C.2. Service Oriented Architecture Reference Models

C.2.1. What is SOA?

210. Service Oriented Architecture (SOA) is a paradigm for organizing and using distributed capabilities that may be under the control of different ownership domains. It is natural in such a context to think of one person’s needs being met by capabilities offered by someone else or, in the world of distributed computing, one computer agent’s requirements being met by a computer agent belonging to a different owner. There is not necessarily a one-to-one correlation between needs and capabilities; the granularity of needs and capabilities vary from fundamental to complex, and any given need may require the combining of numerous capabilities while any single capability may address more than one need. The perceived value of SOA is that it provides a powerful framework for matching needs and capabilities and for combining capabilities to address those needs.

211. Visibility, interaction, and effect are key concepts for describing the SOA paradigm. Visibility refers to the capacity for those with needs and those with capabilities to be able to see each other to interact. Visibility is typically enhanced through the use of metadata to describe such aspects as functional and technical requirements, related constraints and policies, and mechanisms for interaction. For maximum visibility, metadata must be in a form in which its syntax and semantics are widely accessible and understandable.

212. Whereas visibility introduces the possibilities for matching needs to capabilities (and vice versa), interaction is the activity of using the capability. Typically mediated by the exchange of messages, an interaction proceeds through a series of information exchanges and invoked actions. There are many facets of interaction; but they are all grounded in a particular execution context – the set of technical and business elements that together form a path between those with needs and those with capabilities and that permit information to be exchanged, actions to be performed and provides a decision point for any policies and contracts that may be in force.

213. The purpose of using a capability is to realize one or more real world effects . At its core, an interaction is “an act” rather than “an object” and the result of a interaction is an effect (or a set/series of effects).

214. The expected effects, together with relevant preconditions associated with those effects, should be made visible as part of the capability metadata and form an important part of the assessment as to whether a given capability matches similarly described needs. It is not possible to describe every possible effect of using a capability: indeed a cornerstone of SOA is that such knowledge is not necessary.

215. A concept that is considered central to SOA has not yet been mentioned – that of service . Both needs and capabilities exist outside of SOA. What distinguishes SOA is the perceived improvement in bringing needs and capabilities together. In SOA, services are the mechanism by which needs and capabilities are brought together. SOA is not the solution of domain problems but rather a way of organizing a wider array of possibilities to generate a domain solution. By itself, SOA does not provide a solution to a difficult domain problem where a satisfactory solution does not already exist. SOA can, however, provide an organizing and delivery paradigm that enables one to get more value from use of both solutions which are locally “owned” and solutions under the control of others. It also enables one to express solutions in a way that makes it easier to modify or evolve the identified solution or to try alternate domain solutions.

216. The concepts of visibility, interaction, and effect apply directly to services in the same manner as these were described for the general SOA paradigm. Visibility is promoted by the service description which contains the information necessary to interact with the service and describes this in such terms as the service inputs, outputs, and associated semantics. The service description also conveys what is accomplished when the service is invoked and the conditions for invoking the service. In general, entities (people and organizations) offer capabilities through services and act as service providers . Those with needs who make use of capabilities through their associated services are referred to as service consumers . The service description allows prospective consumers to decide if the service is suitable for their current needs and establish whether a consumer satisfies the requirements, if any, of the service provider to be permitted access.

217. Having described what is SOA, it is appropriate to note several things which are related but are not necessary attributes or restrictions.

218. SOA identifies necessary aspects of interactions involving multiple ownership domains; however, it does not directly embody concepts relating to ownership.

219. SOA is commonly implemented using Web services, but services can be made visible, support interaction, and generate effects through other implementations.

220. By following a Service-Oriented Architecture NATO nations can then participate in an NNEC environment, by acting as interoperable nodes on a fixed or mobile ad hoc network. Once an element operates as a node, it can discover and register its needs and capabilities on a network, and use that network to communicate, interact and function with other nodes. The ultimate result is greater mission effectiveness.

221. In February of 2005, the Organization for the Advancement of Structured Information Standards (OASIS) started standards work to define an SOA reference model (SOA-RM) by establishing a technical committee for that sole purpose.

222. The goal of OASIS SOA-RM technical committee is to "establish a Reference Model to encourage the continued growth of specific and different SOA implementations whilst preserving a common layer that can be shared and understood between those or future implementations."

223. Achievement of their goals for this reference model will be done by defining the fundamental nature of SOA, and emerge with a common vocabulary and understanding of SOA. As such, it will provide a conforming reference that treats SOA as a powerful abstract model that is independent of the various inevitable technology evolutions.

C.2.2. The Benefits of Service Oriented Architecture

224. The main drivers for SOA-based architectures are the requirement to facilitate the manageable growth of large-scale enterprise systems, the requirement to facilitate Internet-scale provisioning and use of services and the requirement to reduce costs in organization to organization cooperation.

