Upload
muniya
View
25
Download
0
Embed Size (px)
DESCRIPTION
ARCH-08 A Common Business Service Approach to Application Development. Anthony Swindells Progress Fellow. Agenda. What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge™ to help Next steps. Under Development. - PowerPoint PPT Presentation
Citation preview
ARCH-08A Common Business Service Approach to Application Development
Anthony SwindellsProgress Fellow
2 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Agenda
What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge™ to help Next steps
3 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
D I S C L A I M E R
Under Development
This talk includes information about potential future products and/or product enhancements.
What I am going to say reflects our current thinking, but the information contained herein is preliminary and subject to change. Any future products we ultimately deliver may be materially different from what is described here.
D I S C L A I M E R
4 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Common Business Services
Non-domain specific related functions that provide the common infrastructure for a modern application
Standard behavior, features and functionality independent of any specific application requirements
Their combined presence determines the nature and style of applications supported
Typically pre-started and always available
Definition
5 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Common Business ServicesSome examples
“My application needs to restrict client access to its operations and
data”
“My application is subject to regulatory compliance
“My customers / partners need to customize my application without losing the ability to adopt future releases”
6 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Common Business Services
Reduced learning curve– Simplify domain specific code
– Focus on “what” not “how” Reduced cost in medium to long term Obtain not build option Improved quality & standards Maximize scalability and performance
– Core capabilities built into architecture
Key benefits of the approach
7 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
A layered view
Common Business Services and the OpenEdge Reference Architecture
Separated presentation
and integration layers
Data accessabstracted from
storage
Common business logic with
advanced models
Users Users
Presentation Layer
Business Servicing Layer
Data Access Layer
Managed Data Stores
Managed Data Stores
Unmanaged Data Stores
Unmanaged Data Stores
Enterprise Services
Enterprise Services
Integration Layer
Com
mon
Bu
sin
ess
Ser
vice
s
Non-domain specific
functionality abstracted
from application
8 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Application Support Service
Manager
Common Business Services Supporting TerminologyLet’s talk the same language
Core Business Service
Manager exposed externally as a service
through service interface
User coded 4GL
implementation
OpenEdge platform implementation
9 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge to help Next steps
Agenda
10 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Common Business ServicesTypical application challenges
“My application needs to restrict client access to its operations and
data”
11 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
AuthenticationManager
AuthenticationManager
Authentication and Authorization Process
LoginCredentials
LoginCredentials
Principal
Authenticate
AuthenticationSystem
AuthenticationSystem
User AccountsUser Accounts
Account Check
Get Account Data
Application ResourcesApplication ResourcesAccessControl
Data
AccessControl
Data
AuthorizationManager
AuthorizationManager
Application Server
Client
12 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Common Business ServicesTypical application challenges
“My application is subject to regulatory compliance and I must report on
attempted break-ins or fraud.
I must prove that audit data has not been tampered with”
13 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Candidate Managers: Auditing
OfflineAuditData
OfflineAuditData
ArchiveDaemon
Arc
hiv
eM
anag
er
Audit EventManager(schema triggers)
AuditReport
Rep
ort
Man
ager A
pp
lica
tio
n
Dat
a
App DBAudit Data Manager
Audit Data
Audit Policy ManagerA
PI
Policy Data
14 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Common Business ServicesTypical application challenges
“My Application needs to scale to potentially thousands of concurrent users in a distributed environment”
15 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Context Manager
Authenticated Session
Candidate: Context Management
Login Credentials SessionInformation Business Task
User
Context DB
ContextData
ID
Application
Session ID
AppServerConnect
AppServerConnect
ClientSession
Managing state
16 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Common Business ServicesTypical application challenges
“All my applications require storage and management of address data”
17 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Candidate:Address Management?
Zip code / post code lookup International address formatting Address validation Address type management Address usage Address form management Address storage & retrieval
Core / generic address functions only
18 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge to help Next steps
Agenda
19 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Server Side
Client Side
Managers Accessed Locally or Through Service Interface
Service Proxy
Service Interface
Presentation Container
Service Container
Fn()Fn()
Order Mgmt
…
Session
/Con
text Man
agemen
t
Au
then
tication &
Au
thorization
20 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Manager Design Considerations
Typically pre-started as single instances Implemented as black boxes with well defined
public API Encapsulate distributed architecture complexities
– Manager is layer aware (e.g. client cache) Separate deployment / configuration functionality
from runtime functionality Avoid dependencies
– Plug and play architecture
21 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Clearly Define Manager Roles and Responsibilities
Authentication manager manages authenticated credentials– Must manually pass credentials around, e.g.
between client and server Context manager manages any type of context If BOTH are present
– Register credentials as context
– Credentials automatically available when needed Cache manager does caching
– No cache manager, no caching!
