i ntegrate applications using web services and biztalk
DESCRIPTION
I ntegrate Applications Using Web Services and BizTalk. Microsoft .NET 技術代言人 林耀珍 Michael. 林耀珍. 現職 IT 顧問 經歷 第三波資訊 技術總監 育碁數位科技 總經理 第三波資訊 ERP 專案經理 專業認證與專長 微軟 .NET 技術 、 軟體開發流程、資訊系統規劃、 J2EE Microsoft MCSD/MCSE/MCDBA 物件導向技術, Rational OOAD 認證講師 Lotus Notes principle CLP/CLI. - PowerPoint PPT PresentationTRANSCRIPT
112/04/22 .NET技術代言人 林耀珍 2004/06/29 1
IIntegrate Applications Using ntegrate Applications Using Web Web Services Services and and BizTalkBizTalk
Microsoft .NET 技術代言人林耀珍 Michael
112/04/22 .NET技術代言人 林耀珍 2004/06/29 2
林耀珍林耀珍現職
IT 顧問經歷第三波資訊 技術總監育碁數位科技 總經理第三波資訊 ERP 專案經理
專業認證與專長微軟 .NET 技術 、 軟體開發流程、資訊系統規劃、 J2EE Microsoft MCSD/MCSE/MCDBA物件導向技術, Rational OOAD 認證講師Lotus Notes principle CLP/CLI
112/04/22 .NET技術代言人 林耀珍 2004/06/29 3
目標與對象目標與對象對象技術平台的決策人員軟體建構師系統分析師專案經理應用程式開發人員目標介紹應用程式整合的技術
112/04/22 .NET技術代言人 林耀珍 2004/06/29 4
大綱大綱OverviewWeb Services Architecture
Web Services SecurityBuild EAI & B2B Application with BizTalk
112/04/22 .NET技術代言人 林耀珍 2004/06/29 5
.NET Enterprise Application .NET Enterprise Application ArchitectureArchitecture
UI Components
UI Process Components
Data Access Components
Business Workflows
Business Components
Users
Business Entities
Service Agents
Service Interfaces
Data Sources Services
Operational M
anagement
Security
Com
munication
112/04/22 .NET技術代言人 林耀珍 2004/06/29 6
Customers
Suppliers Employees
Partners
The Vision – A Connected WorldThe Vision – A Connected World
Suppliers
Suppliers
Employees
Customers
Partners Partners
112/04/22 .NET技術代言人 林耀珍 2004/06/29 7
The ProblemsThe ProblemsCommunication ProtocolData SchemaRegistrationSecurityBusiness Process Integration
Document (Format & Semantics)ProcedureBusiness Rules (Agreements)TransactionCompensationHuman Workflow Integrartion
….
112/04/22 .NET技術代言人 林耀珍 2004/06/29 8
What is SOA?What is SOA?
An architectural approach to creating systems built from autonomous servicesA service is a program you interact with via message exchanges
Services are built to lastAvailability and stability are critical
A system is a set of deployed services cooperating in a given task
Systems are built to changeAdapt to new services after deployment
112/04/22 .NET技術代言人 林耀珍 2004/06/29 9
Common BusCommon BusWeb Service is the Foundation of SOA
Independent of Communication ProtocolsXML , SOAP , WSDL , UUDI
112/04/22 .NET技術代言人 林耀珍 2004/06/29 10
大綱大綱OverviewWeb Services Architecture
Web Services SecurityBuild EAI & B2B Application with BizTalk
Web Services ArchitectureWeb Services Architecture
Source: W3C Web Services Architecture Working Draft, August 2003
112/04/22 .NET技術代言人 林耀珍 2004/06/29 12
Requirements of Requirements of Security Security
IntegrityNon-RepudiationAuthentication/IdentityAuthorizationConfidentiality
112/04/22 .NET技術代言人 林耀珍 2004/06/29 13
Secure CommunicationSecure Communication
Encrypts the entire messageSender must trust all intermediariesRestricts protocols that can be used
SSL SecuritySSL Security SSL SecuritySSL Security
112/04/22 .NET技術代言人 林耀珍 2004/06/29 14
Secure Secure MessageMessage
End to end message security independent of transportSupports multiple protocols and multiple encryption technologiesEncrypt only parts of the messageSender need only trust endpoint
112/04/22 .NET技術代言人 林耀珍 2004/06/29 15
SecuritySecurity
PrivacyPrivacy AuthorizationAuthorizationFederationFederation
TrustTrustPolicyPolicy SecureConversationSecureConversation
SOAP FoundationSOAP Foundation
Web Services Security ArchitectureWeb Services Security Architecture
Web Services SecurityWeb Services SecurityThe initial set of Web Services Security specifications completed OASIS Public Review in October 2003
now are OASIS Committee Approved Specifications OASIS Call For Vote is due March 31, 2004, at which time Web
Services Security may become an OASIS standardThe WS-Security specification was created as part of the Global XML Web Services Architecture (GXA) framework
It was originally authored by Microsoft, IBM, and Verisign and was released in October 2001
Submitted to OASIS in June 2002 Security information can be username/password, X.509 certificate, Kerberos ticket (future), SAML assertion (future), XrML token (future), biometric information (future), etc.
