1

SOA + Web 2.0Symbiose oder Kollisionim Unternehmen ?

Tony Fricko, SOA Competence Centeranton_fricko@at.ibm.com

2

Agenda

What we get from Web 2.0– Technologies: AJAX, JSON, REST

– RESTful SOARelevance of Mashups / controlpoints– Mashup examples

Mashup considerations for the enterprise– Security / Standards (OpenAjax Alliance – Metadata specs)

IBM Activities and products in SOA / Web 2.0– Mashups

– RESTful SOA enablement– WebSphere, DataPower, Registry (WSRR), WebSphere Business Monitor, etc..

2

3

What is Web 2.0*?

Simple to use Simple to access

AJAX• Highly Interactive• Browser invoked services

JSON / XML / ATOM • Information exchange• JavaScript Friendly

REST• Easily invoked• HTTP-Centric Patterns

* A term coined by Tim O‘Reilly(http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html )

4

Importance of APIs and open standards

Desktop scope

Operating System

APIs

Application

Net

wor

k

File

acc

ess

Gra

phic

s

Sec

urity

……

..

3

5

Importance of APIs and open standards

Desktop scope

APIs

Application

Net

wor

k

File

acc

ess

Gra

phic

s

Sec

urity

……

..Internet

6

Importance of APIs and open standards

Desktop scope

APIs

Browser

W3C

Goo

gle

Am

azon

Ope

nAja

x

……

..

Internet

GUI

4

7

Intuitive User Experience – using AJAX

In the typical web application, each request causes a complete refresh of the browser page

An Ajax application begins the same way.

After the initial page loads, Javascript code retrieves additional data in the background and updates only specific sections of the page

AJAX is the acronym for Asynchronous JavaScript and XMLAJAX forces you to think about discrete servicesGives you a bottoms-up approach to defining services that can reveal new

things about your enterprise

Service

8

XML, JSON and ATOM

XML is the standard representation for message format in RESTfulservices

– The key difference from SOAP is that the XML represents only the body of a message

– Thus a RESTful service will carry as its content only a simple, human-readable document that represents the “noun” of the service

JSON is an alternate standard format for succinct communication with AJAX clients

– The vast majority of the clients of a RESTful service will be written in JavaScript

– In recognition of that, JSON (JavaScript Object Notation) allows for rapid exchange of JavaScript objects, but also in a simple, human-readable format

– JSON is built up from a collection of name-value pairs and ordered lists of values

ATOM is a key XML specification for content syndication – ATOM allows for better support for podcasting, updating, and extension than

RSS provided

– ATOM is also human readable and is easy to understand and parse

5

9

REST - Accessibility for Developers Simply exposing services from the enterprise as URLs and FeedsA RESTful Web service is formed like a sentence – it simplifies how developers access

servicesVerb = HTTP Action (GET, POST, PUT, DELETE)Noun = the URI of the Service (the document)Adjective = MIME type of the resulting document

10

RESTful SOA

A RESTful SOA is an instance of SOA that uses concepts from the Web as the primary service architecture

– Limiting choices to make it easier to implement a SOA

– Primarily uses REST to represent and access services

– Data is encoded as JSON or XML (including XML schemas like ATOM)

– May use alternate approaches like JSON-RPC when appropriate

– Supports Rich User Interfaces built using AJAX

Key aspects of building an effective RESTful SOA– Take advantage of your existing infrastructure wherever possible

– Use well-established, ubiquitous technologies for scalability, performance and security

– Build rich UI’s that run in any commodity browser

– Make content simple and human readable WOA

6

11

Where can a RESTful SOA apply?