Combine managers to provide value
22 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Design Assistance
Implementing the OpenEdge Reference Architecture on PSDN
Check back often…
http://psdn.progress.com/library/white_papers/oera/
index.ssp
23 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge to help Next steps
Agenda
24 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
OpenEdge Core Business Services Vision Statement
“Provide a comprehensive set of
common business services that provide
the core feature support
of a modern SOA based application
modeled on the
OpenEdge Reference Architecture”
25 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
OpenEdge Core Business Services
Auditing (10.1A) Authentication and
authorization (10.1A, 10.x) Session and context
management (10.x) Configuration and connection
management Localization, personalization,
customization Tighter integration with sonic
ESB and services
Co
re S
ervic
es
OpenEdge 10.1A
Auditing
27 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
OpenEdge Database Schema-Trigger Based Auditing
4GL
Clie
nt
Audit PolicyTools
Application Code
Ap
pli
cati
on
D
ata
App DB
OfflineAuditData
OfflineAuditData
ArchiveDaemon
Arc
hiv
eM
anag
erAudit Data
Archive DB
Audit EventManager(schema triggers)
Audit Data
Audit Data Manager
Audit Policy ManagerA
PI
Policy Data
Sec
uri
ty M
anag
er
AuditReport
Rep
ort
Man
ager
SQ
L C
lien
t
Application Code
28 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Auditing Architecture Overview4G
L C
lien
t
DB Tools & Utilities
Open Tools
Audit Policy Tools (APMT)
Application Code
SQ
L C
lien
t
Application Code
Audit Data A
pp
lica
tio
n
Dat
a
Policy Data
App DB
Audit Data
Archive DB
Audit EventSubsystem
Audit EventSubsystem
Dat
abas
e
Inte
rnal
Ap
pli
cati
on
Sec
uri
ty S
ub
syst
emS
ecu
rity
Su
bsy
stem
Audit Data Subsystem
Audit Data Subsystem
OfflineAuditData
OfflineAuditData
AuditReport
Audit Policy Subsystem
Audit Policy SubsystemA
PI
ArchiveDaemon A
rch
ivin
g S
ub
syst
em
Arc
hiv
ing
Su
bsy
stem
Rep
ort
Man
ager
29 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Auditing in OpenEdge 10.1A Key Value-Add
Common built-in auditing for both SQL/4GL clients Flexible audit policy management Secure audit data, policy and utilities
– Separation of duty– Purposed audit permissions– Verified user identity
– Secure utilities and sealed data Internal audit events (utilities, schema changes, etc.) Performance, performance, performance High performance archiving – for enterprise only Multi-platform
Why use it in place of own solution?
30 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Audit Data A
pp
lica
tio
n
Dat
a
includes
includes
includes
record reads on
record deletes on
record updates onrecord creates on
is controlled by
_aud-audit-policy
_Audit-policy-guid
_Audit-policy-name (AK1.1)_Audit-policy-description (IE1.1)_Audit-data-security-level_Audit-custom-detail-level_Audit-policy-active (IE2.1)
_aud-file-policy
_Audit-policy-guid (FK)_File-Name (IE1.1)_Owner (IE1.2)
_Audit-create-level_Audit-create-criteria_Audit-update-level_Audit-update-criteria_Audit-delete-level_Audit-delete-criteria_Audit-read-level_Audit-read-criteria_Create-event-id (FK) (IE2.1)_Update-event-id (FK) (IE3.1)_Delete-event-id (FK) (IE4.1)_Read-event-id (FK) (IE5.1)
_aud-field-policy
_Audit-policy-guid (FK)_File-Name (FK) (IE1.1)_Owner (FK) (IE1.2)_Field-Name (IE1.3)
_Audit-create-level_Audit-update-level_Audit-delete-level_Audit-read-level_Audit-identifying-field
_aud-event-policy
_Audit-policy-guid (FK)_Event-id (FK) (IE1.1)
_Event-level_Event-criteria
_aud-event
_Event-id
_Event-type (IE1.1)_Event-name (IE1.2)_Event-description (IE2.1)
Multiple active policies
Control by table / CUD operation
Reference Slide Only! Audit Policy MetaSchema
Override individual fieldsInternal & application defined audit events
Control by event Id
Policy Data
31 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
created
consists of
_client-session
_Client-session-uuid
_Client-name_User-id (IE1.1)_Authentication-date-time (IE2.1)_Server-uuid_Authentication-domain-type_Authentication-domain-name_Db-guid (FK) (IE3.1)_Session-custom-detail_Audit-data-security-level_Data-seal
_aud-audit-data
_Audit-data-guid
_Database-connection-id (IE1.1)_Client-session-uuid (FK) (IE1.2)_User-id (IE2.1)_Audit-date-time (IE5.1)_Audit-event-group (IE3.1)_Db-guid (FK) (IE3.2)_Transaction-id (IE3.3)_Transaction-sequence (IE3.4)_Event-id (FK) (IE4.1)_Event-context (IE6.1)_Application-context-id (IE7.1)_Event-detail_Audit-custom-detail_Audit-data-security-level_Data-seal
_aud-audit-data-value
_Audit-data-guid (FK)_Field-name (IE1.1)_Continuation-sequence
_Data-type-code_Old-string-value_New-string-value_Old-blob-value_New-blob-value_Old-clob-value_New-clob-value_Audit-data-security-level_Data-seal
Ap
pli
cati
on
D
ata
Policy Data
Reference Slide Only! Audit Data MetaSchema
Record client session information
Configurable automated audit data with optional
context & grouping
Optional old/new value recording
Audit Data
