In Chapters 8 and 9, the APIs for publishing and inquiry are discussed. These APIs provide means to publish and discover business entities and related services. Using these APIs, a company can either register its business assets as services to other companies in its ecosystem or use the services provided by other companies. These APIs essentially provide the necessary technical capabilities to advertise and discover various resources, including business entities, services, and tModels. However, technical capabilities are only part of the picture. The other part is how the registry is used in a solution; this can be considered the usage pattern of the registry. Each usage pattern has a unique set of requirements and uses various UDDI technical capabilities more prominently than others. Building registry-based solutions requires a good understanding of these usage patterns. In this chapter, we discuss the usage patterns and how each of them uses the UDDI registry. We also discuss prominent solution domains where UDDI registry can be used.
In the previous discussion, we have referred largely to the Universal Business Registry (UBR) when discussing UDDI registry. The examples themselves are also demonstrated using the Microsoft UBR instance. As mentioned in the earlier chapters, these examples also work on a private instance of the registry.
A private UDDI registry is an instance of a UDDI registry that is not part of the UBR cloud. Although called private, such an instance need not be accessible only to a specific individual or organization. It is possible to share a registry instance among a set of like-minded entities that come together for a specific purpose. For example, a company and all its suppliers can use a private registry to exchange information. As explained in Section 4.3.1, a private registry can act as an intermediary between communicating business entities. Besides this, a private registry provides several advantages over UBR.
One of the chief advantages of a private registry is access control. Only the members that share the private registry can/will typically have access to a private registry. This means that the members can divulge a limited amount of potentially confidential data to be shared among the members. Sharing of such data may be essential for functioning facilitated by the registry.
The UBR has specified its own set of operational and functional policies. These policies are specified in the Operator Specification document. A UBR operator is bound by a contractual agreement to abide by these policies. These policies may not always be suitable for a company or a solution it is trying to put in place. A private UDDI instance will enable the organization to set and enforce its own policies to use the registry. For example, by default, the Microsoft UBR instance does not allow multiple business entity registrations per user account. A private registry owner, on the other hand, may not enforce such a restriction at all or may allow business entity registrations up to a certain limit.
A private registry owner can define its own set of organization rules above and beyond those specified by UDDI. This can ensure that the organization is commensurate with the needs of the community or solution using the registry. For example, a private registry that is used among several companies may have an organization structure where the name of the service or tModel must be in the for-mat company name:location:functionality name:version. Using such a hierarchical structure, it will be easy to find all the services that cater to a specific zip code or all versions of a certain interaction specification. Note that on UBR it is possible to create such a naming scheme, but it is not enforceable. The other use of customizable organization is creating synonyms for resources, as discussed in Section 10.2.
Currently, several companies including Microsoft, IBM, and Oracle provide a private UDDI registry that a company can implement.
The UBR today suffers from a lot of data that is stale. Since any registered user is allowed to publish business entities and services, there are several registrations that are phony, i.e., being used for testing purposes. A private registry can enforce information sanity by ensuring a strict process for registering any resource on the registry — even by the members. The process through its checks and balances can ensure that the data available on the registry (such as access points to services) are fresh and may enforce the freshness of data through contractual agreements.
Recall that the UDDI architecture provides a loose coupling between interacting business entities. Such loose coupling enables these companies to form or dismantle business relationships at relatively short notice. While this dynamism is useful in the bigger picture, it creates an operational delay in the short run. Every time an application or a user wishes to use a service that provides certain functionality, it has to refer back to the concerned UDDI registry. One solution to this problem is to cache the reference to the found resource — whether a business entity, tModel, or service and its binding template. Once cached, the local reference can be used whenever corresponding functionality is needed. This will not only save the roundtrip delay to communicate with the registry, but will also remove transactional dependency on an external entity — the UDDI registry. The application can function with one less potential “point-of-failure” in the architecture. The concept of reference caching can be extrapolated further to create a link between an external UDDI registry such as the UBR and a private instance. Two interaction patterns emerge when defining linkages between two UDDI registries.
Reference import
Reference export
When a service-user organization needs certain functionality and has decided on the service provider (and the service instance within), the reference to concerned entities can be imported from the UBR or other UDDI registry. The reference can then be kept in a local private UDDI registry.
Reference import functionality also lets the service-user organization organize the references in a way suitable to its usage model. It could, potentially, create its own taxonomies, tModels, and other data structures and save the references using that organization. For example, if there are multiple specifications defined for interacting with a 401(k) service, a user can search services that comply by different specifications and save the found services under its own my401kTModel. It could also save the found services under its own naming scheme. Of course, the real data must kept as well to resolve the synonym to the real resource.
This private registry can be thought of as a repository of all the services that an organization uses during its day-to-day operation. Figure 10.1 depicts this scenario.
