Professional Documents
Culture Documents
HANDBOOK V1.0
Issued [31/10/2007]
MINISTRY OF DEFENCE
Director General Information
RECORD OF CHANGES
This handbook is intended to provide the latest guidance and information on Service
Oriented Architecture (SOA) to MOD planners, desk officers, IPTs and those specifically
responsible for ensuring best possible effect from available resources. It seeks to provide
enough relevant information from a rapidly developing technical area to enable readers to
make basic and sensible decisions or to understand what to ask of experts. This document
must therefore be considered as ”live”. This handbook supports a portfolio of projects
designed to demonstrate the effects and benefits of SOA and which will, if adopted on a
wider scale, form the vanguard of a coherent defence-wide programme. Guidance will be
updated regularly; the next revision will include security and ontology chapters.
SOA offers a mechanism for achieving the agility required for NEC. Whereas the current
stove-piped way of doing business is rigid and difficult to adapt because business functions
and the supporting IT are so tightly coupled, an SOA exploits newly available technology
software components and web standards that can be reconfigured easily and quickly. SOA
translates capabilities, processes and functions into services which can be invoked by a
user through an interface. This requires the services to be available and the user to know
the “what, how, how much and when” of accessing them. How the services work is of no
consequence to the user but is important to designers and architects. The underlying
principles are not new, but the web services and related technology to bring it to life are;
reinforced by wide acceptance of these technologies.
The predominant precept is that SOA is business driven. This puts designated defence
Process Owners in the driving seat because they place requirements for service provision.
If SOA is to be successful it means that they must truly understand what drives the
capability they are entrusted to deliver so that they are in a position to inform/drive
how it can be delivered to users in the most effective and efficient manner possible. New
technology enables much looser coupling between business processes and the IT systems
which support them and so overcome one of the key drivers of cost in most IT deployments
– tight coupling i.e. changes in one area requiring a cascade of other required changes in
order to work; with familiar cost, time and performance penalties. To support this, a high
level governance structure is essential to enforce data and quality of service standards,
which enable reuse of services.
There are many benefits to SOA. They include access to previously unavailable
information, the design of reusable services, the ability to make up new services from
existing ones, the ability for businesses to make changes without costly IT expenditure, and
so on. Moreover, the issues subtending from the use of legacy systems and the
requirement to leverage as much VFM as possible from their continued use, becomes
much less difficult by adopting a service perspective. For those who embrace SOA and see
it through, the prospect of a working NEC becomes realisable for the first time.
SOA is already here and any new major system provided by any one of the significant
vendors is likely to have an SOA capability embedded in it. This handbook, if used
together with the references and sources of advice available now, will provide a sound
basis for understanding and taking SOA forward to the advantage of MOD.
TABLE OF CONTENTS
CHAPTER 1 ........................................................................................................................................................9
PRINCIPLES AND DEFINITIONS ......................................................................................................................9
SECTION I.......................................................................................................................................................9
GENERAL .......................................................................................................................................................9
Applicability of Policies................................................................................................................................9
Scope ........................................................................................................................................................10
SECTION II....................................................................................................................................................10
KEY CONCEPTS ..........................................................................................................................................10
Syntax .......................................................................................................................................................10
SOA...........................................................................................................................................................11
Elaboration on SOA ..................................................................................................................................11
Services ....................................................................................................................................................11
Elaboration on Services ............................................................................................................................13
SOA Characteristics..................................................................................................................................14
Service Reuse ...........................................................................................................................................16
Legacy Services ........................................................................................................................................16
SECTION III...................................................................................................................................................16
HOW IT ALL FITS TOGETHER ....................................................................................................................16
SOA Entities ..............................................................................................................................................16
The MOD Concept Model .........................................................................................................................17
Types of Service .......................................................................................................................................18
Service Definition ......................................................................................................................................18
Service Contracts......................................................................................................................................19
Business Function.....................................................................................................................................19
Service Orchestration ...............................................................................................................................20
Open Standards ........................................................................................................................................20
Automated Service....................................................................................................................................20
Software Service .......................................................................................................................................20
SECTION IV ..................................................................................................................................................20
MOD APPROACH TO SOA ..........................................................................................................................20
General Concept .......................................................................................................................................20
What Is Different About SOA? ..................................................................................................................20
Why SOA? ................................................................................................................................................21
Why Web Services?..................................................................................................................................22
MOD’s Approach.......................................................................................................................................22
Enterprise Service Bus .............................................................................................................................23
Federation .................................................................................................................................................23
SOA at The Tactical Level ........................................................................................................................24
SECTION V ...................................................................................................................................................24
PRINCIPLES OF MOD SOA .........................................................................................................................24
Basic Principles of SOA ............................................................................................................................24
Technical Characterisation of SOA ...........................................................................................................25
Build on Best Practice ...............................................................................................................................25
Service Enabling Legacy Systems ...........................................................................................................26
Understand What is Different About SOA.................................................................................................26
Keep Early Work Simple ...........................................................................................................................26
Identify Benefits ........................................................................................................................................26
Get Service Level Abstractions Right .......................................................................................................27
Some Thoughts From Implementations....................................................................................................27
Standardise The SOA ...............................................................................................................................28
Test the performance of SOA components ..............................................................................................28
Create a transition plan .............................................................................................................................29
Understand the security requirements SOA .............................................................................................29
Understand XML .......................................................................................................................................29
Align with governance ...............................................................................................................................29
Organisational agility.................................................................................................................................29
Lower Through Life Costs .........................................................................................................................30
Architectural Partitioning ...........................................................................................................................30
Incremental Deployment and Maintenance ..............................................................................................30
Reuse of Services .....................................................................................................................................30
Improved integration and interoperability..................................................................................................30
Streamlined architectures and solutions ...................................................................................................31
Leveraging the legacy investment ............................................................................................................31
Establishing standardised XML data representation ................................................................................31
Alternatives ...............................................................................................................................................31
Organisational agility.................................................................................................................................31
Separation .................................................................................................................................................32
Consumption .............................................................................................................................................32
Service Design ..........................................................................................................................................32
Challenges to Adoption. ............................................................................................................................32
SECTION VI ..................................................................................................................................................33
SUMMARY ....................................................................................................................................................33
The SOA Stack .........................................................................................................................................33
CHAPTER 2 ......................................................................................................................................................35
STANDARDS AND SERVICES ........................................................................................................................35
SECTION I.....................................................................................................................................................35
OVERVIEW ...................................................................................................................................................35
Web Services ............................................................................................................................................35
SECTION II....................................................................................................................................................35
SOA AND WEB SERVICES TOOLS ............................................................................................................35
Why have SOA Standards? ......................................................................................................................36
SECTION III...................................................................................................................................................36
ENABLING STANDARDS ............................................................................................................................36
Standards for Automated Services ...........................................................................................................36
Web Services ............................................................................................................................................36
eXtensible Markup language (XML) .........................................................................................................36
Hypertext Markup Language (HTTP) ........................................................................................................36
Simple Object Access Protocol (SOAP) ...................................................................................................37
Business Process Execution Language (BPEL) .......................................................................................37
Universal Description Discovery and Integration (UDDI)..........................................................................37
Web Services Description Language (WSDL) ..........................................................................................37
MooD.........................................................................................................................................................38
SECTION IV ..................................................................................................................................................38
MOD CORE SOA SERVICES .......................................................................................................................38
What are MOD Core SOA Services? ........................................................................................................38
Discovery ..................................................................................................................................................39
Mediation ..................................................................................................................................................39
Security .....................................................................................................................................................40
Metadata Repository .................................................................................................................................41
Service Management. ...............................................................................................................................41
Messaging .................................................................................................................................................42
Service Orchestration ...............................................................................................................................42
Core and Business Services .....................................................................................................................43
SECTION V ...................................................................................................................................................44
MOD ENTERPRISE SERVICE BUS .............................................................................................................44
Best Practice .............................................................................................................................................44
Basic Operation ........................................................................................................................................44
Software Approach ...................................................................................................................................44
ESB Characteristics ..................................................................................................................................45
SECTION VI ..................................................................................................................................................45
FRED .............................................................................................................................................................45
The MOD’s Fred Concept .........................................................................................................................45
Components ..............................................................................................................................................46
Project Level – Fredlet ..............................................................................................................................46
National Level ...........................................................................................................................................47
Issues to Develop .....................................................................................................................................47
ESB Functions ..........................................................................................................................................48
Exploitation ...............................................................................................................................................49
Security .....................................................................................................................................................49
SECTION VII .................................................................................................................................................49
BUSINESS SERVICES .................................................................................................................................49
Business Function Decomposition............................................................................................................49
Business Services are Information Services ............................................................................................50
Deriving Business Services ......................................................................................................................50
SECTION VII .................................................................................................................................................50
PRESENTATION SERVICES .......................................................................................................................50
What are Presentation Services? .............................................................................................................50
SECTION VIII ................................................................................................................................................50
STANDARDS ................................................................................................................................................50
Web Service Interoperability (WS-I) .........................................................................................................51
WS-I Basic Profile 2.0 (MANDATORY) ....................................................................................................51
The Standards (MANDATORY) ................................................................................................................51
SECTION IX ..................................................................................................................................................52
SOA DEVELOPED........................................................................................................................................52
SOA Evolution ...........................................................................................................................................52
Metadata ...................................................................................................................................................53
Scale and Granularity ...............................................................................................................................53
Key Requirements ....................................................................................................................................53
SOA Ground Rules ...................................................................................................................................54
The Service Contract Developed ..............................................................................................................54
SECTION X ...................................................................................................................................................56
IMPLEMENTATION POLICY ........................................................................................................................56
JSP 602.....................................................................................................................................................56
Information Retention in Applications .......................................................................................................56
Alternatives to Web Services ....................................................................................................................56
Design Patterns ........................................................................................................................................56
SECTION XI ..................................................................................................................................................57
SECURITY ....................................................................................................................................................57
Service Level Security ..............................................................................................................................57
HTTP .........................................................................................................................................................57
HTTPS ......................................................................................................................................................57
WS-Security ..............................................................................................................................................57
Security Assertion Mark up Language (SAML).........................................................................................57
CHAPTER 3 ......................................................................................................................................................59
MOD ARCHITECTURE FRAMEWORK (MODAF) ...........................................................................................59
SECTION I.....................................................................................................................................................59
AIM ................................................................................................................................................................59
Policy (MANDATORY) ..............................................................................................................................59
SECTION II....................................................................................................................................................59
MODAF .........................................................................................................................................................59
What is MODAF? ......................................................................................................................................59
MODAF’s Purpose ....................................................................................................................................59
MODAF and SOA .....................................................................................................................................60
DoDAF and MODAF .................................................................................................................................60
SECTION III...................................................................................................................................................60
MODAF VIEWS .............................................................................................................................................60
What are MODAF VIEWS? .......................................................................................................................60
The Six MODAF Viewpoints .....................................................................................................................60
Strategic Viewpoint ...................................................................................................................................61
Operational Viewpoint ...............................................................................................................................62
System Viewpoint .....................................................................................................................................62
Technical Standards Viewpoint ................................................................................................................63
Acquisition Viewpoint ................................................................................................................................63
All-Views Viewpoint...................................................................................................................................63
SECTION IV ..................................................................................................................................................63
HOW MODAF WORKS .................................................................................................................................63
MODAF Views Most Relevant to SOA ......................................................................................................63
MODAF SOA Views ..................................................................................................................................64
MODAF and NATO Architectural Framework (NAF) ................................................................................65
Security .....................................................................................................................................................66
Transitional Architecture ...........................................................................................................................67
CHAPTER 4 ......................................................................................................................................................68
GOVERNANCE .................................................................................................................................................68
SECTION I.....................................................................................................................................................68
AIM ................................................................................................................................................................68
Guidance ...................................................................................................................................................68
SECTION II....................................................................................................................................................68
THE KEY GOVERNANCE ELEMENTS ........................................................................................................68
Introduction ...............................................................................................................................................68
Coherence ................................................................................................................................................68
Scope - Key Components .........................................................................................................................69
SECTION III...................................................................................................................................................70
THE MAIN PLAYERS ...................................................................................................................................70
Executive Sponsor ....................................................................................................................................70
The Executive Steering Group (ESG).......................................................................................................71
SOA Board ................................................................................................................................................71
Portfolio Management Committee ............................................................................................................72
Architecture Review Board .......................................................................................................................72
Business Operations Review Board .........................................................................................................73
SECTION IV ..................................................................................................................................................73
ORGANISATIONAL ROLES ........................................................................................................................73
The Defence Change Backdrop ...............................................................................................................73
NEC and SoSA .........................................................................................................................................73
Capability Architect ...................................................................................................................................74
Technical Architect....................................................................................................................................74
DG ISTAR .................................................................................................................................................75
Integration Authority (IA) ...........................................................................................................................75
DG ISS ......................................................................................................................................................75
DG Info ......................................................................................................................................................75
CM (IS) ......................................................................................................................................................75
SECTION V ...................................................................................................................................................76
CENTRE OF EXCELLENCE FOR DESIGN AUTHORITY............................................................................76
Introduction ...............................................................................................................................................76
The function of the CofE for Design Authority (DA) ..................................................................................76
Design Authority Roles .............................................................................................................................76
Chief Architect ...........................................................................................................................................77
Project Office Manager .............................................................................................................................77
Service Registrar ......................................................................................................................................77
Business Service Architect .......................................................................................................................78
Technical Service Architect.......................................................................................................................78
Method/Tool Architect ...............................................................................................................................78
Summary of Main Constructs. ..................................................................................................................78
SECTION VI ..................................................................................................................................................79
COMMUNITIES OF INTEREST ....................................................................................................................79
Roles of the COI .......................................................................................................................................79
External and Internal Information ..............................................................................................................79
The role of Business Process Owners......................................................................................................79
The role of Information Owners ................................................................................................................80
The role of Subject Matter Experts (SME) ................................................................................................80
The role of COI Leaders ...........................................................................................................................80
The role of Equipment Capability Managers.............................................................................................81
The role of Procurement Managers (aka IPT Leaders) ............................................................................81
Compliance with CADMID/Acquisition Operating Framework ..................................................................81
SECTION VII .................................................................................................................................................82
SETTING UP COIS ........................................................................................................................................82
Aim ............................................................................................................................................................82
Step 1 ........................................................................................................................................................82
Step 2 ........................................................................................................................................................82
Step 3 ........................................................................................................................................................82
Step 4 ........................................................................................................................................................83
Step 5 ........................................................................................................................................................83
SECTION VIII ................................................................................................................................................83
COMPLIANCE ..............................................................................................................................................83
Responsibility for Implementing the Policy ...............................................................................................83
Procedure .................................................................................................................................................83
Relevant Links ..........................................................................................................................................84
ABBREVIATIONS .............................................................................................................................................85
GLOSSARY.......................................................................................................................................................87
ANNEX A THE BASIS FOR BUSINESS SERVICES ......................................................................................90
ANNEX B WS-I BASIC PROFILE 2.0 CONTENTS.........................................................................................96
CHAPTER 1
This chapter is for information and guidance. It introduces the key ideas of SOA. It is
intended for desk officers, project managers and architects engaged in SOA. The principles
described provide a basic introduction which is built up through the Handbook and in key
supporting references. The definitions are intended as “starters for ten” for those with a
more technical focus but there is substantial treatment of services. Most definitions are
coined from multiple sources and for the most part are simplifications; but they have been
adapted for the MOD. For many users what is in this chapter sits behind the service or
services they wish to access so there is no requirement to understand these in detail. The
chapter ends with a summary of the MOD’s Approach to SOA.