225. The value of SOA is that it provides a simple scalable paradigm for organizing large networks of systems that require interoperability to realize the value inherent in the individual components. Indeed, SOA is scalable because it makes the fewest possible assumptions, including about the network and also minimizes any trust assumptions that are often implicitly made in smaller scale systems.

226. An architect using SOA principles is better equipped, therefore, to develop systems that are scalable, evolvable and manageable. It should be easier to decide how to integrate functionality across ownership boundaries. For example, a large company that acquires a smaller company must determine how to integrate the acquired IT infrastructure into its overall IT portfolio.

227. Through this inherent ability to scale and evolve, SOA enables an IT portfolio which is also adaptable to the needs of a specific problem domain or process architecture. The infrastructure SOA encourages is also more agile and responsive than one built on an exponential number of pair-wise interfaces. Therefore, SOA can also provide a solid foundation for business agility and adaptability.

C.2.3. Overview of the Model

228. A key concept of SOA is that of service . In general, entities (people and organizations) create capabilities to solve or support a solution for the problems they face in the course of their business. SOA is a way to organize the world around this key concept of service. The noun “service” is defined in dictionaries as “The performance of work (a function) by one for another.” However, service, as the term is generally understood, also combines the following related ideas:

The capability to perform work for another
The specification of the work offered for another
The offer to perform work for another

229. These concepts emphasize a distinction between a capability and the ability to bring that capability to bear in the context of SOA, where the capability exists independently of SOA. The term service should, therefore, be understood as a set of separate, yet interrelated and more precise concepts. These concepts are an offer, interaction and effect.

230. The concept of an offer follows directly from the dictionary definition of service: 'by one' and 'for another.' In general terms, an offer is a proposal; made by providers which may possess a capability that address a need. In order to use a service, it is necessary to know that it exists, what is accomplished if the service is invoked, how the service is invoked, and other characteristics. Collectively this is the service visibility . When given an explicit searchable form, this information allows, for example, prospective consumers to decide if the service is suitable for their current needs and establish whether a consumer satisfies any requirements of the service provider to be permitted access. This information constitutes the service description .

231. The convergence of a capability and a need results in an interaction . In an SOA, interaction is effected by exchanging information between service providers and consumers. Typically this is achieved by exchanging messages using a standardized protocol; however, there are many modalities possible for interacting with services.

232. At its core, an interaction is “an act” rather than “an object. Therefore, interaction is the focus of the interfaces and behaviour necessary to support the interaction. Recall that interaction may, and typically does, involve crossing ownership boundaries. SOA identifies some of the necessary aspects of interactions involving multiple ownership domains; however, it does not directly embody concepts relating to ownership.

233. The final key concept is the real world effect of using services; it is always the case that there is an intended purpose to providing a service and similarly to using a service. Given that there is often an ownership boundary between the service provider and consumer, there is a natural distinction to be drawn between the public interactions with a service and the private actions of both the service provider and consumer. This distinction maintains and encourages independence of each service participant which, in turn, greatly enhances the scalability and security attributes of SOA. Focus can be directed to the public aspects of using a service by examining the conditions of using a service and the expectations that arise as a result of using the service. Service conditions are loosely associated with the service policies and the expectations with service contracts .

C.2.4. The SOA Reference Model

C.2.4.1. Service

234. A service is a means to access to one or more capabilities, where the access is provided using a prescribed interface and is exercised consistent with constraints and policies as specified by the service description. A service is provided by one entity – the service provider – for use by others, but the eventual consumers of the service may not be known to the service provider and may demonstrate uses of the service beyond the scope originally conceived by the provider,

Information returned in response to a request,
A change to the shared state of defined entities, or
Some combination of the above.

235. Note, the service consumer in (1) does not typically know how the information is generated, e.g. whether it is extracted from a database or generated dynamically; in (2), the service consumer does not typically know how the state change is effected. In either case, the service consumer would need to provide input parameters required by the service and the service would return information, status indicators, or error descriptions, where both the input and output are as described by the data model exposed through the published service interface. Note that the service may be invoked without requiring information from the consumer (other than a command to initiate action) and may accomplish its functions without providing any return or feedback to the consumer.

236. The service concept above emphasizes a distinction between a capability that represents some functionality created to address a need and the point of access to bring that capability to bear in the context of SOA. It is assumed that capabilities exist outside of the SOA. In actual use, maintaining this distinction may not be critical (i.e. the service may be talked about in terms of being the capability) but the separation is pertinent in terms of a clear expression of the nature of SOA and the value it provides.

C.2.4.2. Service description

237. The service description represents the information needed in order to use a service. It may be considered part of or the complete set of the metadata associated with a service. In any case, the service description overlaps and shares many common properties with service metadata. In most cases, there is no one “right” set of metadata but rather the metadata content depends on the context and the needs of the parties using the associated entity. The same holds for a service description. While there are certain elements that are likely to be part of any service description, most notably the data model, many elements such as function and policy may vary.

238. Best practice suggests that the service description should be represented using a standard, referenceable format. Such a format facilitates the use of common processing tools (such as discovery engines) that can, in turn, capitalize on the service description.

