Services: Message Sender = Client = “Active” Message Recipient = Server = “Passive” Assumes 24/7 available B2B server Assumes incoming connections through firewall Compare this to the email model: Recipient “actively” collects mail from server Email is stored on server while client is off-line Clients need not be on-line 24/7 No need to open firewall
ebMS 3.0 “Pull” mode Submit Message (for sending) PullRequest Signal “Pulling” V3 MSH 2 Pull Request Pull-Capable V3 MSH 1 Deliver Message 4 Pulled Message 3 Submit Message (for sending) Message queued for future pulling Sender application need not be “pull-aware” PullRequest Signal Generated by requesting MSH (not application) Targets a channel, secured/ authorized for the channel Pulled Message Pulled message sent over HTTP response (if HTTP) Sent Reliably (“Exactly-Once” delivery) 1 2 3
Requirement: Intermediaries Segmented (private) networks where point-to-point communication is not possible (routing) Store-and-forward and store-and-collect messaging Business added-value (message traceability, archival, timestamping) End-to-end reliability End-to-end security
Mixing intermediaries and “pull” “Push-then-push” store-and-forward or streaming Store-and-collect by mixing push and pull Also allow a “pushed” message to be “pulled” Compatible with business added-value services Pull Request 3 Submit Message 1 “Light” V3 MSH Pull-Capable Intermediary Deliver Message 5 Endpoint MSH 2 Pushed Message Pulled Message 4
Comparison: OSCI Intermediaries, Active Recipient
AS4: a B2B Web Services Profile New project aimed at: Creating the functional equivalent of AS2 by mapping those requirements onto the Web services platform. Entry-level on-ramp for Web services B2B messaging. Constrained profile for ebMS 3.0 and underlying WS-* standards, plus: Non-repudiation of receipt Large message support
Summary and Conclusion Today’s environment: A variety of messaging frameworks are in deployment WS-* provides increasing sophistication and standards in the lower-levels of the stack Some e-Government protocols have features not addressed in any current WS-* standard ebMS 3.0 provides: WS-* convergence Supports requirements for “active” (pulling) messaging and non-repudiation AS4 and intermediary profiles add support for interoperable transparent intermediaries, compression, NRR