Category Archives: Conferences

Conference Season – Upcoming Speaking Engagements

The snow is finally gone and the new, yellow-green leaves are starting to emerge… Yes, that’s right, it’s conference season again!

Here’s a list of conferences at which I’ll be speaking during the next couple of months, followed by a summary of the topics:

I hope to see you at one or more of these events.

Testing topic

Next Wednesday at the Practical Software Quality and Testing conference I’ll be giving the opening keynote on “Meeting New Challenges in Testing Service Oriented Architectures.” We have been doing a lot of work with our customers recently on SOA testing strategies, and in the course of that work have built some technologies to help, in particular interface simulation tooling.

The challenge in moving to an SOA environment is to find a good way to validate service contracts. A good service contract is key to a successful SOA, and consequently the focus of SOA governance (and I mean this in the logical sense, as in the desired result of a successful governance effort).

One of the great benefits of a good service contract agreement is that the work to implement the contract can be divided between teams developing the application requesting the service and the team developing the service being requested (especially when such a service gets reused). But then it’s necessary to ensure that all of the teams involved in such a distributed or divided development effort interpret the service contract the same way. This is the goal of SOA testing, and the summary of the additional testing challenge SOA adds to an IT environment. That is, getting the all-important service contract from definition to successful deployment.

As with any testing strategy, the sooner errors can be caught, the easier it is to fix them. Because an SOA environment introduces new artifacts, and requires new techniques for developing services (especially reusable services), it also introduces new requirements for testing systems.

Security topic

Tuesday, May 13 I’l be giving the opening keynote at the Web Services and SOA Security Conference on “Handling Multiple Credentials in a Heterogeneous SOA Environment,” based on this article that I wrote with Fred Dushin.

An interesting aspect of an SOA environment is that it can abstract away many of the differences among hetrogeneous IT environments using a common interfacing technology (e.g. IDL or WSDL). Lots of companies have Java, Microsoft, mainframes, and other types of systems that need to be brought together in new applications.

Such heterogeneity represents a challenge for security technologies, since each environment tpically has a different approach to security. And in some cases more than one approach. When a service request message touches multiple technologies, it usually means encountering multiple security domains, which have to be federated and mapped in order to implement effective solutions for single sign on and authorization.

A valuable tool for dealing with this situation is a data structure associated with a service request that can be used to pass along multiple credentials, in whatever format they happen to appear, endorsing them if they arrive from a secure source (such as an encrypted communication channel). This way the service provider not only has all the security related information needed to call out to a security server, the application can also tell which of the credentials arrived from a trusted source. This can help resolve questions about the relative significance of a credential when multiple are in play.

Another interesting question in the world of security is whether is should be it possible for a policy unaware requester to interact with a policy-aware provider? I mean, if the requester does not specify any security policy, but the provider does, should the services still be allowed to interoperate?

Middleware topic

At SOA World on June 24th (Tuesday, 2:30 pm) I’ll be talking about IONA’s view of the middleware world. We have recently packaged an interoperability
solution
which some of us are calling “middleware for middleware” and that others will call our “universal adapter.”

The basic concept is that people have enough middleware already, and they don’t need more middleware if all they need is to get their existing middleware based applications and systems to work together. Instead, they need just the right amount of software to service enable the existing middleware, reusing that middleware’s communications protocol, data format, and qualities of service as much as possible. The IONA solution is configurable for small footprint and high performance, and supports multiple deployment options (in the same address space as the existing application, in a different address space at the requester side, provider side, or in the middle) for C++ or Java (and COBOL and PL/I on the mainframe). And best of all it is priced accordingly – you just pay for the plug ins you need.

I delivered a version of this for a Webcast last year, the link to which you can find on our Webcast page. You can also check out the presentation.

A configurable, micro-kernel based solution implementing the call-chain interceptor pattern just seems like the best approach to SOA infrastructure. It offers the best match to the widest variety of requirements and does not impose on the solution any of the architectural constraints you get with a hub-and-spoke, server based, or mid-tier solution.