239. While the concept of a SOA supports use of a service without the service consumer needing to know the details of the service implementation, the service description makes available critical information that a consumer needs in order to decide whether or not to use a service. In particular, a service consumer must possess the following items of information:

That the service exists and is reachable (i.e., the service is visible to the service consumer and there are sufficient mechanisms in place for the service participants to be able to interact);
That the service performs a certain function or set of functions;
That the service operates under a specified set of constraints and policies;
That the service will (to some implicit or explicit extent) comply with policies as prescribed by the service consumer;
How to interact with the service in order to achieve the required objectives, including the format and content of information exchanged between the service and the consumer and the sequences of information exchange that may be expected.

240. Subsequent sections of this document will deal with these aspects of a service in detail but the following subsections will describe the relationship of these information items to the service description.

C.2.4.2.1. Service Reachability

241. A service description should include sufficient data to permit a service consumer and service provider to exchange information. This might include metadata (such as the location of the service and what information protocols it supports and requires) and information that allows the service consumer to determine if the service is currently reachable or not.

C.2.4.2.2. Service Functionality

242. Item 2 relates to the need to unambiguously express the function(s) of the service and the real world effects that result from it being invoked. This portion of the description needs to be expressed in a way that is generally understandable by service consumers but able to accommodate a vocabulary that is sufficiently expressive for the domain for which the service provides its functionality. The description of functionality may include, among other possibilities, a textual description intended for human consumption or identifiers or keywords referenced to specific machine-processable definitions. For a full description, it may be useful to indicate multiple identifiers or keywords from a number of different collections of definitions.

243. Part of the description of functionality may include underlying technical assumptions that determine the limits of functionality exposed by the service or of the underlying capability.

C.2.4.2.3. Policies Related to a Service

244. Items 3 and 4 from Section 2.2.4.2 relate to the service description’s support for associating constraints and policies with a service and providing necessary information for prospective consumers to evaluate if a service will act in a manner consistent with the consumer’s constraints and policies.

245. In some situations the consumer may similarly provide an indication of its constraints and policies to support a service’ need to do a similar evaluation of suitability. Thus, both prospective consumers and providers are likely to use the service description to establish what Section 2.2.5.3 refers to as the execution context .

C.2.4.2.4. Service Interface

246. The service interface is the means referred to in Item 5 for interacting with a service. It includes the specific protocols, commands, and information exchange by which actions are initiated that result in the real world effects as specified through the service functionality portion of the service description.

247. The specifics of the interface should be syntactically represented in a standard referenceable format. These prescribe what information needs to be provided to the service in order to exercise its functionality and/or the results of the service invocation to be returned to the service consumer. This logical expression of the set of information items associated with the consumption of the service is often referred to as the service data model. It should be noted that the particulars of the standard referenceable format is beyond the scope of the reference model. However, requiring that mechanisms be available (in order to define and retrieve such definitions) is fundamental to the SOA concept.

C.2.4.3. Descriptions and Metadata

248. One of the hallmarks of a Service Oriented Architecture is the degree of documentation and description associated with it; particularly machine processable descriptions – otherwise known as metadata.

249. The purpose of this metadata is to facilitate integration, particularly across ownership domains. By providing public descriptions, it makes it possible for potential participants to construct applications that use services and even offer compatible services. Standardizing the formats of such metadata reduces the cost and burden of producing the descriptions necessary to promote reuse and integration.

C.2.4.3.1. The roles of description

250. An important additional benefit of metadata – as opposed to informal natural language descriptions – is its potential to facilitate automated software development. Both service providers and service consumers can benefit from such automation – reducing the cost of developing such systems.

251. For example, metadata can be used as a basis of discovery in dynamic systems. Metadata can assist in managing a service, validating and auditing usage of services which may also be simplified by rich metadata. It can also help ensure that requirements and expectations (regarding the content of any data interchanged) are properly interpreted and fulfilled.

C.2.4.3.2. The Limits of Description

252. There are well-known theoretic limits on the effectiveness of descriptions – it is simply not possible to specify, completely and unambiguously the precise semantics of a service. There will always be unstated assumptions made by the describer of a service that must be implicitly shared by readers of the description. This applies to machine processable descriptions as well as to human readable descriptions.

253. Fortunately, complete precision is not necessary either – what is required is sufficient precision to enable required functionality.

254. Another kind of limit of service descriptions is more straightforward: whenever a repository is searched using any kind of query there is always the potential for zero or more responses. There may be many reasons why a multiplicity of responses is returned: there might be several versions of the service, there might be competing services that offer overlapping functionality and there might be services from multiple different providers.

255. In the case that there is more than one response, this set of responses has to be converted into a choice of a single service in order for a service consumer to ensure the required function performed. In a multi-provider scenario, that choice must also take into account real world aspects of the service – such as whether the service consumer can identify the provider, can or should trust the provider, and whether the provider is reliable and timely in delivering the service offered. It is unlikely that all such factors can be easily and securely encoded in descriptions and search criteria.