SECTION I
GENERAL
Applicability of Policies
0101. The policies within this publication apply to the development, supply, procurement,
or management of Information Systems or IT services. MOD has chosen to follow a Web
Services - based approach to SOA and compliance with specified parts of this Handbook is
required of all MOD personnel and contractors engaged in the above. The parts that are
mandatory are annotated. DG Info has the lead on policy for the Services and DInfoX is
the sponsor of this Handbook which is supported by the following related references:
1
a. MOD Information Management Handbook .
2
b. MOD SOA Roadmap .
3
c. MODAF V1.1 .
4
d. Systems of Systems Architect Responsibilities .
5
e. NEC/CBM Governance .
f. MODAF Logistics & Sustainment Deskbook Draft 2.2 dated 3 Apr 07.
1
MOD Information Management Handbook
2
MOD SOA Roadmap V dated 7 Aug 07 (Available from InfoXEA-1a)
3
MoD Architecture Framework Version 1.1 – frequently updated and downloadable from http://www.modaf.org.uk
4
System of Systems Architecting Responsibilities EC CCII (Sees 07-080) /DGISTAR/7/3/3/6 dated 07 June 07
5
NEC/CBM Governance
Scope
c. Governance.
SECTION II
KEY CONCEPTS
This section introduces the key concepts and relevant definitions with, where necessary,
supporting elaboration. Working definitions are shown in italics.
Syntax
0103. The basic syntax that has been adopted for the Handbook is shown in Figure 1
below:
Basic Syntax
Composed
Capability
services
Coarse &
Function Satisfied by Composed
Services
Fine grade
Process
Services
0104. The syntax above is based on the following definitions (services are defined in
paragraph 0107 et seq):
6
From Capability Management Handbook (Interim Edition) dated 26 Feb 07 V2.0
c. Process. A process is a series of activities designed to achieve an outcome. It
is a real world activity consisting of logically related tasks which when performed in
the appropriate sequence and according to set down business rules produce a
business outcome such as process order fulfilment.
SOA
Elaboration on SOA
0106. SOA organises business and IT software components into providers and consumers
of services. An SOA approach loosely couples business processes to the supporting
business and IT components. This means that changes to one do not require large scale
changes in the other. In a MOD context, it means that it is possible to model processes and
services independently of their execution environment and create messages that can be
sent to any service. SOA harnesses the convergence of key technologies and the
widespread adoption of Web Services (explained in Chapter 2) that hitherto were too
immature, controversial or expensive for widespread uptake. These technologies cover or
enable:
Services
0107. Service refers to the provision of a discrete business or technology function within a
systems environment; e.g. Business Service – “Manage Customer Address”; Technical
Service – “Create E-Mail Notification”. A basic instance of how a service might be invoked
in an SOA is represented in Figure 2 below.
Basic SOA
Registry
e y via of
n
1. eb S rd in
int eg riptio
W nda
Pu er
sta
sh e t ce
nd s vi de
es o
ac
sta ce sses
de Reg
t
sc
se cce
rip istry
tio
A
rvi
n o via
2.
f
Requester Provider
3. Requests execution of
service by sending message
via standard interface
Web Services
0108. Web services are used to implement a service-oriented architecture. A major focus
of Web services is to make functional building blocks accessible over standard Internet
protocols that are independent from platforms and programming languages. These
services can be new applications or just wrapped around existing legacy systems to make
them network-enabled. A service can rely on another service to achieve its goals. Each
SOA building block can play one or more of three roles 7 :
a. Service Provider. The service provider creates a Web service and possibly
publishes its interface and access information to the service registry. Each provider
must decide which services to expose, how to make trade-offs between security and
easy availability, or how to price the services. The provider also has to decide what
category the service should be listed in for a given broker service and what sort of
7
Taken from Wikipedia
trading partner agreements are required to use the service.
c. Service Requestor. The service requestor or Web service client locates entries
in the broker registry using various find operations and then binds to the service
provider in order to invoke one of its Web services.
Elaboration on Services
0109. A service can be simple or complex. Figure below shows this simplicity
diagrammatically:
8
After Implementation of a SOA - NOSWG 070502
The above could refer to retrieval of a specific piece of information or to execution of a
complete business process e.g. creating a specific joint operational picture view or a
system capability such as authenticate user. Whatever the scope, it will be bounded and
will be limited to a single distinct business concept, function or process. Some of these
services are standardised 9 (i.e. based on standards) and provide the enabling mechanism
by which other services may be consumed – referred to as Core SOA Services and
Business Information Services respectively and defined in Chapter 2.
SOA Characteristics
0110. SOA exposes the functionality of applications in the form of services that can be
made available to other applications and/or users throughout the organisation. An SOA
treats elements of the business processes and their underlying IT services as standardised
components that can be combined to promote their reuse, to build new services and to
speed application development. Key aspects to understand about services are that:
ii. Exclusive coupling between a service and any given business process should
be avoided unless it is absolutely essential e.g. physical based 3-D modelling of
satellite imagery. Close coupling between services and processes significantly
inhibits reuse and dilutes many of the advantages of the SOA approach (see
para 0111).
d. Services are unique and do not overlap. In order to capitalise on some of the
benefits of SOA e.g. greater efficiency though quick and easy creation of new
services, services should not overlap and should only be designed and created
once.
f. Services share a contract with the service-user. The service contract defines
what a service can do and how to invoke it. It is the “instrument” that sits between
the technical implementation of the service and the requester. This is discussed
more substantially in Chapter 2. For SOA to work well in MOD clear military
specifications and operational thinking need to be brought to bear when defining
contracts. This is important not only because military users will be able to access
operationally relevant services but also because changing specification (and
possibly the behaviours of many requesters) is likely to take longer and cost more
than changing service execution. Therefore, front end military input, namely the
ECC community, single service Front Line Commands and PJHQ (particularly
N/G/AJ3, 4, 5 and 7), is vital for accuracy and appropriateness. Key aspects of
defining contracts are:
12
Security is covered in outline in Chapter X. but will be the subject of the first substantial update to this Handbook.
13
After Network Enabled Capability JSP 777 Edn 1
throughout the Joint Supply Chain where supply partners may have to be
changed without reduction in either logistic support or sustainability to operations.
i. Services are based on Open Standards. MoD has chosen to base its approach
to SOA on open web-standards. Interoperability is facilitated by implementing SOA
using widely-accepted open standards that are simple, pervasive, and both platform
and vendor-neutral. The use of open standards that are not widely accepted risks
lack of future development which will be needed to sustain the continued usability of
the standard. Chapter 2 covers this comprehensively.
Service Reuse
0111. An SOA allows MOD to reuse business services and functions from new and
existing Agents in a simple and standardised way. SOA is a strategy which orchestrates
the discrete enterprise functions into interoperable, standards-based services which can be
reused and/or combined for business benefit. SOA is aimed at maximizing this re-use.
Legacy Services
0112. Legacy services are those provided by existing systems. They should be treated in
exactly the same way as other services. The reason for legacy.
SECTION III
This section introduces and defines a number of terms based around a representative
diagram.
SOA Entities
0113. Relationships between the SOA entities can be represented in many ways. Figure
3 below aims to simplify these to their barest elements and should be self-explanatory. The
entities are MODAF compliant (see Chapter 3) and will operate according to rules
produced under the auspices of the Governance structure detailed in Chapter 4.
Business
Services
eg. Check employee pay,
send money to bank
enabled User
by
composed
of
Core SOA
Services
0114. The model illustrated in Figure 4 below is a simple overview of how some of the
key SOA terms interrelate. It should be viewed as informative rather than definitive and is
intended as the vehicle for some definitions. Services work by exchanging messages.
These messages operate on the basis of one or more supported exchange patterns e.g.
request-response, and are therefore defined in these terms. The relationship among the
different parts are explained below:
composes
Agent
provides consumes
Service
conducts Interface
composed
succession of Service
Level
Business Business conforms Service
supports supports Service
Function Process to Specification
Service
composed Policy
of
Service
Behaviour
Key:
entity
relationship
composition
SOA Core Presentation
generalisation Business Service
Service Service
Types of Service
0115. Figure 5 shows two classifications of service that are relevant to MOD. Both are
covered in depth in Chapter 2:
”.
a. Core SOA Services. The core services are a single set of reusable technical,
generic enabling or foundation services which enable information to be shared.
These services enable the SOA to function. They comprise a single logical set of
services. Core SOA Services enable Business Services (defined next) to be
integrated, distributed, and accessed across organizational, geographical, and
technical platform boundaries. Core Services include: security services; discovery
services; a meta-data repository; mediation services; orchestration services;
messaging services; and Information management services. Where these are
delivered using several different physical implementations (dependant on role or
operation) this is known as federation.
b. Business Services. The bulk of MOD services that will be provided by SOA are
Business Services. The goal of SOA is to align the provision of business services
with business processes in such a way that they can be reorganised to match the
tempo of business change. It is important to confine services to those with a direct
counterpart in real business. Functions such as personnel management could then
be either a big service with lots of smaller ones; or a number of discrete services.
By keeping focus on real business scenarios and away from technology, business is
able to play an important part in identifying requirements. At any time, the technical
solution can always be mapped back to the business model. The derivation of these
is complex and how MOD will approach this is explained in Chapter 2 and Annex A.
Service Definition
0116. A service will have one or more machine-readable descriptions of the messages it
receives and returns. It is therefore defined in terms of the message exchange patterns it
supports. A schema of for the data contained in the message is used as the main part of
the contract between a service requester and provider. An important part of the definition
of the service is that the description is separated from its implementation. The description
may support multiple implementations and vice versa. What separates the description from
its execution is a transformation layer. The transformation layer accepts the message,
translates the data into a native format, and dispatches the data to the implementation
layer.
d. Service Policy. A key feature of a Service Specification that defines the usage
policy of a service. A typical service policy would define access rights and conditions
for a type of service.
e. Agent. Any business unit or automated system (e.g. a software application) that
produces and/or consumes services. An agent can be human or machine.
Service Contracts
0117. As explained in para 0110f, every service has a well-defined interface call a service
contract. It clearly separates services internally from execution environment and from its
externally accessible interface. Contracts will enable formalisation of system boundaries
and minimising of dependencies.
Business Function
0119. The sequencing of services, governed by the sequence of Business Functions they
support. In its simplest form it is collaboration in which a primary service directly invokes
other services.
Open Standards
0120. These are non proprietary and widely adopted standards for MOD SOA (e.g. SOAP
and XML). This topic is comprehensively covered in Chapter 3.
Automated Service
0121. A service which is provided with no requirement for human intervention under
normal operating circumstances.
Software Service
SECTION IV
General Concept
14
Reference Latest EBO
15
Defence Lines of Development – use COS Briefing
16
System of Systems Architecting Responsibilities EC CCII (Ses 07-080) /DGISTAR/7/3/3/6 dated 07 June 07
approaches is that service orientation enables focus on the description of the business
problem. Previous approaches required more focus on the use of specific execution
technology. The way in which services are developed better aligns them to solving
business problems. SOA is not new. What is new is that the ability to mix and match
execution environments, clearly separating the service interface from the execution
technology, allowing organisations to choose the best execution environment for each job
and tying them together using a consistent architectural approach. For the MOD, it offers a
unique opportunity to align the needs of providing capability with the supporting IT. Over
time, this means more adaptable services, quick applications development, more freedom
to choose best fit technology and better economy i.e. more capability for the same outlay.
Why SOA?