112/04/22 .NET技術代言人 林耀珍 2004/06/29 17
Web Services SecurityWeb Services Security
A framework for building security protocolsIntegrityConfidentialityPropagation of security tokens
Supports end-to-end SOAP message securitySupports multiple intermediariesIndependent of underlying transport
Support for pluggable algorithmsEncryption, Digest, Signature, Canonicalization, Transforms
112/04/22 .NET技術代言人 林耀珍 2004/06/29 18
Security TokensSecurity TokensTokens assert claims about identity, capability, privileges
SignedSigned
……
X.509X.509 KerberosKerberosSecret/Shared KeySecret/Shared Key
PasswordPassword
Proof ofProof ofPossessionPossession
Security Security ContextContext
UnsignedUnsigned
……UsernameUsername
SAMLSAML XrMLXrML
112/04/22 .NET技術代言人 林耀珍 2004/06/29 19
Authenticating With TokensAuthenticating With Tokens
Tokens carry claims that are backed by “proof of possession”
Shared secret (password, symmetric key)Private key signed by trusted third-party service
Authenticating involves checking for this knowledge
Validating username token passwordsVerifying the digital signature
112/04/22 .NET技術代言人 林耀珍 2004/06/29 20
Username tokenUsername token
Simple method of conveying usernamePassword is used to generate a secret key for signing and encryptingPassword can be sent as plaintext or digest
WSE also provides built-in replay detection mechanismWSE automatically creates Windows Principal for plain-text passwords
112/04/22 .NET技術代言人 林耀珍 2004/06/29 21
Authorization With TokensAuthorization With Tokens
WSE uses the SecurityToken.Principal to perform authorization
Automatically set for UsernameToken and KerberosSecurityToken
IPrincipalBasis of all code-level authorization and role-based securitySupport for custom IPrincipal types
112/04/22 .NET技術代言人 林耀珍 2004/06/29 22
AuthorizationAuthorization TechniquesTechniquesProgrammatic
……If token.Principal.IsInRole("Banker") ThenIf token.Principal.IsInRole("Banker") Then ' Allow user to perform action ' Allow user to perform action End IfEnd If… …
Policy-basedWSE supports the use of Policy for Role-based Authorization
Works without having to write code
112/04/22 .NET技術代言人 林耀珍 2004/06/29 23
Binary TokensBinary Tokens
X509 TokensProvides a way to encode X509 certificatesSupplied by Certificate Authority such as Windows Certificate ServicesContains public key and digital signature from Certificate AuthoritySupports asymmetric encryption and signing
112/04/22 .NET技術代言人 林耀珍 2004/06/29 24
Digital Signatures For IntegrityDigital Signatures For Integrity
Signing involves hashing the data and encrypting the hash value with a private keyParts of a message can be signed to ensure integrity
Know that the message hasn’t been tampered withKnow that only the sender could have sent it
Unless specified, WSE signs a default set of message parts
112/04/22 .NET技術代言人 林耀珍 2004/06/29 25
XML EncryptionXML Encryption
Parts of a message can be encrypted to ensure confidentialityPlain text replaced with cipher text
112/04/22 .NET技術代言人 林耀珍 2004/06/29 26
Creating Security ContextsCreating Security ContextsAsymmetric keys are slow WS-SecureConversation defines a SecurityContext token (SCT)
Based on a symmetric keyFaster for multiple calls
Request for SCTRequest for SCT
SCT Issued to clientSCT Issued to client
Series of messages Series of messages signed with issued SCTsigned with issued SCTClientClient ServerServer
112/04/22 .NET技術代言人 林耀珍 2004/06/29 27
Creating Security ContextsCreating Security Contexts
Context can be established in a variety of ways
Using WS-TrustHaving one party create the contextThrough negotiation
STS may be located at the service or a separate endpointWSE supports the automatic use of Secure Conversation
Recommended if clients make > 2 calls
112/04/22 .NET技術代言人 林耀珍 2004/06/29 28
WSWS SecuritySecurity PolicyPolicy
PolicyPolicy• Only accept x509 tokens Only accept x509 tokens
from trusted CAfrom trusted CA• Token must contain known Token must contain known
subjectsubject• Only callers who are in the Only callers who are in the
Manager roleManager role
Describes the security requirements of a web service, not with coding
112/04/22 .NET技術代言人 林耀珍 2004/06/29 29
WS-SecurityPolicyWS-SecurityPolicy
Describes the security requirements of a web serviceProvides a way of specifying
Supported Token typesSigning and encryption requirementsRole-based authorization decisionsSecure Conversation requirements
112/04/22 .NET技術代言人 林耀珍 2004/06/29 30
大綱大綱OverviewWeb Services Architecture
Web Services SecurityBuild EAI & B2B Application with BizTalk
112/04/22 .NET技術代言人 林耀珍 2004/06/29 31
Business Integration DefinedBusiness Integration Defined
Business Integration is enabling Business Integration is enabling applications to communicate and work with applications to communicate and work with other applications in an other applications in an AutomatedAutomated and and EfficientEfficient manner. manner. EAI: Applications inside a companyEAI: Applications inside a company B2B: Applications between companiesB2B: Applications between companies
This usually involves converting data from This usually involves converting data from one format to anotherone format to another
Can be very complex processCan be very complex process
112/04/22 .NET技術代言人 林耀珍 2004/06/29 32
Example Scenario: Purchase OrderExample Scenario: Purchase Order
ERP supplier
Discuss requirements
Approve with comments
Status?