C.2.5. Interacting with Services

256. Interacting with a service involves exchanging information with the service and performing actions against the service. In many cases, this is accomplished by sending and receiving messages, but there are other modes possible that do not involve explicit message transmission. However, for simplicity, we often refer to message exchange as the primary mode of interaction with a service. The forms of information exchanged and understood, together with the mechanisms used to exchange information, constitute the service interface –.

257. The key concepts that are important in understanding what it is involved in interacting with services are the data model , the process model , the execution context and the expectations about the interaction.

C.2.5.1. Data Model

258. The data model of a service is a characterization of the information associated with the use of the service.

259. The scope of the data model includes the format of exchanged information, the structural relationships within documents and the definition of terms used. Typically, only information about, and data potentially included in, an exchange with a service are generally considered as being part of that service's data model.

260. There are two important aspects of a data model that are important in interpreting information exchange – the structure of the information and the meaning assigned to elements of the information. Particularly for information that is exchanged across an ownership boundary, the interpretation of strings and other tokens in the information is a critical part of the semantics of the interaction.

C.2.5.1.1. Structure

261. Understanding the representation, structure and form of information exchanged is a key initial step in ensuring effective interactions with a service. There are several levels of such structural information; ranging from the encoding of character data, through the use of formats such as XML, SOAP and schema-based representations.

262. A described data model typically has a great deal to say about the form of messages, about the types of the various components of messages and so on. However, pure “typed” information is not sufficient to completely describe the appropriate interpretation of data.

C.2.5.1.2. Semantics and Ontology

263. The primary task of any communication infrastructure is to facilitate the exchange of information and the exchange of intent. For example, a purchase order combines two somewhat orthogonal aspects: the description of the items being purchased and the fact that one party intends to purchase those items from another party. Even if for exchanges that do not cross any ownership boundaries, exchanges with services have similar aspects: this is an update to the customer profile with these changes.

264. Especially in the case where the exchanges are across ownership boundaries, a critical issue is the interpretation of the data. This interpretation must be consistent between the participants in the service interaction. Consistent interpretation is a stronger requirement than merely type (or structural) consistency – the tokens in the data itself must also have a shared basis.

265. An ontology is a formal description of terms and the relationships between them in a given context. It will include information about how terms should be interpreted within a given context, constraints on and functions of valid values for the data and associated properties, as well as information about possible relationships of some terms to other terms (hierarchical, class/sub class, associative, dependent, etc.).

266. The role of explicit ontologies in an SOA is to provide a firm basis for selecting correct interpretations for elements of information exchanged.

267. Ontologies also provide a point of context to facilitate the reinterpretation of data. Such a reinterpretation is effectively represented as a particular traversal of the graph of concepts and relationships embodied in the ontology. How much automation of ontology walking is appropriate will depend on the nature of the service and the service participants.

268. Note that, for the most part, it is not expected that service consumers and providers would actually exchange ontologies in their interaction – the role of the ontology is a background one – it facilitates sound interactions. Hence ontology references are mostly to be found in service descriptions .

269. More specifically, and in order for a service to be consistent, the service should make consistent use of terms as defined in an ontology. Specific domain semantics are beyond the scope of this reference model; but there is a requirement that the service interface enable providers and consumers to identify unambiguously those definitions that are relevant to their respective domains.

C.2.5.2. Behavioural model

270. The second key requirement for successful interactions with services is knowledge of the process or temporal aspects of interacting with the service. Loosely, this can be characterized as knowledge of the actions on, responses to and temporal dependencies between actions on the service.

271. For example, in a security-controlled access to a database service, the actions available to a service consumer might include presenting credentials, requesting database updates and reading results of queries. The security may be based on a challenge-response protocol. For example, the initiator presents an initial token of identity, the responder presents a challenge and the initiator responds to the challenge in a way that satisfies the service. Only after the user’s credentials have been verified will any action that queries and/or updates the database be accepted. The sequences of actions involved are a critical aspect of the knowledge required for successful use of the secured database service.

272. There are other aspects of the behaviour of services that are important. These include, for example, whether the service is transactional, idempotent or long running. As a particular example, a service that supports updating an account balance with a transaction is typically idempotent; i.e., the state of the account would not be affected should a subsequent interaction be attempted for the same transaction.

C.2.5.2.1. Action model

273. The action model of a service is about the individual actions that may be invoked against the service. Of course, a great portion of the behaviour resulting from an action may be private; however, the expected public view of a service surely includes the implied effects of actions.

C.2.5.2.2. Process Model

274. The process model characterizes the temporal relationships between actions and events associated with interacting with the service. It is fairly common to partition the process model associated with a service into two levels: the particular sequences of operations needed to achieve single service exchanges and longer term transactions. These two levels may be nested – a long running transaction is often composed of sequences of exchange patterns.