0125. For MOD, there are many potential advantages to the SOA route to delivering
service. The top three are:
a. The ability to create new components and services from legacy applications –
potentially savings from new services based on existing applications and leveraging
of investment in legacy applications;
0126. Like it or not – SOA is coming. Major vendors such as IBM and Oracle have fully
embraced SOA for development of their applications and others, such as IFS are service-
enabling key functions in their applications and procurement of non-SOA compliant IT
systems is likely to become less appealing on a VFM and functionality basis. SOA should
allow the MOD’s Business Services to be the key organising principle used to align IT
systems with the needs of the business. This is quite different to earlier approaches which
built IT systems which were wedded to specific implementation environments such as
procedure or object orientation and which resulted is systems that were locked into
functionality or features of a particular implementation technology e.g. CORBA, J2EE and
IMS 17 . Figure 6 below is a summary of the arguments that we used to inform the SOA
decision.
17
It is not necessary to understand these terms but for completeness they are in the Glossary
SOA Vs Stove Pipe
SOA Stove Pipe
Facilitates NEC Low Risk
Adaptable software components “Over the fence” procurement
+ Re-useable software components established
Builds an “information layer” Information Assurance processes
Connects to Allies services established.
Connects to industry services Lower short term cost
Agile (quick & easy to change)
Lower long term costs
Open Web Standards
Higher up front cost Hinders NEC
Higher “in-house” management Costly and Slow to change
_ overhead UORs Entrench problems
Information assurance risks Limited information sharing
New Skills required Duplication of information
Procurement change required Quality of information varies
Not suitable for Real-Time Vendor lock-in
0127. The attractions of implementing SOA using Web Services are their simplicity and
ease of use, their wide uptake, the fact that they are platform-neutral.
MOD’s Approach
c. Develop Core SOA Services 18 . The core services are those services that enable
the SOA to operate e.g. messaging and discovery 19 (defined in Chapter 2). The
MOD’s core services have already been derived and agreed as the Core SOA
Services 20 and are discussed in Chapter 2.
d. Policy and Governance. Policy (as outlined in this Handbook and the associated
JSP 602) states the overall direction of SOA, the technical approach, and the
frameworks and standards to be adhered to. Governance states the structures,
roles and responsibilities and the mechanisms by which SOA is to be managed.
These are covered in more depth in Chapter 4.
Federation
0130. Federation was introduced in para 0115a. SOA promotes federation of the
architecture and for MOD; this will be done through an ESB, which includes the Defence
Information Infrastructure and any future static or deployed systems. The implications of
this are important for the organisation of any technical architecture team (see Chapter 4
Governance). The central team should concentrate on the infrastructure and the definition
of the services. Decisions within each relevant military function should remain the
responsibility of the local Community of Interest, which includes military, financial and
technical representation. The implications are important for the business managers and
operational commanders. SOA allows direct control of the business processes and the
services from each domain have to be ‘orchestrated’ to create a work flow that supports the
18
Defence Core SOA Services
19
These are NOT common services such as Mapping or Transport which are Business Information Services.
20
DG Info/IX/DMF-05/01 dated 23 Mar 2006. NETWORK ENTERPRISE CORE SOA1 SERVICES (NECS) User
Requirements Document V0.43
21
ESB is an open standards (all components), message-based (using standard message notation, protocols and transport),
distributed, integrations solution that provides routing, invocation and mediation services to reliably facilitate
interactions of disparate IT resources. .
22
Based on “Service Oriented World” Cheat Sheet by Brenda Michelson June 2005 (Patricia Seybold Group)
business process. This means that it is vital to have a clear definition of what the business
processes are and a clear business model in order to get full value from SOA. ESBs and
their are requirements are covered in Chapter 2 from para 0235.
0131. This area is not well served with cogent advice. The technology used to implement
the SOA concept in the strategic and deployed environments, may not be the same as in
the tactical environment. Ironically, unless a transformation service can be provided, in
some circumstances, the high bandwidth or low speed of web services may predicate
adoption of other (perhaps point to point) technologies. Such performance limitations are
the key reason to adopt a non-WS SOA design. Development will have to be coherent with
DII/BOWMAN in the battle space. Tactical systems planners and designers should in the
first instance contact Info X EA 1 for the latest advice.
SECTION V
d. The MOD SOA will be able to interface with non MOD organisations such as
coalition partners, industry and OGDs;
g. Services should only interact with other services through their well-defined public
interfaces;
k. Services should perform discrete tasks and provide simple interfaces to access
their functionality to encourage reuse and loose coupling;
l. Services should provide metadata that defines their capabilities and constraints,
and this metadata should be available in a repository, which itself can be accessed
through services. This allows service definitions to be inspected without needing
access to the service itself. This also allows services requesters to dynamically
locate and invoke the service.
0134. Industry experience demonstrates that choice of a start point for SOA is the most
difficult step. Successful SOAs go forward in a series of small steps, using clear metrics
from the outset to demonstrate the business and technology benefits which build credibility
within both the business and the IT communities i.e. an incremental approach. MOD will
adopt an incremental approach, using low initial investment to tackle small projects that
build credibility through demonstrating business value. The key is to tightly link each project
to a rapid return of business value, making each business case easier to justify and
generating support for the approach. The Governance mechanism will aim to prescribe a
common flexible methodology across for projects to employ.
23
Loose coupling in this IT context is used to indicate that a software component has easily defined interfaces and can
easily be updated and/or replaced without major integration work.
24
SOA can provide benefit in orchestrating components to aid a human decision on the battlefield (assessing information
from a range of discrete applications and sensors). It is not clear that Web Services are yet capable of supporting real-
time battle space applications. It may well be that some services are implemented as messages, CORBA or RMI, etc.
“Web services” implies SOAP and WSDL.
Service Enabling Legacy Systems 25
0135. Web Services can be used to create a contract between disparate systems such as
CORBA and J2EE and packaged applications. Most software systems understand Web
Services and getting them to interoperate requires contracts that both sides can agree to.
It is possible to service –enable legacy systems by defining WSDL (see Chapter 2)
contracts for them and providing SOAP (see Chapter 2) applications that can receive
SOAP messages and convert them to message level invocations. This enables effective
reuse of legacy assets which can fulfil enduring requirements without wholesale
replacement. It is possible to service enable almost any legacy systems including
mainframe (e.g. IMS); distributed object applications (e.g. J2EE); transaction processing
systems (e.g. Tuxedo) as well a numerous packaged applications and B2B systems.
0136. There are good examples of organisations which get SOA wrong by failing to
understand the fundamental differences between SOA and their previous arrangements.
Achieving a disconnected architecture is often the outcome; and the danger of introducing
Web Services technology in such situations is that problems manifest themselves relatively
slowly. Examples of such problems include:
e. Failure to achieve the correct balance between the Depth and Breadth of
functional services.
0137. Early projects should use simple architectures and minimise up-front technology
investment. For example, use open standards, typically application servers and ESBs.
Identify Benefits
0138. Business benefits will be clearly understandable if simple and easily measurable
metrics can be applied to chosen projects. These should be communicated to all
stakeholders and leveraged to justify successive projects which should be either bigger or
more complex but which reutilise the skills and infrastructure deployed for the first project.
This will also enable the number of reusable services made available for later projects to
increase.
25
Derived from Understanding SOA with Web Service s by Newcomer and Lomow (Independent Technology Guide –
Addison-Wesley) p181 et seq.
Get Service Level Abstractions Right
b. Business processes;
h. Service Level Data Model. XML schema. Defines which XML constructs and
libraries should be used;
0140. Building a military SOA is not new and there are a number of ongoing developments
from which good experience can be leveraged 26 . Below are some of the more useful
observations:
a. Keep it simple. Simple business designs are “good” designs (for a long list of
sound business reasons including cost of change and lower risk of early life failure:
reasons mainly to do with ability for “average” designers of new capability to
understand existing designs, and so use them successfully or avoid re-implementing
them).
b. Design for reuse. Most business processes use sub-systems that are common
(called ‘core’ services here). Business process design can be generalised if
common needs are pooled, leading to a more generic design that appears externally
to be simpler. This is the first practical aspect of SOA.
26
DODAF and the Swedish DOD implementations.
c. Risk is inherent and cannot be removed. System design has an element of
judgement. When generalising there is a high risk of creating something that is too
abstract to be usable; when keeping something specific there is a danger of
duplicating something in an inconsistent way. Whatever conclusion is reached
about whether to generalise, the optimum solution is likely to change over time. It is
also important to maintain an audit trail of decisions.
0141. Applications sourced from different designs hamper future integration effort and
generally lead to more expense and system fragility. If SOAs are to be properly exploited,
the laid down design standards in Chapter 2 must be followed - interoperability is the
eventual goal. MOD will use WS-I standards. WS-I is the main interoperability focus
across web service implementation. It sponsors several workgroups to resolve
incompatibilities and provides common interpretation of other specs and testing tools etc. to
help with conformance. These standards ensure there is consistency in design and
interaction of the services which encapsulate business logic. Failure to adhere to
standards could result in:
0142. Services created by an SOA should directly support MOD services to FLCs and
other customers. The processes and methods defined must are services oriented. The
development tools must also be oriented to creating and deploying the services. Only then
can there be appropriate focus on defining and deploying business and technical services
that are reusable across multiple users, applications and channels. The aim is to end up
with applications which are easily built from internal and external sources.
0143. MOD SOAs rely on Web services; this deepens the dependence on XML data
representation. In addition, as scope and functionality increase, the volume of message-
based communications as well the number of layers (e.g. encryption) increase. In the early
stages of planning SOA, it is important to have as accurate an estimate of the whole
system messaging capacity as possible, and to test the different components that will be
used e.g. processors for SOAP and XML (See Chapter 2 for detail on XML and SOAP).
0144. A comprehensive transition plan enables controlled migration of, and coherence
between technological, organisational and architectural changes. A standard People
Process Technology (PP&T) approach will work as long as it is basically thorough but also
covers issues such as:
0145. A sound understanding of how security issues will affect the developing SOA is
essential. Interoperability of security is as important as functional considerations.
Agreement on how security rules are defined and enforced across the different services is
essential and must be planned from the start. Security will be covered in the next revision
of this Handbook.
Understand XML
0146. SOAs are based on XML or their derivatives. If the XML data structure and
validations are not standardised, the quality of processing may be severely affected e.g.
unnecessary validated multiple times. Early attention needs to be paid to the manner in
which the XML technologies represent process and validate data/information as they flow
through the architecture.
0147. It is especially important that the higher level of the governance mechanism (SOA
Board) is closely aligned with the existing MOD corporate governance processes. For
lower levels, a more unilateral mindset might be adopted – one which avoids being unduly
constrained by remainder of the MOD governance structures. Without this high level
alignment at the corporate planning level, a disconnect between business intent and both
service oriented development and delivery may well occur.
Organisational agility
0148. A service oriented approach will help the MOD create a more agile and responsive
organisation, by focusing on incremental capability. SOA more naturally aligns with
incremental capability delivery, than does the more traditional approach to system
development. An SOA can add new functionality, expose existing functionality to new
channels and adapt functionality according to requirement. Most importantly. The cost and
effort to respond and adapt to business or technology related change is reduced. Most
importantly, an SOA can compose business solutions from others.
0149. Building reusable services may result in slightly increased development effort and
require the use of design standards by leveraging subsequent reuse lowers Through Life
costs. Such reuse of services reduces IT development and maintenance time and costs. In
addition, the cost and effort of application development is reduced as standardised XML
data representation is achieved. The cost of scaling communications infrastructure should
also reduce, as a single communications technology is required to support the federated
part of the enterprise.
Architectural Partitioning
0151. The SOA approach allows for a gradual adoption of service approaches, which will
allow the costs to be the spread across multiple projects. A wrapping legacy (and ‘future
legacy’ system as services is an effective way to preserve existing investments.
Reuse of Services
0152. Once the services infrastructure is established and services are available for wide
reuse, and the procurement strategy allows simpler procurements, it will then be possible
to deploy applications faster and at lower cost. Services based applications can also be
adapted and changed more easily. Service orientation promotes the design of services that
are inherently reusable. Designing services to support reuse from the start enables
increased opportunities for leveraging existing automation logic. Properly designed
services fulfil both immediate requirements whilst supporting a degree of reuse by future
requestors. This establishes a permissive investment environment for the future.
0153. SOA solutions rely on ESB delivered across an Enterprise Architecture and consist
of inherently interoperable services. Vendor-neutral Web services communications
frameworks allow highly standardised service descriptions and message structures,
resulting in intrinsic interoperability that helps cross-application integration.
Streamlined architectures and solutions
0154. The concept of composition is fundamental to SOA. Whole platforms e.g. the WS-*
platform, can be built entirely on the principle of composability. This aspect of SOA can
lead to highly optimised automation environments, where only the technologies required
actually become part of the architecture.
0155. The acceptance of Web services technology has spawned a large adapter market.
This enables legacy environments to participate in service-oriented integration
architectures. This enables progress towards a state of federation, where previously
isolated environments now can interoperate without requiring the development of
expensive and sometimes fragile point-to-point integration channels. However, legacy
system adapters can be expensive and acquisition needs to part of an overall strategy to
incorporate legacy applications into an SOA.
0156. At its most fundamental level, SOA is built upon and driven by XML. As a result, an
adoption of SOA leads to the opportunity to fully leverage the XML data representation
platform. A standardised data representation reduces the underlying complexity of all
affected application environments. Establishing XML data representation architecture
becomes a necessity, providing organisations with the opportunity to achieve a broad level
of standardisation. (NB. SOA doesn’t mean XML and vice versa)
Alternatives
Organisational agility
0158. Much of service-orientation is based on the assumption that what is built today will
evolve over time. One of the primary benefits of a well designed SOA is to protect against
the impact of this evolution. When accommodating change becomes the norm in distributed
solution design, qualities such as reuse and interoperability become commonplace. The
predictability of these qualities within the enterprise leads to a reliable level of
organisational agility. However, this is only attainable through proper design and
standardisation. A standardised technical environment comprised of loosely coupled,
composable and interoperable and potentially reusable services establish a more adaptive
automation environment. By abstracting business logic and technology into specialised
service layers, SOA can establish a loosely-coupled relationship between these two
enterprise domains. This allows each domain to evolve independently and adapt to
changes imposed by the other, as required.