Ship notice
Initiate project
Send changesUpdate PO
approveConfirm PO
ReceiveReceive
InvoiceClose Project
Close PO
buyer
Discuss comments
Send POCreate PO
112/04/22 .NET技術代言人 林耀珍 2004/06/29 33
Application IntegrationApplication IntegrationAn Idealized PictureAn Idealized Picture
Packaged Application
Y
ERP Application
Unix Application
J2EE Application
.NET Application
Packaged Application
X
CICS Application
AS/400 Application
SOAP
112/04/22 .NET技術代言人 林耀珍 2004/06/29 34
Application IntegrationApplication IntegrationThe RealityThe Reality
Packaged Packaged Application Application
YY
ERP ERP ApplicationApplication
Unix Unix Application Application
J2EE J2EE Application Application
.NET .NET Application Application
Packaged Packaged Application Application
XX
CICS CICS Application Application
AS/400 AS/400 Application Application
Business Business ProcessProcess
112/04/22 .NET技術代言人 林耀珍 2004/06/29 35
Platform For Business IntegrationPlatform For Business Integration
Clients Agents
Entity Entity ServicesServices
Activity Activity ServicesServices
Process Process ServicesServices
DatabaseDatabase ComponentComponent PartnerPartnerLegacyLegacy
BizTalk Adapters BizTalk Adapters Support Support
integrationintegration
BizTalk BizTalk Orchestration Orchestration
supports highly supports highly dynamic activitiesdynamic activities
BizTalk Workflow BizTalk Workflow (BPEL) and (BPEL) and
compenstation compenstation support for business support for business
processesprocesses
BizTalk Document BizTalk Document Schema and Schema and
TransformationTransformation
112/04/22 .NET技術代言人 林耀珍 2004/06/29 36
A Business Process PlatformA Business Process PlatformCommunication with Communication with other applications other applications
Scalability Scalability supportsupport
Human interaction with Human interaction with business processesbusiness processes
Cross-application Cross-application authenticationauthentication
Business process Business process implementationimplementation
Process Process monitoringmonitoring
Modifiable business Modifiable business rulesrules
Tools for working with Tools for working with trading partnerstrading partners
BTS 2004 EngineBTS 2004 Engine
Human Workflow ServicesHuman Workflow Services
Technical: Health and Activity Tracking Technical: Health and Activity Tracking Business: Business Activity Monitoring Business: Business Activity Monitoring
Enterprise Single Sign-On Enterprise Single Sign-On
Business Rules EngineBusiness Rules Engine
Business Activity ServicesBusiness Activity Services
112/04/22 .NET技術代言人 林耀珍 2004/06/29 37
The BTS 2004 EngineThe BTS 2004 Engine
MessageBox
Orchestrations
Message Path
<XML Message>
<XML Message>
<XML Message>
<XML Message>Incoming Message
Outgoing Message
Subscriptions
SendAdapter
SendPipeline
ReceiveAdapter
Receive Pipeline
112/04/22 .NET技術代言人 林耀珍 2004/06/29 38
Communication Communication BTS 2004 AdaptersBTS 2004 Adapters
Standard adapters from Microsoft includeWeb Services adapter MQSeries adapterSAP adapterMore
Many third-party adapters are available, including
EDI adapterPeopleSoft adapterLots more
112/04/22 .NET技術代言人 林耀珍 2004/06/29 39
Communication Communication ToolsTools
For building adaptersMicrosoft.BizTalk.Adapter.Framework namespace
Within Visual Studio.NETPipeline Designer
Used to create custom pipelinesBizTalk Editor
Used to create XSD message schemasBizTalk Mapper
Used to define mappings and XSLT transformations between message schemas
112/04/22 .NET技術代言人 林耀珍 2004/06/29 40
OrchestrationsOrchestrations
Define the operations in a business process using shapes
Compile into standard .NET assembliesExample shapes:
Decide: an if-then-else statement Loop: performs an action repeatedly Send: sends a message Receive: receives a message Parallel Actions: performs multiple operations in parallel