32 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
You Could Prepare Now
Move to schema design on previous slides– Develop custom tools– Develop custom reports
Implement audit events with schema triggers for now– Wrapper code in include files
Insert hooks for setting / resetting audit context Consider where you could use application events and
insert hooks When 10.1A ships
– Continue to use custom reports and tools– Remove code in schema triggers for 10.1A clients– Migrate data to official tables
33 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
OpenEdge 10.1A Authentication in Support of Auditing
Trusted authentication systems / domains– Assert verified identity of real application user
– not dependent on _user records Ability to share a single user authentication Set the current user-id for
– The 4GL Application
– A Progress database connection [ & permissions]
– Progress Auditing Records
34 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
OpenEdge 10.1A Authorization
Leverage asserted authenticated user for database CAN-* permissions
Optional runtime CAN-* permission checking
New schema ready for future roles support
35 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
10.1A Security Schema for Roles
is granted to
is limited to
_sec-role
_Role-name
_Role-description (IE1.1)_Role-creator (IE2.1)_Custom-role-detail
_sec-granted-role
_Granted-role-guid
_Grantee (IE1.1)_Role-name (FK) (IE2.1)_Grant-rights_Grantor (IE3.1)_Custom-grant-detail
_sec-granted-role-condition
_Granted-role-guid (FK)_Conditional-attribute (IE1.1)_Logical-operator_Conditional-value
_Custom-condition-detail
Role definition
User or role granted use of role
Conditional role allocation
36 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Future OpenEdgeAuthentication & Authorization
Support for external authentication systems for 4GL and SQL
Plug-in Authentication Modules:– Write your own
– Progress supplied modules: Progress _user table 4GL LDAP/Active Directory
4GL Access Control Lists (ACLs) Role support
37 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Reference Slide Only! Proposed ACL Schema
_sec-access-control-entry
_ACE-guid
_Grantee (IE1.1)_ACE-type (IE2.1)_Resource-type (IE2.2)_Resource-prefix (IE3.1)_Resource-name-part1 (IE4.1)_Resource-name-part2 (IE5.1)_Resource-name-part3 (IE6.1)_Resource-name-part4 (IE7.1)_Deny_Action-name_Grant-rights_Grantor (IE8.1)_Custom-ace-detail
38 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
You Could Prepare Now
Leverage role schema design on previous slides– Develop custom tools– Develop custom reports
Encapsulate security checks into APIs for easy replacement– Leverage include files
Move to ACL model for authorization– Encapsulate checking for easy replacement
When functionality available in OpenEdge– Replace interface internals
39 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
OpenEdge 10.x Context Management
Allow context to be shared across application servers and agents
Provide configurable mechanism to persist context – new meta-schema tables
Seamlessly pass context between client and server – by reference or value– Just available when needed, e.g. client principal
Configurable management of context lifecycle, e.g. scope, expiration, etc.
Best practices and guidelines
Current thinking
40 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
OpenEdge 10.1A Language Changes Relevant to Common Business Services
Support for globally unique ids (guids)– Useful for context management!– See PSDN for interim solution
Pass TEMP-TABLES and LONGCHARS BY-REFERENCE – Remove overhead of managing complex manager
data– Remove overhead of customization layers
Object orientated language enhancements– Implement managers as classes – Use interfaces to define public API / compile time
checking
41 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge to help Next steps
Agenda
42 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Prepare for What’s Coming
Leverage include files– Central replacement when new core functionality
available Prioritize your effort
– Avoid duplication where possible Avoid hard-coded references
– Use logical to physical mapping Avoid direct references to physical schema
– Use consistent schema model as far as possible Consider API’s
– Design generic interface for easy replacement
43 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
In Summary
Embrace common business services concept– Reduce application complexity
– Increase functionality Don’t wait – start now
– OpenEdge 10.1 and future releases will just make things easier
Design for change– New common business services are planned – so
prepare now to simplify later adoption
44 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Don’t Miss These BOFs…
Common Business Services Birds of a Feather
Tue 6:00pm Auditing Birds of a Feather
Wed 8:00am
45 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Questions?
46 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation
Thank you for your time!
47 ARCH-08, A Common Business Service Approach© 2005 Progress Software Corporation