0159. Besides the core Web services (SOAP and WSDL), a wide array of extended Web
Services specifications for security, reliability, transactions, metadata management, and
orchestration are well on the way toward standardisation, providing SOA-based solutions
with the required enterprise qualities of service to support mission-critical programmes and
activities.
Separation
0160. The greater separation of interface from execution environment in Web Services
facilitates the separation of work responsibilities as well. Separating the service description
from its technology implementation means that businesses can think about and plan IT
investments around the realisation of operational business considerations more so than the
capabilities of any individual technology or product.
Consumption
27
0161. In SOA applications, common functions such as name look up or NSN validation
or security checks are implemented using services. Using services reduces the amount of
deployed code but also reduces the management, maintenance, and support burden by
centralising the code and managing its access. However, the performance implications of
accessing services instead of using internal functions must be assessed because using a
service can consume more computing resources that usable code libraries.
Service Design
0162. The key to successful SOA is determining the correct design and function of the
services in the reusable service library, which should ultimately reflect the operational
characteristics of the organisations such as how intermodal container transfer works.
0163. The operational characteristics of the business are what need to be automated, and
the SOA projects must ensure that the reusable software service is properly aligned with
the operational business processes. The successful alignment of business services and
their implementation in software that operational business processes can be changed
quickly and easily as external environmental changes allow an organisation to adapt and
evolve.
0164. It is easier to separate the presentation logic from the business logic if the latter is
service-enabled. It is easier to connect mobile devices and GUIs to applications when
business logic layer is service-enabled. Applications can exchange data easier because
Web Services represent a common standard across all types of software.
Challenges to Adoption.
a. Training. There must be adequate staff training and maintaining the level of
discipline required to ensure the services develop are reusable.
27
NATO Stock Number
b. Coherence. The existence of an individual service is of little value unless it fits
into a larger collection of services that can be consumed by multiple applications.
SECTION VI
SUMMARY
0166. Figure 7 is a simple stack model intended to help summarise this chapter; and to
put into context chapters that follow. The diagram is a simple representation of the key
concepts in an SOA arranged in a logical stack.
Presentation
Business Services
Services
MODAF
Core SOA Services
Applications
Infrastructure &
Communications
b. The Applications layer contains those applications (software) that are deployed
and run on the infrastructure.
f. MODAF. The entire SOA is modelled in MODAF which is the subject to Chapter
3.
CHAPTER 2
This chapter has some technical content and compliance with parts of it is MANDATORY.
It introduces SOA standards and should be considered as Work in Progress. It is aimed
primarily at architects. It also introduces Core SOA Services i.e. those that are common to
all others and which enable the latter to be seen, found and accessed. They are the basis
of an SOA. Architects need to understand this chapter and although simplified, the core
service definitions are relatively technical. Users who seek to access services need not
understand Core SOA Services. A hierarchy of services based on a MOD Functional
Model is also described and this will become important as new services are added over
time.
SECTION I
OVERVIEW
Web Services
0201. The Services and the standards to which they are designed is what ultimately will
increase agility and reduce costs. It is an area of tremendous growth in industry and there
are a number of different paths that can be taken. Although one can implement SOA using
any service-based technology, the MOD policy is to use Web Services based on Open
Standards that are widely accepted. This chapter specifies the standards it has been
agreed to adopt, signposts some of the key future developments and issues, and provides
advice on what to do when faced with a gap in advice. It is accepted that standards are still
developing and will therefore change. This Chapter covers the basic web tools, a
description of the Core SOA Services and the Business Services, and further details of the
Enterprise Service Bus (ESB). This is an important chapter in laying the foundations for
the agility and flexibility required to support Network Enabled Capability within a receding
budget.
SECTION II
This section describes some of the main (MANDATORY) tools to be used; some of which
have already been tested in MOD SOA pilot projects. SOAs are built on Web Services
standards have gained broad industry acceptance. These standards (also referred to as
web service specifications) also provide greater interoperability and some protection from
lock-in to proprietary vendor software. The versions to be used are also laid down in
Section 3. It does not cover the panoply of implementation methods which will also need to
be compliant with the standards herein.
Why have SOA Standards?
0202. Service-Oriented Architectures are intended to make the enterprise more agile and
reduce redundancy. Reuse is a key factor in SOA, and reuse of services in large
organisations like the MOD is only possible if there are standards. The supporting
standards need to ensure that ensure services are interoperable at an operational level.
These standards ensure there is consistency in design and interaction of the services
which encapsulate business logic. Failure to adhere to standards could result in:
b. Service descriptions with poor interfaces or semantics or both and therefore poor
services delivery.
SECTION III
ENABLING STANDARDS
0203. Most services usually involve the exchange of information (even if the information is
simply an instruction to the provider to invoke the service) and it is important that the format
of this information is standardised to enable re-use of the service. In the case of System
Services, this is doubly important as the service consumer and provider may both be
automated systems with no ability to negotiate or infer meaning from improperly structured
information.
Web Services
0204. It is likely that most Automated Services will be implemented as Web Services. Web
Services detailed in para 0226 and 0227 are to be used for SOA. There follows a generic
description of the commonly used services.
0205. XML is a markup language for describing data in message payloads in document
format. It provides a flexible framework for organising and sharing data. XML is an open
standard. It represents a flexible framework for organising and sharing data. XML is used
heavily within the XML messaging, service description and service discovery layers of the
web service protocol stack. Interface creation and application development is speeded up
markedly by using XML. Systems no longer need to build complex one to one data
interfaces with other systems. They should be sharing XML-based information saving
significant effort in systems integration costs and enabling true agility.
0206. HTTP and its derivatives are request/response protocols between clients and
servers used to transfer or convey information.
Simple Object Access Protocol (SOAP)
0207. SOAP is a protocol for exchanging XML-based messages over a computer network,
normally using HTTP. IT can be used in a variety of messaging systems and can be
delivered via a variety of transport protocols. SOAP enables applications to easily connect
to remote services and invoke remote methods. For example, a client application can
immediately add language translation to its set of features by locating the appropriate
SOAP service and invoking the appropriate method. SOAP represents a cornerstone of
web service architecture, enabling diverse applications to easily exchange services and
data.
0208. BPEL provides a standard way of describing business processes that are based on
web services. It provides the facilities that are required in complex business protocols,
such as the description of behaviour dependant on data sent between services, exception
management and recovery, and coordination between business partners for complex
processes of extended duration.
0209. UDDI is a technical specification for describing, discovering and integrating web
services. It is a critical part of the web services protocol toolkit, and enables organisations
to both publish and find web services. UDDI is a technical specification for building a
distributed directory of businesses and web services. Data is stored within a specific XML
format and the UDDI specification includes details for searching existing data and
publishing new data. It is also forms the UDDI Business Registry, which enables
organisations (or parts thereof) to search existing UDDI data, and to register them and their
services.
0210. WSDL is a specification defining how to describe web services in a common XML
grammar. The XML-based service description describes the public interface, protocol
bindings and message formats required to interact with a web service in simple terms,
WSDL represents a contract between the service requestor and the service provider.
WSDL is platform and language independent and is used primarily to describe SOAP
services. Using WSDL, an agent can locate a web service and invoke any of its publicly
available functions. With WSDL-aware tools, this can be automated, enabling applications
to easily integrate new services with little or no manual code. WSDL therefore represents
another cornerstone of the web service architecture, because it provides a common
language for describing services and a platform for automatically integrating those
services. WSDL describes four critical pieces of data:
b. Data types information for all message requests and message responses.
MooD
0211. MooD is a modelling tool, widely used in MOD. In an SOA context it is useful
because it can be used to build architectures and it provides a model-driven capability
which maintains the integrity of the solution during change. MooD can provide a business-
driven, component-based approach which allows the enterprise model to be re-configured
to match new business developments. Business and technology designs can be
storyboarded, tested, re-arranged and re-orchestrated.
SECTION IV
0212. Core services are the enablers that are used by Business Services and users
across the whole enterprise. They are independent of business process and context; and
they are ubiquitous. It is therefore essential that the core services are standardised and
specified very precisely in order to facilitate their reuse. Core SOA Services are absolutely
vital in maintaining consistency within the technical environment. The next paragraphs
describe the MOD Core SOA Services 29 . It should be noted that this is an area infested
with confusing terminology and that care has been taken to ensure that the MOD Core
SOA Services here cover functionality demonstrated to be critical in both Defence
implementations and commercially. The MOD SOA Core Services are:
a. Discovery
b. Mediation
c. Security
d. Metadata Repository
e. Service Management
f. Messaging
g. Orchestration
28
In the first instance, contact Info IX EA1
29
Based on various US DOD/UK NECS definitions and UK MoD NECS (NCES) Definitions – Final Version dated Aug
2007
Discovery
0213. Discovery is the process of identifying required services. This can be design time
(at the point of design) or run time (when it is being used). Where one looks for a service
is the registry, which is based on commercial products that support the UDDI standard.
The registry provides a services directory for all MOD Core SOA Services and agents, and
the dynamic publishing and discovery of service definitions. The easiest way of
understanding this is to consider it as a book of Yellow Pages which organize businesses
according to their products or services. Discovery works by providing the
publishing/advertising of service definitions, descriptions, metadata, and accessibility –
from sources ranging from web services to devices and business functions. It is important
because:
Mediation
0214. Mediation refers to a set of services to overcome the fact that data and services in
any enterprise environment are represented in a variety of formats e.g. mils and
degrees/seconds, or Celsius/Kelvin. It is therefore a data conversion and format
translation capability. Mediation services help bridge information exchange between data
producers and consumers e.g. data transformation, aggregation, service orchestration
(see para 0219) and adaptation. The basic operation of the mediation services can be
described as follows: data transformation changes data from one form to another; service
orchestration and aggregation works on behalf of a consumer to coordinate a workflow;
and service adaptation solves the problem of converting between the rules used by one
service into that required by another whilst maintaining the integrity of the message being
sent. It is important because:
Security
0215. The primary goal of Security is to ensure SOA services can be invoked securely i.e.
which agents may discover and consume services and under what conditions. For
example, an individual who is updating personal information will have full access to the HR
services on the Joint Personnel Administration systems as opposed to a colleague who
may only have partial read access. The capabilities encompassed by this service are wide
and include a Service Security interface and design specification, functional components
that enforce role-based access control, authorisation queries and responses, retrieval of
policies for service provider resources, policy administration and a certification validation
service. MOD SOAs will generally sit on the Defence Information Infrastructure or similar
secure communication infrastructure (non-DII programmes and infrastructure). The
underlying accredited security mechanisms will have be relied upon. This may not be as
simple as stated because of both compliance and design issues but all instances where
there are issues, need to be referred to the Governance mechanism covered in Chapter 4.
Security is important because:
d. It ensures that a sender cannot deny a message already sent, and a receiver
cannot deny a message already received. (Non-repudiation);
f. It provides the interfaces that enable each organization (or part) to implement its
own solution (interoperability).
Service Management.
30
Definition from www.searchoracle.com
c. It enables the detection and handling of exceptions by defining exception
conditions, detecting and alerting exceptions, and automatically taking corrective
actions to handle exceptions (in real-time);
d. It provides insight into the usage of services by capturing usage data; helping
with the evaluation of the usefulness of a services; and whether more services are
required;
Messaging
0218. This service provides a federated, distributed, and fault-tolerant SOA messaging
capability. It uses multiple message brokers which could be within different physical
implementation. This supports the distributed and federated MOD business and delivers
scalable and interoperable event notification to agents. The service leverages and
supports publish and subscribe, peer-to-peer and queuing. It supports the configuration of
service level parameters for a published message including its priority and precedence. In
addition, it provides guaranteed delivery of messages to disconnected users or applications
by queuing them for delivery on reconnection. It is important because:
d. It provides Integration with other core services for enhanced security and
administration.
Service Orchestration
0219. Orchestration describes how web services can interact with each other at the
message level, including the business logic and execution order of the interactions. These
interactions may span applications and/or organizations, and result in a long lived,
transactional, multi-step process model 31 . It helps to state what services are required to
support business processes and the logical flows between them. Through this it is possible
to support the service “chaining” with continuity of information. The foci are implementation
and workflow. [NB. This is different to Choreography which tracks the sequence of
31
From “Web Service Orchestration – a review of emerging technologies, tools, and standards” Charles Peltz Hewlett
Packard Jan 2003
messages that may involve multiple parties and multiple sources, including customers,
suppliers, and partners. Choreography is typically associated with the public message
exchanges that occur between multiple web services, rather than a specific business
process that is executed by a single party. The focal points for choreography are
collaboration and protocols.]
0220. Figure 8 below outlines how the SOA Core Services fit with the MOD Business
Functions to provide the basis of an SOA. Users simply access services on the portal. The
Core SOA Services enable the Business services (which are based on the functional
breakdown) to be administered, created, seen, found, and accessed. The model depicted
will contribute to the implementation of SOA by identifying potential Communities of Interest
(COI) to exercise ownership and governance of specific information areas and associated
business rules and so develop the requisite service or services (These are covered in
depth in Chapter 4 – Governance). Services may well be made up from different functional
baskets and in such cases, the relevant COIs would be expected to co-develop them. How
these Functions will be transformed into services is the covered next and in Annex
A/Chapter 4.