275. Note that although the process model is an essential part of this Reference Model, its extent is not completely defined. In some architectures the process model will include aspects that are not strictly part of SOA – for example, in this reference model we do not address the orchestration of multiple services – although orchestration and choreography may be part of the process model of a given architecture. At a minimum, the process model must cover the interactions with the service itself.

C.2.5.2.3. Higher-order attributes of processes

276. Beyond the straightforward mechanics of interacting with a service there are other, higher-order, attributes of services’ process models that are also often important. These can include whether the service is idempotent , whether the service is long-running in nature and whether it is important to account for any transactional aspects of the service.

277. A service is idempotent if subsequent attempts to perform identical transactions are discounted. For example, it often important that a bank will only cash a check once – subsequent attempts to cash the same check should be ignored, rejected or initiate an alert process. Note that idempotency is not the same as effect-free or stateless: a service that always returns the same results is idempotent, but only by virtue of the fact that it does not change from invocation to invocation.

278. Idempotency is an important attribute of a service in an environment where there is a significant possibility that the interaction between the service provider and consumer may be interrupted – whether by a network issue or simply one of the parties dropping out. A strategy for recovering from such a breakdown is to attempt to repeat the interaction – an idempotent service is required to ignore such repetitions should the transaction have been completed beforehand.

279. A service is long-running if the activities engendered by an interaction are likely to persist beyond the immediate interaction itself. For example, a classic book selling service might be viewed as a long-running service: the activity started by the purchase of the book may take days or weeks to complete. It can be important to account for a long-running process as it has implications for the kinds of infrastructure needed – both by the service provider and by the service consumer – in order to be able to keep track of the progress of the interaction.

280. Often, once a business-level contract has been agreed on, it can be difficult or impossible to simply cancel the consequences of the agreement. This is particularly an issue when the agreement of several parties is necessary simultaneously. For example, booking a vacation may require a flight ticket as well as a hotel room – without either component the result is not a vacation. However, the airline typically will not have a relationship with the hotel. If there are no hotel rooms available for the proposed vacation then the airline ticket will need to be cancelled.

281. The process of reversing a previously completed transaction – backing out of the airline booking for example – is likely to be quite different to the process for the original transaction; possibly even involving a different service. Knowledge of such compensatory actions is a key aspect of interacting with transactional services.

C.2.5.3. Actualized Services

282. The execution context of a service interaction is the set of infrastructure elements, process entities and policy assertions that are deployed as part of the instantiated service interaction. In effect, the execution context defines the point of contact between abstractions such as service descriptions which are mostly about the potential for interaction and an actually executing service. It is the point of measurement between the service description and reality, between theory and practice.

283. The execution context is not limited to one side of the interaction; rather it concerns the totality of the interaction – including the service provider, the service consumer and the common infrastructure needed to mediate the interaction.

284. The execution context is central to many aspects of a service interaction. It defines, for example, the decision point for any policy enforcement relating to the service interaction. Note that a policy decision point is not necessarily the same as an enforcement point: an execution context is not by itself something that lends itself to enforcement. On the other hand, any enforcement mechanism of a policy is likely to take into account the particulars of the actual service interaction.

285. The execution context also allows us to distinguish services from one another. Different instances of the same service – denoting interactions between a given service provider and different service consumers for example – are distinguished by virtue of the fact that their execution contexts are different.

286. Finally, the execution context is also the context in which the interpretation of data that is exchanged takes place – it is where the symbol grounding happens as it were. A particular string has a particular meaning in a service interaction in a particular context – the execution context.

C.2.6. Real World Effect

287. There is always a particular purpose associated with interacting with a service. Conversely, a service provider (and consumer) often has a priori conditions that apply to its interactions. The service consumer is trying to achieve some result by interacting with the service, as is the service provider. At first sight, such a goal can often be expressed as “trying to get the service to do something” This is sometimes known as the real world effect of using a service.

288. The internal actions that a service providers and consumers perform as a result of participation in service interactions are, by definition, private and fundamentally unknowable. By unknowable we mean both that external parties cannot see others’ private actions and, furthermore should not have explicit knowledge of them. Instead we focus on the state that is shared between the parties – the shared state . Actions by service providers and consumers lead to modifications of this shared state; and that in turn leads to modified expectations by the participants.

289. Note that there does not need to be a third party to act as a kind of escrow for the shared state between service providers and consumers. The elements of the shared state are inferred from the communication that has occurred between the participants together with other context as necessary. Of course, in the case where adjudication is a possibility, it becomes prudent to record the interaction – so that disputes can be arbitrated.

290. Although there is not necessarily a one-to-one correspondence, the natural container for the conditions applying to a service is the service policy . Similarly, the natural container for the expectations arising from a service is the service contract .

C.2.7. Policies and Contracts

291. A policy represents some constraint or condition on the use, deployment or description of an owned entity as defined by any participant. A contract , on the other hand, represents an agreement by two or more parties. Like policies, agreements are also about the conditions of use of a service; they may also constrain the expected real world effects of using a service. The reference model is focused primarily on the concept of policies and contracts as they apply to services. We are not concerned with the form or expressiveness of any language used to express policies and contracts.