When building Widgets for use in Mashups or RIA’s, or building feeds (ATOM or RSS) for use in a browser or by an aggregator

When you want to make assets available to the web– In a form that it can be parsed by the widest range of technologies available

– Where it may be consumed on either the client or server side

When the asset you are exposing is naturally resource-oriented

12

Merging Enterprise SOA and RESTful SOA

If you take the route of developing for both Enterprise SOA and RESTful SOA then you can take advantage of two separate content pools

– Services generated inside your enterprise

– Services generated outside the enterpriseThis gives you the best of both worlds and allows you to take advantage of all the communities served by your business

Services fromInside the Enterprise

Services fromoutside the Enterprise

New Content andNew ways to reachYour communities

7

13

Extending the Reach of your SOA

From the IBM Web Page on the definition of SOA:– “... a business-centric IT architectural approach that supports

integrating your business as linked, repeatable business tasks, or services. SOA helps users build composite applications, which are applications that draw upon functionality from multiple sources within and beyond the enterprise to support horizontal business processes ”

SOA in general is about providing access to the reusable business tasks (services) of your enterprise

– RESTful SOA is just a constrained subset of SOA dedicated to making those services easily available to end-users

There are three things you can do to take advantage of RESTful SOA

Embrace your

business communities

Unleash your

Assets

Extend your business

processes to your business

communities

14

Emerging Web 2.0 Ecosystem

REMIXING

High volume, varying granularity offerings of content and services

Content and services “mashed” with other offerings – personalization, situational needs

User seamlessly interfaces with multiple offerings within the context of a single application

8

15

What is a Widget

A widget is a small program or piece of dynamic content that can be easily placed into a web site.

Widgets are called different names by different vendors: gadgets, blocks, flakes.

Widgets can be written in any language (Java™, .NET, PHP, etc.) and can be as simple as an HTML fragment.

Widgets can be non-visual.

Widgets often encapsulate an API.

“Mashable” widgets pass events, so that they can be wired together to create something new.

There are no standards around widgets yet, but IBM is moving towards a common definition called iWidget.

16

What is a Mashup

A mashup is a lightweight web application that combines data from more than one source into an integrated and new, useful experience.

Zillow.com

What typically characterizes a mashup? “Widgets” and feeds that are mashed together often come from independent sources and do not change when mashed

New applications deliver new insights and capabilities (1+1 = 4)Built on a web-oriented architecture (REST, HTTP) and leveraging lightweight, simple integration techniques (AJAX, RSS, JSON)

The result is fast creation of rich, desktop-like web applicationsSimple applications that solve niche problems (i.e., satisfies the long tail)

Competitive MashupiGoogle

9

17

Mashups Mean Faster, Cheaper Delivery of ApplicationsSave time and money through reuse and lightweight integration techniques– Sharing and discovery of internal content and data a key enablerIncrease productivity– Lower skill sets needed to assemble new applications– Leverage the palette of widgets and APIs from across the web

Google Gadgets programmableweb.com

IBM Catalog/Mashup Hub

New mashup

18

Simple to use Simple to access

Mashups can help to:

Illuminate the value of SOA to business users by making it more visible

Drive the creation of well designed services

Increase service reuse

Make SOA simple to use

Mashups are the “last mile” of SOA

Extend Reach and Value of SOA

10

19

Key Mashup Challenges

1. No industry-wide agreement on a widget standard yet– There are no standards around widgets yet and many vendors have created

their own names: gadgets, blocks, flakes, etc.

– IBM has created a lightweight widget model which is well aligned with existing standards such as JSR168/286 and WSRP as well as other widget models such as Google and NetVibes– You can use this model to develop and use widgets with IBM products

– IBM’s goal is to define a standard for widgets. As part of this effort, IBM is leading a new widget specification workgroup in OpenAJAX.– Leveraging the experience from the Google Gadget integration, our IBM

widget model, and the JSR 168/286 + WSRP standards to create a well integrated OpenAJAX widget spec.