The next two sections detail the Enterprise Service Bus (ESB) – the engine of which are
the MOD Core SOA Services. A federated ESB was trialled on CWID 07 and is now being
developed further in the Joint Supply Chain. The MOD’s ESB Concept in known as Fred
(which is not an acronym).
Best Practice
Basic Operation
c. ESB invokes the data services - retrieves data from data service providers;
d. ESB aggregates the results - applies rules from data transformation service to
remove duplicate data and convert collected data into a format compliant with
service contract;
Software Approach
0223. The ESB lies between the business applications and enables communication
among them. It should be able to replace all direct contact with the applications on the bus,
so that all communication takes place via the bus. In order to do this, the bus must
encapsulate the functionality offered by its component applications in a meaningful way.
This is typically accomplished through the use of an enterprise message model. The
message model will define a standard set of messages that the ESB will both transmit and
receive. On receipt of a message, it routes it to the appropriate application. Where an
application was not built with the message model in mind, the ESB will have to transform
the message into a legacy format that is understandable by the application – this is done by
an adapter. If the message model does not completely encapsulate the applications'
32
UK MOD NECS (NECS) Definitions Final V1.5
functionality, then other applications that this functionality will bypass the bus and invoke
the applications directly and so negates some of the advantages of using an ESB. Using
Web Services means that the message exchange is almost always done in a platform-
independent manner. This allows the ESB to integrate applications that run on many
different systems.
ESB Characteristics
g. can uniformly apply business rules, enriching messages from other sources, the
splitting and combining of multiple messages and the handling of exceptions;
SECTION VI
FRED
0225. The descriptive labels “Fredlet, Fred and Frederick” were selected during the
MOD/Industry workshops because they were simple, vendor neutral and neither acronyms
nor reserved words. Figure 9 below provides a conceptual construct within which MOD’s
and related ESBs will provide a defence SOA. Some parts of this were trialled in CWID 07
and will be further trialled in CWID 08. It demonstrates the potential scale and benefits of
the undertaking and sustains the requirement for vendor neutrality.
GLOBAL DEFENCE AND SECURITY ENVIRONMENT
Coalition
Frederick - NATO
Users
equivalents –
e.g
Business Services NATO/OCCAR
Frederick - Nation
Enterprise Service Bus
Users
Business Services
Fred - MOD Core SOA Services
Users
Business Services
UK federated
Core SOA Services
Components
0227. The ESB has provided a programme-specific information and integration capability
for the JC2SP programme and has now been extended to two logistics pilot projects. This
will develop, test and prove the tenets for a wider SOA/ESB.
National Level
0228. The UK MOD SOA will comprise a hierarchy of Federated Enterprise Service Buses
(ESB) supplied by a number of different vendors utilising potentially different technologies.
Open standards will provide the required degree of flexibility, integration and
interoperability. UK MOD ESB will be a heterogeneous environment composed of new and
legacy systems within various parts of the MOD. This means end-to-end from partners and
suppliers to the front end of the battle space. It also includes the legacy environments of
Other Government Departments (OGDs), Agencies and Non Government Organisations
(NGOs) with whom the MoD must collaborate.
Development.
0229. The ESB may eventually be extended to encompass integration and interoperation
with the SOA environments of coalition partners. This means that the ESB may be required
to securely and reliably provide MOD Services to users and support reciprocal services e.g.
meteorological services and coalition Common Operating Picture. Once mature, the ESB
will enable MoD to effectively and efficiently change its operational processes and
organisational structure to meet new requirements. The initial deployments of the ESB will
enable MoD to do what it does today, better, and in a more agile fashion – future
deployments will enable MoD to do better things – in essence, the ESB will offer MoD a
robust NEC Transformational Capability.
Issues to Develop
b. Choreography. The ESB will be required to offer users the ability to search for a
particular service that may meet their immediate needs. It will also be required to
offer specific COIs the ability to change the connections between sets of services
(choreograph) to create support for other, higher or new business functionality.
c. Dynamic Registry. The ESB will contain a dynamic registry (and registry
management function) of all available Services in the ESB.
e. Quality of Service. QOS issues will become important as more E2E capability is
sought. Service levels between various interconnected ESB in MOD/UK may require
negotiation prior to deployment.
f. The scope of many of SOA standards is further refined by the use of extensibility
points within the standard. Their use may impair integration or interoperability (they
allow leeway for standards implementations to be different) and will have to be
negotiated or documented in some fashion by the parties who create or consume or
extend the usage of a particular service within an SOA or a federation of SOAs.
ESB Functions
0231. In order to support an Enterprise-level SOA, it is widely held that an ESB must be
able to facilitate the following functions that are described in Table 1 below 33 .
33
Adapted from UK MoD NECS (NCES) Definitions Final V1.5 dated Aug 2007.
Exploitation
0232. By adopting this “style” of SOA operation, MoD will be better able to create Agile
IS/IT support that will enable it fully exploit the new ways of working offered by Service
Orientation.
Security
0233. Security will be covered in the next update of this Handbook. For services, as for
other information technologies, security consists of understanding the potential threats an
attacker may mount and applying operational, physical, and technological
countermeasures to reduce the risk of a successful attack to an acceptable level. Because
an "acceptable level of risk" varies hugely depending on the application, and because costs
of implementing countermeasures is also highly variable, there can be no universal "right
answer" for securing Services and access to Services. Choosing the absolutely correct
balance of countermeasures and acceptable risk can only be done on a case by case
basis. However, there are common patterns of countermeasures that experience shows
reduce the risks to acceptable levels for many services. The WS-I Profile adopts, but does
not mandate, use of the most widely used of these: HTTP secured with either TLS 1.0 or
SSL 3.0 (HTTPS). That is, conformant Web services may use HTTPS; they may also use
other countermeasure technologies or none at all. HTTPS is widely regarded as a mature
standard for encrypted transport connections to provide a basic level of confidentiality.
HTTPS thus forms the first and simplest means of achieving some basic security features
that are required by many real-world Web service applications.
SECTION VII
BUSINESS SERVICES
This section introduces the Business Function model which will form the basis of Business
Services.
0234. The underpinning precept is that business drives the SOA. The importance of this
is that the business functions are enduring and that the Business Services can be based
upon them. In order to ensure that there is as comprehensive a coverage of MOD activity
as possible, a business function model has been produced by comparing the three main
activity/process/output models 35 and the outputs in the Departmental Plan 36 . The resulting
functional breakdown will form the basis of the services to be produced and as each area
(or group of areas) is designated for further work, appropriate COIs will form and take
forward their development into services. Decisions on the level of any particular COI will be
made on a case by case basis by the Governance mechanism. It will also enable a
concurrent bottom up view of the technology currently supporting these functions in order
to determine the appropriate level of abstraction for the Business Services. The Level 0
and 1 outputs and their descriptions are reproduced at Annex A to this Handbook.
34
20070706 MOD Functional Model – BMS Update – carried out on behalf of IX EA AD1.
35
These are the Business Management System (BMS); Defence Activity Model (DAM) and the CBM Activity Model.
36
Departmental Plan 2005-2009.
Business Services are Information Services
0235. The Business Services are actually information services which directly support
business functions. This provides a vehicle for the MOD’s business end (FLCs, ECC
Community, Doctrine, Logs) to become intricately involved with the IT end of the business.
This is critical because in order to enable greater reuse across MOD, it will be essential to
govern the development of information services, and to enforce standard specifications for
those information services that are widely used. There may be a requirement for services
whose applicability is restricted to a well defined domain to make a case to opt out of
producing a “standard” Business Service. Under these circumstances, the governance may
be more relaxed – i.e. the services may be defined by their COI (See Chapter 4). As the
MOD’s SOA evolves, information services that were initially identified as “domain” may be
reclassified as “standard 37 ” to enable future interoperability.
0236. Where a requirement for a business service arises, the Governance mechanism
will instigate the formation of a COI. The requirement may come from the Concepts and
Doctrine, Joint Capabilities Board (JCB) through the NEC/CBM Governance chain, the
Systems of Systems Architect responsibilities residing with CM (IS), FLCs, development of
other Services or indeed an intervention opportunity such as the requirement for
accelerated replacement of the casualty tracking system. The locus of the development
work; co-developed if it involves multiple areas of activity, will be the COI. Its formation and
operation is described in detail in Chapter 4. At the time of writing of this Handbook (Oct
2007), there are four 38 COIs overseeing the development of Business Services. These are
JC2SP, casualty tracking, demand management and Joint Supply Chain availability
transformation.
SECTION VII
PRESENTATION SERVICES
0237. Presentation Services are simply those services which present other services
(Business or Core SOA Services) to users – via number of channels ranging from browser
to portal. For example, overlay Link 16 XML tracks over a map and present to a human
user through a browser. There is no processing of business information.
SECTION VIII
STANDARDS
This section states the standards that must be used or complied with in designing,
developing and operating an MOA SOA. MOD has ensured coherence with NATO and the
US in its approach.
37
In this context, “standard” means subject to open, widely-accepted WS standards.
38
In the first instance, contact Info IX EA1 for details.
Web Service Interoperability (WS-I)
0238. Web service specifications are now being standardised across industry. MOD,
along with most its Allies, is to use the WS-I organisation. The WS-I aims to ensure
interoperability across Web service implementations and is proactive in resolving
incompatibilities among Web services. It produces profiles that provide a common
interpretation of other specifications as well testing tools to ensure conformance i.e. how to
conform to the specifications. The latter are called conformance targets. WS-I specifies
standards or elements thereof from bodies including World Wide Web Consortium (W3C),
the Organisation for the Advancement of Structured Information Standards (OASIS) and
the Object Management Group (OMG).
0239. MOD has selected WS-I Basic Profile 2.0 which consists of a set of non-proprietary
Web services specifications, along with clarifications, refinements, interpretations and
amplifications of those specifications which promote interoperability. The full specification
can be found at http://www.ws-i.org/Profiles/ BasicProfile-2.0.html and designers and
developers should access the site and become aware of its relationship to other profiles.
Any requests for deviation from this profile are to be lodged in the first instance with Info IX
EA1 who will either resolve it or input it to the Governance Chain. For convenience, the
contents table has been reproduced at Annex B.
0240. Standardising the configuration of these standards and the associated extensibility
points is an important input at the Key User Requirement point for SOA projects. Out of
scope are a number of extensibility points the use of which may affect interoperability, and
which could require private agreement between the parties to a Web service. Issues should
be referred back to InfoX EA1 in the first instance. The relevant specifications from para
0226 are shown below for convenience.
SECTION IX
SOA DEVELOPED
This section builds the explanation of SOA given in Chapter 1 in the light of the previous
discussion of services and standards. It looks at selected issues in further detail.
SOA Evolution
0242. Metadata underlies and enables all of this. It needs to be able to describe the
characteristics of these services and the data that drives them. XML is used to create data
which is wrapped in a description container. The services themselves are typically
described by WSDL, and communications protocols by SOAP. The SOA is dependent on
data and services that describe using some implementation of metadata which must be in a
form which software systems can consume and configure to maintain coherence and
integrity, and in a form which system designers can understand and use to manage that
metadata.
0243. SOA allows large areas of functionality to be strung together to form ad-hoc
applications which are built almost entirely from existing software services. The larger the
chunks, the fewer the interface points required to implement any given set of functionality.
However, some may not be granular enough to be easily reused and since each interface
has some processing overhead there is a performance consideration in choosing the
granularity of services. SOA is economical in this respect as all of the software required
already exists to satisfy the requirements of other applications. Only orchestration is
required to produce a new application.
Key Requirements
0245. The following are ground rules for SOA development, maintenance, and use:
a. A strong and clear Governance regimen to control and manage all aspects of
developing and running an SOA;
c. Compliance to standards;
i. Reusability - logic is divided into services with the intention of promoting reuse;
0246. Every service has a well-defined, formal interface that clearly defines what the
service does and clearly separates its externally accessible interface from its execution
environment. The following components have to be present:
a. Name of the service - indicates in general terms what it does;
d. Pre conditions – what conditions must be satisfied prior to using the service e.g.
time, payment?
e. Post conditions – what signifies that the operation has been completed
successfully?
k. Service Operations - Methods, actions etc. Must be defined in terms of what part
of the functionality it provides;
l. Invocation Profile - Indicates the invocation means of the service. This includes
the URL, interface, etc. There may be multiple invocation paths for the same service
or the same functionality for internal and external clients each with a different
invocation means and interface;
m. Security Profile and Constraints - Defines who can execute this service in terms
and which invocation mechanism they can invoke;
q. Semantics - Dictates or defines the meaning of terms used in the description and
interfaces of the service;
r. Process - Describes the process, if any, of the contracted service;
SECTION X
IMPLEMENTATION POLICY
JSP 602
0248. Applications (user facing Graphical Interfaces) should not hold data of long term
importance nor contain business logic. Application and data/information should be
separated. Applications should only cache information to speed information retrieval or
ensure resilience, and should only contain detailed business logic when the performance of
web services will be too limiting. For example Deployed or Tactical domains may require
local caching in a distributed data architecture where reach back is intermittent. However,
if applications need to contain logic or data, then the design should still consider these
components as data or services. Application therefore needs to have a refresh strategy for
any cache it creates – the danger is that out of data information is used and/or latency
becomes an issue. In addition, the continual fetching of the same information is bandwidth
hungry and applications should be designed to get changes to update cached copies rather
than fetch new documents.
0249. Performance limitations are the key reason to adopt a non-WS SOA design when
required - e.g. in the tactical domain, due to bandwidth or speed constraints. In these
circumstances interoperable SOA may still be implemented using a number of mechanisms
including but not exclusively Distributed Interface Oriented Architecture (DIOA) 39 . The
Information Dimension Working Group (IDSG) or the relevant COI will provide advice as
required (see Governance).