C.2.7.1. Service Policy

292. A policy is a statement of the obligations, constraints or other conditions of use of a given service that expresses intent on the part of a participant. More particularly, policies are a way for expressing the relationship between the execution context and the data and behaviour models associated with the service.

293. Conceptually, there are three aspects of policies: the policy assertion, the policy owner (sometimes referred to as the policy subject) and policy enforcement.

294. For example, the assertion: “All messages are triple-DES encrypted is an assertion regarding the forms of messages. As an assertion, it is measurable: it may be true or false depending on whether the traffic is encrypted or not. Policy assertions are often about the way the service is realized; i.e., they are about the relationship between the service and its execution context.

295. A policy always represents a participant’s point of view. An assertion becomes the policy of a participant when they make it their policy. This linking is normally not part of the assertion itself. For example, if the service consumer declares that “Al messages are triple-DES encrypted”, then that reflects the policy of the service consumer. This policy is one that may be asserted by the service consumer independently of any agreement from the service provider.

296. Finally, a policy may be enforced. Techniques for the enforcement of policies depend on the nature of the policy. Conceptually, service policy enforcement amounts to ensuring that the policy assertion is consistent with the real world. This might mean preventing unauthorized actions to be performed or states to be entered into; it can also mean initiating compensatory actions when a policy violation has been detected. An unenforceable constraint is not a policy; it would be better described as a wish.

297. Policies potentially apply to many aspects of SOA: security, privacy, manageability, Quality of Service and so on. Beyond such infrastructure-oriented policies, participants may also express business-oriented policies – such as hours of business, return policies and so on.

298. Policy assertions should be written in a form that is understandable to, and processable by, the parties to whom the policy is directed. Policies may need to be automatically interpreted, depending on the purpose and applicability of the policy and whether it might affect whether a particular service is used or not.

299. A natural point of contact between service participants and policies associated with the service is in the service description. It would be natural for the service description to contain references to the policies associated with the service.

C.2.7.2. Service Contract

300. Where a policy is associated with the point of view of individual participants, a contract represents an agreement between two or more participants. Like policies, contracts can cover a wide range of aspects of services: quality of service agreements, interface and choreography agreements and commercial agreements

301. Thus, following the analysis above, a service contract is a measurable assertion that governs the requirements and expectations of two or more parties. Unlike policy enforcement, which is usually the responsibility of the policy owner, contract enforcement may involve resolving disputes between the parties to the contract. The resolution of such disputes may involve appeals to higher authorities.

302. Like policies, contracts may be expressed in a form that permits automated interpretation. Where a contract is used to codify the results of a service interaction, it is good practice to represent it in a machine processable form. This facilitates automatic service composition, for example. Where a contract is used to describe over-arching agreements between service providers and consumers, then the priority is likely to make such contracts readable by people.

C.2.8. Visibility

303. For a service provider and consumer to interact with each other they have to be able to ‘see’ each other. This is true for any consumer/provider relationship – including in an application program where one program calls another: without the proper libraries being present the function call cannot complete. In the case of SOA visibility needs to be emphasized because it is not necessarily obvious how service participants can see each other to interact.

304. Visibility is the relationship between service consumers and providers that is satisfied when they are able to interact with each other. Preconditions to visibility are awareness – typically the initiator in a service interaction must be aware of the other parties – willingness – the parties must be predisposed to interactions – and ability – the participants must be able to exchange information as part of a service interaction.

C.2.8.1. Awareness

305. A key aspect of visibility is awareness – both the service provider and the service consumer must have information that would lead them to know of the other’s existence. Technically, the prime requirement is that the initiator of a service interaction has knowledge of the responder. The fact of a successful initiation is often sufficient to inform the responder of the other’s existence.

306. Awareness of service offerings is often mediated by various discovery mechanisms. For a service consumer (say) to discover a service provider, the service provider must be capable of making details of the service (notably service description and policies) available to potential consumers; and consumers must be capable of finding that information.

307. Service discoverability requires that the service description and policy – or at least a suitable subset thereof – be available in such a manner and form that, directly or indirectly, an awareness of the existence and capabilities of the service can become known to potential consumers. The extent to which the discovery is “pushed by the service provider, “pulled” by a potential consumer, subject to a probe or another method, will depend on many factors.

308. For example, a service provider may advertise and promote their service by either including it in a service directory or broadcasting it to all consumers; potential consumers may broadcast their particular service needs in the hope that a suitable service responds with a proposal or offer or a service consumer might also “probe” a entire network to determine if suitable services exist. When the demand for a service is higher than the supply, then by advertising their needs, potential consumers are likely to be more effective then service providers advertising offered services.

309. One way or another, the potential consumer must acquire a sufficient description to evaluate whether the service matches their expectations and, if so, the method for the consumer to establish a contract and invoke the service.