And yes, it supports SOA testing and security federation…

Advertisements

InfoWorld Executive SOA Forum March 2006

The InfoWorld SOA Executive Forum remains an interesting and apparently popular event about a year after it first started. This is the third one, and I’ve had the pleasure to attend all three as a participant on one of Jon Udell’s various panels (here’s his description of the ones from yesterday).
Did I ever mention what a great guy Jon is? (Did I also mention that he reads my blog? 😉
Seriously, it has always been a pleasure to participate in Jon’s panels. He always comes up with good, challenging questions and I always learn something from the other panelists. I thought this one went very well because we had a good conversation on a range of topics, but someone came up to me afterward and said there wasn’t enough controversy for his taste…I think he was joking.
Anyway this time we were talking about the various development paradigms available for SOA, including RPC, asynchronous messaging, and document oriented (which I actually tend to equate with asynchronous messaging but you can pass documents using RPC, or maybe more correctly request/response since this is how HTTP works for example).
In the end, the enterprise probably needs some combination of all of the above. But how to choose? Go by whatever the developers are most familiar and comfortable with? It is true that subcultures in distributed computing tend to spring up around these different approaches since they each have their tricks and best practices and lessons (to be) learned.
But I do not think so. I think it’s more important to choose the best tool for the job since some application requirements are better served by one or the other.
Here’s my rule of thumb, which I explained in a bit more detail during the panel yesterday. I think it depends on the significance of the reply to the application and especially to the user.
For example, if you are authorizing a credit card, and you get a successful reply to your message, you expect to be able to use that credit card on the next message to buy something. The significance of a synchronous, RPC-style reply is that the database has been updated.
On the other hand, you may need to know is that the message was reliably captured for later processing. For example, you’ve placed an order with Amazon.com and the reply says that Amazon has received your order and will process it later.
One other interesting point of discussion was who should we make things easy for? The developer of the service or the consumer of the service? If we make the programmer creating a service do a bit more work to produce a more useable and useful service, isn’t that time and energy well spent? As opposed to just assuming that all services can and should be easily and automatically generated by tools, which is kind of where we seem to be now with Web services tools.
Overall the event is really good because it focuses on lessons learned from customers working on SOAs, and also because Jon and his colleagues manage to focus on technology and business topics of general interest.
Yesterday’s keynote was by Jeff Gleason of Transamerica, who told us how they had started an SOA pilot but cancelled it because it was at the project level. Their problem was that they were already suffering from project based architecture.
He also described how their core policy rating application had dozens of other applications integrated with it, making changing the core business application too difficult because of the impact of change on all the other applications depending on it. SOA as an approach helped resolve this issue.
He also described the way they inventoried existing systems to see what could be reused, identifying deltas representing new development, and how they categorized business events and the functions and services associated with them.
The InfoWorld folks have promised to post the presentations so I will post a link when they do.

WWW2006 Server Fire

An unfortunate and serious fire has more or less destroyed the computer lab at the University of Southampton, UK, which was hosting the www2006.org website and mailing lists.
The conference organizers have set up temporary page to allow papers to be submitted.
The deadline for submitting papers has been postponed till November 11.
The conference organizers have asked me to post the following message:

SOA Summit in San Deigo

So tomorrow I will have the chance again to get into the big silver tube at the airport by the Atlantic and get out of it at an airport by the Pacific. Sometimes I wonder what happens in between…
Thursday I get to kick off the second day of the Delphi SOA Summit in San Diego.
Many of the usual cast of characters will be there, Frank Martinez, Annrai O’Toole, Dan Foody.
It has started to get colder here in good old New England although the trees aren’t very colorful this year. The apples are good though, especially my favorite the Macoun, but already it will be nice to escape to a warmer clime for a couple of days.
Hopefully this will go well, piggybacked on the tail end of a BPM summit. My topic is on using legacy assets in an SOA. Gartner research indicates that 75% or more of services in an SOA will come from existing applications.

