Achieving Sustainable Business Benefits with Open eBusiness Standards Patrick Gannon President & CEO Patrick Gannon President & CEO Best Practices in Standards Setting Cambridge, MA 11 March 2005
Patrick J. Gannon n OASIS – C.E.O., President, Board Director (2001+) n UNECE – Chair, Team of Specialists for Internet Enterprise Development ( ) n BEA Systems – Sr. VP Strategic Marketing n Netfish Technologies – VP Industry Marketing n Open Buying on the Internet (OBI) – Executive Director n RosettaNet – First Project Leader (1998) n CommerceNet – VP Strategic Programs l XML eCommerce Evangelist ( ) l Interoperable Catalog WG ( ) n PIDX, CIAG, PVF Roundtable, CIMIS ( )
n Vision for Service Oriented Architecture n Business Benefits from Open Standards n Who is OASIS n Why Companies Participate Achieving Sustainable Business Benefits
Vision for Future Global eBusiness built on a Service Oriented Architecture
The Dawn of a New Era Built on Service Oriented Architecture
Vision of a Service-Oriented Architecture n A place where services are ubiquitous and organically integrated into the way we think and work. n A place where both users and providers of information interact through a common focus on services. n A world where technology is implemented within industry frameworks that operate on a global scale, enabled by open, interoperable standards.
A Common Web Service Framework Is Essential n To provide a sustainable foundation, n That will allow end-user companies to achieve the payback they require, n To invest widely in the service-oriented architecture.
Achieving Sustainable Business Benefits through a Open Standards for Web Services In this post-dot-com era, end user companies are expecting more liquidity and longevity of their assets. To achieve the ROI, Cost Reduction and Service Expansion benefits expected; the widespread deployment of standards-based Web services is essential.
Fundamental Issues that Must Be Addressed A common framework for Web service interactions based on open standards must occur. An agreed set of vocabularies and interactions for specific industries or common functions must be adopted.
Business Benefits from Open Standards
Why do standards matter? ROI for e-commerce n Normalizing data, processes and users costs time and money n ROI can come from operational savings and outweigh the costs, if those savings are stable and persistent n This requires l Stable versioning l Reliable, fixed terms of availability (some protection against withdrawal or embrace-and extend) l INTEROPERABLE standards l CONVERGING standards
What is an Open Standard? An open standard is: n publicly available in stable, persistent versions n developed and approved under a published, transparent process n open to public input: public comments, public archives, no NDAs n subject to explicit, disclosed IPR terms n See the US, EU, WTO governmental & treaty definitions of “standards” Anything else is proprietary:
Delphi Group Research on the Value of Open Software Standards Greatest benefit to support open standards Increases the value of existing and future investments in information systems Provides greater software re-usability Enables greater data portability Factors driving participation in standards Vendor neutral environment Access to a community of developers Membership comprised of both end-users and software developers
Open Standards Process: Essential to WS Adoption n Enables collaboration n Assures fairness n Provides for transparency n Embraces full participation n Ensures a level playing field for all n Prevents unfair first-to-market advantage for any one participant n Meets government requirements
n To be successful, a standard must be used n Adoption is most likely when the standard is l Freely accessible l Meets the needs of a large number of adopters l Flexible enough to change as needs change l Produces consistent results l Checkable for conformance, compatibility l Implemented and thus practically available n Sanction and traction both matter Standard Adoption
Who is OASIS? O rganization for the A dvancement of S tructured I nformation S tandards
OASIS drives the development, convergence and adoption of e-business standards. of e-business standards. OASIS Mission
n OASIS is a member-led, international non-profit standards consortium concentrating on structured information and global e-business standards. n Over 650 Members of OASIS are: l Vendors, users, academics and governments l Organizations, individuals and industry groups n Best known for web services, e-business, security and document format standards. n Supports over 65 committees producing royalty- free and RAND standards in an open process.