– Check out http://www.openajax.org

20

Key Mashup Challenges

2. SecurityConcerns around mashing internal data with external (non trusted API)

Potential for malicious, malformed code (rogue widgets)Need to provide isolation between widgetsIndustry looking to establish standard cross-domain secure communication mechanism (OpenAjax Alliance Hub 1.1)

How to easily handle security deployments for mashups?Authentication, credentials, authorization

To learn more, read the OpenAjax Alliance Security Taskforce whitepaper:http://www.openajax.org/member/wiki/WP3_-_Ajax_and_Mashup_Security

3. Creating “mashable” dataBefore mashing can be done, content must be exposed in a mashable format

First step is making enterprise data (both structured and unstructured sources) available as feeds

11

21

Running different widgets on a single canvas

OpenAjax Metadata Specification– http://www.openajax.org/member/wiki/OpenAjax_Metadata_Spe

cification

– Widget Metadata

– API Metadata

– Library Metadata

– Properties and Datatypes

– Localization

22

Lotus Mashups provides the simplest and fastest way to assemble enterprise and Web content into simple, flexible, and dynamic applications. With Lotus Mashups, web-savvy business users can easily create and share new applications that address their immediate business needs.

Lotus Mashups includes:A graphical, browser-based tool that supports

easy, on-the-glass assembly of new Web applications by business users.

A mashup catalog which facilitates sharing and discovery of mashup assets, with built-in community features like ratings, tagging, commenting.

A very lightweight mashup server, which can be hosted on a variety of platforms for added IT management and governance capabilities.

A rich set of out-of-the-box, business-ready widgets.

Create

Assemble& Share

Use

Discover

Speed Flexibility

Reuse

InsightInnovation

Manage

Introducing Lotus Mashups

12

23

Mashable Content Can Come From Diverse Feeds

Google GadgetsWeb

MashupsDiscover & Share

Desktop

MySQL

XMLCustom Adaptors

WebDepartmental

& Personal

Office

ERPECM LegacyDB2, Oracle, MSSQL

JDBC, IDS, IMS, etcBI / BPM & Data

Warehouses ERP/CRM

Enterprise

MQ

MQSeries

Web services

<WSDL> & WISD

Information Server

CRMECM Systems

24

InfoSphere MashupHub: unlock and share web, departmental, personal and enterprise information for use in Web2.0 applications. Transform and re-mix Web 2.0-style feeds.

Catalog: Sharing & discovery of mashable assets.Lotus Mashups: Quickly and

easily assemble mashups on-the-glass. Create dynamic widgets.

IBM Mashup Center – Key Components

13

25

Carrefour mashup

Search for ETA

Result of vessels

Vessel details (revealed by clicking on icon )

Map with overlay of piracy reports and weather info

26

IBM activities and offerings – Web 2.0 + SOA

Standardization activities– OpenAjax alliance

– Metadata specifications– AJAX – accessibility work

– JavaScript compliance via open source Dojo toolkit

Lotus Mashups / InfoSphere (announced product, can be downloaded from IBM alphaWorks)Mashub Hub (research tool, included in Lotus Mashups)WebSphere sMash (announced product, GA 2H 2008 – ‘ProjectZero’)

Web 2.0 support pack for WebSphere V6.1DataPower JSON supportWebSphere Business Process MonitorWebSphere Registry and RepositoryWebSphere Commerce ServerWebSphere Process ServerWebSphere Portal

Taking Web 2.0 into the enterprise

14

27

WebSphere sMash for quickly and simply delivering dynamic Web 2.0 based applications, and enabling mashups. WebSphere sMash

• Improves developer productivity and efficiency through the support of dynamic scripting languages (Groovy and PHP)

• Leverages Web 2.0 technologies for service invocation, service composition and data interchange

• Visual tools for developers to build Widgets for use in Lotus Mashups

28

Applications: Extending Reach of SOA with Web 2.0Enhancing the Industry's Broadest SOA Portfolio in the Changing World

Enable agile creation of customizable solutions with the flexibility and personalization of SOA“Bridge" web and SOA: Use Web 2.0 -style approaches to access reliable SOA services