Just as a service-user can import the service reference from another UDDI registry, a publisher can export service references to other registries.
A reference export mechanism is somewhat less intuitive than the reference import mechanism. One application of this mechanism could be the way a publisher manages its services. All the deployed services can be published within the publisher’s private registry and appropriate instances could be exported as they are made public. Reference export could be used for versioning and service migration, as explained in the next section. Figure 10.2 depicts this scenario.
Taxonomies provide the means to classify the resources as discussed previously. In Chapter 6, we discuss how taxonomies are used during the design phase of a registry-based solution.
The identifier system is another orthogonal means for classifying resources. Compared to taxonomies, an identifier system is focused on discovering a specific resource more precisely, rather than finding a class of resources. When used together, taxonomies and identifier systems can be powerful in locating a set of resources with a great degree of precision. Due to their importance, the taxonomy and identifier systems deserve an in-depth discussion.
In the previous examples, we use taxonomies that are built in the UBR registries. For example, the business entities are classified under ntis-gov:naics:1997 taxonomy, which represents North American Industry Classification System (NAICS). The service interaction specification TM401k uses the uddi-org:general_keywords taxonomy, which represents the generic taxonomy where keyword values are used to classify resources. As discussed in Chapter 6, when designing a registry-based solution, the designer must decide if the existing set of taxonomies and identifier systems are sufficient for the solution. If required, a new set of taxonomies and identifier systems must be designed, published, and employed in the proposed solution.
The ubiquitous tModel resource is used to register taxonomies and identifier systems as well. Given the multi-faceted role of tModels, it is essential to distinguish the tModels from each other. UDDI provides a special taxonomy to classify the tModels themselves. This taxonomy, uddi-org:types, is commonly referred to as the UDDI Type Taxonomy.
The UDDI Type taxonomy defines a predefined set of categorizations that can be used to denote what a tModel being registered is associated with. When registering a tModel, the UDDI Types taxonomy must be associated with key values that signify the type of tModel. For a taxonomy tModel, the value categorization should be used during registration. The corresponding XML message will be as follows:
<tModel authorizedName="..." operator="..."
tModelKey="">
...
<categoryBag>
<keyedReference
tModelKey="uuid:C1ACF26D-9672-4404-9D70-39B756E62AB4"
keyName="uddi-org:types"
keyValue="categorization"/>
</categoryBag>
</tModel> The UUID mentioned in the XML segment is associated with the UDDI Types taxonomy. Table 10.1 describes all the types defined in the UDDI Types taxonomy. When registering a tModel, corresponding values can be used to classify it appropriately. Note that it is not mandatory for a publisher to use the UDDI Types taxonomy for categorization. However, doing so helps in the proper representation of the tModel in the UDDI registry. Also, other users of the registry get a more refined view of the tModel.
Table 10.1. tModel Types Defined in UDDI Types Taxonomy.
|
Types |
Description |
|---|---|
|
|
Root level type for internal use only |
|
|
tModel defines an identifier system |
|
|
tModel defines a scope constraint or a domain |
|
|
tModel represents a taxonomy |
|
|
tModel represents the postal address in various forms |
|
|
tModel used for publisher assertions |
|
|
tModel represents an interaction for Web services paradigm |
|
|
A refinement of |
|
|
A refinement of |
|
|
tModel represents a Web service described through WSDL |
|
|
tModel represents a protocol of any sort |
|
|
A refinement of |
|
|
tModel is part of a tModel collection that together represents a specification |
|
|
tModel that cannot be referenced in identifierBag or categoryBag. Used during registration of a |
|
|
tModel is a namespace, identifier, or categorization type tModel that has a properly registered validation service |
|
|
tModel is a namespace, identifier, or categorization type tModel that does not have a validation service |
UDDI specification provides further refinement of taxonomies registered through the UDDI Types taxonomy — checked and unchecked. This provides a clear distinction between tModels that are more formal than others. A checked taxonomy undergoes more scrutiny and has a more formal set of requirements than an unchecked taxonomy.
To register an unchecked taxonomy, the only additional step to the aforementioned process is to classify the taxonomy as “unchecked” in the categoryBag. The XML for that would be as follows:
<categoryBag>
...
<keyedReference
tModelKey="uuid:C1ACF26D-9672-4404-9D70-39B756E62AB4"
keyName="uddi-org:types"
keyValue="unchecked"/>
...
</categoryBag> A checked taxonomy registration requires a more elaborate process. The six-step process aims at registration of a taxonomy that has gone through a “validation.” The registration, in this case, requires active participation from a UDDI operator.
The tModel is designated with two UDDI Type values: checked and unvalidatable. Marking a tModel “unvalidatable” prevents any referencing to that tModel until the process is completed. The tModel is not published by the user; instead, an operator must be contacted for the purpose.