C.2.8.2. Willingness

310. Associated with all service interactions is intent – it is an intentional act to initiate and to participate in a service interaction. For example, if a service consumer discovers a service via its description in a registry, and the consumer initiates an interaction, if the service provider does not cooperate then there can be no interaction. In some circumstances it is precisely the correct behaviour for a service to fail to respond – for example, it is the classic defence against certain denial-of-service attacks.

311. The extent of a service participant’s willingness to engage in service interactions may be the subject of policies. Those policies may be documented in the service description.

312. Of course, willingness on the part of service providers and consumers to interact is not the same as a willingness to perform requested actions. A service provider that rejects all attempts to cause it to perform some action may still be fully willing and engaged in interacting with the consumer.

C.2.8.3. Reachability

313. A service consumer may have the intention of interacting with a service, and may even have all the information needed to communicate with it. However, if the service is not reachable, for example if there is not communication path between the consumer and provider, then, effectively, the service is not visible to the consumer.

314. Reachability is the relationship between service participants where they are able to exchange information as part of service interactions. Reachability is closely connected to the concept of execution context – an important requirement for an execution context is to establish that service participants can communicate with each other.

C.2.9. SOA Attributes

SOA Attribute	Feature	Year 2	Year 3	Year 4	Year 5	Year 6
Service Applications	Enterprise Management	-	-	0%	15%	30%
	Discovery	-	-	-	0%	20%
	Messaging	-	-	-	-	0%
	Mediation	-	-	-	-	-
	Collaboration	-	-	-	-	-
	Security	-	-	0%	15%	30%
	Storage	-	-	-	-	-
	Application	-	-	-	-	-
	Assistance	-	-	-	-	-
Service Catalogue	Description Language	0%	20%	40%	60%	80%
Service Instance	Definition Language	0%	20%	40%	60%	80%
Service Publications	Unicast	-	-	0%	25%	50%
	Multicast	-	-	0%	25%	50%
	Broadcast	-	-	0%	25%	50%
	Anycast	-	-	-	-	0%
Service Discovery	Registry	0%	20%	40%	60%	80%
	Directory	-	0%	30%	60%	90%
Service Data Model		-	-	-	-	0%
Service Contract	Low Level	-	-	-	-	-
	High Level	-	-	-	-	-

Table C.1. Implementation of SOA Attributes

315. The previous table, Table C.1, is a suggested generalized outline on when SOA attributes should be implemented within the mid-term time frame. A value of zero percent indicates that implementation should begin in that year. Conversely, a value of a hundred percent indicates that implementation should end in that year. Naturally, measurable metrics to quantify progress would have to be agreed upon by the NATO nations.

SOA Attribute	Feature	Year 6	Year 7	Year 8	Year 9	Year 10
Service Applications	Enterprise Management
	Discovery
	Messaging
	Mediation
	Collaboration
	Security
	Storage
	Application
	Assistance
Service Descriptions	Description Language
Service Definitions	Definition Language
Service Publications	Unicast
	Multicast
	Broadcast
	Anycast
Service Discovery	Repository
	Directory
Service Data Model
Service Contract	Low Level
	High Level

Table C.2. Far-term SOA Attributes

C.2.9.1. Service Application

316. A service is a contractually defined behaviour that can be implemented and provided by a service provider of choice for use by service consumer. The term “services” does not imply web services; although, web services are well known implementations of SOA. Other specialized implementations include J2EE^[9] and .NET^[10].

317. The following service group is called the NATO Information Infrastructure Core Enterprise Services (NII-CES). NII-CES services are available enterprise-wide and are independent of Cross COI Services. They are considered the building blocks upon which Cross COI Services are created.

318. Capability Areas

319. Service Management Control

Enterprise Management
Application
Assistance

320. Information Assurance

Security

321. Information and Integration

Discovery
Mediation
Storage

322. Communication

Messaging
Collaboration

323. Community of Interests

324. Users and Missions

C.2.9.2. Service Catalogue

325. The service catalogue information consists of the constraints and policies that define the usage context and functionality of the service. This enables service consumers, human or another service, to examine the service description and evaluate the following questions:

What does the service do?
Is it relevant to my mission?

326. The declaration may also include details about any implied process or other legal or business terms that occur when the service is invoked. For example, if a service consumer invokes a service that places a purchase order to the service provider, and the execution is successful, it may result in a financial responsibility to the service provider or some other legal entity.

C.2.9.3. Service Type

327. Service type information includes all information that is needed to know how to use or how to produce a service of a specific type. It includes information on service interfaces, protocols and achievements.

C.2.9.4. Service Instance

328. While the nature of the services themselves may vary, a common standard for declaring a service is desirable when building an infrastructure. The service instance consists of the technical parameters, constraints and policies that define the terms to invoke the service instance. Every service should include a service definition in a standardized format. This enables service consumers, human or another service, to examine the service definition and evaluate the following questions:

How can I bind to a service?
What security protocols (if any) must be used with it?