Widget /Application Creation Widget Assembly

Mashup EngineWidget Factory

WebSphere sMash

Lotus Mashups

Business UsersDevelopers

Output used as Stand-alone Application

Output used as Widgets Consumed by Mashups

15

29

WAS Feature Pack for Web 2.0

JSON and HTTP EnablementSimplifies Ajax and web 2.0 based access to traditional web services, Java objects and EJBs in the application server

Ajax Client RuntimeEases development of client side Ajax code; based on Dojo, an open source Javascript library

Publish and Subscribe Event HandlingEnables dynamic scenarios such as streaming stock updates and real time collaborative web applications

Ajax ProxyProvides safe, reliable access to Internet based services and mashupsfrom browser based Ajax applications

IBM $125.25 +$2.50… MSFT $43.75 -$1.50 …

EJBs POJOsServices

JMS Proxy

WebSphereApplication Server

RESTful SOA Enabler

30

WebSphere DataPower – JSON-RPC Bridging

Web Service (SOAP) Provider

AJAXClients

JSON SOAPGetHandle

AddTask

ShutDown

GetHandle

AddTask

ShutDown

…{"Task": "Dry cleaning: shirt, pants, and 20% discount coupon“}…

Perform format translation from JSON to SOAP (and vice versa)

16

31

WebSphere Business Process Monitor

Defines a set of URIs exposing REST services that open access to monitor data

– http://monitor_server:monitor_server_port/rest/bpm/monitor/REST_URI

Services include– Model services (metadata about deployed

monitor models)

– Diagram services (SVG diagrams about deployed monitor models)

– KPI services (retrieval/management of Key Performance indicators)

– Instance data services (monitored data collected by business monitor)

– Alert services (support retrieval/management of alert subscriptions)

– Security services

32

WebSphere Service Registry and Repository

Exposing REST APIs to perform actions on content and metadata– Actions

– Create, Retrieve, Update, Delete– Services accessed through ROOT URL - http://host:port/WSRR/6.1– E.g. Creating Content (WSDL, XSD, Policy, XML, Generic…)

– Response (may be XML or JSON)

17

33

Web

Enterprise

RESTJSON

XML RSS

ATOM

DB2LegacyCICSIMS

J2EE

App ServerWAS, CE, Tomcat

WPS, ESB, Portal

SOAPWS-* JMSMOM

Bridging “RESTful SOA” and “Enterprise SOA”

REST

34

Web 2.0 and new SOA tooling better align business and IT

Unparalleled accessibility to content

Exponential reductions in cycle time–Weeks to Days, Days to

hours

Users build their own applications

http://www-306.ibm.com/software/lotus/products/mashups/

18

Thank you

36

© Copyright IBM Corporation 2008. All rights reserved.

The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way.IBM, the IBM logo, the e-business logo and other IBM products and services are trademarks or registered trademarks of the International Business Machines Corporation, in the United States, other countries or both.

All other trademarks, company, products or service names may be trademarks, registered trademarks or service marks of others

Disclaimer: NOTICE – BUSINESS VALUE INFORMATION IS PROVIDED TO YOU 'AS IS' WITH THE UNDERSTANDING THAT THERE ARE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. IBM DISCLAIMS ALL WARRANTIES INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IBM DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE, VALIDITY, ACCURACY OR RELIABILITY OF THE BUSINESS BENEFITS SHOWN.. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGES, INCLUDING THOSE ARISING AS A RESULT OF IBM'S NEGLIGENCE.WHETHER THOSE DAMAGES ARE DIRECT, CONSEQUENTIAL, INCIDENTAL, OR SPECIAL, FLOWING FROM YOUR USE OF OR INABILITY TO USE THE INFORMATION PROVIDED HEREWITH OR RESULTS EVEN IF IBM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE ULTIMATE RESPONSIBILITY FOR ACHIEVING THE CALCULATED RESULTS REMAINS WITH YOU.

Contact info:

anton_fricko@at.ibm.com

Zeddy Warf in SecondLife