Microsoft MVP

Someone nominated me to be a Microsoft MVP and in July the nomination was approved. So now I am one.
A week ago I was in the middle of an open source meeting. This morning I heard from Steve Ballmer (under NDA so I can’t share details) about competing with Linux, Firefox, Google, and Yahoo among other things. It is a good thing I have long ago learned to multi thread and partition my brain 😉
No one I’ve talked with seems to know exactly how this happened. The advice I get is to accept the honor and enjoy its benefits. I definitely am enjoying the free MSDN subscription!
I have to say I was impressed with Ballmer, personally, and with how he conducted himself in front of the 1500 MVPs who made the trek to Redmond.
But the highlight for me was Allchin’s presentation on Vista. He spent a lot of time discussing improvements in development and testing procedures (acknowledging but not exactly endorsing the WSJ article on the topic) that gave me a lot of confidence in what they’re doing. The big question is how far up the “stack” these things go. Meaning will they apply to the integration between Indigo and Visual Studio, for example. Then he spent some time demo’ing the major new features. If anyone can get the job done he will.
This afternoon we are promised (in about ten minutes or so) a presentation from my old friend Don Box. It is always interesting to hear what he has to say, and he is a great presenter.
ps another highlight of the morning was a video with Bill Gates and Napoleon Dynamite.

eGov Enterprise Architecture Conference

Before David Chappell injured himself in a water skiing accident, I was to have shared the podium with him yesterday at the eGov Enterprise Architecture Conference and Exhibition in Washington. (And I must say Ronald Regan certainly has a nice building named after him.)
Bill Wood ably filled in for Dave, and Dave managed to help finish up the presentation, even if we were working on it at the last minute ;-).
It was a 3-hour tutorial on understanding SOA and government applications. Bill and I took turns. The way we divided it up I started by talking generally about SOA, then Bill gave a generic description of the Enterprise Service Bus.
I don’t want to start another argument but I thought it only fair that Sonic got to talk about the ESB since if they didn’t invent the term they certainly at least have done the most to promote it.
After that we each took turns talking about our respective technical solutions to the requirements of SOA infrastructure – this is the easiest and best way to summarize what an ESB is. But the devil is in the details and Sonic and IONA have implemented the ESB concept in different ways. And that was what we each took a turn explaining.
At the end of the session we raffled off two copies of my book, Understanding SOA with Web Services and Dave’s book on the ESB (which complement each other nicely by the way).
Judging from the questions we got, I would say that a lot of government agencies are still struggling a bit with how to approach an SOA the best way. I got the same impression at the Deutsche Post conference in Germany. My feeling is that we (as an industry) have gone past the stage at which the idea of an SOA is debated (i.e. is it a good thing or not) and we are now at the stage where we are debating the best way forward.
One final comment here: wouldn’t it be a great thing if all vendors could agree on a common definition of an ESB? And just start creating value add on top of it?
One thing that may help is the collaboration with Sonic and others in the Synapse open source project. Between that and the Celtix open source project (which just reached its first milestone by the way), and our various collaboration in standards bodies, perhaps we will get closer to that point.

The “Health Care Napster” and other Notes from the SOA Forum

Some interesting highlights from the second SOA Executive Forum, Tuesday May 17 in New York…the ZDNet summary is here.
Kevin McKean, InfoWorld CEO and Editorial Director, kicked things off with an informal audience survey. From the 100 or so in the room it appears that:

  • Today there are more demands than ever on IT
  • With fewer resources to apply
  • More requirememnts to interface with partners externally
  • Constantly changing business processes

SOA is growing in popularity precisely because it addresses these and other issues. In fact, the speaker following McKean (Dr. Halamka) delivered a strong validation.
Among the reasons are that SOA:

  • Is platform independent – embracing the natural heterogeneity and complexity in IT systems both internal and at partner sites
  • Produces reusable (and sharable) components
  • Extracts qualities of service from code
  • Creates and updates applications dynamically

McKean used the assembly line analogy, something we’ve been talking about for at least a decade, but until SOA based on Web services came along it has always seemed just out of reach.
In all of this service enablement is key – a kind of prerequisite to achieving the potential value of an SOA based on existing, heterogenous systems — either within a single IT environment or across IT environments. That’s why we focus on this key aspect of SOA with our ESB product, Artix.
Following McKean, Dr. John Halamka, CIO at Harvard Medical School and Caregroup Medical Systems gave the opening keynote, illustrating through his experience that the benefits of SOA and Web services are real.
Dr. Halamka said he’s created a kind of “Napster” for health care, reducing processing costs dramatically and at the same time improving the quality of care. His results to date are so significant, he said, that Senator Kennedy and Governer Romney have brought the message to Washington that SOA is the only way to contain spiraling health care costs. (Imagine government-mandated SOA if you dare.)
He said that the big challenge is accessing data that is scattered to the winds. They need strong security, especially around controlling access to sensitive medical data. They have an environment of large heterogeneity at the technology level, with lots of constituents and need to share data across departmental, organizational, and governmental boundaries.
SOA is the answer, providing a federated approach to data access instead of centralized databases, which haven’t really worked out. He’s been busy building what he calls a trusted, interoperable network for healthcare transactions across large parts of the state of Massachussets. Both within and outside of the network. They have implemented some security themselves, partly because they started before WS-Security was available. (Somehow it seems like SOA is a kind of retro-fitted name for what they were doing, but anyway…it is certainly Web services/service oriented.)
Big issues for him include:

  • Lack of harmony across standards, therefore the need for implementation guides
  • Need to establish policies and policy management around exchange of data (including auditing, compliance, enabling foreign originated transactions to complete successfully) while respecting daa consent laws
  • Finding the right incentives to improve care

But he did say that they have been able to significantly improve quality of care and reduce cost of care using an SOA approach.
They basically use a commodity PC based gateway with a list of all Web services available to the requester, and invokes the Web service at the provider to get the data — thus the Napster P2P reference.
They could not afford to rip ‘n’ replace. Leave the legacies in place, he advises, and wrap them with Web services to connect the various systems. They have to deal with mainframes, MUMPS systems C++, etc. and it all works with Web services. No matter who you’re doing business with, he said, the API is always the same.
The clinical side is more difficult than the business side, he said. The solution there is essentially a network of networks (like the Internet), a federated model, not a single network. He intends to build up to a nationwide SOA for healthcare.
It’s a cost and quality of care issue to exchange data, current system is like an ATM card that works only in your own home bank branch. A CAT scan at one hospital isn’t available at another hospital, even one just down the street.
Each year 86K accidental deaths occur, it’s like a 747 crashing every day. Would you fly? he asked. The flow of data (i.e in this case medical records, needs to be improved so that doctors wherever you happen to be have access – this by the way was one of the original “dreams” of a service enabled world presented in slick video format at the UDDI kickoff hosted by Microsoft in October, 2000.)
Also we don’t need a national health ID for this, he said, as some have proposed. The federated SOA he has in mind creates a kind of DNS for people, i.e. a registry of healthcare IDs that you can access as a service over the Internet to map people to their IDs. In MA they have 500K patients in the directory already, by the end of the year it will handle all of MA.
The starting point was cost avoidance. It cost $5 a transaction to process an insurance request before, the SOA reduces it to 25 cents. Hospitals are going out of business because it’s too expensive to say in business, and have to deal with increasing regulatory control.
On the clinical side the starting point is better medical record sharing to improve care and avoid accidents.
SOA in action, some place where it really matters.
Otherwise, we heard:

  • Automate business processes to eliminate manual labor and redeploy staff (one of the motivations for investing in service enablement etc.)
  • Bigger returns on investment happen over time, as the “network effect” starts to take hold (i.e. achiving a critical mass of reusable, sharable services)
  • CEOs are starting to mandate SOA, they want dashboard information etc.
  • CEO/CIOs therefore may have a different view of how well and thoroughly SOA is adopted compared to developers (an InforWorld/BEA survey indicated as much)
  • A fine line exists between maintaining creativity and control in the development environment
  • Developers need to shift their focus from developing applications to providing and consuming services
  • Some view BPEL as a centralized point of control; others argue even BPEL engines need to be federated
  • You may have to be willing to “give up control” over what happens at the endpoints, especially when consuming a service provided by someone else

With all of this validation of SOA and its importance to IT and business, us vendors on the “Defining the SOA Platform” panel discussion did our best to describe the respective values of our various ESB products. All of us agree that Web services standards are core to the ESB, while others of us debate whether or not an ESB is a new product (developed from scratch to serve as SOA infrastructure) or an old product retooled.
Much of the debate often boils down to how best to use the tools, but new tools are also necessary to support the new paradigm. We are now living in a multi-technology world. ESB and Web services represent new technology, but designed to work with existing technology and improve its value. As such it really must be a new kind of product, with a new and different value proposition compared to previous generation EAI and application server products. An ESB must be something that enables and complements what’s already there.