The UDDI operator publishes the tModel on the user’s behalf. Once published, the operator owns the tModel. The ownership in this case refers to rights to updates. The ownership is eventually transferred to the user.
After the initial registration, the user must implement and deploy a validation service for the tModel. This service must implement the
validate_valuesmessage and return a disposition report indicating success or failure as described by theuddi-org:taxonomy_V2tModel. Whenever any resource refers to the concerned tModel in itscategoryBagoridentifierBag, UDDI invokes the validation service that validates any values provided in the registration. It is this validation service that makes a checked tModel more formal and usable compared to unchecked tModels. The validation service specification can be found in the UDDI API reference guide.The operator performs an assessment of the validation service. Certain quality standards or uptime requirements may be imposed. There are also two specific pieces of information needed:
Caching: The operator can optimize the performance of validation by caching the valid values for the taxonomy. While caching reduces the transaction time, it also reduces the load on the validation service. It is recommended to allow caching if possible. Caching is not recommended if the validity of values is context-sensitive or if the cache can become invalid for some reason.
bindingTemplate: Like any other services registered at the UDDI registry, the validation service is also associated with a binding template. The binding template provides the details about how to communicate with the service. The only restriction on the access point in the binding template is that the access point should not be published in any other binding template on the same registry. The binding template should also reference the
uddi-org:taxonomy_V2tmodel.
After the operator assesses the validation service, it is published in its operational business entity. The binding template is also published in that business entity. The service access point provided by the taxonomy provider is not published in the binding template. Instead, the binding template has a redirector URL that effectively conceals the actual service access point. This avoids denial-of-service attacks. At this point, the tModel ownership is transferred to the provider.
The categorization
unvalidatableis removed and any interested users or companies can now reference the tModel. Any time the tModel must be disabled, it is categorized asunvalidatable.
As can be seen, registering a checked tModel is a very elaborate process. Ideally, in the examples discussed in this book, FITSO, the financial standards body, would publish a checked taxonomy for the concerned financial transaction areas and other financial institutions would use that checked taxonomy when registering their services. It should also be noted that the identifier systems represented using tModel would also undergo the same process to register a “checked” identifier system.
During the service lifecycle, service versioning and migration policies play an important role. As the service goes through the lifecycle as depicted in Figure 4.5, it will undergo changes. The same is also true for a tModel, whether it describes taxonomy, identifier system, or service interface specification.
Unless the functionality provided by a service or a tModel is also obsolete, their obsolescence would be followed by another version or a totally different service or tModel replacing the obsolete one. For both the publisher and user of services and tModels, the versioning and migration policies provide a way to minimize any downtime. While there are no mandatory requirements in the UDDI specification forversioning, “best practices” documents make recommendations about how to handle it.
With continuation of service offering being the most important aspect of versioning, having new and old versions compatible on a common set of terms and values is most logical. In practice, it is always a balancing act to keep two versions compatible at a very granular level. The Versioning Taxonomy and Identifier Systems introduces the notion of upward compatibility among versions of a tModel repre-senting a taxonomy or an identifier system. This upward compatibility is based on the codes associated with the concerned specification.
A code in taxonomy T2 is upward compatible with a code in taxonomy T1 if and only if the two codes are identical and if the code’s meaning in T2 is a superset of its meaning in T1. A code in an identifier system I2 is upward compatible with a code in identifier system I1 if and only if the two codes are the same and the code’s meaning is the same.
Taxonomy or identifier system A2 is upward compatible with taxonomy or identifier system A1 if and only if every code in the code space of A1 has an upward compatible counterpart in the code space of A2.
The best practice behavior is to always keep taxonomy or identifier system upward compatible. In such a case, the associated tModel is simply updated to reflect the new version and republished under the same key. In reality, however, there will be situations when this is not possible at some times. In such a case, several migration steps can be taken to ensure operational continuation.
The new version is developed in such a way that it introduces new codes rather than modifying existing ones. The obsolete codes can be still supported in the new version, so that existing applications can continue to refer to them. The new usage of the codes can be discouraged through the specification documents clearly identifying those values as obsolete.
The old version is supported until its usage drops significantly. At that point, the tModel and related version can be retired without affecting a larger user population.
The tModels representing the old and the new version can be chained together. In this case, the older tModel refers to the new tModel through a
replacedByrelationship. Anybody finding the old tModel can check for this chaining and migrate to the newer version. The UDDI specification provides a tModeluddi- org:isReplacedByspecifically for this purpose.A Web service that can provide code-conversion service between the two versions can help the users to map codes and related information between the versions. Such a Web service must implement the specification represented by
uddi-org:updateEntitytModel. This tModel is used to bring a resource up-to-date with respect to a specific tModel (the tModel undergoing version change in this case). Using such a service, a business entity or service that references the concerned tModel can get the new information and update its registration data with respect to the changing tModel.