ToolsVisual Studio .NET & Visio
112/04/22 .NET技術代言人 林耀珍 2004/06/29 41
ScopesScopes
Scope: supports transactionsAtomic: recovery via rollbackLong-running: recovery via compensation
Scope Y: Long-running
ERP Application
BizTalk Server 2004 Engine x
2) Attempt update, fail
Scope X: Atomic
CICS Application
.NET Application
1) Update and commit
3) Compensate
112/04/22 .NET技術代言人 林耀珍 2004/06/29 42
CorrelationCorrelation
Routes messages to an orchestration instance based on their contents
Doesn’t require the orchestration to block waiting for a response message
BizTalk Server BizTalk Server 2004 Engine2004 Engine
. . .. . .PO# 5978PO# 5978
Purchase OrderPurchase Order
. . .. . .PO# 6013PO# 6013
Purchase OrderPurchase Order
. . .. . .PO# 5978PO# 5978InvoiceInvoice
. . .. . .PO# 6013PO# 6013InvoiceInvoice
ERP ERP ApplicationApplication
112/04/22 .NET技術代言人 林耀珍 2004/06/29 43BizTalk Server 2004BizTalk Server 2004 Other Integration Other Integration
PlatformPlatform
BPEL BPEL DefinitionDefinitionGeneratedGenerated
Process Implementation Process Implementation The Business Process Execution The Business Process Execution Language (BPEL)Language (BPEL)
Web Web ServicesServices
112/04/22 .NET技術代言人 林耀珍 2004/06/29 44
Aggregating ServicesAggregating ServicesBizTalk Server 2004 EngineBizTalk Server 2004 Engine
Packaged Packaged Application Application
Unix Unix Application Application
J2EE J2EE Application Application
CICS CICS Application Application
AS/400 AS/400 Application Application
Web Services Web Services ClientsClients
112/04/22 .NET技術代言人 林耀珍 2004/06/29 45
MessageBoxMessageBox
OrchestrationOrchestration
StateState
ProcessProcess
For processes with stable rules
For processes with volatile rules
The Business Rules EngineThe Business Rules Engine
MessageBoxMessageBox
OrchestrationOrchestration
StateState
Process and Process and RulesRules
Business RulesBusiness RulesEngineEngine
RulesRules
112/04/22 .NET技術代言人 林耀珍 2004/06/29 46
Tools for Business RulesTools for Business RulesThe Business Rule Composer allows a process’s rules to be expressed in a more natural wayExample
Business process terms Quantity Requested (from an order message)Maximum Allowed Order Quantity (set to 100)
Business process ruleif Quantity Requested is greater than Maximum Allowed Order Quantity, then send Order Rejected message
112/04/22 .NET技術代言人 林耀珍 2004/06/29 47
Process Monitoring Process Monitoring
Health and Activity Tracking (HAT) provides graphical access to information about orchestrations and messages, such as
When an orchestration starts and endsWhen each shape within it is executedWhen each of its messages is sent and receivedWhat’s in each messageMuch more
Tool: Health and Activity Tracking tool
112/04/22 .NET技術代言人 林耀珍 2004/06/29 48
Tracing ProcessTracing Process
112/04/22 .NET技術代言人 林耀珍 2004/06/29 49
Business Activity MonitoringBusiness Activity Monitoring
Allows information workers to monitor business processes
BizTalk Server BizTalk Server 2004 Engine2004 Engine
TrackingTracking
Monitored Events and Monitored Events and MessagesMessages
Microsoft Microsoft ExcelExcel
Other Other ClientsClients
Business Activity Business Activity Monitoring (BAM)Monitoring (BAM)
112/04/22 .NET技術代言人 林耀珍 2004/06/29 50
An Example BAM ViewAn Example BAM View
112/04/22 .NET技術代言人 林耀珍 2004/06/29 51
ConclusionsConclusions
A service-oriented world is inevitable, but it implies
Connections to non-SOAP servicesServices for building business processes
Web Services are the foundation for SOABizTalk Server 2004 is a SOA platform for building, managing, and monitoring business processes
In the world todayIn the service-oriented world to come
112/04/22 .NET技術代言人 林耀珍 2004/06/29 52
Questions…Questions…
Microsoft .NET 技術代言人林耀珍