Current Members n Software vendors n User companies n Industry organisations n Governments n Universities and Research centres n Individuals n And co-operation with other standards bodies
OASIS Members Represent the Marketplace
International Representation
OASIS Relationships n Cooperate and liaise with other standards organizations l Working to reduce duplication, promote interoperability l Gaining sanction/authority & adoption for OASIS Standards n Formal working relationships with: l ISO, IEC, ITU, UN-ECE MoU for E-Business l ISO/IEC JTC1 SC34, ISO TC154 (Cat. A Liaison) l ITU-T A.4 and A.5 Recognition l IPTC, LISA, SWIFT, UPU l ABA, ACORD, HL7, HR-XML, ISM, MBAA, NASPO, NIGP, VCA l European ICTSB, CEN/ISSS, EC SEEM, PISCES, LRC l Asia PKI, CNNIC, EA-ECA, ECIF, KIEC, PSLX, Standards-AU l BPMI, CommerceNet, GGF, IDEAlliance, OAGi, OGC, OMA, OMG, RosettaNet/UCC, W3C, WfMC, WSCC, WS-i
OASIS Member Sections n CGM Open n DCML n LegalXML n PKI n UDDI
Current Scope of Work n Web Services n e-Commerce n Security n Law & Government n Supply Chain n Computing Management n Application Focus n Document-Centric Applications n XML Processing n Conformance/Interop n Industry Domains
Transparent Governance and Operation n Technical agenda set by members n Open technical process designed to promote industry consensus and unite disparate efforts n Completed work ratified by open ballot n Board chosen by open nomination and democratic election n Leadership based on individual merit, not tied to financial contribution, corporate standing, or special appointment
Progression/Approval of OASIS technical work 1.Any three or more OASIS organizational members propose creation of a technical committee (TC) 2.Existing technical work submitted to TC; or TC starts work at the beginning. TC conducts and completes technical work; open and publicly viewable 3.TC votes to approve work as an Committee Specification 4.TC conducts public review, and three or more OASIS members must implement the specification 5.TC revises and re-approves the specification 6.TC votes to submit the Committee Specification to OASIS membership for consideration 7.OASIS membership reviews, approves the Committee Specification as an OASIS Standard
Leading the Adoption of Web Services Standards
Approved OASIS Standards for Web Services n UDDI: Universal Description, Discovery & Integration l Defining a standard method for enterprises to dynamically discover and invoke Web services. n WSRP: Web Services for Remote Portlets l Standardizing the consumption of Web services in portal front ends. n WS-Reliability l Establishing a standard, interoperable way to guarantee message delivery to applications or Web services. n WSS: Web Services Security l Delivering a technical foundation for implementing integrity and confidentiality in higher-level Web services applications.
OASIS Web Services Infrastructure Work 14+ OASIS Technical Committees, including: n ASAP: Asynchronous Service Access Protocol Enabling the control of asynchronous or long-running Web services. n WSBPEL: Business Process Execution Language Enabling users to describe business process activities as Web services and define how they can be connected to accomplish specific tasks. n WS-CAF: Composite Application Framework Defining an open framework for supporting applications that contain multiple Web services used in combination. n WSDM: Distributed Management Defining Web services architecture to manage distributed resources.
Standardizing Web Services Implementations For communities and across industries: n ebSOA: e-Business Service Oriented Architecture Advancing an e Business architecture that builds on ebXML and other Web services technology. n SOA-RM: Service Oriented Architecture Reference Model. Delivering a Reference Model to encourage the continued growth of specific and different SOA implementations whilst preserving a common layer that can be shared and understood between those or future implementations. n FWSI: Framework for WS Implementation Defining implementation methods and common functional elements for broad, multi-platform, vendor-neutral implementations of Web services for e Business applications. n oBIX: Open Building Information Xchange Enabling mechanical and electrical systems in buildings to communicate with enterprise applications. n Translation WS Automating the translation and localization process as a Web service.
Security for Web Services n Most e-business implementations require a traceable, auditable, bookable level of assurance when data is exchanged n IT operations demand “transactional” level of reliable functionality, whether it’s an economic event (booking a sale) or a pure information exchange n Dealings between divisions often need security and reliability as much as deals between companies
Security: function by function n Identity authentication n Encryption and protection against interception n Control of access and authority
Approved OASIS Standards for Security n AVDL: Application Vulnerability Standardizing the exchange of information on security vulnerabilities of applications exposed to networks. n SAML: Security Services Defining the exchange of authentication and authorization information to enable single sign-on. n SPML: Provisioning Services Providing an XML framework for managing the allocation of system resources within and between organizations. n XACML: Access Control Expressing and enforcing authorization policies for information access over the Internet. n XCBF: Common Biometric Format Providing a standard way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. n WSS: Web Services Security Advancing a technical foundation for implementing integrity and confidentiality in higher-level Web services applications.
OASIS Security Work n DSS: Digital Signature Services Defining an XML interface to process digital signatures for Web services and other applications. n PKI: Public Key Infrastructure Advancing the use of digital certificates as a foundation for managing access to network resources and conducting electronic transactions. n WAS: Web Application Security Creating an open data format to describe Web application security vulnerabilities, providing guidance for initial threat and risk ratings.
Business Benefits of Participation in OASIS
Membership Benefits n Influence n Information n Participation n Education n Co-ordination n Creadibility n Visibility n Openess
End-User Company Benefits n Educate employees on trends and developments of technology n Learn and adopt best practices n Influence direction and priorities of standards development by providing business requirements n Evaluate and observe vendors in their implementation and product directions n Participate in interoperability demos by providing business scenarios n See practical implementation from multiple vendors for given scenarios
University and Research Centre Benefits n Monitor ”state of the art” in technology and standards development n Propose new ideas and get feedback to those ideas n Reduce the ”time to market” from concept to wide spread adoption n Create a broader market for adoption of development from your research projects n Gain visability for your project efforts n Establish closer ties with more busineses and industry organisations
OASIS Value n Sanction x Traction = Adoption n Twelve years demonstrated success n Neutral and independent n Technical and procedural competence n Worldwide visibility and outreach n Close coordination with peer standards organizations on a global level n Relevance, Openness, Implement-ability
Contact Information: Patrick Gannon President & CEO n n n