Design Patterns
0250. A developer’s best practice library of proven and proposed design patterns or
mandatory service extensions will be kept. This will include detailed joining rules which
may specify a particular approach, products or standards to ensure that semantic context
of information is maintained across the information architecture and between end-users.
The obvious locus for this is the Information Coherence Authority for Defence (IICAD) but
this will be decided through the Governance mechanisms (Chapter 4). For now, all
instances should be referred to Info IX EA1. There will also be a formal link between this
through to the DII Applications Design Guide. The adoption of differing technical
39
The DIOA is defined in the Telemanagement Forum Technology Neutral Architecture standard TMF053 Release 6
and above, and TMF053 Addendum Http://www.tmforum.org
implementations of SOAs is one of the root causes of new isolated stovepipes, which
increase integration risk and jeopardise achieving a workable NEC.
SECTION XI
SECURITY
0251. Whilst security will be considered in the next revision of this handbook, basic
advice is available, and follows. Clearly, any SOA security solution would need to be
integrated with other security infrastructure such as Public Key Infrastructure, Identity and
Key Management and Directory services.
HTTP
0252. HTTP can provide basic authentication (user name and password). This helps to
establish that the sender or receiver of SOAP messages is who they say they are.
HTTPS
0253. HTTPS can help to provide data privacy and data integrity. The former ensures that
data in the SOAP message can only be viewed by those it was intended for. The latter
check for sat modification in transit. HTTPS can:
WS-Security
0254. WS-Security can cover authentication, data privacy and data integrity as well as
non-repudiation. The latter can prove that a SOAP message was sent or received or that
some transaction actually occurred. WS-Security can:
b. Can provide SOAP message integrity at element level – i.e. parts of document
(XML).
This chapter is contains elements which are mandatory for SOA. It introduces MODAF
(MOD Architectural Framework) and explains what it is, how it works and how to build an
SOA using it. It establishes that SOAs in MOD will be compliant with MODAF. It is
relatively technical and is intended primarily as a primer for architects and technical
briefers. It provides background to the essential elements of MODAF, the working
representations of the model (views) and how to use them.
SECTION I
AIM
Policy (MANDATORY)
0301. The use of MODAF for all is mandated for all SOA definition, design and modelling.
Tools must be MODAF-compliant.
SECTION II
MODAF
What is MODAF?
0302. MODAF is the MOD’s Architecture Framework. It specifies a standard set of views of
the enterprise that are each intended to support a particular engineering or decision making
process – e.g. capability taxonomies, capability gap analyses, business process models,
data models, information exchange requirements, system functionality, system connectivity
& deployment. Each view is a window onto a particular aspect of the enterprise. MODAF
encourages a holistic approach to enterprise modelling – the views are simply ways of
publishing or creating architectural information that forms part of a coherent and contiguous
enterprise architecture model.
MODAF’s Purpose
0303. The principal purpose of MODAF is to facilitate the successful delivery of Network
Enabled Capability (NEC). By covering both the operational and technical aspects across
an organisation, MODAF-compliant Architectures enable all communities of interest (used
in the English sense) to gain the essential common understanding that will be required to
deliver the benefits to be derived from NEC. As an enabler for managing complexity,
MODAF provides a specification of how to represent an integrated model of an
organisation, from the operational / business aspects to the systems that provide capability,
together with appropriate standards and programmatic aspects. It assists in managing
complexity by providing a logical, standardised way to present and integrate models of the
enterprise.
MODAF and SOA
0304. MODAF (MODAF 1.1) contains a set of views for SOA. Some of these views are
being used to support of early MOD SOA pilots, and will evolve as lessons are learned
from those pilots. Hereafter, all relevant modelling is to be carried out using MODAF. In
order to ensure future compatibility all projects, programmes and organisations engaged in
SOA are to solicit advice from AD Info-XADEA1. MODAF is continually updated and
readers are directed to http://www.modaf.org.uk which provides comprehensive advice,
workarounds and the latest information and views. The entire model can be downloaded
http://www.modaf.org.uk/file_download/23/www.modaf.org.uk.zip. Note the release
information which is reproduced here: “This documentation release is Version 1.1. This
numbering aligns the documentation with the MODAF Meta Model (M3) release 1.1. This is
the current release of MODAF as at April 2007 and supersedes the MODAF Technical
Handbook and accompanying documentation which was published in August 2005”.
Selected elements have been adapted for this Chapter.
0305. DoDAF (US) is rooted in the C4ISR community and is seen as a fundamental part
of the DoD drive towards Net-Centric Warfare (NCW). The MOD Architectural Framework
(MODAF) is based on the DoDAF specification and therefore retains compatibility with US
modelling initiatives. Like DoDAF, MODAF is specifically designed to support Architecture
Modelling for the MOD business. MODAF uses aspects of the existing DoDAF together
with additional Viewpoints that are required to support UK MOD processes, procedures,
and organisational structures. It provides a rigorous method for understanding, analysing,
and specifying: Capabilities, Systems, Systems of Systems (SoS), Organisational
Structures and Business Processes. It is therefore well placed to facilitate the successful
delivery of NEC. The major benefit delivered by MODAF is MODAF delivers are
improvements to the specification and implementation of interoperability between Systems.
MODAF supports a wide variety of MOD processes, including: capability management,
acquisition and sustainment.
SECTION III
MODAF VIEWS
0307. The relationship between the six MODAF Viewpoints is show in Figure 10. It shows
that:
a. The Strategic, Operational, and System Viewpoints have a layered relationship;
b. The Acquisition Viewpoint sits beneath the Strategic Viewpoint, and has a
supporting role across the Operational and System layers;
c. The All Views and Technical Standards Viewpoints sit alongside the others in
their role of providing a description and ontology for an architecture, plus information
on supporting standards.
architecture
Provide information pertinent to an
All Views
SYSTEM Views
Articulate the solution specification –
resources, functions & interactions
0308. Each Viewpoint of the architectural model is from a different perspective. The
Operational Viewpoint, for example, considers the operational nodes that interact in
specified ways in order to achieve a desired outcome. Each of these viewpoints consists of
several views, which offer slightly different details within the viewpoint. For instance within
the Operational Viewpoint, OV-1 provides a high level conceptual graphic, whilst OV-2
considers the interactions between operational nodes and OV-3 details the information
flows. Although the data within each View adds to the description of an SOA, it is not
necessary for all of the MODAF Views to be completed at any particular point in time during
the MOD’s acquisition lifecycle. Indeed, each group of users within the MOD will have
different needs and will only populate and exploit those MODAF Views that are of
relevance to them. This means that most of the COIs will only be dealing with a subset of
MODAF Views, and few will need to understand and deal with all of the available MODAF
Views. The main use of each of the MODAF Viewpoints within the MOD is summarised
below.
Strategic Viewpoint
0309. Strategic Views (StVs) support the process of analysing and optimising the delivery
of military capability in line with the MOD’s strategic intent. The StVs achieve this by
capturing the capability policy/concepts, decomposing this into a capability taxonomy
supported by appropriate measures of effectiveness that can be used for capability audit
and gap/overlap analysis. The StVs further detail the dependencies between military
capabilities, enabling capability options to be built in a more coherent manner and effective
trade-offs to be conducted across the entire Equipment Programme/Short Term Plan. For
SOA, the StVs will mainly be developed and exploited by those within the policy/analytical
concepts areas and the Customer 1 function (DEC CC&II).
Operational Viewpoint
0310. The Operational Views (OVs) define the logical aspects of the architecture. A suite
of OV products may be used to describe a requirement for a to-be architecture in logical
terms, or as a simplified description of the key behavioural and information aspects of an
as-is architecture. The OVs reuse the capabilities defined in the StVs and put them in
context of an operation or scenario. The OVs can be used at a number of points through
the MOD lifecycle including the development of user requirements, capturing future
concepts and supporting the operational planning processes. A number of stakeholders will
develop and exploit OVs during the MOD acquisition lifecycle. For instance, Customer 2
will use OVs to support URD development and in conducting operational planning
processes.
System Viewpoint
0311. The System Views (SVs) are a set of views that describe resources that realise
capability. The Systems Views describe resource functions, interactions between
resources, and can also provide detailed system interface models. These views address
the involvement of humans in both the operation of systems and in carrying out functions.
The SVs can be used to specify solutions to requirements specified in the OVs, or simply to
provide more detail to the logical OV architecture. One of the primary uses of the SVs is in
the development of system solutions that satisfy the user requirements and hence the
development of appropriate system requirements. The SVs will primarily be developed and
exploited within the MOD’s acquisition community (DE&S). Figure 11 below shows how
the last three views interact together with some of the contingent detail (Ignore Ontology).
0312. The Technical Standards Views (TVs) are tabular views containing standards, rules,
policy and guidance that are applicable to aspects of the architecture. Despite the name,
the contents of the TVs do not necessarily need to be of a technical nature and can apply
just as much to operational activities (e.g. doctrine, Standard Operating Procedures (SOPs)
and Tactics, Techniques and Procedures (TTPs)) as they do to systems (e.g. standards,
and protocols). The elements contained in the TVs will come from a number of sources
including the policy setting organisations in MOD and core interoperability standards from
Customer 1. The TVs will then be further detailed and managed throughout the acquisition
lifecycle by the standardisation officers within the IPTs.
Acquisition Viewpoint
0313. The Acquisition Views (AcVs) describe programme details, including dependencies
between projects and capability integration across the Defence Lines of Development
(DLODs). The Views identify interaction between programmes and projects, and integrate
acquisition activities across all of the DLODs. The AcVs provide important programmatic
information for those involved in capability management and acquisition. Since they also
address the maturity across all of the DLODs to deliver an integrated military capability, the
AcVs also form an important interface between the acquisition IPT and its Customer 2
community.
All-Views Viewpoint
0314. The All-Views (AVs) provide an overarching description of the architecture, its
scope, ownership, timeframe and all of the other meta data that is required in order to
effectively search and query architectural models. They also provide a place to record any
findings arising from the architecting process. The AVs include a dictionary of the terms
used in the construction of the architecture – which helps others fully understand it’s
meaning at a later date. Since the AVs provide critical information for the future access and
exploitation of an architectural model their population is essential whenever MODAF
architecture is created or modified. The AVs shall be produced by every community within
MOD that populates or alters MODAF architectures and they provide a critical input into the
processes that provide architectural governance.
SECTION IV
0315. MODAF V1.1 contains a number of views which cover concepts relevant for any
architect designing an SOA. Those concepts are:
e. Logical Data Model. OV-7 specifies an information model for the architecture
Capability Configuration – SV-1 (Systems View part 1) specifies how people,
systems and platforms (with the appropriate training, doctrine, etc.) interact in order
to provide a given capability. In addition, the NATO SOA views (which are slated for
inclusion in a future MODAF release) define which services are implemented by the
capability configurations specified in SV-1. If incorporated into MODAF, this would
be part of the SV suite of views.
0316. SOA views which are being considered for inclusion in a future version of MODAF
are depicted in Figure 12. These will allow architects to express a services approach,
using standardised services to de-couple processes from the capability configurations that
support them. In the first instance, the advice of Info-XADEA1 should be solicited before
these are used. In summary, these views are:
phase of
Enterprise requires
Capability (StV-2)
Phase (AV-1)
represents
Enterprise Architecture
provides consumes
0317. The NATO Architectural Framework (NAF) is based substantially on MODAF. NAF
has early versions of five SOA Views to cover service taxonomy, specification,
composition, orchestration and behaviour. These have not matured sufficiently for use in
MODAF without risk. One of the proposed future changes is the introduction of a number
of Service Views which will be based upon those defined by The NAF implements a
Viewpoint with five SOA Views and a System View (SV) to show implementation of
information services. The NAF SOA Views include:
0318. The current version of MODAF (v1.1) does not support Service Oriented
Architectures. However, DG-Info have been working with NATO and the Swedish Armed
Forces to develop a set of extensions to MODAF to support SOA. These are currently
being tested at metamodel level but will not be available until the next release of MODAF
(v1.2 due in April 08). The next version of the NATO Architecture Framework will also
incorporate the SOA views. At this stage, only a general indication of how the SOA views
are to be used in an enterprise architecture can be provided. Their purpose is to provide
the link between the operational and technical architectures – i.e. to de-couple the
technology from the processes. However, more definitive guidance will be provided by
Info-XADEA1 on request.
0319. The key difference will be that instead of the architect being forced to think about
information flows, he/she can specify operational requirements in terms of the services
required to support operational activities (the orchestration). Services can be linked back to
capability taxonomies, to identify which capabilities they provide. From a solution
architecture point of view, the architect can specify how resources (systems, platforms,
people, etc.) are configured to implement a service. The method of developing a Service
Oriented Architecture in MODAF will differ depending on the nature of the work – e.g.
green-field or brown-field projects. The MODAF Primer (to be released with the next
version of MODAF) will outline the MODAF generic enterprise architecture process
(GEAP), and will include SOA approaches. In general though, any process is likely to
involve the following stages (order may alter depending on project):
h. Service specification & governance – the logical design of the service, and the
interfaces it exposes.