Through these mechanisms, tModel versioning can be made a smoother experience. Note, however, that for a smooth transition, the tModel provider needs to implement these steps diligently.
Service versioning issues are similar to the tModel versioning issues discussed previously. The operational continuance has a rather broader impact, due to contractual bindings around quality-of-service specifications.
The tModel versioning scheme discussed above could be modified for service versioning. Since, unlike tModel, services can have a much wider range of purpose, the precise steps in the process will be highly dependent upon the functionality provided by the service.
Service or tModel versioning can be facilitated through reference exporting. As explained in Section 10.2, a tModel or service provider can export references to the concerned resource to a UBR or other publicly available registry. When introducing anew version, the provider can first make it available on the local registry and then once it is tested and ready for use, publish it to the public registry. If the new version is upward compatible, the new version will register under the existing registration key, otherwise a new registration key can be requested. The older version can then be supported only at the local registry for interested customers.
From the discussion until now, several patterns emerge for potential use of the UDDI registry. Based on the kind of information stored in the registry, it can be used to simply get contact information for a business entity (“white pages”-style information) or to understand the interaction pattern of a service and communicate with it (“green pages”-style information). These usage patterns can be classified into several categories as follows:
UDDI as Universal Registry
UDDI as Market Exchange Registry
UDDI for Reference Caching
UDDI as Portal Facilitator
UDDI as EAI Facilitator
As explained in Section 5.2.1, currently the UBR provides a “public UDDI infrastructure” that can be used as a means to test drive registry-based business processes. Figure 10.3 depicts this scenario.
The UBR cloud of registries provides a uniform view across all registrations made at any node within the UBR. Note that this current usage pattern of the UBR is not likely to be the final usage pattern. As UDDI security policies and information sanity policies evolve, more sophisticated usages of the UBR may result.
The notion of UDDI as a meeting point between service providers, service consumers, consortiums, and other standards bodies, is the basis for UDDI as a market exchange. However, the market exchange is a specialized and focused instance of private registries that are deployed to facilitate a specific industry.
Policies and information specific to the industry can be loaded into the exchange to ensure a smooth and efficient exchange of information. Market exchanges are likely to restrict access to only certain entities, for example, industry participants. Focusing on a specific industry or segment makes the market exchange a magnet for those trying to reach that particular audience. Thus, a service user will find a host of industry-specific services and businesses for its service portfolio. To ensure efficient querying within a market exchange, industry-specific taxonomies and search qualifiers may be deployed that “speak the industry jargon.” An example of a market exchange could be a chemical exchange that brings together chemical industry traders and buyers. Figure 10.4 depicts the market exchange scenario.
Market exchanges can also provide additional services that make interacting with the exchange more useful. For example, rating services that allow third party agencies to rate various service providers might be important in certain industries.
In Section 10.2, we discuss the concept of caching (import and export) a reference to a specific service found in an external registry. A private registry instance can be deployed within an ecosystem to house either the services meant for export or to house those cached entries for quick access to these frequently used services. Figure 10.5 depicts this usage pattern.
Portals have become a common component of most companies’ technology landscape. Two main flavors of portals exist: intranet and Internet. Intranet portals often house information specific to the employees of the company. Internet portals often house company information specific to interested external parties, i.e., customers, press, and so on. Another type of Internet portal is a service-aggregating portal. The my.yahoo.com portal, for example, collects several types of services and allows users to customize their portal experience. A third flavor, which is essentially a hybrid of the intranet and Internet portals, is that of a virtual private portal. This type of portal is often external to the company but allows only limited access to partners, for example.
A UDDI registry can provide the services that are offered through these various portals. Figure 10.6 depicts this usage pattern. Chapter 11 expands on the concept of UDDI-powered intranet portals.
Web services promise to assist corporate Information Technology (IT) departments in linking their numerous enterprise applications. A typical large enterprise might have upward of eight hundred different applications. Imagine trying to deploy or orchestrate a business process on this infrastructure. While many enterprise application integration vendors exist to solve this problem, Web services also provide a technology to integrate these applications. The role that UDDI plays in this scenario is two-fold. As Web services are deployed within corporate boundaries, they can be published to the UDDI registry. The UDDI registry then acts as the library that applications are written to interact with to ensure the appropriate services are used.
A second role the UDDI registry plays is that of business-to-business integrator. Services ready for external consumption (by authorized parties) can be exported from the UDDI library and imported into an external facing UDDI registry deployed as part of a virtual private portal. Figure 10.7 depicts this usage pattern.
We have viewed UDDI from various perspectives: that of a service publisher, a service consumer, and of a solution deployer. Understanding these perspectives is critical in deploying any UDDI-based solution. However, it is also important to see how UDDI solves critical business problems. In the next part of the book, we offer case studies and delve into how UDDI fits into larger business solutions.