C.2.9.5. Service Publication

329. A service must communicate its service description in an accessible manner to potential consumers. It does so by using one of several advertising method; catalogue or webpage publishing, Pulling, or Pushing.

330. In the Pull methodology, potential service consumers request the service provider to send them the service description. This pull methodology may be invoked as a service itself.

331. In the Push methodology, the service provider, or its agent, sends the service description to potential service consumers. The push and pull methodologies may work together to facilitate advertising services through a third party in a pattern of publish and subscribe.

332. Different models for the push methodology include:

Unicast (point-to-point) is a methodology where the service provider sends a message from a single source to a single destination.
Multicast (point-to-multipoint) is a parallel communication pattern in which a source host sends a message to a group of destination hosts. This is different from sending multiple serial unicast (point-to-point) messages to each of the destination hosts.
Broadcast (point-to-all points) is a methodology where the service provider sends a transmission to all message consumers on a fabric.
Anycast (point-to-point-to-multipoint) is a methodology that assigns a private address to several message consumers on a fabric. The message sender does not know or care who consumes the message or the details of the message’s distribution list.

C.2.9.6. Service Discovery

333. Discovery occurs when a potential consumer obtains information about the existence of a service, its applicable parameters and terms. Discovery does not constitute authorization to execute against the service; although these details may be included in the discovery pattern.

334. Service discovery may include the following steps:

Finding and selecting achievements that suits the need of the service consumer
Finding and selecting service types that produces the selected achievements
Finding and selecting service instances of the selected service types

335. Finding and using services based on type can be easily automated, while finding and using services based on description or ontology is still difficult to automate.

C.2.9.6.1. Implementing advertising and discovery

336. The publishing and discovery components of SOA may be implemented in many ways, including using a registry/repository or a services directory. Although using these may make discovery easier, an SOA requires neither of them.

C.2.9.6.2. Registry/Repository

337. A Registry/Repository is a component where users can store and manage artefacts required for their enterprise to function. This includes artefacts that require sharing among more than one user (such as XML schemas and web-service descriptions). The repository component provides an intrinsic storage mechanism that is bound to the registry such that the registry knows about any auditable events to the artefacts in the repository.

C.2.9.6.3. Services Directory

338. A Directory is an interface that provides information to bind to artefacts. Those who own or control the artefacts may make an entry into the directory to reference the artefact and explain how to bind to it. Others may retrieve this information and use it to bind to the artefacts. The main drawback of the directory is that it has no control or notification if an artefact is deleted, changed or replaced, and the directory may not be able to indicate these events to users.

339. Both Registry/Repository and Directory implementations allow for federation (also called replication). This functionality allows content from one implementation to be replicated or referenced from within other implementations.

340. Several standards exist to constrain Registry/Repository and Directory implementations. The most prevalent standards are ISO/IEC 11179 Part 315 (an ISO standard for metadata registries), the OASIS ebXML Registry-Repository Technical Specifications16 and the OASIS Universal Description and Discovery Interface (UDDI) Technical Specification

341. The OASIS UDDI specification is available from the OASIS website under the technical committee’s home page area at www.oasis-open.org/committees/tc_home.php?wg_abbrev=uddi-spec.

342. Standards such as Bluetooth TM use a broadcast-type methodology to advertise their services to other Bluetooth devices that are within range.

C.2.9.7. Service Data Model

343. When invoking a service, certain parameters may be required to help the service fulfil the service request. The service may also pass parameters back to the service consumer. To understand any required parameters serialization, an artefact is required to specify the associated data models for the services. Even if no parameters are used, SOA requires a base component to declare this in a format that is understandable to service consumers.

C.2.9.7.1. Known implementations

344. The W3C’s WSDL10 can be used to express that related schema fragments constrain XML instance data being passed in and out of services. ebXML’s Collaboration Protocol Profile11 also references a schema for instance data being used in a service or collaboration of services. Both of these implementations are not specifically dependent on the W3C’s XML Schema19 format; yet most implementations use it.

C.2.9.8. Service Contract

345. A service contract is not an actual legal document. Instead, the service contract specifies a set of technical data, and possibly business information. The contract is between whoever is providing the Web service, and whoever is consuming the Web service. Put in the simplest terms, the contract provides details about the service being offered by the provider. By agreeing to a contract, both sides understand exactly what will be provided.

C.2.9.8.1. Low Level

346. A service contract can operate at a lot of different levels. A low-level contract expresses how you communicate, and what the expectations of communications are. But that low-level contract is not nearly as important as the higher-level contracts. At a minimum, will contain:

Service description
Service interface details
Service inputs/outputs

C.2.9.8.2. High Level

347. This higher-level contract is far more important because these contracts frequently have business implications, not just technical implications. For example, a contract may include details of how the service will be authenticated, and so have details about authentication, encryption and authorization. A typical high-level contract could include the following:

Description of service
Details interface to the service
Service inputs/outputs
How service will be authenticated
How service will be authorized
What type of encryption will be used
Service level agreements (Availability, response time, etc)
Charges to use the service