Security
0320. Security will be covered in the next update of this Handbook. For services, as for
other information technologies, security consists of understanding the potential threats an
attacker may mount and applying operational, physical, and technological
countermeasures to reduce the risk of a successful attack to an acceptable level. Because
an "acceptable level of risk" varies hugely depending on the application, and because costs
of implementing countermeasures is also highly variable, there can be no universal "right
answer" for securing Services and access to Services. Choosing the absolutely correct
balance of countermeasures and acceptable risk can only be done on a case by case
basis. However, there are common patterns of countermeasures that experience shows
reduce the risks to acceptable levels for many services. The WS-I Profile adopts, but does
not mandate use of, the most widely used of these: HTTP secured with either TLS 1.0 or
SSL 3.0 (HTTPS). That is, conformant Web services may use HTTPS; they may also use
other countermeasure technologies or none at all. HTTPS is widely regarded as a mature
standard for encrypted transport connections to provide a basic level of confidentiality.
HTTPS thus forms the first and simplest means of achieving some basic security features
that are required by many real-world Web service applications.
Transitional Architecture
0321. It is the MOD’s aspiration to implement a full SOA incrementally. For this reason,
some parts of the enterprise will be SOA and others point-to-point at given phases.
MODAF allows the architect to specify which aspects of the enterprise will be service-
oriented at each phase.
0322. MODAF is not a methodology, but there are some key linkages between the
MODAF architectural elements (and therefore the views) which imply certain precedence
and therefore a general process, as indicated in Figure 13. Note that this is purely
informative, and may change as lessons are learned from the MOD SOA pilot projects.
There are MODAF compliant implementation methodologies such as TOGAF which are
being trialled through the SOA pilots. IN the fist instances, readers should seek advice from
Info-X EA AD1.
GOVERNANCE
This chapter outlines the governance arrangements for SOA. It will require updating as key
changes driven by new arrangements for NEC/CBM governance and emerging
responsibilities for the System of Systems Architect bed in. It is also an area that will
continue to develop as more SOA services become available. The key generic elements of
governance are introduced along with the developing CBM and NEC governance
arrangements which SOA must fuse with. The important concepts of a Centre of
Excellence for Design Authority, Capability and Technical Architect, and various other
governance roles are discussed. The role of Communities of Interest, how they are set up,
and how they might develop services based on the previously described functional model
are described. In addition, the role of current organisations in SOA governance is outlined.
Finally, there is a short treatment of compliance and AOF/CADMID issues. This chapter
should leave the reader with a good grounding on the main SOA governance issues and an
index of the extent to which these are a departure from business as usual.
SECTION I
AIM
Guidance
0401. This section provides direction on SOA Governance. MOD SOA will be based on
Web standards to ensure independence from any particular products so that any vendors’
products can be used. The Business Services will be designed to align to real world activity
or functions.
SECTION II
Introduction
Coherence
0403. Particular care has been taken to ensure that the arrangements herein are coherent
with important Work In Progress and the effect of other major initiatives or programmes.
Most importantly, every attempt to avoid duplication has been made. In brief, these are:
c. Defence Information Infrastructure (DII). DII will carry most (but not all) of the
SOA applications and infrastructure. The Application Hosting Environment
(Increment 2b due in Q4 of 2008) is due in late 2008 and every opportunity to liaise
with the developing teams will be taken over the currency of this Handbook and
subsequent iterations.
d. Defence Industrial Strategy (DIS) 42 . There are many aspects of DIS (V1) that
could impinge on SOA governance. The principal one however, is the formation of
Defence Equipment and Materiel and specifically the emerging roles of DG ISS and
DG ISTAR. Governance roles will take these developments into account.
0404. Policy and governance is fundamental. An SOA governance body should be made
up of individuals from all areas of the organisation which will ensure a mixture of
technologists and architects, business experts, and other experts and specialists. This will
ensure that all areas of expertise required to direct a successful SOA implementation will
be involved. Accordingly, the governance policy given here will cover the following:
a. Who? The main individual and organisational players. Some of the proposals
require further ratification but as per other issues the first port of call should be Info-
XADEA1.
c. How? The processes and tools for effective governance. This includes the tools
for project management, business/service and system modelling as well as data
management.
40
DCDS (EC)/07/01/14A dated 31 Jan 07.
41
EC CCII (Ses 07-080) /DGISTAR/7/3/3/6 dated 7 June. 1* Circulation of the System of Systems Architecting
Responsibilities. The paper recognises that the approach needs “to be extended to the complete NEC architecture
(including the Information and People aspects)” but that the concept would be implemented incrementally starting with
the C4I domain in direct support of the Networks and CIS steering group.
42
Defence Industrial Strategy, Defence White paper dated Dec 05.
d. When? The key intervention points for governance.
SECTION III
0405. The backdrop to this is the overall NEC/CBM Governance model shown in Figure
14 below. It will be referred to in the paragraphs that follow.
NEC/CBM
Prog Office
SRO
DCDS EC
Sec
DCBM Executive Group
Stakeholders Network & CIS Information People Join Action User Group
CM (IS) DG Info DS Sec D Jt Cts
DG ISS ACNS
DG ISTAR Executive Group
ACGS
ACDS (RP) ACAS
DG (R&T) ACDS Log Ops
DG D&D DCJO
Steering Group
Executive Sponsor
0406. The 3* Executive Sponsor is the principal stakeholder. Per the NEC/CBM
governance provisions, this is DCDS (EC) as shown in Figure 14 above (SOA- relevant
aspects in orange). This individual provides guidance to the SOA Board on resolution of
exceptions and appeals for/against standards. The Executive Sponsor:
43
Adapted from NEC/CBM Governance Paper DCDS(EC)/07/01/14A dated 31 Jan 07
b. Is responsible to the JCB for articulating the ongoing strategic significance of
SOA strategy and its role in achieving NEC;
c. Is responsible for ensuring the participation of the right elements of the defence
business – probably taken from the extended members of the NEC/CBM Executive
Group;
e. Exercises command and control via the Executive Steering Group (para 0407).
0407. This committee may be chaired by the Executive Sponsor or it may be delegated to
a 2*. The ESG carries out the executive management of SOA. In terms of the NEC and
CBM Governance Model, this committee will most probably be drawn from members or
representatives of the Executive Group in the NEC/CBM diagram 44 . It is accountable for
providing strategic direction goals and objectives for the SOA Board:
d. Prescribes and ratifies the extent collaboration between business, technical and
industry players;
SOA Board
b. Provides estimates for overall resources required for SOA governance and
management;
44
As a point of principle, there is nothing preventing SOA becoming an Agenda Item on pre-existing boards.
d. Serves as an escalation point for review and approval of major architectural
changes and issues;
e. Serves as the working level focus for bringing together business, technical and
industry expertise in order to identify the right solutions for specific needs;
0409. This AD level committee provides the structure, principles and disciplines to
manage the portfolio of SOA projects and services. Its roles are aligned to the Information
Dimension Working Group (IDWG) and will work both as a formed body and provide SOA
representation to key project/programme WG.
d. Liaises with the DA Registrar role (para 0416) who fulfils the technical portfolio
management and classification role.
0410. The ARB consists of SOA Board Director (Chair of IDWG), a Chief Architect input,
SOA Architects (technical and business). Others (business and technical) by invitation
when required. The roles are:
a. Identify the resources and skills required to set up and run a design authority;
c. When necessary, escalate to the SOA Board projects/services for approval, that
do not meet defined standards or pre-defined budget limits;
d. Developing the communicating strategy and championing the SOA across the
enterprise;
g. Developing and sponsoring the SOA education strategy for all aspects of the
business;
0411. This working level board consists of the representatives of the main business
operations. This is the main touch point for the business accepting and deploying the
provided services. This board plans operational readiness aspects of solution deployment.
Initially, it should be a priority to align any proposed governance mechanism with current
MOD governance mechanisms.
SECTION IV
ORGANISATIONAL ROLES
d. The introduction of a new NEC governance regime with a single SRO for NEC
and steering groups for Networks & CIS, Information and People.
e. Recognition that the move towards Services Oriented Architecture (SOA) will
require clearly defined and mandated standards and coherent, common services to
be successful.
0413. The NEC/CBM governance chain 46 and the System of Systems (SoS) architecting
approach 47 will shape the governance of SOA and organisational roles. The former has
already been introduced; the latter seeks to help DCDS (EC) deliver the C4I component of
NEC and support it through life in accordance with Through Life Capability Management. A
top-down architecture, covering all the Defence Lines of Development, set within a systems
engineering capability process will be adopted. Initial work will concentrate on delivering
consistent and coherent capability and technical architecture. The approach will be
extended to the complete NEC architecture including the information and people aspects.
In order for this to work DG Info, the ECC (particularly CM (IS) and DEC CC&II) and DE&S
(DG ISS and DG ISTAR) must act closely in partnership. In principle, the governance will
be exercised through existing structures and processes but for heavily influenced by the
45
Defence Industrial Strategy, Defence White paper dated Dec 05.
46
DCDS(EC)/07/01/14A dated 31 Jan 07
47
EC CCII (Ses 07-080)/DGISTAR/7/3/3/6 dated 07 Jun 07.
capability perspective. (Further discussion under Design Authority para 0422 et seq).
Capability Architect
0414. The principal interactions are in Networks & CIS. Here, CM (IS) in his role as the 2*
programme director of the Networks and CIS SG, would become the Capability Architect.
His primary tasks would be the creation and delivery of the Capability Architecture,
specifying capability requirements (including interoperability), resourcing the programme
and arbitrating or enforcing where necessary. Other specific roles include:
b. Responsible for extracting and owning the C4ISTAR networks and infrastructure
capability goals and key performance parameters.
f. Based on audit results, directing and flexing resources to best deliver the
C4ISTAR capability.
h. Risk ownership – owning the risk that capability definition of C4ISTAR is not
complete and does not deliver the architecture and system design drivers.
Technical Architect
0415. The Technical Architect role will be fulfilled by DGISTAR as the 2* sector lead within
DE&S. His responsibilities will be executed through the IA & DCTO to provide the technical
architecture, design guidance, measures of effectiveness and assurances for improved
specification and delivery of SoS capability. His specific roles include:
e. Risk ownership – owning risk that target technical architecture, design patterns /
principles do not have emergent properties required for NEC and owning risk that IA
is insufficiently resourced to deliver the required outputs (both meeting quality and
timescale requirements).
DG ISTAR
0416. DG ISTAR will be responsible for the overall coherence, consistency and
completeness of C4ISTAR architecture.
0417. The IA will be responsible for “information service assurance” in support of all
projects with an information services element that use MOD networks. The IA will ensure
that the same service should not be created by 2 or more organisations, which would
otherwise undermine clarity in the information layer. Effectively, it holds the “As-Is” System
of Systems map and uses it to spot gaps between user specified requirements and the
Information Services required. The IA is also responsible for Information Service Creation
assurance. This will be dovetailed into the MODAF and NEC Integration Assurance Model.
DG ISS
0418. As the Test and Release Authority DGISS’s key roles are compliance and
conformance. Key roles include assurance of technical design patterns and authority for
functional services. The latter role is particularly important for compliance with GII and will
include the static and deployed environment. The role of DCTO is developing in
conjunction with IA. DG ISS also has an emerging E2E role of ensuring that SOA system
connectivity stretches from the fixed environment to the deployed over a number of bearer
systems.
DG Info
0419. The key roles of DG Info are to provide the central policy and strategy which guide
the SOA activities of other organisations and bodies. DG Info also provides the overall
architectural framework for SOA and related activities - MODAF. ICAD is also part of DG
Info. Its role is to act at the metadata repository – manage the XML schemas. Requests for
IX COIs to be formed should be lodged with ICAD.
CM (IS)
0420. The role of CM (IS) and DEC CC&II is to develop the overall NEC backdrop which
SOA has a part to play in. The SOSA 48 requirements underline the need for commonly
understood definition of the capability goals that the total set of systems, people and
processes are required to achieve. Part of this definition is to specify the minimum set of
mission threads to define NEC. This responsibility is delegated by DCDS (EC) to CM (IS)
and further articulated and defined by a capability architecture and capability plan operating
at the System of Systems level. The capability architecture will be supported by a technical
SoS architecture which will further define the system and provide a target technical
architecture to guide and constrain future systems and system upgrades. The design and
48
EC CCII (Ses 07-080) /DGISTAR/7/3/3/6 dated 7 June. 1* Circulation of the System of Systems Architecting
Responsibilities
development of the technical architecture is an IA/DCTO role.
SECTION V
Introduction
0421. The Design Authority (DA) function is an integral function of governance but
warrants a separate section for clarity.
a. Compliance mechanisms. These are for review and approval/rejects against the
criteria established in the governance framework (i.e. principles, standards, roles,
and responsibilities etc.) and performed at various points during the life-cycle.
0423. Each SOA project on the MOD road map should be receive business, SOA and
MODAF advice as well as appropriate technical guidance from the architectural design
authority. The architects working to the SOA Board should look for opportunities to share
costs and develop commonly used services. The remit of the CofE for DA include
establishing and maintaining:
a. Business Architecture that drives the SOA. This includes the foundation industry
component business models, desired business services, critical success factors,
competitive factors, best practices, organisational structure, and locations.
Chief Architect
0424. The Chief Architect will work in concert with the Capability and Technical Architects
to provide intellectual leadership for the Design Authority. The Chief Architect is (currently)
unlikely to be an individual but a function sourced from a mixed-skills group working to the
SOA Board. The Chief Architect is responsible for the currency of the architectural and
design level deliverables, and the underlying Design Authority processes. The Chief
Architect attends the SOA Board, and provides management guidance and briefings when
required. The Chief Architect also project level SOA architectures are consistent with the
higher level policies and standards defined by the DA, and approved by the SOA Board.
0425. The Project Office Manager is responsible for the administration aspects of the
Centre of Excellence for DA. This will include the generation of any DA briefing packs or
agenda items that are required for external Board or Committee meetings. He will also be
the first point of contact for individual SOA development project teams when requesting
access to DA resources.
Service Registrar
0426. The Service Registrar will be the gatekeeper for the SOA metadata. This role will
involve the establishment of a repository to support the classification, and potentially
storage of service components and their metadata. These service components may be
sourced from internal legacy, newly developed and external sources such as industry and
vendors. SOA developers (internal and external) will require search, impact analysis and
assessment support when reviewing requirements for reuse opportunities
Business Service Architect
0427. The Business Service Architect(s) will provide the application (including data)
foundation for the SOA DA. They will provide the necessary application and data design
authority function within the DA. They will be responsible for the development and
communication of the SOA application and data architecture descriptions. These
architecture descriptions may be developed down to design pattern level
0428. The Technical Service Architect(s) will provide the technical foundation for the SOA
DA. They will provide the necessary technical design authority function within the DA. They
will be responsible for the development and communication of the SOA technical
architecture descriptions. These architecture descriptions may be developed down to
design pattern level.
Method/Tool Architect
0429. There may be several of these individuals. The method / tool architect(s) is
responsible for the development and currency of the DA supporting methods, and
appropriate tools. The minimum mandatory methods required for the initial setup of the DA
would be a SOA lifecycle and SOA governance management method.
0430. Figure 15 summarises the key points from the previous 3 sections.
Executive
SOA GOVERNANCE CONSTRUCTS
Sponsor
DSDS (EC)
Para 0406/7
Steering Gp
Executive Steering Capability Technical E2E IS
Group Architect Architect Test and Release
NEC EG/IDSG CM (IS) DG ISTAR DG ISS
Para 0407 Para 0414 Para 0415/6 Para 0418
Working Gp
SOA Board Integration
DEC CC&II DCTO
IDSG/IDWG Authority
Para 0420 Para 0418/20
Para 0408 Para 0417/20
SOA PMO
Para 0425
Architecture
Business Ops Portfolio
Review Board ICAD
Review Board Management Group
IDSG/IDWG Para 0419
Para 0411 Para 0409
Para 0410
SECTION VI
COMMUNITIES OF INTEREST
0431. The creation of new services must be controlled. COIs will do this. COIs work
within the governance structure and are appointed by the SOA Board or the ESG; both of
whom have the requisite visibility across the defence space to make such decisions. This
is important for waste avoidance where there are multi functional or cross cutting service
requirements. The COI will be responsible for defining the user requirement service,
modelling it in MODAF, testing, fielding, registration, performance, availability and SLA
management. There will be a requirement for close liaison with the service provider who
may provide caches or repositories of services to optimise across the DII or other
infrastructure if non-DII; and a security environment. COIs will be the primary source of
funding requirement data for budgetary areas. In addition:
a. COIs must follow Standards requirements laid down in Chapter 2 unless there
are compelling operational reasons for not doing so, in which case justifications
must be raised to the SOA Board;
d. COIs are responsible for stylesheet generation for conversion of data into other
formats where necessary. Stylesheets will also need to be registered with ICAD.
e. Once the location, type, quantity and availability, performance, agility etc. of
business services is agreed within the COI, agreed XML schema (including those
articulated within an associated intermediate standard) should be registered with
ICAD.
0432. External Information services are those services that are intended to be consumed
outside of the COI. Internal Information services will only consumed inside of the COI.
Orchestration of external information services is the responsibility of the service provider on
behalf of DG Info and the business process owner. Defence level External information
services will be managed as a high level COI through the NEC IDWG i.e. SOA Board.
Orchestration and choreography of low level services and functions will be the
responsibility of COIs.
0433. Business process owners provide the requirement that services meet and
moreover confirm that their needs are met. They act as “problem owners” for the business
and:
c. Refine business processes and information support needs (this need not be an
Information Needs Analysis).
0434. Information owners have overall responsibility for defining, maintaining and
delivering the required information sources and services. These may belong to more than
one business process, and potentially across several COIs. They respond to the
information needs and feedback provided by all consumers of their products. They:
0436. COI leaders ensure that COIs achieve the expected results across defence. They
encourage agreement on standards for information sharing, promote best practices for
improved information re-use and ensure that COI activities are pursued with the necessary
support, funding and resources.
0437. ECMs define the capability gaps that influence the selection of business foci for
various COIs. They have significant influence or in many cases direct control of budgets for
ensuring that the capability gap is filled.
0438. IPTLs ensure that the delivery of the specified equipment (information infrastructure
and systems) conforms to the standards required for supporting the relevant information
sources and services. Their primary role is to procure underlying equipment capability that
supports the Enterprise Architecture by providing Interoperability and ensures future
proofing by achieve SOA compliance in a programmed and cost effective process.
0439. The table below contains the requisite CADMID compliance points.
Initial Gate/DP1 Includes evidence pertaining to Initial Gate (in CADMID terms) or DP1/Authorising
Project Initiation (in PRINCE 2 terms) that must be presented by projects to
demonstrate their compliance with the policy. At this stage in a project the
requirements are typically implementation/technology independent (i.e. as defined
within the URD) Compliance with technical policy will therefore be general in
nature but ensuring that proper consideration is given at later project stages.
Ensure that new COI are only covering new services.
Main Gate/DP2 Includes evidence pertaining to Main Gate (in CADMID terms) or DP2/Authorising
A Project (in PRINCE 2 terms) that must be presented by projects to demonstrate
their compliance with the policy. At this stage in a project the requirements are
implementation/technology specific (i.e. as defined within the SRD) but
implementation details are unknown. Compliance with technical policy will
therefore be typically stated in terms of the policy categories that apply and the
standards to be used. This information will be typically captured within MODAF
technical standards views.
SETTING UP COIs
Aim
Step 1
b. Business focus for each COI should be distinct from those for other COIs;
Step 2
a. Identify the specific business processes and functions that need information
support;
Step 3
a. Identify existing information sources and services that are already supporting
parts of the existing business processes;
c. Maintain sources so that they are visible and available to those authorised to use
them. They should comply with data and information standards agreed within each
COI, so that they are understandable and exploitable (re-useable) across defence;
49
The term “business process owner” comes from the MoD Business Management System (BMS).
Step 4
a. The main participants with day-to-day responsibility are the business process
owners;
d. Get the membership right – cover COI lifecycle, so that all critical information
requirements are addressed.
Step 5
SECTION VIII
COMPLIANCE
0446. The DG ISS (and DCTO), DG ISTAR (and IA) and DG Info (and ICAD) are
responsible for implementing the policy. However, this might also slip to an appropriately
empowered Board or Executive/Working group.
Procedure
50
See NEC and CBM Governance earlier.
Technical design notes have been issued by the Information Dimension WG, and
will become part of the DII Application Developers Guide.
Relevant Links
Contacts
Abbreviation Definition
BPM Business Process Modelling
BPEL Business Process Execution Language
CBM Command and Battle space Management
COI Community of Interest
CWID Coalition Warrior Interoperability Demonstrator
DA Design Authority
DEC CC&II Director of Equipment Capability – Command and Control, Information
Infrastructure
DG ISS Director General Information Systems and Services
DG Info Director General Information
D Info IX Director Information Exploitation
DLOD Defence Line of Development
EA Enterprise Architecture
ESB Enterprise Service Bus
ESC Executive Steering Committee
FLC Front Line Command
GFI Government Furnished Information
GII Global Information Infrastructure
HTTP Hypertext Markup Language
IA Integration Authority
IER Information Exchange Requirement
L&S Logistics and Sustainment
LEA Logistics Enterprise Architecture
LSOA Logistics Service Oriented Architecture
MODAF Ministry of Defence Architectural Framework
NAF NATO Architectural Framework
NEC Network Enabled Capability
NECS Networked Enabled Core Services
SAML Security Assertion Markup Language
SOA Service Oriented Architecture
SOAD Service Oriented Analysis and Design
SOAP Simple Object Access Protocol
Abbreviation Definition
TTOR Task Terms of Reference
UDDI Universal Description Discovery and Integration
UML Unified Modelling Language
WSDL Web Services Description Language
WSPF Web Services Policy Framework
XACML Extensible Access Control Markup Language
XML Extensible Markup Language
GLOSSARY
(WIP)
Text Definition
Agent Any business unit or automated system (e.g. a software application)
that produces and/or consumes services. An agent can be human or
machine.
Business (BPEL)– describes business processes based on web services
Process
Execution
Language
Business These are information services with a direct counterpart in real
Services business or which contribute to real business
Capability Capability is enduring ability to generate operational outcome or
effect 51
Capability CM (IS) in his role as the 2* programme director of the Networks and
Architect CIS SG will be the Capability Architect. His primary tasks would be
the creation and delivery of the Capability Architecture, specifying
capability requirements (including interoperability), resourcing the
programme and arbitrating or enforcing where necessary
Community of Communities of Interest are groups of stakeholders with
Interest responsibility for defining the lifecycle of information services, in
particular: Ownership; Governance; Production; Consumption;
Delivery; Services definitions; Service creation; Service ownership;
Service level agreements/contracts; Agree XML schema definitions;
Change control; Service standards; Quality of Service.
Core SOA Core SOA Services enable Business Services to be integrated,
Services distributed, and accessed across organizational, geographical, and
technical platform boundaries. Core Services include: security
services; discovery services; a meta-data repository; mediation
services; orchestration services; messaging services; and
Information management services.
Discovery The process of identifying required services.
Function A function is an enduring business operation. A business function is
an activity conducted by an Agent in support of the goals of the
enterprise.
Services The means by which the needs consumers are brought together with
the capabilities of providers.
Information Information Services may be considered as process contracts which
Services provide or consume information.
51
From Capability Management Handbook (Interim Edition) dated 26 Feb 07 V2.0
Text Definition
Information An aggregation of information, often from different sources, as
Product required by consumers.
Information Item Information provided from a single source (producer).
Loose Coupling A key characteristic of SOA solutions that encourages minimal
dependencies among services. This allows the quick assembly of
different business solutions from different combinations of business
services from a variety of systems. Loose Coupling ensures that
changes to one component tend not to affect others, which is good. It
also means if Part A does not know about Part B directly, then they
can be reused independently. The less parts know about each other,
the more loosely coupled they are. Loose Coupling increases reuse
and simplifies maintenance and modification.
Mediation A data conversion capability
Metadata A metadata repository is a database of data about data (metadata) 52 .
Repository The purpose of the metadata repository is to provide a consistent
and reliable means of access to data.
Network A single set of reusable technical, generic enabling or foundation
Enterprise Core services which enable information to be shared based upon access
Services control lists (ACLs). Core Services will include: Security services;
Discovery services; A meta-data repository; Mediation services;
Orchestration services; Messaging services; Information
management services.
On-Line Services Server side applications, using web browsers and common data
sources.
Orchestration Orchestration describes how web services can interact with each
other at the message level, including the business logic and
execution order of the interactions. These interactions may span
applications and/or organizations, and result in a long-lived,
transactional, multi-step process model.
Process A process is a series of activities designed to achieve an outcome.
Security The primary goal of Security is to ensure SOA services can be
invoked securely i.e. which agents may discover and consume
services and under what conditions.
Service An entity which seeks to satisfy a particular need through the use of
Consumer capabilities offered by means of a service.
Service Contract A measurable assertion that governs the requirements and
expectations of two or more parties. Contracts may be expressed in
a form that permits automated interpretation. Among other purposes,
this facilitates automatic service composition. A contract will involve
an agreement on a process associated with the action required.
52
Definition from www.searchoracle.com
Text Definition
Service The information needed in order to use, or consider using, a service.
Description
53
These are the Business Management System (BMS); Defence Activity Model (DAM) and the CBM Activity Model.
54
Departmental Plan 2005-2009.
a. Maintenance and repair. Delivering maintenance and repair of military equipment
at depth, forward and deployed facilities in order to maximise availability for training
and operations.
c. Managing the supply chain. Managing the procurement, storage and distribution
of the inventory necessary to sustain training and operations.
g. Advising the Government on defence. Providing advice to the Cabinet and other
Government departments on defence issues.
h. Setting departmental strategy. Setting the strategy by which the Department will
achieve its objectives
i. Setting defence capability requirements. Setting requirements for the future
capabilities necessary to achieve defence objectives
A-05. Human Resourcing. Providing sufficient, capable and motivated personnel, both
military and civilian, to the Department to fulfil its aims and objectives.
e. Providing welfare. Provide for the welfare of staff, military and civilian, through
healthcare, housing, social, sporting and recreational facilities.
g. Managing the payroll. Managing the pay and benefits of members of the
Department.
A-06. Managing the MOD. Managing the utilisation of military capability to achieve
Government objectives. It includes determining and managing the defence response to
threats and crises.
l. Managing Health & Safety. Manage all activities across the department in such a
way as to minimise unnecessary deaths or injuries.
A-07. Military Operations. Managing the delivery of planned objectives within allocated
resources. It includes the high level management of military activity, the provision of crisis
management support to Government and the operation of a corporate framework for
defence that meets statutory and legislative requirements.
a. Managing deployment to and recovery from operations. Planning and managing
the deployment and recovery from operations, including the provision of ships,
aircraft, rail, port facilities and staging areas.
b. Planning and directing military operations. Providing for the command and
control of military operations.
j. Protecting the force. Providing for the self-protection of the force in order to
preserve its capability to undertake effects-based operations.
A-08. Managing Finance. Monitoring and managing resource consumption within agreed
budgets against defence outputs.
e. Conducting Financial Audit. Evaluating the economic, efficient and effective use
of defence resources, the prudent administration of the department and the
adequacy and effectiveness of the department's risk management by means of
internal audit.
ANNEX B WS-I BASIC PROFILE 2.0 CONTENTS